Preface ix CIA Exam Content Syllabus and Specifications xi CIA Exam-Taking Tips xviii Professional Standards 1 Performance Standards 2 Domain 1: Managing the Internal Audit Activity (20%) 26 Internal Audit Operations 27 Risk-Based Internal Audit Plan 39 Assurance Engagements 51 Consulting Engagements 285 Coordination between Internal Auditors and Others 341 Communicating and Reporting 357 Domain 2: Planning the Engagement (20%) 366 Objectives and Scope of Audit Engagement 367 Risk Assessment for Auditable Areas 375 Engagement Work Program 391 Audit Resources for Audit Engagements398 Domain 3: Performing the Engagement (40%) 400 Information-Gathering Tools and Techniques 401 Sampling Methods and Statistical Analysis 417 Data Analysis and Evaluation Techniques 470 Audit Analytics 503 Audit and Legal Evidence 549 Audit Workpapers 556 Engagement Supervision 561 Domain 4: Communicating Results and Monitoring Progress (20%) 565 Communication Quality and Elements 566 Audit Reporting Process 587 Residual Risk and Risk Acceptance 592 Monitoring Audit Progress 598 Appendix Risks to Internal Audit Activity 603 The IIA's Three-Lines-of-Defense Model 611 Audit Metrics and Key Performance Indicators 616 Characteristics of Effective Auditors and Audit Function 622 Sarbanes-Oxley Act of 2002 636 About the Author 649 Index 651.