Brink's Modern Internal Auditing

A Common Body of Knowledge

Inbunden, Engelska, 2016

2 729 kr

Beställningsvara. Skickas inom 5-8 vardagar

Fri frakt för medlemmar vid köp för minst 249 kr.

The complete guide to internal auditing for the modern world Brink's Modern Internal Auditing: A Common Body of Knowledge, Eighth Edition covers the fundamental information that you need to make your role as internal auditor effective, efficient, and accurate. Originally written by one of the founders of internal auditing, Vic Brink and now fully updated and revised by internal controls and IT specialist, Robert Moeller, this new edition reflects the latest industry changes and legal revisions. This comprehensive resource has long been—and will continue to be—a critical reference for both new and seasoned internal auditors alike. Through the information provided in this inclusive text, you explore how to maximize your impact on your company by creating higher standards of professional conduct and greater protection against inefficiency, misconduct, illegal activity, and fraud.A key feature of this book is a detailed description of an internal audit Common Body of Knowledge (CBOK), key governance; risk and compliance topics that all internal auditors need to know and understand. There are informative discussions on how to plan and perform internal audits including the information technology (IT) security and control issues that impact all enterprises today. Modern internal auditing is presented as a standard-setting branch of business that elevates professional conduct and protects entities against fraud, misconduct, illegal activity, inefficiency, and other issues that could detract from success. Contribute to your company's productivity and responsible resource allocation through targeted auditing practicesEnsure that internal control procedures are in place, are working, and are leveraged as needed to support your company's performanceAccess fully-updated information regarding the latest changes in the internal audit industryRely upon a trusted reference for insight into key topics regarding the internal audit fieldBrink's Modern Internal Auditing: A Common Body of Knowledge, Eighth Editionpresents the comprehensive collection of information that internal auditors rely on to remain effective in their role.

Produktinformation

Utgivningsdatum2016-02-12
Mått188 x 262 x 46 mm
Vikt1 597 g
FormatInbunden
SpråkEngelska
SerieWiley Corporate F&A
Antal sidor832
Upplaga8
FörlagJohn Wiley & Sons Inc
ISBN9781119016984

Tillhör följande kategorier

Redovisning inom Ekonomi och ledarskap

Robert Moeller, CPA, CISA, PMP, and CISSP, has held multiple internal and IT audit leadership positions throughout his career, including directing internal audit functions for several Chicago area major corporations, managing the U.S. IT audit practice for Grant Thornton and launching the first IT audit function at the 'old' Sears Roebuck, when Sears consisted of their retail and catalog operations, Allstate Insurance, Dean-Witter financial, Discover Card, and Coldwell-Banker real estate operations. He then went on to assume overall responsibility for the overall Sears internal audit function.

Preface xviiPart One: Foundations of Modern Internal AuditingChapter 1: Significance of Internal Auditing in Enterprises Today: An Update 31.1 Internal Auditing History and Background 51.2 Mission of Internal Auditing 91.3 Organization of this Book 9Note 10Chapter 2: An Internal Audit Common Body of Knowledge 112.1 What is a CBOK? Experiences from Other Professions 122.2 What Does an Internal Auditor Need to Know? 142.3 An Internal Auditing CBOK 142.4 Another Attempt: The IIA Research Foundation’s CBOK 202.5 Essential Internal Audit Knowledge Areas 25Notes 25Part Two: Importance of Internal ControlsChapter 3: The COSO Internal Control Framework 293.1 Understanding Internal Controls 303.2 Revised COSO Framework Business and Operating Environment Changes 333.3 The Revised COSO Internal Control Framework 353.4 COSO Internal Control Principles 373.5 COSO Internal Control Components: The Control Environment 383.6 COSO Internal Control Components: Risk Assessment 403.7 COSO Internal Control Components: Internal Control Activities 453.8 COSO Internal Control Components: Information and Communication 493.9 COSO Internal Control Components: Monitoring Activities 533.10 The COSO Framework’s Other Dimensions 57Chapter 4: The 17 COSO Internal Control Principles 594.1 COSO Internal Control Framework Principles 594.2 Control Environment Principle 1: Integrity and Ethical Values 604.3 Control Environment Principle 2: Role of the Board of Directors 644.4 Control Environment Principle 3: Authority and Responsibility Needs 654.5 Control Environment Principle 4: Commitment to a Competent Workforce 664.6 Control Environment Principle 5: Holding People Accountable 674.7 Risk Assessment Principle 6: Specifying Appropriate Objectives 684.8 Risk Assessment Principle 7: Identifying and Analyzing Risks 684.9 Risk Assessment Principle 8: Evaluating Fraud Risks 694.10 Risk Assessment Principle 9: Identifying Changes Affecting Internal Controls 714.11 Control Activities Principle 10: Selecting Control Activities That Mitigate Risks 724.12 Control Activities Principle 11: Selecting and Developing Technology Controls 734.13 Control Activities Principle 12: Policies and Procedures 744.14 Information and Communication Principle 13: Using Relevant, Quality Information 754.15 Information and Communication Principle 14: Internal Communications 784.16 Information and Communication Principle 15: External Communications 814.17 Monitoring Principle 16: Internal Control Evaluations 824.18 Monitoring Principle 17: Communicating Internal Control Deficiencies 83Note 84Chapter 5: Sarbanes‐Oxley (SOx) and Beyond 855.1 Key Sarbanes‐Oxley Act (SOx) Elements 865.2 Performing Section 404 Reviews under AS5 1075.3 AS5 Rules and Internal Audit 1185.4 Impact of the Sarbanes‐Oxley Act 120Notes 121Chapter 6: COBIT and Other ISACA Guidance 1236.1 Introduction to COBIT 1246.2 COBIT Framework 1266.3 Principle 1: Meeting Stakeholder Needs 1286.4 Principle 2: Covering the Enterprise End to End 1296.5 Principle 3: A Single Integrated Framework 1316.6 Principle 4: Enabling a Holistic Approach 1326.7 Principle 5: Separating Governance from Management 1346.8 Using COBIT to Assess Internal Controls 1356.9 Mapping COBIT to COSO Internal Controls 139Notes 139Chapter 7: Enterprise Risk Management: COSO ERM 1417.1 Risk Management Fundamentals 1427.2 COSO ERM: Enterprise Risk Management 1537.3 COSO ERM Key Elements 1557.4 Other Dimensions of COSO ERM: Enterprise Risk Objectives 1717.5 Entity‐Level Risks 1747.6 Putting It All Together: Auditing Risk and COSO ERM Processes 175Notes 178Part Three: Planning and Performing Internal AuditsChapter 8: Performing Effective Internal Audits 1818.1 Initiating and Launching an Internal Audit 1828.2 Organizing and Planning Internal Audits 1838.3 Internal Audit Preparatory Activities 1848.4 Starting the Internal Audit 1928.5 Developing and Preparing Audit Programs 1988.6 Performing the Internal Audit 2058.7 Wrapping Up the Field Engagement Internal Audit 2128.8 Performing an Individual Internal Audit 213Chapter 9: Standards for the Professional Practice of Internal Auditing 2159.1 What is the IPPF? 2169.2 The Internal Auditing Professional Practice Standards: A Key IPPF Component 2179.3 Content of the IIA Standards 2199.4 Codes of Ethics: The IIA and ISACA 2289.5 Internal Audit Principles 2309.6 IPPF Future Directions 232Notes 233Chapter 10: Testing, Assessing, and Evaluating Audit Evidence 23510.1 Gathering Appropriate Audit Evidence 23610.2 Audit Assessment and Evaluation Techniques 23610.3 Internal Audit Judgmental Sampling 23910.4 Statistical Audit Sampling: An Introduction 24110.5 Developing a Statistical Sampling Plan 24710.6 Audit Sampling Approaches 25110.7 Attributes Sampling Audit Example 25810.8 Attributes Sampling Advantages and Limitations 26210.9 Monetary Unit Sampling 26310.10 Other Audit Sampling Techniques 26710.11 Making Efficient and Effective Use of Audit Sampling 269Notes 271Chapter 11: Continuous Auditing and Computer‐Assisted Audit Techniques 27311.1 Implementing Continuous Assurance Auditing 27411.2 ACL, NetSuite, BusinessObjects, and Other Continuous Assurance Systems 28011.3 Benefits of CAA 28111.4 Computer‐Assisted Audit Tools and Techniques 28211.5 Determining the Need for CAATTS 28411.6 Steps to Building Effective CAATTS 28711.7 Importance of Using CAATTS for Audit Evidence Gathering 28811.8 XBRL: The Internet‐Based Extensible Marking Language 290Notes 293Chapter 12: Control Self‐Assessments and Internal Audit Benchmarking 29512.1 Importance of Control Self‐Assessments 29612.2 CSA Model 29612.3 Launching the CSA Process 29712.4 Evaluating CSA Results 30312.5 Benchmarking and Internal Audit 30412.6 Better Understanding Internal Audit Activities 312Notes 313Chapter 13: Areas to Audit: Establishing an Audit Universe and Audit Programs 31513.1 Defining the Scope and Objectives of the Internal Audit Universe 31613.2 Assessing Internal Audit Capabilities and Objectives 32113.3 Audit Universe Time and Resource Limitations 32213.4 “Selling” an Audit Universe Concept to the Audit Committee and Management 32413.5 Assembling Audit Programs: Audit Universe Key Components 32513.6 Audit Universe and Program Maintenance 330Part Four: Organizing and Managing Internal Audit ActivitiesChapter 14: Charters and Building the Internal Audit Function 33514.1 Establishing an Internal Audit Function 33614.2 Audit Committee and Management Authorization of an Audit Charter 33714.3 Establishing an Internal Audit Function 338Notes 345Chapter 15: Managing the Internal Audit Universe and Key Competencies 34715.1 Auditing in the Weeds: Problems with Reviews of Nonmainstream Audit Areas 34815.2 Importance of an Audit Universe Schedule: What is Right or Wrong 35115.3 Importance of Internal Audit Key Competencies 35215.4 Importance of Internal Audit Risk Management 35315.5 Internal Auditor Interview Skills 35415.6 Internal Audit Analytical and Testing Skills Competencies 35415.7 Internal Auditor Documentation Skills 35715.8 Recommending Results and Corrective Actions 36015.9 Internal Auditor Negotiation Skills 36115.10 An Internal Auditor Commitment to Learning 36315.11 Importance of Internal Auditor Core Competencies 363Chapter 16: Planning Audits and Understanding Project Management 36516.1 The Project Management Process 36616.2 PMBOK: The Project Management Book of Knowledge 36816.3 PMBOK Program and Portfolio Management 37516.4 Planning an Internal Audit 37816.5 Understanding the Environment: Planning and Launching an Internal Audit 37916.6 Audit Planning: Documenting and Understanding the Internal Control Environment 38116.7 Performing Appropriate Internal Audit Procedures and Wrapping Up the Audit 38316.8 Project Management Best Practices and Internal Audit 386Note 387Chapter 17: Documenting Audit Results through Process Modeling and Workpapers 38917.1 Internal Audit Documentation Requirements 39017.2 Process Modeling for Internal Auditors 39117.3 Internal Audit Workpapers 39617.4 Workpaper Document Organization 40117.5 Workpaper Preparation Techniques 40517.6 Internal Audit Document Records Management 40817.7 Importance of Internal Audit Documentation 410Notes 410Chapter 18: Reporting Internal Audit Results 41118.1 The Audit Report Framework 41218.2 Purposes and Types of Internal Audit Reports 41318.3 Published Audit Reports 41518.4 Alternative Audit Report Formats 42518.5 Internal Audit Reporting Cycle 42718.6 Internal Audit Communications Problems and Opportunities 43318.7 Audit Reports and Understanding People in Internal Auditing 436Part Five: Impact of Information Systems on Internal AuditingChapter 19: ITILR Best Practices, the IT Infrastructure, and General Controls 43919.1 Importance of IT General Controls 44019.2 Client-Server and Small Systems General IT Controls 44119.3 Client-Server Computer Systems 44519.4 Small Systems Operations Internal Controls 44719.5 Auditing IT General Controls for Small IT Systems 44919.6 Mainframe Legacy System Components and Controls 45219.7 Internal Control Reviews of Classic Mainframe or Legacy IT Systems 45619.8 Legacy of Large System General Control Reviews 46019.9 ITILR Service Support and Delivery IT Infrastructure Best Practices 46419.10 Service Delivery Best Practices 47419.11 Auditing IT Infrastructure Management 48219.12 Internal Auditor CBOK Needs for IT General Controls 483Notes 484Chapter 20: BYOD Practices and Social Media Internal Audit Issues 48520.1 The Growth and Impact of BYOD 48620.2 Understanding the Enterprise BYOD Environment 48720.3 BYOD Security Policy Elements 48820.4 Social Media Computing 49220.5 Enterprise Social Media Computing Risks and Vulnerabilities 50120.6 Social Media Policies 504Chapter 21: Big Data and Enterprise Content Management 50521.1 Big Data Overview 50521.2 Big Data Governance, Risk, and Compliance Issues 50921.3 Big Data Management, Hadoop, and Security Issues 51221.4 Compliance Monitoring and Big Data Analytics 51521.5 Internal Auditing in a Big Data Environment 51721.6 Enterprise Content Management Internal Controls 51721.7 Auditing Enterprise Content Management Processes 520Notes 521Chapter 22: Reviewing Application and Software Management Controls 52322.1 IT Application Components 52422.2 Selecting Applications for Internal Audit Reviews 53322.3 Preliminary Steps to Performing Application Controls Reviews 53422.4 Completing the IT Application Controls Audit 54122.5 Application Review Example: Client‐Server Budgeting System 54622.6 Auditing Applications under Development 54922.7 Importance of Reviewing IT Application Controls 557Notes 558Chapter 23: Cybersecurity, Hacking Risks, and Privacy Controls 55923.1 Hacking and IT Network Security Fundamentals 56023.2 Data Security Concepts 56223.3 Importance of IT Passwords 56323.4 Viruses and Malicious Program Code 56523.5 System Firewall Controls 56623.6 Social Engineering IT Risks 56823.7 IT Systems Privacy Concerns 57023.8 The NIST Cybersecurity Framework 57223.9 Auditing IT Security and Privacy 57623.10 PCI DSS Fundamentals 57923.11 Security and Privacy in the Internal Audit Department 58023.12 Internal Audit’s Privacy and Cybersecurity Roles 584Chapter 24: Business Continuity and Disaster Recovery Planning 58524.1 IT Disaster and Business Continuity Planning Today 58624.2 Auditing Business Continuity Planning Processes 58824.3 Building the IT Business Continuity Plan 59624.4 Business Continuity Planning and Service Level Agreements 60324.5 Auditing Business Continuity Plans 60424.6 Business Continuity Planning Going Forward 605Notes 606Part Six: Internal Audit and Enterprise GovernanceChapter 25: Board Audit Committee Communications 60925.1 Role of the Audit Committee 61025.2 Audit Committee Organization and Charters 61125.3 Audit Committee’s Financial Expert and Internal Audit 61725.4 Audit Committee Responsibilities for Internal Audit 61825.5 Audit Committee Review and Action on Significant Audit Findings 62225.6 Audit Committee and Its External Auditors 62525.7 Whistleblower Programs and Codes of Conduct 62525.8 Other Audit Committee Roles 626Note 627Chapter 26: Ethics and Whistleblower Programs 62926.1 Enterprise Ethics, Compliance, and Governance 63026.2 Ethics First Steps: Developing a Mission Statement 63226.3 Understanding the Ethics Risk Environment 63326.4 Summarizing Ethics Survey Results: Do We Have a Problem? 63726.5 Enterprise Codes of Conduct 63726.6 Whistleblower and Hotline Functions 64326.7 Auditing the Enterprise’s Ethics Functions 64926.8 Improving Corporate Governance Practices 651Notes 651Chapter 27: Fraud Detection and Prevention 65327.1 Understanding and Recognizing Fraud 65527.2 Red Flags: Fraud Detection Signs for Internal Auditors 65627.3 Public Accounting’s Role in Fraud Detection 65927.4 IIA Standards for Detecting and Investigating Fraud 66227.5 Fraud Investigations for Internal Auditors 66527.6 Information Technology Fraud Prevention Processes 66627.7 Fraud Detection and the Internal Auditor 669Notes 669Chapter 28: Internal Audit GRC Approaches and Other Compliance Requirements 67128.1 The Road to Effective GRC Principles 67228.2 GRC Risk Management Components 67428.3 GRC and Internal Audit Enterprise Compliance Issues 67728.4 Importance of Effective GRC Practices and Principles 679Part Seven: The Professional Internal AuditorChapter 29: Professional Certifications: CIA, CISA, and More 68329.1 Certified Internal Auditor Responsibilities and Requirements 68429.2 Beyond the CIA: Other IIA Certifications 68829.3 Importance of the CIA Specialty Certification Examinations 69329.4 Certified Information Systems Auditor 69429.5 Certified Information Security Manager 69629.6 Certified in the Governance of Enterprise IT 69629.7 Certified in Risk and Information Systems Control 69729.8 Certified Fraud Examiner 69729.9 Certified Information Systems Security Professional 69829.10 ASQ Internal Audit Certifications 69927.11 Other Internal Auditor Certifications 700Chapter 30: The Modern Internal Auditor as an Enterprise Consultant 70130.1 Standards for Internal Audit as an Enterprise Consultant 70230.2 Launching an Internal Audit Internal Consulting Facility 70430.3 Ensuring an Audit and Consulting Separation of Duties 70730.4 Consulting Best Practices 70830.5 Expanded Internal Audit Services to Management 714Part Eight: The Other Sides of Auditing: Professional ConvergenceChapter 31: Quality Assurance Auditing and ASQ Standards 71731.1 Duties and Responsibilities of ASQ Quality Auditors 71831.2 Role of the Quality Auditor 72031.3 Performing ASQ Quality Audits 72331.4 Quality Assurance Reviews of the Internal Audit Function 72731.5 Launching the Internal Audit Quality Assurance Review 73331.6 Reporting the Results of an Internal Audit Quality Assurance Review 74231.7 Future Directions for Quality Assurance Auditing 744Chapter 32: Six Sigma and Lean Techniques for Internal Audit 74532.1 Six Sigma Background and Concepts 74632.2 Implementing Six Sigma 74832.3 Six Sigma Leadership Roles and Responsibilities 74932.4 Launching an Enterprise Six Sigma Project 75232.5 Lean Six Sigma 75432.6 Auditing Six Sigma Processes 75732.7 Six Sigma in Internal Audit Operations 758Notes 760Chapter 33: ISO and Worldwide Internal Audit Standards 76133.1 ISO Standards Background 76233.2 ISO Standards Overview 76433.3 ISO 38500 IT Governance Standard 77233.4 ISO Standards and the COSO Internal Control Framework 77633.5 Internal Audit and International Auditing Standards 777Notes 779Chapter 34: A CBOK for the Modern Internal Auditor 78134.1 Part One: Foundations of Internal Auditing CBOK Requirements 78234.2 Part Two: Importance of Internal Controls CBOK Requirements 78334.3 Part Three: Planning and Performing Internal Audit CBOK Requirements 78434.4 Part Four: Organizing and Managing Internal Audit Activities CBOK Requirements 78534.5 Part Five: Impact of IT on Internal Auditing CBOK Requirements 78634.6 Part Six: Internal Audit and Enterprise Governance CBOK Requirements 78734.7 Part Seven: Internal Auditor Professional CBOK Requirements 78834.8 Part Eight: The Other Sides of Internal Auditing: Professional Convergence CBOK Requirements 78834.9 A CBOK for the Modern Internal Auditor 789Notes 794About the Author 795Index 797