CIA Part 1 Table of Contents

Table of Contents

Exam Introduction ..............................................................................................................1

Section I – Foundations of Internal Auditing (15%) ........................................................3

Study Unit 1: A. Mission, Definition and Principles of Internal Audit ............................4
The Core Principles for the Professional Practice of Internal Auditing 6
Study Unit 2: B. The Internal Audit Charter ................................................................... 10
Study Unit 3: C. Assurance and Consulting Services................................................... 14
Study Unit 4: D. IIA Code of Ethics ................................................................................. 16
Conformance with The IIA Code of Ethics 24

Section II – Independence and Objectivity (15%) .......................................................... 26

Study Unit 5: A. Organizational Independence of the IAA ............................................ 27
Study Unit 6: B. Impairments to Independence ............................................................. 30
Study Unit 7: C. Assess Internal Auditor’s Independence ........................................... 37
Study Unit 8: D. Analyze Policies to Promote Objectivity ............................................ 38

Section III – Proficiency and Due Professional Care (18%) .......................................... 40

Study Unit 9: A. Internal Audit Proficiency .................................................................... 40
Study Unit 10: B. Competency of the Internal Auditor .................................................. 43
Study Unit 11: C. Due Professional Care ....................................................................... 47
Study Unit 12: D. Demonstrate Competency through CPD .......................................... 48

Section IV – The QAIP (7%) ............................................................................................. 50

Study Unit 13: A. Required Elements of the QAIP ......................................................... 50
The Quality Assurance Improvement Program 50
Quality in the Internal Audit Activity 51
Developing and Implementing the QAIP 52
Overview of the QAIP 52
A. The Requirements of the QAIP – Standard 1310 53
Internal Assessments – Standard 1311 55
External Assessments – Standard 1312 57
Study Unit 14: B-C. Reporting Results of the QAIP ...................................................... 61
C. Disclosure of Conformance or Nonconformance 62

Section V – Governance, Risk Management, and Control (35%) ................................. 64

Study Unit 15: A-C. Governance, Organizational Culture and Ethics .......................... 64

© HOCK international, LLC. For personal use only by original purchaser. Resale prohibited. i
Table of Contents CIA Part 1

Three Lines Model ............................................................................................................ 64

Relationships Among Core Roles 68
Applying the Model 69
Cornerstones of Good Corporate Governance – The IIA Corporate Governance Model 71
The Board of Directors 71
Stakeholders and Corporate Governance 72
The Internal Auditor’s Role in Organizational Governance 74
The Internal Auditor’s Role in Assessing Organizational Ethics 78
Ethics Advocates 80
Code of Conduct Policy 81
Study Unit 16: D. Corporate Social Responsibility ....................................................... 82
Study Unit 17: E. Concepts and Risk and Risk Management ....................................... 87
Types of Risk 89
Risk Appetite, Risk Tolerance, and Risk Capacity 90
Study Unit 18: F. Risk Management Frameworks ....................................................... 104
COSO Framework on Enterprise Risk Management 106
ISO 31000 Principles, Framework, and Process 111
Study Unit 19: G. Examining the Effectiveness of Risk Management ....................... 115
Study Unit 20: H. The Role of the IAA in Risk Management ....................................... 118
Study Unit 21: I. Internal Control Concepts and Types of Controls........................... 120
Establishing the Control Process 123
Controls in the Accounting Transaction Cycles 128
Study Unit 22: J. Internal Control Frameworks ........................................................... 136
COSO Model 136
Alternative Control Frameworks 142
Study Unit 23: K. Effectiveness and Efficiency of Internal Controls ......................... 144

Section VI – Fraud Risks (10%) ..................................................................................... 147

Study Unit 24: A Fraud Risks and Types of Fraud ...................................................... 147
Study Unit 25: B. Evaluating Potential of and Detection of Fraud ............................. 150
Study Unit 26: C. Recommend Controls and Improve Awareness ............................ 154
Study Unit 27: D. Forensic Auditing ............................................................................. 157

Appendix A: Glossary .................................................................................................... 159

Appendix B: Model Internal Audit Activity Charter ..................................................... 162
Appendix C: Discreditable Behaviors .......................................................................... 166
Appendix D: Sample Code of Conduct......................................................................... 167
Appendix E: 40 Common Forms of Fraud.................................................................... 169
Appendix F: Common Fraud Schemes from IIA Practice Guide ................................ 171

ii © HOCK international, LLC. For personal use only by original purchaser. Resale prohibited.
CIA Part 2 Table of Contents

Table of Contents

Part 2 Exam Introduction ...................................................................................................1

Section I – Managing the Internal Audit Activity .............................................................2
Study Unit 1: 1A. Policies and Procedures ......................................................................3
Study Unit 2: 1B. Administrative Activities of the Internal Audit Activity .....................9
Study Unit 3: 2A. Identify Potential Engagements ........................................................ 16
Study Unit 4: 2B. Identify a Framework for Assessing Risk ......................................... 17
Study Unit 5: 2C. Assurance Engagements ................................................................... 20
1) Risk and Control Self-assessments 20
2) Audits of Third Parties and Contract Compliance 24
3) Quality Assurance Engagements 26
4) Due Diligence Assurance Engagements 29
5) Security Engagements 30
6) Privacy Engagements 31
7) Performance Assurance Engagements 32
8) Operational Assurance Engagements 33
9) Financial Audit Engagements 34
10) Compliance Audit Engagements 40
Study Unit 6: 2D. Consulting Services ........................................................................... 42
1) Internal Control Training 46
2) Benchmarking 47
3) Business Process Mapping 49
4) Due Diligence Consulting 49
5) System Development Reviews 49
6) Privacy Consulting 50
7) Design of Performance Measurement Systems 50
8) Internal-Control Testing Consulting Engagements 51
9) Business Process Review/Re-engineering Consulting Engagements 51
Study Unit 7: 2E. Coordinate IA Efforts with Other Assurance Providers .................. 52
Study Unit 8: 3. Communicating and Reporting to Sr Mngmnt and Board ................. 59
3A. Communicate Annual Audit Plan and Obtain Board Approval 59
3B. Identify Significant Risk Exposures and Control and Governance Issues 59
3C. Report on the Effectiveness of Internal Controls & Risk Management 61
3D. Reporting Key Performance Indicators to the Board 62
Section II. Planning the Engagement ............................................................................. 67
Study Unit 9: 1A. Establish Engagement Objectives/Criteria and Scope.................... 67
The Engagement Planning Process 69
Audits of Outside Service Providers 71
Establish Engagement Objectives and Criteria, Finalize Scope 71

© HOCK international, LLC. For personal use only by original purchaser. Resale prohibited. i
Table of Contents CIA Part 2

Engagement Objectives and Criteria 72

Engagement Scope 73
Study Unit 10: 1B. Plan Engagement to Identify Key Risks and Controls .................. 74
Study Unit 11: 1C. Complete Detailed Risk Assessment of Each Audit Area ............... 75
Study Unit 12: 1D. Determine Engagement Procedures and Work Program .............. 77
Engagement Procedures 78
Selected Engagement Procedures 80
Tracing and Vouching 81
Study Unit 13: 1E. Determine Level of Resources Needed........................................... 82
Section III – Performing the Engagement ...................................................................... 84
Study Unit 14: 1A. The Preliminary Survey .................................................................... 84
Study Unit 15: 1B. Checklists and Questionnaires ....................................................... 91
Study Unit 16: 1C. Sampling and Statistical Analysis Techniques .............................. 92
Study Unit 17: 2A. Computerized Audit Tools and Techniques (CAAT).................... 105
Study Unit 18: 2B. Evaluate Relevance, Sufficiency, Reliability of Evidence ............. 110
Study Unit 19: 2C. Analytical Approaches and Process Mapping ............................. 113
Study Unit 20: 2D. Analytical Review Techniques ...................................................... 118
Study Unit 21: 2E. Working Papers and Documentation ............................................ 129
Study Unit 22: 2F. Develop Engagement Conclusions ............................................... 138
Study Unit 23: 3A. Engagement Supervision ............................................................... 139
Section IV – Communicating Results and Monitoring Progress ................................ 141
Study Unit 24: 1A. Initiate Preliminary Communication with Client .......................... 141
Study Unit 25: 1B. Demonstrate Communications Quality and Elements ................ 141
Criteria for Communicating (Elements of the Final Report) 142
What is Included in the Report 142
Guidelines for Quality Communications 144
Study Unit 26: 1C. Communicate Interim Progress .................................................... 145
Study Unit 27: 1D. Recommendations to Enhance and Protect Org. Value .............. 146
Study Unit 28: 1E. Engagement Communication and Reporting Process ................ 147
Conduct Exit Conference 147
Objectives of Exit Conference 147
Distribution of the Report 148
Communicating Sensitive Information 150
Whistleblowing 151
Legal Requirements for Disclosure of Sensitive Information 152
Study Unit 29: 1F-G. Assessing Residual Risk and Acceptance of Risk .................. 153
Study Unit 30: 2A-B. Monitoring Progress and Following-Up .................................... 154
Appendix A: Skill Assessment RACI Diagram ............................................................. 158

ii © HOCK international, LLC. For personal use only by original purchaser. Resale prohibited.
CIA Part 3 Table of Contents

Table of Contents

Exam Introduction ..............................................................................................................1

Section I – Business Acumen ...........................................................................................2

Study Unit 1: 1A. Strategic Planning Process and Key Activities .................................2
Study Unit 2: 1B. Common Performance Measures ........................................................9
Study Unit 3: 1C. Organizational Behavior .................................................................... 30
Study Unit 4: 1D. Leadership .......................................................................................... 41

Study Unit 5: 2A. Risk & Control Implications of Organizational Structures .............. 48
Study Unit 6: 2B. Risk & Control Implications of Business Processes ....................... 57
Study Unit 7: 2C. Project Management Techniques ...................................................... 72
Study Unit 8: 2D. Contracts ............................................................................................. 75

Study Unit 9: 3A. Description of Data Analytics ............................................................ 81

Study Unit 10: 3B. Explanation of Data Analytics Process .......................................... 86
Study Unit 11: 3C. Application of Data Analytics in Internal Auditing......................... 87

Section II – Information Security .................................................................................... 92

Study Unit 12: 1A. Types of Common Physical Security Controls .............................. 92
Study Unit 13: 1B. User Authentication and Authorization Controls........................... 93
Study Unit 14: 1C. Information Security Controls ......................................................... 96
Study Unit 15: 1D. Data Privacy and Data Privacy Laws ............................................ 102
Study Unit 16: 1E. Emerging Technology Practices and Their Impact ...................... 106
Study Unit 17: 1F. Cybersecurity Risks........................................................................ 114
Study Unit 18: 1G. Cybersecurity and Info-Sec Related Policies ............................... 117

Section III – Information Technology............................................................................ 119

Study Unit 19: 1A. Application and System Software ................................................. 119
Study Unit 20: 1B. Databases and Internet Terms ...................................................... 124
Study Unit 12: 1C. Key Characteristics of Software Systems .................................... 128

© HOCK international, LLC. For personal use only by original purchaser. Resale prohibited. i
Table of Contents CIA Part 3

Study Unit 22: 2A. IT Infrastructure and Networking Concepts ................................. 133
Study Unit 23: 2B. Operational Roles ........................................................................... 138
Study Unit 24: 2C. IT Control Frameworks................................................................... 139
Study Unit 25: 3A-C. Disaster Recovery....................................................................... 149

Section IV – Financial Management ............................................................................. 152

1. Financial Accounting and Finance ........................................................................... 152

Study Unit 26: 1A. Principles of Financial Accounting ............................................... 152
1 A 1. Financial Accounting Concepts and Principles 152
1 A 2. External Financial Statements 159
1 A 3. Intermediate Concepts of Financial Accounting 177
Study Unit 27: 1B. Advanced & Emerging Financial Accounting Concepts ............. 185
Study Unit 28: 1C. Interpret Financial Analysis ........................................................... 195
Study Unit 29: 1D. Revenue Cycle and Working Capital Management ...................... 216
Study Unit 30: 1E. Capital, Taxation, and Transfer Pricing ........................................ 248
1 E 1. Capital Structure 248
1 E 1. Cost of Capital 256
1 E 2. Capital Budgeting 268
1 E 3. Basic Taxation 283
1 E 4. Transfer Pricing 287

2. Managerial Accounting .............................................................................................. 295

Study Unit 31: 2A. General Concepts of Managerial Accounting .............................. 295
2 A 1. Budgeting Concepts 295
2 A 2. Cost-Volume-Profit Analysis 307
2 A 3. Responsibility Centers and Responsibility Accounting 319
2 A 4. Shared Services Cost Allocation 326
Study Unit 32: 2B. Costing Systems ............................................................................ 336
2 B 1. Cost Classifications 336
2 B 2. Cost of Goods Sold (COGS) and Cost of Goods Manufactured (COGM) 345
2 B 3. Costing Systems 347
2 B 4. Variable and Absorption Costing for Manufacturing Costs 368
Study Unit 33: 2C. Costs and their Use in Decision Making....................................... 374

Appendix A – Time Value of Money Concepts (Present/Future Value) ..................... 386

ii © HOCK international, LLC. For personal use only by original purchaser. Resale prohibited.