Preface xi CIA Exam Content Syllabus and Specifications xiii CIA Exam-Taking Tips xviii Professional Standards (100%) 1 Attribute Standards 2 Performance Standards 22 Domain 1: Foundations of Internal Auditing (15%) 28 Mission of Internal Audit 28 Definition of Internal Auditing 29 Core Principles 32 Internal Audit Charter 34 Types of Audit Services 40 IIA's Code of Ethics 42 Roles and Responsibilities of Management 45 Domain 2: Independence and Objectivity (15%) 46 Independence Defined 47 Factors Threatening and Supporting Independence 51 Objectivity Defined 56 Factors Threatening and Supporting Objectivity 57 Policies to Promote Objectivity 66 Domain 3: Proficiency and Due Professional Care (18%) 68 Proficiency Defined 69 Competency Defined 70 Due Professional Care Defined 74 Continuing Professional Development 75 Professional Judgment and Competence 77 Competency Levels for Internal Auditors 80 Domain 4: Quality Assurance and Improvement Program (7%) 99 Required Elements 100 Reporting Requirements 108 Conformance versus Nonconformance 110 TQM in Internal Audit Operations 112 Domain 5: Governance, Risk Management, and Control (35%) 115 Governance Principles, Components, and Problems 117 Governance Models and Frameworks 126 Roles of the Board of Directors 140 Characteristics of Effective and Ineffective Boards 142 Roles of Executives and Officers 146 Roles of the Audit Committee 148 Roles of Internal Auditors in Corporate Governance, Risk Management, and Control Processes 150 Roles of Board-Level Committees 151 Roles and Rights of Shareholders and Stakeholders 153 Scope of Board-Level Audits 163 Organizational Culture 169 Organizational Ethics 180 Risk Concepts, Risk Types, and Risk Management Processes 199 Globally Accepted Risk Management Frameworks 235 Effectiveness of Risk Management 269 Internal Audit's Role in the Risk Management Processes 274 Internal Control Concepts and Types of Controls 281 Globally Accepted Internal Control Frameworks 305 Effectiveness and Efficiency of Internal Controls 326 Compliance Management 333 Domain 6: Fraud Risks (10%) 336 Interpretation of Fraud Risks 337 Acts, Traits, and Profiles of Fraud Perpetrators 342 Types of Fraud 347 Indicators of Fraud 360 Awareness of Fraud 366 Awareness of Fraud (continued) 367 Controls to Prevent or Detect Fraud Risks 368 Audit Tests to Detect Fraud, Including Discovery Sampling 373 Integrating Analytical Relationships to Detect Fraud 378 Interrogation or Investigative Techniques 380 Forensic Auditing and Computer Forensics 384 Use of Computers in Analyzing Data for Fraud and Crime 390 GAO's Framework for Managing Fraud Risks 393 COSO's Framework for Fraud Risk Management 400 Fraud Analytics 405 Fraud and the Internal Auditor 413 Appendix Risks to Internal Audit Activity 415 The IIA's Three-Lines-of-Defense Model 423 Audit Metrics and Key Performance Indicators 428 Characteristics of Effective Auditors and Audit Function 435 Sarbanes-Oxley Act of 2002 449 About the Author 461 Index 463.