2006考试大纲第二部分:实施内部审计业务
<STRONG>2006考试大纲第二部分:实施内部审计业务</STRONG><DIV><STRONG>2006考试大纲 第二部分:实施内部审计业务<BR><BR></STRONG>
<P><STRONG>Part II - Conducting the Internal Audit Engagement<BR>第二部分 – 实施内部审计业务</STRONG><BR><BR>A. Conduct Engagements (25 - 35 percent) (Proficiency Level) </P>
<P>实施审计业务 (25 – 35%) (要求熟练掌握)</P>
<P> </P>
<P>1. Research and apply appropriate standards: </P>
<P>研究和采用适当的标准: </P>
<P>a. IIA Professional Practices Framework (e.g., Code of Ethics, Standards, Practice Advisories)</P>
<P>IIA 职业实务框架(如,《道德规范》、《标准》、《实务公告》);</P>
<P>b. Other professional., legal, and regulatory standards</P>
<P>其他职业的、法律的和法规的标准;</P>
<P>2. Maintain awareness of potential for fraud when conducting an engagement</P>
<P>在实施审计业务时,要保持防范潜在舞弊的意识:</P>
<P>a. Notice indicators or symptoms of fraud</P>
<P>注意舞弊的迹象和征兆;</P>
<P>b. Design appropriate engagement steps to address significant risk of fraud</P>
<P>设计适当的审计业务步骤以应对重大的舞弊风险;</P>
<P>c. Employ audit tests to detect fraud</P>
<P>采用审计测试以发现舞弊;</P>
<P>d. Determine if any suspected fraud merits investigation</P>
<P>确定是否应对任何可疑的舞弊进行调查</P>
<P>3. Collect data.</P>
<P>收集数据。</P>
<P>4. Evaluate the relevance, sufficiency, and competence of evidence.</P>
<P>评估证据的相关性、充分性和适当性。</P>
<P>5. Analyze and interpret data.</P>
<P>分析和解释数据。</P>
<P>6. Develop workpapers.</P>
<P>编制工作底稿。</P>
<P>7. Review workpapers.</P>
<P>复核工作底稿。</P>
<P>8. Communicate interim progress.</P>
<P>沟通中期进展情况。</P>
<P>9. Draw conclusions.</P>
<P>得出结论。</P>
<P>10. Develop recommendations when appropriate.</P>
<P>在适当的时候编制建议书。</P>
<P>11. Report engagement results</P>
<P>报告审计业务结果:</P>
<P>a. Conduct exit conference</P>
<P>召开退出会议;</P>
<P>b. Prepare report or other communication</P>
<P>编制审计报告或其他沟通文件;</P>
<P>c. Approve engagement report</P>
<P>批准审计业务报告;</P>
<P>d. Determine distribution of report</P>
<P>确定审计报告的分发;</P>
<P>e. Obtain management response to report</P>
<P>取得管理层对报告的反馈意见;</P>
<P>12. Conduct client satisfaction survey.</P>
<P>实施顾客满意度调查。</P>
<P>13. Complete performance appraisals of engagement staff.</P>
<P>完成审计业务人员的业绩评价。</P>
<P>B. Conduct Specific Engagements (25 - 35 percent) (Proficiency Level)<BR>实施具体审计业务 (25 - 35 %)(要求熟练掌握)</P>
<P>1. Conduct assurance engagements.</P>
<P>实施保证业务:</P>
<P>a. Fraud investigation.</P>
<P>舞弊调查。</P>
<P>1) Determine appropriate parties to be involved with investiagion</P>
<P>确定调查的适当对象;</P>
<P>2) Establish facts and extent of fraud (e.g., interviews, interrogations, and data analysis)</P>
<P>证实舞弊事实和程度(如,面谈、讯问和数据分析);</P>
<P>3) Report outcomes to apprpriate parties</P>
<P>向适当方面报告结果;</P>
<P>4) Complete a process review to improve controls to prevent fraud and recommend changes</P>
<P>对过程进行检查以改善预防舞弊的控制,并提出改进建议。</P>
<P>b. Risk and control self-assessment</P>
<P>风险和控制自我评价。</P>
<P>1) Facilitated approach</P>
<P>促进方法</P>
<P>(a) Client-facilitated</P>
<P>审计业务客户自我促进</P>
<P>(b) Audit-facilitated</P>
<P>审计促进</P>
<P>2) Questionnaire approach</P>
<P>调查问卷方法</P>
<P>3) Self-certification approach</P>
<P>自我认证方法</P>
<P>c. Audits of third parties.</P>
<P>第三方的审计。</P>
<P>d. Quality audit engagements.</P>
<P>质量审计业务。</P>
<P>e. Due diligence audit engagements.</P>
<P>尽职调查审计业务。</P>
<P>f. Security audit engagements.</P>
<P>安全审计业务。</P>
<P>g. Privacy audit engagements.</P>
<P>保密审计业务。</P>
<P>h. Performance (key performance indicators) audit engagements</P>
<P>绩效(主要绩效指标)审计业务</P>
<P>i. Operational (efficiency and effectiveness) audit engagements</P>
<P>经营(效率和效果)审计业务</P>
<P>j. Financial audit engagements.</P>
<P>财务审计业务。</P>
<P>k. Information technology (IT) audit engagements.</P>
<P>信息技术 (IT) 审计业务。</P>
<P>1) Operating systems</P>
<P>操作系统</P>
<P>(a) Mainframe</P>
<P>大型机</P>
<P>(b) Workstations</P>
<P>工作站</P>
<P>(c) Server</P>
<P>服务器</P>
<P>2) Application development</P>
<P>应用软件开发</P>
<P>(a) Application authentication</P>
<P>应用软件认证</P>
<P>(b) Systems development methodology</P>
<P>系统开发方法学</P>
<P>(c) Change control</P>
<P>变动控制</P>
<P>(d) End user computing</P>
<P>终端用户计算</P>
<P>3) Data and network communications</P>
<P>数据和网络通讯</P>
<P>4) Voice communications</P>
<P>语音通讯</P>
<P>5) System security (e.g., firewalls, access control)</P>
<P>系统安全(如,防火墙、访问控制)</P>
<P>6) Contingency planning</P>
<P>应急计划</P>
<P>7) Databases</P>
<P>数据库</P>
<P>8) Data center operations</P>
<P>数据中心运行</P>
<P>9) Web infrastructure</P>
<P>Web基础设施</P>
<P>10) Software licensing</P>
<P>软件许可</P>
<P>11) Electronic funds transfer (EFT) and Electronic data interchange (EDI)</P>
<P>电子资金转帐<BR> 12) e-Commerce</P>
<P>电子商务<BR> 13) Information protection (e.g., viruses, privacy)</P>
<P>信息防护(如:病毒、保密)<BR> 14) Encryption</P>
<P>加密<BR> 15) Enterprise-wide resource planning (ERP) software (e.g., SAP R/3)</P>
<P>企业资源计划软件(如:SAP R/3)</P>
<P>2. Conduct consulting engagements</P>
<P>实施咨询业务。</P>
<P>a. Internal control training</P>
<P>内部控制培训</P>
<P>b. Business process review</P>
<P>业务流程检查</P>
<P>c. Benchmarking</P>
<P>基准比较法</P>
<P>d. Information technology (IT) and systems development</P>
<P>信息技术 (IT) 与系统开发</P>
<P>e. Design of performance measurement systems</P>
<P>业绩测评系统的设计</P>
<P>C. Monitor Engagement Outcomes (5 - 15 percent)(Proficiency Level)<BR>监督审计业务结果 (5 – 15%)(要求熟练掌握)</P>
<P>1. Determine appropriate follow-up activity by the internal audit activity</P>
<P>根据内部审计结果确定适当的跟踪活动。</P>
<P>2. Identify appropriate method to monitor engagement outcomes</P>
<P>确认监督审计业务结果的适当方法。</P>
<P>3. Conduct follow-up activity</P>
<P>实施跟踪活动。</P>
<P>4. Communicate monitoring plan and results</P>
<P>沟通监督计划和结果。</P>
<P> </P>
<P>D. Fraud Knowledge Elements (5 - 15 percent)<BR>舞弊知识要点(5 – 15%)</P>
<P>1. Discovery sampling (Awareness Level)</P>
<P>发现抽样。(要求了解)</P>
<P>2. Interrogation techniques (Awareness Level)</P>
<P>讯问技术。(要求了解)</P>
<P>3. Forensic auditing (Awareness Level)</P>
<P>司法鉴定审计。(要求了解)</P>
<P>4. Legal hazards (Awareness Level)</P>
<P>法律漏洞。(要求了解)</P>
<P>5. Use of computers in analyzing data (Proficiency Level)</P>
<P>利用计算机分析数据。(要求熟练掌握)</P>
<P>6. Red flags (Proficiency Level)</P>
<P>红旗标志。(要求熟练掌握)</P>
<P>7. Types of fraud (Proficiency Level)</P>
<P>舞弊类型。(要求熟练掌握)</P>
<P><BR>E. Engagement Tools (15 - 25 percent)<BR>审计业务手段 (15 - 25 %) </P>
<P>1. Sampling (Awareness Level)</P>
<P>抽样。(要求了解)</P>
<P>a. Nonstatistical (judgmental)</P>
<P>非统计 (判断)</P>
<P>b. Statistical</P>
<P>统计</P>
<P>2. Statistical analyses (process control techniques) (Awareness Level)</P>
<P>统计分析 (过程控制技术)。(要求了解)</P>
<P>3. Data gathering tools (Proficiency Level)</P>
<P>数据收集手段。(要求熟练掌握)</P>
<P>a. Interviewing</P>
<P>面谈</P>
<P>b. Questionnaires</P>
<P>调查问卷</P>
<P>c. Checklists</P>
<P>检查清单</P>
<P>4. Analytical review techniques (Proficiency Level)</P>
<P>分析性复核技术。(要求熟练掌握)</P>
<P>a. Ratio estimation</P>
<P>比率估计</P>
<P>b. Variance analysis (e.g., budget vs. actual)</P>
<P>变量分析 (如,预算与实际相比较)</P>
<P>c. Other reasonableness tests</P>
<P>其他合理性测试</P>
<P>5. Observation (Proficiency Level)</P>
<P>观察。(要求熟练掌握)</P>
<P>6. Problem solving. (Proficiency Level)</P>
<P>解决问题。(要求熟练掌握)</P>
<P>7. Risk and control self-assessment (CSA) (Awareness Level)</P>
<P>风险和控制的自我评价 (CSA)。(要求了解)</P>
<P>8. Computerized audit tools and techniques (Proficiency Level)</P>
<P>计算机审计工具和技术。(要求熟练掌握)</P>
<P>a. Embedded audit modules</P>
<P>嵌入式审计模块</P>
<P>b. Data extraction techniques</P>
<P>数据提取技术</P>
<P>c. Generalized audit software (e.g., ACL, IDEA)</P>
<P>通用审计软件 (例如,ACL, IDEA)</P>
<P>d. Spreadsheet analysis</P>
<P>电子表格分析</P>
<P>e. Automated workpapers (e.g., Lotus Notes, Auditor Assistant)</P>
<P>自动化工作底稿 (例如,Lotus Notes,Auditor Assistant)</P>
<P>9. Process mapping including flowcharting (Proficiency Level)</P>
<P>过程描述,包括流程图。(要求熟练掌握)</P></DIV> bucuo DD cool
页:
[1]