The first edition of
The Internal Auditing Handbook received wide acclaim from readers and became established as one of the definitive publications on internal auditing. The second edition was released soon after to reflect the rapid progress of the internal audit profession. There have been a number of significant changes in the practice of internal auditing since publication of the second edition and this revised third edition reflects those changes. The third edition of
The Internal Auditing Handbook retains all the detailed material that formed the basis of the second edition and has been updated to reflect the Institute of Internal Auditor’s (IIA) International Standards for the Professional Practice of Internal Auditing. Each chapter has a section on new developments to reflect changes that have occurred over the last few years. The key role of auditors in reviewing corporate governance and risk management is discussed in conjunction with the elevation of the status of the chief audit executive and heightened expectations from boards and audit committees. Another new feature is a series of multi-choice questions that have been developed and included at the end of each chapter.
This edition of The Internal Auditing Handbook will prove to be an indispensable reference for both new and experienced auditors, as well as business managers, members of audit committees, control and compliance teams, and all those who may have an interest in promoting corporate governance.
List of Abbreviations xi
Foreword to Second Edition xv
Acknowledgements xvii
1 Introduction 1
Introduction 1
1.1 Reasoning behind the Book 2
1.2 The IIA Standards and Links to the Book 3
1.3 How to Navigate around the Book 4
1.4 The Handbook as a Development Tool 7
1.5 The Development of Internal Auditing 7
Summary and Conclusions 19
References 21
2 Corporate Governance Perspectives 23
Introduction 23
2.1 The Agency Concept 24
2.2 Corporate Ethics and Accountability 29
2.3 International Scandals and their Impact 39
2.4 Models of Corporate Governance 47
2.5 Putting Governance into Practice 73
2.6 The External Audit 87
2.7 The Audit Committee 120
2.8 Internal Audit 136
2.9 The Link to Risk Management and Internal Control 141
2.10 Reporting on Internal Controls 142
2.11 New Developments 146
Summary and Conclusions 159
Assignment Questions 161
Multi-choice Questions 161
References 168
3 Managing Risk 173
Introduction 173
3.1 What Is Risk? 175
3.2 The Risk Challenge 176
3.3 Risk Management and Residual Risk 179
3.4 Mitigation through Controls 182
3.5 Risk Registers and Appetites 186
3.6 The Risk Policy 192
3.7 Enterprise-wide Risk Management 203
3.8 Control Self-assessment 213
3.9 Embedded Risk Management 218
3.10 The Internal Audit Role in Risk Management 221
3.11 New Developments 230
Summary and Conclusions 236
Assignment Questions 237
Multi-choice Questions 238
References 242
4 Internal Controls 245
Introduction 245
4.1 Why Controls? 245
4.2 Control Framework – COSO 255
4.3 Control Framework – CoCo 264
4.4 Other Control Models 267
4.5 Links to Risk Management 272
4.6 Control Mechanisms 274
4.7 Importance of Procedures 285
4.8 Integrating Controls 287
4.9 The Fallacy of Perfection 289
4.10 Internal Control Awareness Training 292
4.11 New Developments 299
Summary and Conclusions 301
Assignment Questions 302
Multi-choice Questions 303
References 309
5 The Internal Audit Role 311
Introduction 311
5.1 Why Auditing? 311
5.2 Defining Internal Audit 313
5.3 The Audit Charter 325
5.4 Audit Services 334
5.5 Independence 340
5.6 Audit Ethics 355
5.7 Police Officer versus Consultant 363
5.8 Managing Expectations through Web Design 382
5.9 Audit Competencies 386
5.10 Training and Development 393
5.11 New Developments 403
Summary and Conclusions 410
Assignment Questions 412
Multi-choice Questions 412
References 420
6 Professionalism 421
Introduction 421
6.1 Audit Professionalism 421
6.2 Internal Auditing Standards 429
6.3 Due Professional Care 453
6.4 Professional Consulting Services 457
6.5 The Quality Concept 459
6.6 Defining the Client 469
6.7 Internal Review and External Review 470
6.8 Tools and Techniques 478
6.9 Marketing the Audit Role 483
6.10 Continuous Improvement 491
6.11 New Developments 494
Summary and Conclusions 495
Assignment Questions 497
Multi-choice Questions 497
References 502
7 The Audit Approach 505
Introduction 505
7.1 The Systems Approach 506
7.2 Control Risk Self-assessment (CRSA) 523
7.3 Facilitation Skills 531
7.4 Integrating Self-assessment and Audit 539
7.5 Fraud Investigations 543
7.6 Information Systems Auditing 586
7.7 Compliance 636
7.8 VFM, Social and Financial Audits 642
7.9 The Consulting Approach 653
7.10 The ‘Right’ Structure 669
7.11 New Developments 675
Summary and Conclusions 677
Assignment Questions 677
Multi-choice Questions 678
References 694
8 Setting an Audit Strategy 697
Introduction 697
8.1 Risk-based Strategic Planning 698
8.2 Resourcing the Strategy 714
8.3 Managing Performance 722
8.4 Dealing with Typical Problems 737
8.5 The Audit Manual 745
8.6 Delegating Audit Work 758
8.7 Audit Information Systems 761
8.8 Establishing a New Internal Audit Shop 771
8.9 The Outsourcing Approach 778
8.10 The Audit Planning Process 789
8.11 New Developments 802
Summary and Conclusions 807
Assignment Questions 810
Multi-choice Questions 811
References 825
9 Audit Field Work 827
Introduction 827
9.1 Planning the Audit 827
9.2 Interviewing Skills 839
9.3 Ascertaining the System 858
9.4 Evaluation 864
9.5 Testing Strategies 877
9.6 Evidence and Working Papers 896
9.7 Statistical Sampling 909
9.8 Reporting Results of the Audit 920
9.9 Formal Presentations 953
9.10 Audit Committee Reporting 960
9.11 New Developments 964
Summary and Conclusions 970
Assignment Questions 973
Multi-choice Questions 974
References 1006
10 Meeting the Challenge 1009
Introduction 1009
10.1 The New Dimensions of Internal Auditing 1009
10.2 The Audit Reputation 1010
10.3 Globalization 1012
10.4 Examples 1014
10.5 Meeting the Challenge 1015
Summary and Conclusions 1023
Multi-choice Questions 1024
References 1025
Appendix A Induction/Orientation Programme 1027
Appendix B CRSA Best Practice Guide 1029
Appendix C A Poem by Professor Gerald Vinten 1033
Appendix D Analytical Techniques by Sue Seamour 1037
Appendix E Multi-choice Questions: Answer Guide 1041
Index 1057