The Internal Auditing Handbook 3e

K H Spencer Pickett MSc FCCA MIIA FIIA CFE ASSOC.CIPD (London, UK) is a course director specialising in internal audit, risk management and fraud awareness training. Spencer has authored 12 books published by John Wiley and Sons (Inc and UK). He is a member of ACCA Corporate Governance and Risk Management Committee, a member of ACCA Internal Audit Members Network, and is an executive committee member of the UK s Control Risk Self Assessment Forum.

List of Abbreviations xi Foreword to Second Edition xv Acknowledgements xvii 1 Introduction 1 Introduction 1 1.1 Reasoning behind the Book 2 1.2 The IIA Standards and Links to the Book 3 1.3 How to Navigate around the Book 4 1.4 The Handbook as a Development Tool 7 1.5 The Development of Internal Auditing 7 Summary and Conclusions 19 References 21 2 Corporate Governance Perspectives 23 Introduction 23 2.1 The Agency Concept 24 2.2 Corporate Ethics and Accountability 29 2.3 International Scandals and their Impact 39 2.4 Models of Corporate Governance 47 2.5 Putting Governance into Practice 73 2.6 The External Audit 87 2.7 The Audit Committee 120 2.8 Internal Audit 136 2.9 The Link to Risk Management and Internal Control 141 2.10 Reporting on Internal Controls 142 2.11 New Developments 146 Summary and Conclusions 159 Assignment Questions 161 Multi-choice Questions 161 References 168 3 Managing Risk 173 Introduction 173 3.1 What Is Risk? 175 3.2 The Risk Challenge 176 3.3 Risk Management and Residual Risk 179 3.4 Mitigation through Controls 182 3.5 Risk Registers and Appetites 186 3.6 The Risk Policy 192 3.7 Enterprise-wide Risk Management 203 3.8 Control Self-assessment 213 3.9 Embedded Risk Management 218 3.10 The Internal Audit Role in Risk Management 221 3.11 New Developments 230 Summary and Conclusions 236 Assignment Questions 237 Multi-choice Questions 238 References 242 4 Internal Controls 245 Introduction 245 4.1 Why Controls? 245 4.2 Control Framework COSO 255 4.3 Control Framework CoCo 264 4.4 Other Control Models 267 4.5 Links to Risk Management 272 4.6 Control Mechanisms 274 4.7 Importance of Procedures 285 4.8 Integrating Controls 287 4.9 The Fallacy of Perfection 289 4.10 Internal Control Awareness Training 292 4.11 New Developments 299 Summary and Conclusions 301 Assignment Questions 302 Multi-choice Questions 303 References 309 5 The Internal Audit Role 311 Introduction 311 5.1 Why Auditing? 311 5.2 Defining Internal Audit 313 5.3 The Audit Charter 325 5.4 Audit Services 334 5.5 Independence 340 5.6 Audit Ethics 355 5.7 Police Officer versus Consultant 363 5.8 Managing Expectations through Web Design 382 5.9 Audit Competencies 386 5.10 Training and Development 393 5.11 New Developments 403 Summary and Conclusions 410 Assignment Questions 412 Multi-choice Questions 412 References 420 6 Professionalism 421 Introduction 421 6.1 Audit Professionalism 421 6.2 Internal Auditing Standards 429 6.3 Due Professional Care 453 6.4 Professional Consulting Services 457 6.5 The Quality Concept 459 6.6 Defining the Client 469 6.7 Internal Review and External Review 470 6.8 Tools and Techniques 478 6.9 Marketing the Audit Role 483 6.10 Continuous Improvement 491 6.11 New Developments 494 Summary and Conclusions 495 Assignment Questions 497 Multi-choice Questions 497 References 502 7 The Audit Approach 505 Introduction 505 7.1 The Systems Approach 506 7.2 Control Risk Self-assessment (CRSA) 523 7.3 Facilitation Skills 531 7.4 Integrating Self-assessment and Audit 539 7.5 Fraud Investigations 543 7.6 Information Systems Auditing 586 7.7 Compliance 636 7.8 VFM, Social and Financial Audits 642 7.9 The Consulting Approach 653 7.10 The Right Structure 669 7.11 New Developments 675 Summary and Conclusions 677 Assignment Questions 677 Multi-choice Questions 678 References 694 8 Setting an Audit Strategy 697 Introduction 697 8.1 Risk-based Strategic Planning 698 8.2 Resourcing the Strategy 714 8.3 Managing Performance 722 8.4 Dealing with Typical Problems 737 8.5 The Audit Manual 745 8.6 Delegating Audit Work 758 8.7 Audit Information Systems 761 8.8 Establishing a New Internal Audit Shop 771 8.9 The Outsourcing Approach 778 8.10 The Audit Planning Process 789 8.11 New Developments 802 Summary and Conclusions 807 Assignment Questions 810 Multi-choice Questions 811 References 825 9 Audit Field Work 827 Introduction 827 9.1 Planning the Audit 827 9.2 Interviewing Skills 839 9.3 Ascertaining the System 858 9.4 Evaluation 864 9.5 Testing Strategies 877 9.6 Evidence and Working Papers 896 9.7 Statistical Sampling 909 9.8 Reporting Results of the Audit 920 9.9 Formal Presentations 953 9.10 Audit Committee Reporting 960 9.11 New Developments 964 Summary and Conclusions 970 Assignment Questions 973 Multi-choice Questions 974 References 1006 10 Meeting the Challenge 1009 Introduction 1009 10.1 The New Dimensions of Internal Auditing 1009 10.2 The Audit Reputation 1010 10.3 Globalization 1012 10.4 Examples 1014 10.5 Meeting the Challenge 1015 Summary and Conclusions 1023 Multi-choice Questions 1024 References 1025 Appendix A Induction/Orientation Programme 1027 Appendix B CRSA Best Practice Guide 1029 Appendix C A Poem by Professor Gerald Vinten 1033 Appendix D Analytical Techniques by Sue Seamour 1037 Appendix E Multi-choice Questions: Answer Guide 1041 Index 1057