CIA《内部审计在治理、风险和控制中的作用》考试大纲

内部审计在治理、风险和控制中的作用考试大纲PartI-TheInternalAuditActivitysRoleinGovernance,Risk,andControl第一部分：内部审计在治理、风险和控制中的作用A.ComplyWiththeIIAsAttributeStandards(1525percent)(ProficiencyLevel)遵守国际内部审计师协会的属性标准(15%25%)(要求熟练掌握)1 .Definepurpose,authority,andresponsibilityoftheinternalauditactivity.明确内部审计的宗旨、权力和职责。a.Determineifpurpose,authority,andresponsibilityofinternalauditactivityareclearlydocumentedandapproved.确定内部审计的宗旨、权力和职责是否清楚地以书面形式记录并获得批准。b.Determineifpurpose,authority,andresponsibilityofinternalauditactivityarecommunicatedtoengagementclients.确定内部审计的宗旨、权力和职责是否通报审计业务客户。c.Demonstrateanunderstandingofthepurpose,authority,andresponsibilityoftheinternalauditactivity.阐明内部审计的宗旨、权力和职责。2 .Maintainindependenceandobjectivity.保持独立性和客观性。a.Fosterindependence.加强独立性。1) Understandorganizationalindependence.理解内部审计部门在组织上的独立性。2) Recognizetheimportanceoforganizationalindependence.认识内部审计部门在组织上保持独立性的重要性。3) Determineiftheinternalauditactivityisproperlyalignedtoachieveorganizationalindependence.确定内部审计部门是否正确设置以获得其独立性。b.Fosterobjectivity.加强客观性。1 )Establishpoliciestopromoteobjectivity.制定政策以增进客观性。2 )Assessindividualobjectivity.评估个人的客观性。3 )Maintainindividualobjectivity.保持个人的客观性。4 )Recognizeandmitigateimpairmentstoindependenceandobjectivity.识别和减轻对独立性和客观性的损害。5 .Determineiftherequiredknowledge,skills,andcompetenciesareavailable.确定是否具备必要的知识、技能和胜任能力。a.Understandtheknowledge,skills,andcompetenciesareavailable.理解是否具备必要的知识、技能和胜任能力。b.Identifytheknowledge,skills,andcompetenciesrequiredtofulfilltheresponsibilitiesoftheinternalauditactivity.识别履行内部审计职责所必需的知识、技能和胜任能力。skills and competencies collectively6 .Developand/orprocurenecessaryknowledge,requiredbyinternalauditactivity.开发和/或取得内部审计部门整体所必需的知识、技能和胜任能力。7 .Exercisedueprofessionalcare.运用应有的职业审慎。8 .Promotecontinuingprofessionaldevelopment.促进持续专业发展。a.Developandimplementaplanforcontinuingprofessionaldevelopmentforinternalauditstaff.为内部审计人员制定并实施持续专业发展计划。b.Enhanceindividualcompetencythroughcontinuingprofessionaldevelopment.通过持续专业发展提高个人能力。9 .Promotequalityassuranceandimprovementoftheinternalauditactivity.促进内部审计活动的质量保证与改进。a.Establishandmaintainaqualityassuranceandimprovementprogram.建立和保持质量保证与改进程序。b.Monitortheeffectivenessofthequalityassuranceandimprovementprogram.监督质量保证与改进程序的效果。c.Reporttheresultsofthequalityassuranceandimprovementprogramtotheboardorothergoverningbody.将质量保证与改进程序的结果报告董事会或其他治理机构。d.Conductqualityassuranceproceduresandrecommendimprovementstotheperformanceoftheinternalauditactivity.实施质量保证程序并建议改善内部审计业绩。10 AbidebyandpromotecompliancewiththeIIACodeofEthics.遵守和促进对IIA职业道德规范的遵循。B.EstablishaRisk-basedPlantoDeterminethePrioritiesoftheInternalAuditActivity11525percent)(ProficiencyLevel)以风险为基础制定计划，确定内部审计活动的优先次序(15%25%)(要求熟练掌握)1 .Establishaframeworkforassessingrisk.建立评估风险的框架。2 .Usetheframeworkto:应用评估风险的框架：a.Identifysourcesofpotentialengagements(e.g.,audituniverse,managementrequest,regulatorymandate)。确定潜在审计业务的来源(如审计域、管理层的要求、法规要求)。b.Assessorganization-widerisk.评估全组织范围内的风险。c.Solicitpotentialengagementtopicsfromvarioussources.从不同来源寻求潜在审计业务。d.Collectandanalyzedataonproposedengagements.收集和分析拟审计业务的资料。e.Rankandvalidateriskpriorities.对风险高低进行评分和证实。3.Identifyinternalauditresourcerequirements.识别内部审计资源需求。4.Coordinatetheinternalauditactivityseffortswith与以下方面协调内部审计工作：a.Externalauditor.外部审计师b.Regulatoryoversightbodies.法规监管机构c.Otherinternalassurancefunctions(e.g.,healthandsafetydepartment)。其他内部保证部门(如健康和安全部门)。5.Selectengagements：选择审计业务：a.Participateintheengagementselectionprocess.参与审计业务选择过程。b.Selectengagements.选择审计业务。c.Communicateandobtainapprovaloftheengagementplanfromboard.与董事会沟通以获得其对审计业务计划的批准。C.UnderstandtheInternalAuditActivityRoleinOrganizationalGovernance11020percent)(ProficiencyLevel)理解内部审计在公司治理中的作用(10%20%)(要求熟练掌握)1.Obtainboardsapprovalofauditcharter.获得董事会对内部审计章程的批准。2.Communicateplanofengagements.沟通审计业务计划。3.Reportsignificantauditissues.报告重大审计事项。4.Communicatekeyperformanceindicatorstoboardonaregularbasis.定期向董事会报告关键绩效指标。5.Discussareasofsignificantrisk.讨论重大风险领域。6.Supportboardinenterprise-wideriskassessment.支持董事会开展全面的风险评估。7.Reviewpositioningoftheinternalauditfunctionwithintheriskmanagementframeworkwithintheorganization.检查内部审计部门在组织内风险管理框架中的定位。8.Monitorcompliancewiththecorporatecodeofconduct/businesspractices.监督遵守公司行为规范和商业惯例情况。9.Reportontheeffectivenessofthecontrolframework.报告控制框架的有效性。10.Assistboardinassessingtheindependenceoftheexternalauditor.协助董事会评估外部审计师的独立性。11.Assessethicalclimateoftheboard.评估董事会的道德氛围。12.Assessethicalclimateoftheorganization.评估组织的道德氛围。13 .Assesscompliancewithpoliciesinspecificareas(e.g.,derivatives).评估在特定领域遵守政策的程度(如衍生产品)。14 .Assessorganizationsreportingmechanismtotheboard.评估组织向董事会报告的机制。15 .Conductfollow-upandreportonmanagementresponsetoregulatorybodyreviews.跟踪并报告管理层对法规监管机构检查结果的落实情况。16 .Conductfollow-upandreportonmanagementresponsetoexternalaudit.跟踪并报告管理层对外部审计结果的落实情况。17 .Assesstheadequacyoftheperformancemeasurementsystem,achievementofcorporateobjective.评估业绩测评系统的充分性和整体目标的实现情况。18 .Supportacultureoffraudawarenessandencouragethereportingofimproprieties.树立舞弊防范意识，鼓励报告不正当的行为。D.PerformOtherInternalAuditRolesandResponsibilities(010percent)(ProficiencyLevel)执行其他内部审计任务和职责(010%)(要求熟练掌握)1 .Ethics/compliance:道德规范/合规性：a.Investigateandrecommendresolutionforethics/compliancecomplaints.对道德规范/合规情况的投诉进行调查并提出解决办法。b.Determinedispositionofethicsviolations.确定违反道德规范的处理。c.Fosterhealthyethicalclimate.培养健康的道德环境。d.Maintainandadministerbusinessconductpolicy(e.g.,conflictofinterest)。维护和管理经营行为政策(如利益冲突)。e.Reportoncompliance.报告合规情况。2 .Riskmanagement:风险管理：a.Developandimplementanorganization-wideriskandcontrolframework.建立和实施一个全组织的风险和控制框架。b.Coordinateenterprise-wideriskassessment.协调全面风险评估。c.Reportcorporateriskassessmenttobroad.向董事会报告公司的风险评估情况。d.Reviewbusinesscontinuityplanningprocess.检查经营持续性计划过程。3 .Privacy:隐私：a.Determineprivacyvulnerabilities.确定隐私的薄弱环节。b.Reportoncompliance.报告合规情况。4.1 nformationorphysicalsecurity:信息或物理安全：a.Determinesecurityvulnerabilities.确定安全的薄弱环节。Determinedispositionofsecurityviolations.确定违反安全规行为定的处理。c.Reportoncompliance.报告合规情况。E.Governance,Risk,andControlKnowledgeElements(1525percent)治理、风险和控制知识要点(15%25%)1 .Corporategovernanceprinciples(AwarenessLevel)公司治理原则(要求了解)。2 .Alternativecontrolframeworks(AwarenessLevel)。可选择的控制框架(要求了解)。3 .Riskvocabularyandconcepts(ProficiencyLevel)。风险的词汇和概念(要求熟练掌握)。4 .Riskmanagementtechniques(ProficiencyLevel)。风险管理技术(要求熟练掌握)。5 .Risk/controlimplicationsofdifferentorganizationalstructures(ProficiencyLevel)。不同组织结构中的风险/控制内容(要求熟练掌握)。6 .Risk/controlimplicationsofdifferentleadershipstyles(AwarenessLevel)。不同领导风格下的风险/控制内容(要求了解)。7 .ChangemanagementAAwarenessLevel)。变革管理(要求了解)。8 .Conflictmanagement(AwarenessLevel)。冲突管理(要求了解)。9 .Managementcontroltechniques(ProficiencyLevel)。管理控制技术(要求熟练掌握)。10 .Typesofcontrol(preventive,detective,input,output)(ProficiencyLevel)。控制类型(预防型、检查型、输入、输出)(要求熟练掌握)。F.PlanEngagements(1525percent)(ProficiencyLevel)计划审计业务(15%25%)(要求熟练掌握)1.Initiatepreliminarycommunicationwithengagementclient.开展与审计业务客户的初步沟通。2 .Conductapreliminarysurveyoftheareaofengagement.对审计业务范围实施初步调查。a.Obtaininputfromengagementclient.从审计业务客户处获得信息。b.Performanalyticalreviews.进行分析性复核。c.Performbenchmarking.进行基准比较。d.Conductinterviews.实施面谈。e.Reviewpriorauditreportsandotherrelevantdocumentation.查阅以前的审计报告和其他相关资料。f.Mapprocesses.绘制流程图。g.DevelopChecklists.编制检查清单。3 .Completeadetailedriskassessmentofthearea(prioritizeorevaluaterisk/controlfactors)。完成相关领域的详细风险评估(对风险/控制因素进行优先排序或评估)。4 .Coordinateauditengagementeffortswith.与以下方面协调审计业务工作：a.Externalauditor.外部审计师b.Regulatoryoversightbodies.法规监管机构5 .Establish/refineengagementobjectivesandidentify/finalizethescopeofengagement.建立/完善审计业务的目标，识别/确定审计业务的范围。6 .Identifyordevelopcriteriaforassuranceengagements(criteriaagainstwhichtoaudit)。识别或开发确认业务的标准(审计所依照的标准)。7 .Considerthepotentialforfraudwhenplanninganengagement.在计划审计业务时考虑舞弊的潜在可能。a.Beknowledgeableoftheriskfactorsandredflagsoffraud.理解舞弊的风险因素和危险信号。b.Identifycommontypesoffraudassociatedwiththeengagementarea.识别与审计业务范围相关的一般舞弊类型。-fl*,1,/J?I*7：|1II1-ijj,iaic.Determineifriskoffraudrequiresspecialconsiderationwhenconductinganengagement.在实施审计业务时，确定是否需要对舞弊的风险进行特殊考虑。8 .Determineengagementprocedures.确定审计业务程序。9 .Determinethelevelofstaffandresourcesneededfortheengagement.确定审计业务所需的人员水平和资源。10 .Establishadequateplanningandsupervisionoftheengagement.建立对审计业务充分的计划和监督。11 .Prepareengagementworkprogram.编制审计业务工作方案。