2006考试大纲第一部分:内部审计在治理、风险和控制中的作用
<STRONG>2006考试大纲第一部分:内部审计在治理、风险和控制中的作用</STRONG><DIV><STRONG>2006考试大纲 第一部分:内部审计在治理、风险和控制中的作用<BR><BR></STRONG>
<P><STRONG>Part I - The Internal Audit Activity's Role in Governance, Risk, and Control<BR>第一部分:内部审计在治理、风险和控制中的作用</STRONG></P>
<P><FONT color=#ff0000> (注,红色是06年修订部分)</FONT></P>
<P>A. COMPLY WITH THE IIA'S ATTRIBUTE STANDARDS (15 - 25 percent) (Proficiency Level)</P>
<P>遵守国际内部审计师协会的属性标准(15-25%)(要求熟练掌握)</P>
<P>1.Define purpose, authority, and responsibility of the internal audit activity.</P>
<P>明确内部审计的宗旨、权限和职责</P>
<P><BR>a. Determine if purpose, authority, and responsibility of internal audit activity are clearly documented/approved.</P>
<P> 确定内部审计的宗旨、权限和职责是否清楚地以书面形式记录/获得批准</P>
<P>b. Determine if purpose, authority, and responsibility of internal audit activity are communicated to engagement clients.</P>
<P> 确定内部审计的宗旨、权限和职责是否通报审计业务客户</P>
<P>c. Demonstrate an understanding of the purpose, authority, and responsibility of the internal audit activity.</P>
<P> 阐明内部审计的宗旨、权限和职责</P>
<P><BR>2.Maintain independence and objectivity.</P>
<P> 保持独立性和客观性</P><BR>
<P>a. Foster independence<BR> 加强独立性</P>
<P>1) Understand organizational independence<BR> 理解机构的独立性</P>
<P>2) Recognize the importance of organizational independence<BR> 认识机构独立性的重要性</P>
<P>3) Determine if the internal audit activity is properly aligned to achieve organizational independence.<BR> 确定内部审计部门是否正确设置以获得其独立性</P>
<P>b. Foster objectivity<BR> 加强客观性</P>
<P>1) Establish policies to promote objectivity<BR> 制定政策以增进客观性</P>
<P>2) Assess individual objectivity<BR> 评估个人的客观性</P>
<P>3) Maintain individual objectivity<BR> 保持个人的客观性</P>
<P>4) Recognize and mitigate impairments to independence and objectivity<BR> 识别和减轻对独立性和客观性的损害</P>
<P>
<P>3.Determine if the required knowledge, skills, and competencies are available.<BR> 确定是否具备必要的知识、技能和胜任能力</P>
<P>
<P>a. Understand the knowledge, skills, and competencies that an internal auditor needs to possess.<BR> 理解内部审计师需要具备的知识、技能和胜任能力</P>
<P>b. Identify the knowledge, skills, and competencies required to fulfill the responsibilities of the internal audit activity<BR> 确定内部审计部门履行内部审计职责所必要的知识、技能和胜任能力</P>
<P>
<P>4.Develop and/or procure necessary knowledge, skills and competencies collectively required by internal audit activity.<BR> 开发和/或取得内部审计部门整体所需要的知识、技能和胜任能力</P>
<P>
<P>5.Exercise due professional care.<BR> 运用应有的职业审慎</P>
<P>6.Promote continuing professional development.<BR> 促进持续专业发展</P>
<P>
<P>a. Develop and implement a plan for continuing professional development for internal audit staff.<BR> 为内部审计人员制定并实施持续专业发展计划</P>
<P>b. Enhance individual competency through continuing professional development.<BR> 通过持续专业发展提高个人能力</P>
<P>
<P>7.Promote quality assurance and improvement of the internal audit activity.<BR> 促进内部审计的质量保证与改进</P>
<P>
<P>a. Establish and maintain a quality assurance and improvement program.<BR> 建立和保持质量保证与改进项目</P>
<P>b. Monitor the effectiveness of the quality assurance and improvement program.<BR> 监督质量保证与改进项目的效果</P>
<P>c. Report the results of the quality assurance and improvement program to the board or other governing body.<BR>将质量保证与改进项目的结果报告董事会或其他治理机构</P>
<P>d. Conduct quality assurance procedures and recommend improvements to the performance of the internal audit activity.</P>
<P> 实施质量保证程序并建议改善内部审计业绩</P>
<P>
<P>8. Abide by and promote compliance with the IIA Code of Ethics</P>
<P>遵守和促进对IIA《道德规范》的遵守</P>
<P>
<P>B.Establish a Risk-based Plan to Determine the Priorities of the Internal Audit Activity (15 - 25 percent) (Proficiency Level)</P>
<P>以风险为基础制定计划确定内部审计重点(15-25%)(要求熟练掌握)</P>
<P>
<P>1.Establish a framework for assessing risk.<BR>建立评估风险的框架</P>
<P> </P>
<P>2.Use the framework to:<BR> 应用该框架:</P>
<P> </P>
<P>a. Identify sources of potential engagements (e.g., audit universe, management request, regulatory mandate)<BR> 确认潜在审计业务的来源(如,进行审计域,管理层的要求,法规要求)</P>
<P>b. Assess organization-wide risk<BR> 评估组织范围内的风险</P>
<P>c. Solicit potential engagement topics from various sources<BR> 从不同来源寻求潜在审计业务</P>
<P>d. Collect and analyze data on proposed engagements<BR> 收集和分析拟审计业务的资料</P>
<P>e. Rank and validate risk priorities<BR> 对风险高低进行排序和确认</P>
<P>
<P>3.Identify internal audit resource requirements<BR> 确认内部审计资源需求</P>
<P>
<P>4.Coordinate the internal audit activity's efforts with:<BR> 与以下方面协调内部审计工作:</P>
<P> </P>
<P>a. External auditor<BR> 外部审计师</P>
<P>b. Regulatory oversight bodies<BR> 法规监督机构</P>
<P>c. Other internal assurance functions (e.g., health and safety department)<BR> 其他内部保证部门(如,卫生健康和安全部门)</P>
<P>
<P>5.Select engagements.<BR> 选择审计业务</P>
<P> </P>
<P>a. Participate in the engagement selection process<BR> 参与审计业务选择过程</P>
<P>b. Select engagements.<BR> 选择审计业务</P>
<P>c. Communicate and obtain approval of the engagement plan from board<BR> 与董事会沟通以获得其对审计业务计划的批准</P>
<P>
<P>6.Identify scope of engagements. </P>
<P> 确定审计业务范围</P>
<P> </P>
<P>C.Understand the Internal Audit Activity's Role in Organizational Governance (10 - 20 percent) (Proficiency Level)</P>
<P> 理解内部审计在公司治理中的作用(要求熟练掌握)</P>
<P>
<P>1.Obtain board's approval of audit charter<BR> 获得董事会对审计章程的批准</P>
<P>
<P>2.Communicate plan of engagements<BR> 沟通审计业务计划</P>
<P> </P>
<P>3.Report significant audit issues<BR> 报告重大审计事项</P>
<P>
<P>4.Communicate key performance indicators to board on a regular basis<BR> 定期向董事会报告主要的审计工作业绩指标</P>
<P> </P>
<P>5.Discuss areas of significant risk<BR> 讨论重大风险领域</P>
<P>
<P>6.Support board in enterprise-wide risk assessment<BR> 支持董事会开展全公司的风险评估</P>
<P> </P>
<P>7.Review positioning of the internal audit function within the risk management framework within the organization.<BR> 检查内部审计机构在组织内风险管理框架中的定位</P>
<P>
<P>8.Monitor compliance with the corporate code of conduct/business practices<BR> 监督遵守公司行为规范和商业惯例情况</P>
<P> </P>
<P>9.Report on the effectiveness of the control framework<BR> 报告控制框架的效果</P>
<P>
<P>10.Assist board in assessing the independence of the external auditor<BR> 协助董事会评估外部审计师的独立性</P>
<P>
<P>11.Assess ethical climate of the board<BR> 评估董事会的道德环境</P>
<P>
<P>12.Assess ethical climate of the organization<BR> 评估组织的道德环境</P>
<P>
<P>13.Assess compliance with policies in specific areas (e.g., derivatives)<BR> 评估在特定领域遵守政策的情况(如,衍生产品)</P>
<P>
<P>14.Assess organization's reporting mechanism to the board<BR> 评估组织向董事会报告的机制</P>
<P>
<P>15.Conduct follow-up and report on <FONT color=#ff0000>management </FONT>response to regulatory body reviews<BR><FONT color=#ff0000> 跟踪并报告管理层对法规监督机构检查结果的落实情况</FONT></P>
<P>
<P>16.Conduct follow-up and report on <FONT color=#ff0000>mangement</FONT> response to external audit<BR><FONT color=#ff0000> 跟踪并报告管理层对外部审计结果的落实情况</FONT></P>
<P>
<P>17.Assess the adequacy of the performance measurement system, achievement of corporate objective<BR> 评估业绩测评系统的充分性和整体目标的实现情况</P>
<P>
<P>18.Support a culture of fraud awareness and encourage the reporting of improprieties</P>
<P> 树立舞弊防范意识,鼓励报告不正当的行为</P>
<P> </P>
<P>D.Perform Other Internal Audit Roles and Responsibilities (0 - 10 percent) (Proficiency Level)</P>
<P> 执行其他内部审计任务和职责(0-10%)(要求熟练掌握)</P>
<P>
<P>1.Ethics/compliance</P>
<P> 道德规范/合规情况</P>
<P>
<P>a. Investigate and recommend resolution for ethics/compliance complaints<BR> 对道德规范/合规情况的投诉进行调查并提出解决办法</P>
<P>b. Determine disposition of ethics violations<BR> 确定违反道德规范的处理</P>
<P>c. Foster healthy ethical climate<BR> 培养健康的道德氛围</P>
<P>d. Maintain and administer business conduct policy (e.g., conflict of interest)<BR> 维护和管理业务行为政策(如,利益冲突)</P>
<P>e. Report on compliance<BR> 报告合规情况</P>
<P>
<P>2.Risk management<BR> 风险管理</P>
<P> </P>
<P>a. Develop and implement an organization-wide risk and control framework<BR> 建立和实施一个全组织的风险和控制框架</P>
<P>b. Coordinate enterprise-wide risk assessment<BR> 协调全公司的风险评估</P>
<P>c. Report corporate risk assessment to broad<BR> 向董事会报告公司的风险评估</P>
<P>d. Review business continuity planning process<BR> 检查经营持续性计划过程</P>
<P>
<P>3.Privacy<BR> 保密</P>
<P>
<P>a. Determine privacy vulnerabilities<BR> 确定保密的薄弱环节</P>
<P>b. Report on compliance<BR> 报告合规情况</P>
<P>
<P>4.Information or physical security<BR> 信息或物理安全</P>
<P>
<P>a. Determine security vulnerabilities<BR> 确定安全的薄弱环节</P>
<P>b. Determine disposition of security violations<BR>确定对违反安全行为的处理</P>
<P>c. Report on compliance</P>
<P> 报告合规情况</P>
<P>
<P>E.Governance, Risk, and Control Knowledge Elements (15 - 25 percent)</P>
<P> 治理,风险,和控制知识要点(15-25%)</P>
<P>
<P>1.Corporate governance<FONT color=#ff0000> principles</FONT> (Awarenss Level)<BR><FONT color=#ff0000> 公司治理的原则(要求了解)</FONT></P>
<P> </P>
<P>2.Alternative control frameworkse(Awarenss Level)<BR> 可选择的控制框架(要求了解)</P>
<P> </P>
<P>3.Risk vocabulary and concepts(Proficiency Level)<BR> 风险的词汇和概念(要求熟练掌握)</P>
<P>
<P>4.Risk management techniques(Proficiency Level)<BR> 风险管理技术(要求熟练掌握)</P>
<P>
<P>5.Risk/control implications of different organizational structures(Proficiency Level)<BR> 不同组织结构中的风险/控制内容(要求熟练掌握)</P>
<P> </P>
<P>6.Risk/control implications of different leadership styles(Awareness Level)<BR> 不同领导风格下的风险/控制内容</P>
<P> </P>
<P>7.Change management(Awareness Level)<BR> 变革管理</P>
<P> </P>
<P>8.Conflict management(Awareness Level)<BR> 冲突管理</P>
<P>
<P>9.Management control techniques(Proficiency Level)<BR> 管理控制技术</P>
<P> </P>
<P>10.Types of control (preventive, detective, input, output) (Proficiency Level)</P>
<P> 控制类型(预防型、检查型、输入、输出)</P>
<P>
<P>F.Plan Engagements (15 - 25 percent) (Proficiency Level)</P>
<P>策划审计业务(15-25%)</P>
<P>
<P>1.Initiate preliminary communication with engagement client<BR> 开展与审计业务客户的初步沟通</P>
<P> </P>
<P>2.Conduct a preliminary survey of the area of engagement<BR> 对审计业务范围实施初步调查</P>
<P>
<P>a. Obtain input from engagement client<BR> 从审计业务客户处获得信息</P>
<P>b. Perform analytical reviews<BR> 进行分析性复核</P>
<P>c. Perform benchmarking<BR> 进行基准比较</P>
<P>d. Conduct interviews<BR> 实施面谈</P>
<P>e. Review prior audit reports and other relevant documentation<BR> 查阅以前的审计报告和其他相关资料</P>
<P>f. Map processes<BR> 绘制流程图 </P>
<P>g. Develop Checklists<BR> 编制检查清单</P>
<P>
<P>3.Complete a detailed risk assessment of the area (prioritize or evaluate risk/control factors)<BR> 完成相关领域的详细风险评估(对风险/控制因素进行排序或评估)</P>
<P>4.Coordinate audit engagement efforts with<BR> 与以下方面协调审计业务工作:</P>
<P> </P>
<P>a. External auditor<BR> 外部审计师</P>
<P>b. Regulatory oversight bodies<BR> 法规监督机构</P>
<P>
<P>5.Establish/refine engagement objectives and finalize the scope of engagement.<BR> 建立/完善审计业务的目标,确定审计业务的范围</P>
<P> </P>
<P>6.Identify or develop criteria for assurance engagements (criteria against which to audit)<BR> 确认或开发保证业务的标准(审计所依照的标准)</P>
<P>
<P>7.Consider the potential for fraud when planning an engagement<BR> 在策划审计业务时考虑舞弊的潜在可能</P>
<P> </P>
<P>a. Be knowledgeable of the risk factors and red flags of fraud<BR> 理解舞弊的风险因素和危险信号</P>
<P>b. Identify common types of fraud associated with the engagement area.<BR> 确认与审计业务范围相关的一般舞弊类型 </P>
<P>c. Determine if risk of fraud requires special consideration when conducting an engagement<BR> 在实施审计业务时确定是否需要对舞弊的风险进行特殊考虑</P>
<P>
<P>8.Determine engagement procedures.<BR> 确定审计业务步骤</P>
<P>
<P>9.Determine the level of staff and resources needed for the engagement<BR> 确定审计业务所需的人员水平和资源</P>
<P> </P>
<P>10.Establish adequate planning and supervision of the engagement.<BR> 建立对审计业务充分的计划和监督</P>
<P>
<P>11.Prepare engagement work program.</P>
<P> 编制审计业务工作方案</P></DIV> 谢谢好人 ok cool
页:
[1]