Internal auditing : an integrated approach

Front cover
Title page
Imprint page
Table of contents
Preface
The author
Acknowledgements
Section 1: Theory of internal auditing
	Chapter 1: The emerging role of internal auditing
		In the Beginning ...
		The Genesis of Internal Auditing
		The Institute of Internal Auditors (IIA)
		Internal Auditing
		What is Management?
			The Management Process
		Executive Management’s Responsibility and Corporate Governance
		Professionalism within the Internal Auditing Function
		The Internal Audit Charter
			Content
		The Relationship of Internal Audit to Other Company Activities
		The Relationship of Internal Audit to the Board of Directors
		The Relationship of Internal Audit to the External Auditor
		The Relationship between Internal Audit and the Audit Committee
			The Relationship with Internal Audit
			Independence
			The Changing role of Internal Audit in Today’s Business Environment
	Chapter 2: The IIA's standards for the Professional Practice of Internal Auditing
		Origins
			Advisory
			Aids
			Attribute Standards
			Performance Standards
			Implementation Standards
			Internal Auditor Education
			Certified Internal Auditor
			Certificate in Control Self-Assessment
			Certified Government Auditing Professional
			Certified Financial Services Auditor
	Chapter 3: Internal Audit Quality
		Quality Assurance Reviews
		Performing a Quality Assurance Review
			Planning and Preparation
			Determining the Customer’s Needs
			Analyzing the Internal Audit Process
			Communicating the Results of the Review
			Ongoing Improvement
			Follow-up
			Quality Assurance Methodology
	Chapter 4: Ethics Theory and Practice in the Modern World
		Business Ethics
		Ethical Theories
		A Conceptual Framework
		Employee Ethics
		Codes of Conduct
			Gifts
			Confidentiality
			Conflicts of Interest
		Corporate Ethical Practices
		The Free Market and the Marxist Critique of the Free Market System
		Corporate Morality
		Ethical Management
		Resolving Ethical Conflicts
		The Role of Ethics in Distinguishing a Profession
		Independence and Objectivity
	Chapter 5: The perfornamce objectives of organisations
		The Nature of Business Organizations
			Sole Proprietor
			Partnership
			Private Company
			Incorporated Company
			Public Company
			Section 21 Company
			Public Entities
			Strategic Planning and Organizational Performance
			Performance Objectives
			Performance Measurement
			Public Sector Performance Measurement
			The Balanced Scorecard and Performance Measurement
			Financial measures
			Client satisfaction
			Internal business processes
			Innovation and learning
			Applying the Balanced Scorecard
			Developing a Balanced Scorecard
		Improving Performance Measurement Systems
		Effectiveness, Efficiency and Economy
			Effectiveness
			Efficiency
			Economy
		The Role of Performance Objectives
	Chapter 6: Risk Assessment
		Broad Concepts of Control and Risk
		The Nature of Risk
			Inherent Risk
			Control Risk
			Audit Risk
		The Effect of Risk
			Ownership Risks
			Process Risks
			Behavioral Risks
		Entity-wide Risk Identification
		Techniques to Identify Risks
		Risk Analysis and Internal Auditing
			The Elements of Risk Analysis
			Risk Factors to Consider
			Risk-based Auditing
			IIA Standards on Risk Assessment
			Management Risk Factors
			Risk Identification by Analytical Review
			Marketing a Risk-based Internal Audit Approach to Management
			Conducting a Risk Assessment
			Planning a Risk Assessment
			Conducting the Assessment
			The ‘Cube’ Approach to Risk Assessment
			ERM and Internal Audit
			Internal Audit Role
	Chapter 7: Control frameworks
		Control Processes
		COSO’s Internal Control: An Integrated Framework
			A Sound Control Environment
			A Sound Risk Assessment Process
			Sound Operational Control Activities
			Sound Information and Communications Systems
			Effective Monitoring
		Internal Controls
		Systems of Internal Control
			Control Environment
			Organizational Structure
			Control Framework
		Elements of Internal Control
			Segregation of Duties
			Competence and Integrity of People
			Appropriate Levels of Authority
			Accountability
			Adequate Resources
			Supervision and Review
		Control Self-assessment
			Resources
			Collaboration
			Empowerment
			Implementing CSA
			Internal Control Questionnaires
			Customized Questionnaires
			Control Guides
			Interview Techniques
			Workshops
		Other Control Frameworks
			Banking
			IT
			CobIT®
			Evaluate, Direct and Monitor (EDM)
			Align, Plan and Organize (APO)
			Build, Acquire and implement (BAI)
			Deliver, Service and Support (DSS)
			Monitor, Evaluate and Assess (MEA)
			Further Information
		Other Self-assessment Methods
	Chapter 8: Audit Evidence
		The Nature of Audit Evidence
		Reliability of Audit Evidence
		Audit Evidence Procedures
			Observation
			Questioning
			Analyzing
			Verifying
			Investigating
			Evaluating
		Documenting the Evidence
		Gathering Computerized Evidence
Section 2: The environment of business
	Chapter 9: Communication
		The Elements of Communication
			Sender
			Message
			Emotions and Messages
			System
			Language
			Receiver
			Context
			Steps in the Process
		Communication at Work
			Formal Authorities
			Types of Communication at Work
		Barriers to Communications
		Overcoming the Barriers
		Written Communications
		Verbal and Non-verbal Communications
	Chapter 10: Strategic Management
		The Nature of Strategic Management
			Business Ethics and Strategic Management
		Implementing Strategic Management
			Strategy Formulation
			Strategy Implementation
			Strategy Evaluation
		The Strategic Analysis of Industries
			Rivalry among Existing Firms
			Threats of and Barriers to Entry
			The Threat of Substitutes
			Suppliers’ Bargaining Power
		Competitive Strategies
			Market Positioning – Leaders
			Market Positioning – Trailers
			Market Positioning – Followers
	Chapter 11: Global Business Environments
		Business Globalizaton
		The History of Globalization
		Problems of Globalization
		Cultural Issues in Globalization
		Organizational Culture
		Culture and Ethics
		The Nature of Industries
			Fragmented Industries
			Emerging Industries
			Declining Industries
	Chapter 12: Organizational Behaviour
		The Organizational Behavior of Managers
		Groups within Organizations
			Group Development
			Group Size
			Group Roles
			Group Norms
			Group Cohesion
		Conflict
			The Conflict Process
			Conflict Resolution
		Group Decision-making
			Advantages of Group Decision-making
			Disadvantages of Group Decision-making
		Group Techniques
	Chapter 13: Management Skills
		The Evolution of Management Practices
			The Classical/Scientific School
			The Human Relations School
			The Systems/Contingency Approach
			Current Management Theory
			Skills Required of a Modern Manager
			Types of Managerial Decisions
			Values and Job Satisfaction
			Leadership Styles
		Motivation
			Motivational Theory
			Expectancy Theory
		Work Stress
		Building Staff Competencies
		Performance Management
	Chapter 14: Auditing business process cycles
		Auditing Business Process Cycles
		Revenue and Receivable Business Cycles
		Supply Chain Management
		Inventory and Production Cycles
		Payroll and Human Resource Cycles
		Research and Development Cycles
		Contract Auditing
		Auditing Corporate Strategy
	Chapter 15: Negotiation Skills
		Negotiation
		The Climate for Negotiations
		Negotiating Common Ground
		Power
		Persuasion
		Negotiating Conflict
		Interviewing
		Negotiating/Interviewing as a Consultant
Section 3: The Practice of Internal Auditing
	Chapter 16: Types of Internal Audit
		Compliance Audits
		Financial Audits
		Performance and Operational Audits
		Environmental Audits
		Fraud Audits
		Quality Audits
		Program Results Audits
		IT Audits
		Application Audits
		Audits of Significant Balances and Classes of Transactions
			Inventory Audits
			Payroll Audits
		Procurement Audits
			Treasury Audits
		Impact on the Skill Mix
	Chapter 17: The internal audit process and documentation
		Objectives of Audit Service Delivery
			Planning
			Risk Assessment
		The Macroprocesses of the Internal Audit Process
			Audit Planning
			Execution
			Reporting the Results
			Evaluation
		The Management Process
			Understanding the Organization’s Business
			Establishing the Needs
			Identifying Key Activities
			Establishing Performance Objectives
			Deciding on the Control Strategies
			Evaluating and Reviewing Performance
		Implementation of the Generic Audit Process
		The Audit Process Structure
			Planning
			Execution
			Audit Testing
		Developing and Reporting Findings and Recommendations
			Findings
			Recommendations
			Reporting
			Audit Evaluation
	Chapter 18: Control and performance evaluation
		The Nature of Internal Controls
		Internal Controls
			Cost/Benefit Considerations
			Defining Performance Measurements
			Measuring Actual Performance
			Administrative vs Accounting Controls
			Internal Control Structures
	Chapter 19: Engagement Planning
		Learning objectives
		Engagement Planning
		Planning
		Unplanned Work
		Project Management
			Project Plan
			Corporate Environment and Cultural Climate
	Chapter 20: Audit reporting and follow-up
		Reporting
		Audit Reporting
		Clear Writing Techniques
		Preparing to Write
		The Basic Audit Report
		The Executive Summary
		Detailed Findings
		Polishing the Report
		Distributing the Report
		Interim Reporting
		Closing Conferences
		Follow-up Reporting
			Auditors
			The Auditee
			Executive Management
		Types of Follow-up Action
		Audit Follow-up Policies
	Chapter 21: Audit engagement tools, statistics and quantitative methods
		Audit Engagement Tools, Statistics and Quantitative Methods
		What is Sampling?
		Why Do We Sample?
		Judgmental (or Non-mathematical) Sampling
		Statistical Approach
		Sampling Risk
		Assessing Sampling Risk
		Planning a Sampling Application
			Audit Objectives
			Population Characteristics
			Deviations from the Mean
			Calculating Sample Size
		Quantitative Methods
			Trend Analysis
			Chi-square Tests
			Correlation Analysis
			Graphical Analysis
			Learning Curves
		Ratio and Regression Analysis
			Linear Programming
		Project Scheduling Techniques
			Program Evaluation Review Technique (PERT)
		Critical Path Method (CPM)
		Gantt or Bar Charts
		Simulations
Section 4: Business analysis
	Chapter 22: Corporate Governance
		International Corporate Governance Developments
		Corporate Stakeholders and Governance
		Investors, qua Owners
		Board Structure, Roles and Responsibilities
		Board Committees
		The Role of Audit Committees
			Audit Committee Responsibility for Internal Audit
		External Audit
		Internal Audit
		A Risk-based Approach to Internal Audit
		Resourcing Internal Audit
		Outsourcing Internal Audit
	Chapter 23: Financial accounting and finance
		Financial Reporting
		Auditing the Financial Reporting Process
		Appointment of External Auditor and Consultants
		Audit Plans and Co-ordination with External Audit
		External Auditors’ Use of the Work of Internal Audit
			Corporate Governance Controls
			Corporate Controls over the Financial Reporting Process
			The Financial Reporting Review Process
		Internal Controls over Financial Reporting
	Chapter 24: Cost and managerial accounting
		The Importance of Cost and Managerial Accounting Principles
		A Value Chain for Business
		The Public Sector
		Cost Accounting Principles
			Analyzing Costs and Evaluating Cost Management
			Capital Budgeting and Cost Analysis
			Quality Control Costs
	Chapter 25: The legal and regulatory environment
		The Legal and Regulatory Environment
			Impact on the Internal Auditor
			Identifying and Monitoring Non-compliance
			Internal Audit Programs to Evaluate the Effectiveness of Controls
Section 5: Information technology
	Chapter 26: Auditing InformationTechnology
		Control and Audit of Information Technology
		Some Computing Terminology
			Hardware
			Storage
			Output
			Control
			Systems of Internal Control
			General Control Objectives
			Program Control Objectives
			Batch vs Online
			Other Communication Concepts
	Chapter 27: Auditing general and application controls
		The Control Environment
			General Controls
			Application Controls
			Computer Operations Controls
			Operations Exposures
			Operations Controls
			Personnel Controls
			Supervisory Controls
			Operations Audits
			Application Controls
		Systems Controls
			Control Stages
			System Models
			Control Objectives of Business Systems
		Overall Control Objectives
	Chapter 28: Auditing systems under development
		Why Do Systems Fail?
		Systems Development
			Drawing up Requirements and Proposals
			Specifications
			Technical Specifications
			Implementation Planning
			Implementation
			Conversion Activities
			Post-implementation Review
			Systems Development Exposures
			Systems Development Controls
			SDLC Control Objectives
		Micro-based Systems
	Chapter 29: The use of CAATs in auditing computerized systems
		Computer-assisted Audit Tools and Techniques
			Standards of Evidence
			Generalized Audit Software
			Customized Audit Software
			Information Retrieval Software
			Utilities
			Online Enquiry
			Conventional Programming Languages
			Microcomputer-based Software
			Test Transaction Techniques
			Embedded Audit Modules (SCARFs – System Collection Audit Review Files)
			Review of System-level Activity
			CAATs Case Study
	Chapter 30: Auditing security and privacy
		Security
		Criteria
		User Authentication
			Bypass Mechanisms
			Auditing Operating Systems
			Auditing Communications Security
			Availability
			Threats to Confidentiality
			Threats to Data Integrity
			Spoofing (Masquerade Attacks)
			Playback of a Recording (Replay)
			Password Capture
			Brute Force Attacks
			Log Tampering
			Libel and Contentious Material
			Loss of Intellectual Property
	Chapter 31: Disaster recovery and business continuity planning
		Disasters: ‘Before and After’
			Consequences of Disruption
			Where to Start
			Disaster Recovery Processes in Place
			Testing the Disaster Recovery Plan
			Auditing the Disaster Recovery Plan
		Business Continuity Planning
			Management Responsibility for Business Continuity
			Understanding the Business
			Business Impact Analysis
			Risk Assessment
			Continuity Strategies
			Developing the Response
			Emergency Response
			Developing Business Continuity Plans
			Establishing a Business Continuity Culture
			Testing the Business Continuity Plan
			Maintenance of the Plan
			Auditing the Plan
	Chapter 32: Auditing e-commerce and the Internet
		Changing the World
		e-Commerce
			What is e-Commerce?
			Impact on Accounting and Auditing
			The Changing Business Environment
			Technology
			Example Audit and Control Issues in EDI
			The Impact on Auditing and Audits
			Future Directions in e-Commerce Auditing
			Conclusion
		The Internet
			Internet Communication
			Connecting to the Internet
			Finding Information on the Internet
			Internet Security
			Internet/Intranet Security
			e-Commerce over the Internet
	Chapter 33: Current and emerging technology issues for internal auditors
		IT Audit Approach and Methodology
		IT Governance
		Project Management
		Outsourcing
		Cloud Computing
		Smart Mobility
		Social Media
		Advanced Persistent Threats and Targeted Cyber Attacks
Section 6: Fraud and forensic auditing
Chapter 34: Fraud auditing
	Fraud Detection and Identification
	The Context of Fraud
		Misrepresentation of Material Facts
		Concealment of Material Facts
		Larceny
		Obtaining Fraudulent Loans
		Unsolicited Orders
		Advance Fees
		Bribery
		Theft of Trade Secrets
		Conflicts of Interest
		Breach of Fiduciary Duty
		Embezzlement
		False Claims
		Extortion
		Conspiracy
		Lapping
		Kiting
		Fraudulent Affiliations
	Red Flags for Fraud
	Payroll
	Cash Handling
	Purchasing
		Accounts Payable
		Accounts Receivable
	Personal Fraud Indicators
	Triggering Events
	Fraud Prevention
		The Role of a Forensic Auditor
		Responsibilities for Fraud Detection and Prevention
		Fraud Prevention
		Fighting Corruption
	Codes of Conduct
	Internal Audit
Chapter 35: Forensic Evidence
	Courts and the Administration of Justice
		Constitutional Court
		Supreme Court of Appeal
		High Court
		Magistrates’ Courts and Other Courts
	Forensic Evidence
	What Constitutes Best Evidence?
		Chain of Custody
		Forensic Examination
	Forensic Audit Department
	Polygraph Testing
Chapter 36: Conducting fraud investigations
	What are Fraud Investigations?
	Elements Required to Establish Evidence of Theft
	The Power of the Investigator
	Corporate Investigation
	Lies, Lies and More Lies
	Detecting Lies
	Chapter 37: IT fraud investivation
	The Exponential Growth of Computer Crime
	Classification of Computer Fraud
	The Investigation of IT frauds
		Pre-incident Preparation
		Detection of Incidents
		Initial Response
		Forensic Back-ups
		Investigation
		Network Monitoring
		Recovery
		Reporting and follow-up
Appendices
Appendix A: Internal Auditors’ Guidelines
Appendix B: Sample Audit Committee Charter
Appendix C: Sample Internal Audit Charter
Appendix D: Working Papers
Appendix E: General Standards of Completion
Appendix F: Sample Working Papers
Appendix G: Sample Job Descriptions
Appendix H: Sample Engagement Contract
Appendix I: Sample Audit Program
Appendix J: Sample Audit Report
Index