Tài liệu THE ESSENTIAL HANDBOOK OF INTERNAL AUDITING pptx

THE ESSENTIAL HANDBOOK

OF INTERNAL AUDITING

K H Spencer Pickett

THE ESSENTIAL HANDBOOK

OF INTERNAL AUDITING

THE ESSENTIAL HANDBOOK

OF INTERNAL AUDITING

K H Spencer Pickett

Copyright  2005 K. H. Spencer Pickett

Published in 2005 by John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester,

West Sussex PO19 8SQ, England

Telephone (+44) 1243 779777

Email (for orders and customer service enquiries): [email protected]

Visit our Home Page on www.wiley.com

All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system or

transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or

otherwise, except under the terms of the Copyright, Designs and Patents Act 1988 or under the terms of a

licence issued by the Copyright Licensing Agency Ltd, 90 Tottenham Court Road, London W1T 4LP, UK,

without the permission in writing of the Publisher. Requests to the Publisher should be addressed to the

Permissions Department, John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex

PO19 8SQ, England, or emailed to [email protected], or faxed to (+44) 1243 770620.

This publication is designed to provide accurate and authoritative information in regard to the subject

matter covered. It is sold on the understanding that the Publisher is not engaged in rendering professional

services. If professional advice or other expert assistance is required, the services of a competent

professional should be sought.

Other Wiley Editorial Offices

John Wiley & Sons Inc., 111 River Street, Hoboken, NJ 07030, USA

Jossey-Bass, 989 Market Street, San Francisco, CA 94103-1741, USA

Wiley-VCH Verlag GmbH, Boschstr. 12, D-69469 Weinheim, Germany

John Wiley & Sons Australia Ltd, 33 Park Road, Milton, Queensland 4064, Australia

John Wiley & Sons (Asia) Pte Ltd, 2 Clementi Loop #02-01, Jin Xing Distripark, Singapore 129809

John Wiley & Sons Canada Ltd, 22 Worcester Road, Etobicoke, Ontario, Canada M9W 1L1

Wiley also publishes its books in a variety of electronic formats. Some content that appears

in print may not be available in electronic books.

Library of Congress Cataloging-in-Publication Data:

Pickett, K. H. Spencer.

The essential handbook of internal auditing / K. H. Spencer Pickett.

p. cm.

Condensed version of: Internal auditing handbook. 2nd ed. c2003.

Includes bibliographical references and index.

ISBN-13 978-0-470-01316-8 (pbk. : alk. paper)

ISBN-10 0-470-01316-8 (pbk. : alk. paper)

1. Auditing, Internal. I. Pickett, K. H. Spencer. Internal auditing

handbook. II. Title.

HF5668.25.P53 2005

657

.458—dc21

2005004185

British Library Cataloguing in Publication Data

A catalogue record for this book is available from the British Library

ISBN-13 978-0-470-01316-8 (PB)

ISBN-10 0-470-01316-8 (PB)

Typeset in 9.5/12pt Gill Sans Light by Laserwords Private Limited, Chennai, India

Printed and bound in Great Britain by Antony Rowe Ltd, Chippenham, Wiltshire

This book is printed on acid-free paper responsibly manufactured from sustainable forestry

in which at least two trees are planted for each one used for paper production.

CONTENTS ix

Summary and Conclusions 151

Chapter 6: Multi-Choice Questions 151

References 154

7 The Audit Approach 155

Introduction 155

7.1 The Systems Approach 155

7.2 Control Risk Self-Assessment (CRSA) 158

7.3 Facilitation Skills 162

7.4 Integrating Self-Assessment and Audit 162

7.5 Fraud Investigations 163

7.6 Information Systems Auditing 173

7.7 The Consulting Approach 177

7.8 Compliance 181

7.9 Value for Money 182

7.10 The ‘Right’ Structure 182

Summary and Conclusions 183

Chapter 7: Multi-Choice Questions 183

References 185

8 Setting an Audit Strategy 187

Introduction 187

8.1 Risk-Based Strategic Planning 187

8.2 Resourcing the Strategy 189

8.3 Managing Performance 190

8.4 Dealing with Typical Problems 192

8.5 The Audit Manual 193

8.6 Delegating Audit Work 196

8.7 Audit Information Systems 198

8.8 Establishing a New Internal Audit Shop 202

8.9 The Outsourcing Approach 203

8.10 The Audit Planning Process 204

Summary and Conclusions 208

Chapter 8: Multi-Choice Questions 208

References 210

9 Audit Field Work 211

Introduction 211

9.1 Planning the Audit 211

9.2 Interviewing Skills 218

9.3 Ascertaining the System 221

9.4 Evaluation 227

9.5 Testing Strategies 235

9.6 Evidence and Working Papers 240

9.7 Statistical Sampling 241

9.8 Reporting Results of the Audit 251

9.9 Audit Committee Reporting 260

9.10 A Risk-Based Audit Approach (RaCE) 262

This book is dedicated to the memory

of my father, Harry Pickett

CONTENTS

List of abbreviations xi

1 Introduction 1

Introduction 1

1.1 Reasoning behind the Book 1

1.2 The IIA Standards and Links to the Book 1

1.3 How to Navigate around the Book 2

1.4 The Handbook as a Development Tool 3

1.5 The Development of Internal Auditing 3

Summary and Conclusions 8

Chapter 1: Multi-Choice Questions 8

References 9

2 Corporate Governance Perspectives 11

Introduction 11

2.1 The Agency Concept 11

2.2 Corporate Ethics and Accountability 14

2.3 International Scandals and their Impact 17

2.4 Models of Corporate Governance 21

2.5 Putting Governance into Practice 27

2.6 The External Audit 29

2.7 The Audit Committee 37

2.8 Internal Audit 41

2.9 The Link to Risk Management and Internal Control 43

2.10 Reporting on Internal Controls 44

Summary and Conclusions 47

Chapter 2: Multi-Choice Questions 47

References 49

3 Managing Risk 53

Introduction 53

3.1 What is Risk? 54

3.2 The Risk Challenge 54

3.3 Risk Management and Residual Risk 56

3.4 Mitigation through Controls 58

3.5 Risk Registers and Appetites 60

3.6 The Risk Policy 63

3.7 Enterprise-Wide Risk Management 68

3.8 Control Self-Assessment 74

3.9 Embedded Risk Management 76

3.10 The Internal Audit Role in Risk Management 77

viii CONTENTS

Summary and Conclusions 81

Chapter 3: Multi-Choice Questions 81

References 83

4 Internal Controls 85

Introduction 85

4.1 Why Controls? 85

4.2 Control Framework—COSO 89

4.3 Control Framework—CoCo 93

4.4 Other Control Models 94

4.5 Links to Risk Management 97

4.6 Control Mechanisms 97

4.7 Importance of Procedures 100

4.8 Integrating Controls 102

4.9 The Fallacy of Perfection 103

4.10 Internal Control Awareness Training 103

Summary and Conclusions 105

Chapter 4: Multi-Choice Questions 105

References 107

5 The Internal Audit Role 109

Introduction 109

5.1 Why Auditing? 109

5.2 Defining Internal Audit 109

5.3 The Audit Charter 113

5.4 Audit Services 115

5.5 Independence 117

5.6 Audit Ethics 119

5.7 Police Officer versus Consultant 121

5.8 Managing Expectations through Web Design 124

5.9 Audit Competencies 125

5.10 Training and Development 127

Summary and Conclusions 128

Chapter 5: Multi-Choice Questions 128

Reference 131

6 Professionalism 133

Introduction 133

6.1 Audit Professionalism 133

6.2 Internal Auditing Standards 134

6.3 Due Professional Care 143

6.4 Professional Consulting Services 143

6.5 The Quality Concept 145

6.6 Defining the Client 145

6.7 Internal Review and External Review 146

6.8 Marketing the Audit Role 148

6.9 Audit Feedback Questionnaire 150

6.10 Continuous Improvement 150

x CONTENTS

Summary and Conclusions 265

Chapter 9: Multi-Choice Questions 265

References 270

10 Meeting the challenge 271

Introduction 271

10.1 The New Dimensions of Internal Auditing 271

10.2 Globalization 272

10.3 The Changing Auditor 272

10.4 Meeting the Challenge 273

10.5 Ten Little Maxims 273

Summary and Conclusions 274

Chapter Ten: Multi-Choice Questions 274

References 276

Appendix A Suggested Answers 277

Appendix B Candidate’s Answers 279

Index 281

LIST OF ABBREVIATIONS

AC Audit Committee

ACCA Association of Chartered Certified Accountants

AICPA American Institute of Certified Public Accountants

AO Accounting Officer

APA Audit Policy and Advice

APB Auditing Practices Board

BBC British Broadcasting Corporation

BCCI Bank of Credit and Commerce International

CBI Confederation of British Industry

CCAB Consultative Committee of Accounting Bodies

CCTV Closed Circuit Television

CEO Chief Executive Officer

CFO Chief Finance Officer

CG Corporate Governance

CICA Canadian Institute of Chartered Accountants

CIMA Chartered Institute of Management Accountants

CIPFA Chartered Institute of Public Finance and Accountancy

CISA Certified Information Systems Auditor

COBIT Control Objectives for Information and Related Technology

CoCo Criteria of Control

COSO Committee of Sponsoring Organizations of the Treadway Commission

CPA Certified Public Accountant

CRO Chief Risk Officer

CRSA Control Risk Self-Assessment

CSA Control Self-Assessment

DA District Audit

DF Director of Finance

DTI Department of Trade and Industry

EA External Audit

FCO Foreign and Commonwealth Office

GAAP Generally Accepted Accounting Policies

HMT Her Majesty’s Treasury

HR Human Resources

IA Internal Audit

ICAEW Institute of Chartered Accountants in England and Wales

IIA Institute of Internal Auditors

IIA Inc. Institute of Internal Auditors Incorporated (USA)

IIA.UK&Ireland Institute of Internal Auditors in the United Kingdom and Ireland

IoD Institute of Directors

IS Information Systems

xii LIST OF ABBREVIATIONS

ISO International Standards Organization

IT Information Technology

KPI Key Performance Indicators

LSE London Stock Exchange

MIS Management Information Systems

NAO National Audit Office

NED Non-Executive Director

NHS National Health Service

PC Personal Computer

PI Performance Indicators

PPF Professional Practices Framework

PR Public Relations

PwC PricewaterhouseCoopers

QA Quality Assurance

RM Risk Management

SE Stock Exchange

SEC Securities and Exchange Commission

SEE Social, Ethical and Environmental

SIC Statement on Internal Control

TI Transparency International

UK United Kingdom

USA United States of America

VFM Value for Money