《內(nèi)部審計(jì)在治理、風(fēng)險(xiǎn)和控制中的作用》考試大綱

內(nèi)部審計(jì)在治理、風(fēng)險(xiǎn)和控制中的作用考試大綱Part I - The Internal Audit Activitys Role in Governance， Risk， and Control第一部分：內(nèi)部審計(jì)在治理、風(fēng)險(xiǎn)和控制中的作用A.Comply With the IIAs Attribute Standards（1525percent） （Proficiency Level）遵守國(guó)際內(nèi)部審計(jì)師協(xié)會(huì)的屬性標(biāo)準(zhǔn)（15%25%）（要求熟練掌握）1.Define purpose， authority， and responsibility of the internal audit activity.明確內(nèi)部審計(jì)的宗旨、權(quán)力和職責(zé)。a.Determine if purpose， authority， and responsibility of internal audit activity are clearly documented/approved.確定內(nèi)部審計(jì)的宗旨、權(quán)力和職責(zé)是否清楚地以書(shū)面形式記錄并獲得批準(zhǔn)。b.Determine if purpose， authority， and responsibility of internal audit activity are communicated to engagement clients.確定內(nèi)部審計(jì)的宗旨、權(quán)力和職責(zé)是否通報(bào)審計(jì)業(yè)務(wù)客戶。c.Demonstrate an understanding of the purpose， authority， and responsibility of the internal audit activity.闡明內(nèi)部審計(jì)的宗旨、權(quán)力和職責(zé)。2.Maintain independence and objectivity.保持獨(dú)立性和客觀性。a.Foster independence.加強(qiáng)獨(dú)立性。1）Understand organizational independence.理解機(jī)構(gòu)的獨(dú)立性。2）Recognize the importance of organizational independence.認(rèn)識(shí)機(jī)構(gòu)獨(dú)立性的重要性。3）Determine if the internal audit activity is properly aligned to achieve organizational independence.確定內(nèi)部審計(jì)機(jī)構(gòu)是否正確設(shè)置以獲得其獨(dú)立性。b.Foster objectivity.加強(qiáng)客觀性。1）Establish policies to promote objectivity.制定政策以增強(qiáng)客觀性。2）Assess individual objectivity.評(píng)估個(gè)人的客觀性。3）Maintain individual objectivity.保持個(gè)人的客觀性。4）Recognize and mitigate impairments to independence and objectivity.識(shí)別和減輕對(duì)獨(dú)立性和客觀性的損害。3.Determine if the required knowledge， skills， and competencies are available.確定是否具備必要的知識(shí)、技能和勝任能力。a.Understand the knowledge， skills， and competencies that an internal auditor needs to possess.理解內(nèi)部審計(jì)師需要具備的知識(shí)、技能和勝任能力。b.Identify the knowledge， skills， and competencies required to fulfill the responsibilities of the internal audit activity.識(shí)別內(nèi)部審計(jì)機(jī)構(gòu)履行其職責(zé)所必要的知識(shí)、技能和勝任能力。4.Develop and/or procure necessary knowledge， skills and competencies collectively required by internal audit activity.開(kāi)發(fā)和/或取得內(nèi)部審計(jì)機(jī)構(gòu)整體所需的知識(shí)、技能和勝任能力。5.Exercise due professional care.運(yùn)用應(yīng)有的職業(yè)審慎。6.Promote continuing professional development.促進(jìn)持續(xù)專(zhuān)業(yè)發(fā)展。a.Develop and implement a plan for continuing professional development for internal audit staff.為內(nèi)部審計(jì)人員制定并實(shí)施持續(xù)專(zhuān)業(yè)發(fā)展計(jì)劃。b.Enhance individual competency through continuing professional development.通過(guò)持續(xù)專(zhuān)業(yè)發(fā)展提高個(gè)人能力。7.Promote quality assurance and improvement of the internal audit activity.促進(jìn)內(nèi)部審計(jì)活動(dòng)的質(zhì)量保證與改進(jìn)。a.Establish and maintain a quality assurance and improvement program.建立和保持質(zhì)量保證與改進(jìn)程序。b.Monitor the effectiveness of the quality assurance and improvement program.監(jiān)督質(zhì)量保證與改進(jìn)程序的效果。c.Report the results of the quality assurance and improvement program to the board or other governing body.將質(zhì)量保證與改進(jìn)程序的結(jié)果報(bào)告董事會(huì)或其他治理機(jī)構(gòu)。d.Conduct quality assurance procedures and recommend improvements to the performance of the internal audit activity.實(shí)施質(zhì)量保證程序并建議改善內(nèi)部審計(jì)業(yè)績(jī)。8.Abide by and promote compliance with the IIA Code of Ethics.遵守國(guó)際內(nèi)部審計(jì)師協(xié)會(huì)的職業(yè)道德規(guī)范，并加強(qiáng)其遵循程度。B.Establish a Risk-based Plan to Determine the Priorities of the Internal Audit Activity（1525 percent） （Proficiency Level）以風(fēng)險(xiǎn)為基礎(chǔ)制定計(jì)劃確定內(nèi)部審計(jì)活動(dòng)的優(yōu)先次序（15%25%）（要求熟練掌握）1.Establish a framework for assessing risk.建立評(píng)估風(fēng)險(xiǎn)的框架。2.Use the framework to：應(yīng)用評(píng)估風(fēng)險(xiǎn)的框架：a.Identify sources of potential engagements （e.g.， audit universe， management request， regulatory mandate）。識(shí)別潛在審計(jì)業(yè)務(wù)的來(lái)源（如，審計(jì)域、管理層的要求、法規(guī)要求）。b.Assess organization-wide risk.評(píng)估全組織范圍內(nèi)的風(fēng)險(xiǎn)。c.Solicit potential engagement topics from various sources.從不同來(lái)源征求潛在審計(jì)業(yè)務(wù)。d.Collect and analyze data on proposed engagements.收集和分析擬審計(jì)業(yè)務(wù)的資料。e.Rank and validate risk priorities.對(duì)風(fēng)險(xiǎn)高低進(jìn)行排序和確認(rèn)。3.Identify internal audit resource requirements.識(shí)別內(nèi)部審計(jì)資源需求。4.Coordinate the internal audit activitys efforts with：與各方面協(xié)調(diào)內(nèi)部審計(jì)工作：a.External auditor.外部審計(jì)師b.Regulatory oversight bodies.法規(guī)監(jiān)管機(jī)構(gòu)c.Other internal assurance functions （e.g.， health and safety department）。其他內(nèi)部保證部門(mén)（如，健康和安全部門(mén)）。5.Select engagements：選擇審計(jì)業(yè)務(wù)：a.Participate in the engagement selection process.參與審計(jì)業(yè)務(wù)選擇過(guò)程。b.Select engagements.選擇審計(jì)業(yè)務(wù)。c.Communicate and obtain approval of the engagement plan from board.與董事會(huì)溝通以獲得其對(duì)審計(jì)業(yè)務(wù)計(jì)劃的批準(zhǔn)。C.Understand the Internal Audit Activitys Role in Organizational Governance（1020 percent） （Proficiency Level）理解內(nèi)部審計(jì)在公司治理中的作用（10%20%）（要求熟練掌握）1.Obtain boards approval of audit charter.獲得董事會(huì)對(duì)內(nèi)部審計(jì)章程的批準(zhǔn)。2.Communicate plan of engagements.溝通審計(jì)業(yè)務(wù)計(jì)劃。3.Report significant audit issues.報(bào)告重大審計(jì)事項(xiàng)。4.Communicate key performance indicators to board on a regular basis.定期向董事會(huì)報(bào)告主要業(yè)績(jī)指標(biāo)。5.Discuss areas of significant risk.討論重大風(fēng)險(xiǎn)領(lǐng)域。6.Support board in enterprise-wide risk assessment.支持董事會(huì)開(kāi)展全公司的風(fēng)險(xiǎn)評(píng)估。7.Review positioning of the internal audit function within the risk management framework within the organization.檢查內(nèi)部審計(jì)機(jī)構(gòu)在組織風(fēng)險(xiǎn)管理框架中的定位。8.Monitor compliance with the corporate code of conduct/business practices.監(jiān)督公司對(duì)行為規(guī)范和商業(yè)慣例的遵循程度。9.Report on the effectiveness of the control framework.報(bào)告控制框架的有效性。10.Assist board in assessing the independence of the external auditor.協(xié)助董事會(huì)評(píng)估外部審計(jì)師的獨(dú)立性。11.Assess ethical climate of the board.評(píng)估董事會(huì)的道德氛圍。12.Assess ethical climate of the organization.評(píng)估組織的道德氛圍。13.Assess compliance with policies in specific areas （e.g.， derivatives）。評(píng)估特定領(lǐng)域政策的遵循程度（如，衍生產(chǎn)品）。14.Assess organizations reporting mechanism to the board.評(píng)估組織向董事會(huì)報(bào)告的機(jī)制。15.Conduct follow-up and report on management response to regulatory body reviews.跟蹤并報(bào)告管理層對(duì)法規(guī)監(jiān)管機(jī)構(gòu)檢查結(jié)果的落實(shí)情況。16.Conduct follow-up and report on management response to external audit.跟蹤并報(bào)告管理層對(duì)外部審計(jì)結(jié)果的落實(shí)情況。17.Assess the adequacy of the performance measurement system， achievement of corporate objective.評(píng)估業(yè)績(jī)測(cè)評(píng)系統(tǒng)的充分性和公司目標(biāo)的實(shí)現(xiàn)情況。18.Support a culture of fraud awareness and encourage the reporting of improprieties.樹(shù)立舞弊防范意識(shí)，鼓勵(lì)報(bào)告不正當(dāng)?shù)男袨?。D.Perform Other Internal Audit Roles and Responsibilities（010 percent） （Proficiency Level）執(zhí)行其他內(nèi)部審計(jì)任務(wù)和職責(zé)（010%）（要求熟練掌握）1.Ethics/compliance：道德規(guī)范/合規(guī)性：a.Investigate and recommend resolution for ethics/compliance complaints.對(duì)有關(guān)道德規(guī)范/合規(guī)性的投訴進(jìn)行調(diào)查并提出解決辦法。b.Determine disposition of ethics violations.確定對(duì)違反道德規(guī)范的處理。c.Foster healthy ethical climate.培養(yǎng)健康的道德氛圍。d.Maintain and administer business conduct policy （e.g.， conflict of interest）。維護(hù)和管理經(jīng)營(yíng)行為政策（如，利益沖突）。e.Report on compliance.報(bào)告合規(guī)情況。2.Risk management：風(fēng)險(xiǎn)管理：a.Develop and implement an organization-wide risk and control framework.建立和實(shí)施一個(gè)全組織的風(fēng)險(xiǎn)和控制框架。b.Coordinate enterprise-wide risk assessment.協(xié)調(diào)全公司的風(fēng)險(xiǎn)評(píng)估。c.Report corporate risk assessment to broad.向董事會(huì)報(bào)告公司的風(fēng)險(xiǎn)評(píng)估情況。d.Review business continuity planning process.檢查經(jīng)營(yíng)持續(xù)性計(jì)劃程序。3.Privacy：隱私：a.Determine privacy vulnerabilities.確定隱私方面的薄弱環(huán)節(jié)。b.Report on compliance.報(bào)告合規(guī)情況。4.Information or physical security：信息或物理安全：a.Determine security vulnerabilities.確定安全方面的薄弱環(huán)節(jié)。b.Determine disposition of security violations.確定對(duì)違反安全規(guī)定的處理。c.Report on compliance.報(bào)告合規(guī)情況。E.Governance， Risk， and Control Knowledge Elements（1525 percent）治理、風(fēng)險(xiǎn)和控制知識(shí)要點(diǎn)（15%25%）1.Corporate governance principles（Awareness Level）公司治理原則（要求了解）。2.Alternative control frameworks（Awareness Level）?？蛇x擇的控制框架（要求了解）。3.Risk vocabulary and concepts（Proficiency Level）。風(fēng)險(xiǎn)的詞匯和概念（要求熟練掌握）。4.Risk management techniques（Proficiency Level）。風(fēng)險(xiǎn)管理技術(shù)（要求熟練掌握）。5.Risk/control implications of different organizational structures（Proficiency Level）。不同組織結(jié)構(gòu)中的風(fēng)險(xiǎn)/控制內(nèi)容（要求熟練掌握）。6.Risk/control implications of different leadership styles（Awareness Level）。不同領(lǐng)導(dǎo)風(fēng)格下的風(fēng)險(xiǎn)/控制內(nèi)容（要求了解）。7.Change management（Awareness Level）。變革管理（要求了解）。8.Conflict management（Awareness Level）。沖突管理（要求了解）。9.Management control techniques（Proficiency Level）。管理控制技術(shù)（要求熟練掌握）。10.Types of control （preventive， detective， input， output） （Proficiency Level）?？刂祁?lèi)型（預(yù)防型、檢查型、輸入、輸出）（要求熟練掌握）。F.Plan Engagements（1525 percent） （Proficiency Level）策劃審計(jì)業(yè)務(wù)（15%25%）（要求熟練掌握）1.Initiate preliminary communication with engagement client.開(kāi)展與審計(jì)業(yè)務(wù)客戶的初步溝通。2.Conduct a preliminary survey of the area of engagement.對(duì)審計(jì)業(yè)務(wù)領(lǐng)域?qū)嵤┏醪秸{(diào)查。a.Obtain input from engagement client.從審計(jì)業(yè)務(wù)客戶處獲得信息。b.Perform analytical reviews.進(jìn)行分析性復(fù)核。c.Perform benchmarking.進(jìn)行基準(zhǔn)比較。d.Conduct interviews.實(shí)施面談。e.Review prior audit reports and other relevant documentation.查閱以前的審計(jì)報(bào)告和其他相關(guān)資料。f.Map processes.繪制流程圖。g.Develop Checklists.編制檢查清單。3.Complete a detailed risk assessment of the area （prioritize or evaluate risk/control factors）。完成相關(guān)領(lǐng)域的詳細(xì)風(fēng)險(xiǎn)評(píng)估（對(duì)風(fēng)險(xiǎn)/控制因素進(jìn)行優(yōu)先排序或評(píng)估）。4.Coordinate audit engagement efforts with.與各方面協(xié)調(diào)審計(jì)業(yè)務(wù)工作：a.External auditor.外部審計(jì)師b.Regulatory oversight bodies.法規(guī)監(jiān)管機(jī)構(gòu)5.Establish/refine engagement objectives and identify/finalize the scope of engagement.建立/完善審計(jì)業(yè)務(wù)目標(biāo)，識(shí)別/確定審計(jì)業(yè)務(wù)范圍。6.Identify or develop criteria for assurance engagements （criteria against which to audit）。識(shí)別或開(kāi)發(fā)確認(rèn)業(yè)務(wù)的標(biāo)準(zhǔn)（審計(jì)所依照的標(biāo)準(zhǔn)）。7.Consider the potential for fraud when planning an engagement.在策劃審計(jì)業(yè)務(wù)時(shí)考慮舞弊的潛在可能。a.Be knowledgeable of the risk factors and red flags of fraud.理解有關(guān)舞弊的風(fēng)險(xiǎn)因素和危險(xiǎn)信號(hào)。b.Identify common types of fraud associated with the engagement area.識(shí)別與審計(jì)業(yè)務(wù)領(lǐng)域相關(guān)的一般舞弊類(lèi)型。c.Determine if risk of fraud requires special consideration when conducting an engagement.在實(shí)施審計(jì)業(yè)務(wù)時(shí)確定是否需要對(duì)舞弊的風(fēng)險(xiǎn)進(jìn)行特殊考慮。8.Determine engagement procedures.確定審計(jì)業(yè)務(wù)步驟。9.Determine the level of staff and resources needed for the engagement.確定審計(jì)業(yè)務(wù)所需的人員水平和資源。10.Establish adequate planning and supervision of the engagement.建立對(duì)審計(jì)業(yè)務(wù)充分的計(jì)劃和監(jiān)督。11.Prepare engagement work program.編制審計(jì)業(yè)務(wù)工作方案。