CIA Part 1 - 7. Planning & Supervising the Engagement

2013年CIA培训:第一科——内部审计在治理、风险和控制中的作用主讲：董达勇第六部分计划审计业务现在我们来讲第一门课的最后一章，计划审计业务。

我们第一门之前介绍的知识，都是一些理论准备，介绍了很多与内部审计息息相关的基本概念和观念，但是真正的审计业务怎么做，可以说提到的很少，因为真正的审计业务的实施是第二门课的内容，但是我们今天要讲的第一门最后一章其实也是实施审计业务的一个开始步骤，也就是审计业务计划。

所以最后一章可以看成是连接第一门和第二门课的一个桥梁。

第一门讲完基础理论，最后是制定审计计划的问题，再往后就到了第二门的执行审计业务了。

这一章在第一门中也是比较重要的章节，考试占10-15%比例的分值，要求是熟练掌握，但是本章因为是在最后章节，所以还是有很多内容之前都提及过了，所以我们着重讲本章新的知识点。

好我们来看本章的第一个大问题一、审计的阶段与审计计划的步骤这个内容是教材没写的，在第二门教材上提到过，但是我觉得很有必要补充的，所以把它放在本章的第一个问题。

所谓审计阶段就是把一个审计项目按照先后顺序对各种活动做一个划分，有助于理清审计师在不同时期执行审计业务的重点。

审计阶段一般可以分成四个阶段：审计计划阶段，或者叫审计准备阶段；审计实施阶段，或者叫审计外勤阶段；审计报告阶段，或者叫审计完成阶段，第四个是后续审计阶段。

我们第二门课的第一章提到了审计的步骤，在提法上和我刚才说过的略有不同，它提到的四个步骤是：计划业务；确认、分析、评估和记录证据；沟通业务结果；还有后续监督工作。

二者之间只是说法不同，本质是一样的。

这就是一项审计业务，从计划到实施，再到得出结论以及关注整改等的后续活动的全过程。

我们今天要说的就是计划阶段的问题。

但是要注意，这里面所说的计划审计业务，是指某一项具体的审计业务的制定计划过程，而不是内部审计部门的年度审计计划。

内部审计部门的年度审计计划指的是首席审计执行官在风险分析和考虑组织战略情况下为下一年度制定的确定重点审计领域、大体的时间安排、财务预算需求和人员配备情况等的安排预案。

第一位考生：大题内容如下：（1）JIT定义、作用（2）ERP定义、作业（3）FCPA和内控有关的法条（4）standard cost system定义、作用（5）bond of director的责任（6）IFRS 和GAAP对于研发支出的区别第二位考生：（1）四个责任中心的计算和定义（2）考了BRP定义优点和改善（3）supply management chain 定义（4）简单的差异分析计算（5）内部审计三个目的第三位考生：简答题1案例：一家制造业企业。

管理者发觉无法达到最大的产能，而且销售部门一直在抱怨缺货。

（1）成功预算的5大特征（2）定义预算松弛，并写出解决方案（3）区别理想和可实现产能（4）无法实现理想产能什么的（5）降低缺货的好处简答题2（内控、财务会计）一家汽车公司，生产新款、旧款两款汽车。

有三种存货计价法：LIFO、FIFO、特别认定法。

该公司内控部门有6人，都与CEO有关。

首席审计官是由CEO任命的，首席审计官向CFO 报告业务，而且CFO还需要确定内部审计的范围。

（1）内部审计独立性存在哪些问题？如何解决？（2）定义LIFO、FIFO、特别认定法；这三种方法分别有什么优缺点（各一条）；该公司运用那种存货方式（3）该公司旧款汽车价格低，可能会造成亏损，应该做出什么调整方案，才能更好的披露企业的利润（4）IFRS与GAAP之间在存货管理上的主要差别一道内容是有关Capex budget的，相关问题记得的如下，不完整1）master budget的定义和描述2）举出三个master budget的主要组成部分3）master budget可以带给公司的benefit4）根据题目提供的内容和数据做出一个capex budget，需要计算过程5）budget的作用一道内容是有关R&D new facility的，相关问题记得的如下1）题目中列出的五个数据应该如何入账2）列举两个US GAAP和IFRS有关R&D费用方面的不同点3）BOD对于公司运营interest shareholder需要承担的责任4）two provisions of FCPA第一位考生：大题内容如下：（1）JIT定义、作用（2）ERP定义、作用（3）FCPA和内控有关的法条（4）standard cost system定义、作用（5）board of director的责任（6）IFRS 和GAAP对于研发支出的区别1. JIT:The definition ofJIT: lean production, is a demand-pull production system, manufacture eachcomponent in a production line as soon as possible, only when it is needed bythe next step of production lineThe role ofJIT:l It helps in reducing the setup time andprocess cycle timel It enables to minimize the handling cost:move materials from one machine to another, operation in sequence.l It can eliminate the defects, which solveproblem quickly and eliminate the defects quickly. 2. ERP:The definition ofERP：ERP is a software platform that is used toplan and keep records of resources, including finance, labor capacities, materials, property.The advantages ofERP:l ERP system give lower-level managers, workers,customers and suppliers access to detailed and timely operating informationl ERP system is essential to support JITinitiatives because of the effect it has on lead timel ERP uses a single database to collect and feed data into all software applications, allowing integrated, real-time informatio n sharing and providing visibility to the company’s businessprocesses as a whole3. FCPAIt is unlawful tomake payment to foreign officials to assist in obtaining or retaining business4. Standcost systemDefinition: A standcost system uses the stand costs and quantities for three types of manufacturingcost: direct material, direct labor and factory overheadThe role of standcost system:Stand costs are theexpected costs the company should attain. Stand cost system provides a basisfor evaluating performance, control and process improvement.5. The responsibilitiesof board of directorsThe board ofdirectors provides governance, guidance, oversight and commits the timenecessary to fulfill the board objectives. The board members should beobjective, and have the knowledge of the industry, be willing to ask questionson management’s decisions.6. IFRS & GAAP in Research& developmentl IFRS: development can be capitalizedl GAAP: Research &development all shouldbe expensed.第二位考生：（1）四个责任中心的计算和定义（2）考了BRP定义优点和改善（3）supply management chain 定义（4）简单的差异分析计算（5）内部审计三个目的1. Costcenter: focus on costs onlyRevenue center: focus on revenuesonlyProfit center: responsible for bothon the revenue and costs.Investment center: responsible inrevenue, cost and invested capital, which considers the opportunity cost.2. BPRThe definition of business processreengineering: it is a method of creating competitive advantage in which a firmreorganize its operating and management functions, often with the result thatthe positions are modified, combined or eliminatedBPR advantages: eliminate many traditional controls, improve efficiency and productivity, and minimize costs,monitoring internal controlThe way to improve BPR: technological advance, core process redesign,process innovation3. Supply chain management: it is themanagement of flow of goods and services from original sources to final customers.5. Three objectives of internal auditEffectiveness and efficiency ofoperations, reliability of financial reporting and compliance with laws andregulations.第三位考生：案例：一家制造业企业。

2021年国际注册内部审计师CIA考试大纲〔Part3〕Part 3 – Internal Audit Knowledge Elements 内部审计知识要素I. Governance / Business Ethics (5-15%)治理/企业道德〔5-15%〕A. Corporate/Organizational Governance Principles – Proficiency Level (P)企业/组织的治理原那么——要求熟练掌握〔P〕B. Environmental and Social Safeguards环境和社会保障C. Corporate Social Responsibility企业社会责任II. Risk Management (10-20%) - Proficiency Level (P)风险管理〔10-20%〕——要求熟练掌握〔P〕A. Risk Management Techniques风险管理技术B. Organizational Use of Risk Frameworks风险框架的组织运用III. Organizational Structure/Business Processes and Risks (15-25%)组织结构/业务流程和风险〔15-25%〕A. Risk/Control Implications of Different Organizational Structures不同组织结构中的风险/控制涵义B. Structure (e.g., centralized/decentralized)结构〔如：集中的/分散的〕C. Typical Schemes in Various Business Cycles (e.g., procurement, sales, knowledge, supply-chain management)各种商业周期的典型方案〔如：采购，销售，知识，供应链管理〕D. Business Process Analysis (e.g., workflow analysis and bottleneck management, theory of constraints)经营过程分析(如：工作流程分析和瓶颈管理，约束理论)E. Inventory Management Techniques and Concepts存货管理技术与概念F. Electronic Funds Transfer (EFT)/Electronic Data Interchange (EDI)/E-commerce电子资金转帐〔EFT〕/电子数据交换〔EDI〕/电子商务G. Business Development Life Cycles企业开展生命周期H. The International Organization for Standardization (ISO) Framework国际标准化组织〔ISO〕框架I. Outsourcing Business Processes外包业务流程IV. Communication (5-10%)通讯〔(5-10%〕A. Communication (e.g., the process, organizational dynamics, impact of computerization)通讯〔如：过程，组织动力学，电脑化的影响〕B. Stakeholder Relationships利益相关者的关系V. Management / Leadership Principles (10-20%)管理/领导原那么〔10-20%〕A. Strategic Management战略管理1. Global analytical techniques全球分析技术a. Structural analysis of industries产业结构分析b. Competitive strategies (e.g., Porter's model)竞争策略〔如：波特模型〕c. Competitive analysis竞争分析d. Market signals市场信号e. Industry evolution产业演进2. Industry environments行业环境a. Competitive strategies related to:竞争战略相关的：a1. Fragmented industries零散型产业a2. Emerging industries新兴产业a3. Declining industries夕阳产业b. Competition in global industries全球产业竞争b1. Sources/impediments来源/障碍仅供参考b2. Evolution of global markets全球市场的演变b3. Strategic alternatives战略选择b4. Trends affecting competition影响竞争的趋势3. Strategic decisions战略决策a. Analysis of integration strategies整合策略分析b. Capacity expansion容量扩展c. Entry into new businesses进入新的业务4. Forecasting预测5. Quality management (e.g., TQM, Six Sigma)质量管理〔如：全面质量管理，六西格玛〕6. Decision analysis决策分析B. Organizational Behavior组织行为1. Organizational theory (structures and configurations)组织理论〔结构和配置〕2. Organizational behavior (e.g., motivation, impact of job design, rewards, schedules)组织行为〔如：动机，工作设计的影响，报酬，安排〕3. Group dynamics (e.g., traits, development stages, organizational politics, effectiveness)群体动力学〔如：特点，开展阶段，组织政治，效果〕4. Knowledge of human resource processes (e.g., individual performance management, supervision, personnel sourcing/staffing, staff development) 人力资源过程知识〔如：个人绩效管理，监督，人员招聘/配备，职工开展〕5. Risk/control implications of different leadership styles不同领导风格下的风险/控制内容6. Performance (productivity, effectiveness, etc.)绩效〔生产率，效率等〕C. Management Skills/Leadership Styles管理技巧/领导风格1. Lead, inspire, mentor, and guide people, building organizational commitment and entrepreneurial orientation领导，鼓励，指导，引导人们树立组织承诺，构建创业导向2. Create group synergy in pursuing collective goals发挥团队协作精神，追求共同目标3. Team-building and assessing team performance团队建设与团队绩效评估D. Conflict Management冲突管理1. Conflict resolution (e.g., competitive, cooperative, and compromise)解决冲突〔如：竞争，合作，妥协〕2. Negotiation skills谈判技巧仅供参考3. Conflict management冲突管理4. Added-value negotiating增值谈判E. Project Management / Change Management工程管理/变革管理1. Change management变革管理2. Project management techniques工程管理技术VI. IT / Business Continuity (15-25%)信息技术/业务持续性〔15-25%〕A. Security平安性1. Physical/system security (e.g., firewalls, access control) 实体/系统平安〔如：防火墙，访问控制〕2. Information protection (e.g., viruses, privacy)信息保护〔如：病毒，保密〕3. Application authentication应用软件认证4. Encryption加密B. Application Development应用软件开发1. End-user computing终端用户计算2. Change control (Proficiency Level)变更控制〔要求熟练掌握〕3. Systems development methodology (Proficiency Level)系统开发方法学〔要求熟练掌握〕4. Application development (Proficiency Level)应用软件开发〔要求熟练掌握〕5. Information systems development信息系统开发C. System Infrastructure系统根底设施1. Workstations工作站2. Databases数据库3. IT control frameworks (e.g., eSAC, COBIT)信息技术控制框架〔如：eSAC, COBIT〕4. Functional areas of IT operations (e.g., data center operations)信息技术系统运营的功能分类〔如：数据中心运营〕5. Enterprise-wide resource planning (ERP) software (e.g., SAP R/3)企业资源方案〔ERP〕软件〔如：SAP R/3〕6. Data, voice, and network communications/connections (e.g., LAN, VAN, and WAN)数据，语音和网络通讯/连接〔如：局域网，虚拟专用网和广域网〕7. Server效劳器仅供参考8. Software licensing软件许可9. Mainframe大型机10. Operating systems操作系统11. Web infrastructure网络根底设施D. Business Continuity业务持续性1. IT contingency planning信息技术系统应急方案VII. Financial Management (13-23%)财务管理〔13-23%〕高顿网校小编预祝所有学员考试顺利，金榜题名！A. Financial Accounting and Finance财务会计与财务管理1. Basic concepts and underlying principles of financial accounting (e.g., statements, terminology, relationships)财务会计的根本概念与根本原那么〔如：报表，术语，关系〕2. Intermediate concepts of financial accounting (e.g., bonds, leases, pensions, intangible assets, RandD)中级财务会计概念〔如：债券，租赁，退休金，无形资产，研发支出〕3. Advanced concepts of financial accounting (e.g., consolidation, partnerships, foreign currency transactions)高级财务会计概念〔如：合并，合伙，外币业务〕4. Financial statement analysis (e.g., ratios)财务报表分析〔如：比率〕5. Types of debt and equity债务和权益的种类6. Financial instruments (e.g., derivatives)金融工具〔如：金融衍生品〕7. Cash management (e.g., treasury functions)现金管理〔如：出纳职能〕8. Valuation models估价模型9. Business valuation企业价值评估10. Inventory valuation存货估价11. Capital budgeting (e.g., cost of capital evaluation)资本预算〔如：资本本钱评估〕12. Taxation schemes (e.g., tax shelters, VAT)税收体制〔如：减免所得税合法手段，增值税〕B. Managerial Accounting管理会计1. General concepts根本概念2. Costing systems (e.g., activity-based, standard)本钱核算系统〔如：作业本钱系统，固定本钱系统〕3. Cost concepts (e.g., absorption, variable, fixed)仅供参考本钱的概念〔如：全部本钱，变动本钱，固定本钱〕4. Relevant cost相关本钱5. Cost-volume-profit analysis本-量-利分析6. Transfer pricing转移定价7. Responsibility accounting责任会计8. Operating budget运营预算VIII. Global Business Environment (0-10%)全球商业环境〔0-10%〕A. Economic / Financial Environments经济/金融环境1. Global, multinational, international, and multi-local compared and contrasted 全球的，跨国的，国际的，和多个地方的金融环境比较和对照2. Requirements for entering the global marketplace进入全球市场的要求3. Creating organizational adaptability形成组织的适应能力4. Managing training and development管理培训和开展B. Cultural / Political Environments文化的/政治的环境1. Balancing global requirements and local imperatives平衡全球的和地方的需求2. Global mindsets (personal characteristics/competencies)全球思维〔个人特征/能力〕3. Sources and methods for managing complexities and contradictions管理的复杂性和矛盾的根源与方法4. Managing multicultural teams多元文化团队的管理C. Legal and Economics — General Concepts (e.g., contracts)法经济学——根本概念〔如：合同〕D. Impact of Government Legislation and Regulation on Business (e.g., trade legislation)政府立法与监管对经营的影响〔如：贸易立法〕仅供参考。

Part 1 - The Internal Audit Activity's Role in Governance, Risk, and ControlA. Comply with The IIA's Attribute Standards (15-25%) (P)1. Define purpose, authority, and responsibility of the internal audit activitya. Determine if the purpose, authority, and responsibility of the internal auditactivity are clearly documented and approvedb. Determine if the purpose, authority, and responsibility of the internal auditactivity are communicated to the engagement clientsc. Demonstrate an understanding of the purpose, authority, and responsibilityof the internal audit activity2. Maintain independence and objectivitya. Foster independence1) Understand organizational independence2) Recognize the importance of organizational independence3) Determine if the internal audit activity is properly aligned to achieve organizational independenceb. Foster objectivity1) Establish policies to promote objectivity2) Assess individual objectivity3) Maintain individual objectivity4) Recognize and mitigate impairments to independence and objectivity3. Determine if the required knowledge, skills, and competencies are availablea. Understand the knowledge, skills, and competencies that an internalauditor needs to possessb. Identify the knowledge, skills, and competencies required to fulfill theresponsibilities of the internal audit activity4. Develop and/or procure necessary knowledge, skills and competenciescollectively required by the internal audit activity5. Exercise due professional care6. Promote continuing professional developmenta. Develop and implement a plan for continuing professionaldevelopment for internal audit staffb. Enhance individual competency through continuing professionaldevelopment7. Promote quality assurance and improvement of the internal audit activitya. Establish and maintain a quality assurance and improvement programb. Monitor the effectiveness of the quality assurance and improvementprogramc. Report the results of the quality assurance and improvement programto the board or other governing bodyd. Conduct quality assurance procedures and recommend improvementsto the performance of the internal audit activity8. Abide by and promote compliance with The IIA Code of EthicsB. Establish a Risk-based Plan to Determine the Priorities of the Internal Audit Activity (15-25%) (P)1. Establish a framework for assessing risk2. Use the framework to:a. Identify sources of potential engagements (e.g., audit universe,management request, regulatory mandate)b. Assess organization-wide riskc. Solicit potential engagement topics from various sourcesd. Collect and analyze data on proposed engagementse. Rank and validate risk priorities3. Identify internal audit resource requirements4. Coordinate the internal audit activity's efforts with:a. External auditorb. Regulatory oversight bodiesc. Other internal assurance functions (e.g., health and safety department)5. Select engagements.a. Participate in the engagement selection processb. Select engagementsc. Communicate and obtain approval of the engagement plan from boardC. Understand the Internal Audit Activity's Role in Organizational Governance (10-20%) (P)1. Obtain board's approval of audit charter2. Communicate plan of engagements3. Report significant audit issues4. Communicate key performance indicators to board on a regular basis5. Discuss areas of significant risk6. Support board in enterprise-wide risk assessment7. Review positioning of the internal audit function within the risk management framework within the organization8. Monitor compliance with the corporate code of conduct/business practices9. Report on the effectiveness of the control framework10. Assist board in assessing the independence of the external auditor11. Assess ethical climate of the board12. Assess ethical climate of the organization13. Assess compliance with policies in specific areas (e.g., derivatives)14. Assess organization's reporting mechanism to the board15. Conduct follow-up and report on management response to regulatory body reviews16. Conduct follow-up and report on management response to external audit17. Assess the adequacy of the performance measurement system, achievement of corporate objective18. Support a culture of fraud awareness and encourage the reporting of improprietiesD. Perform Other Internal Audit Roles and Responsibilities (0-10%) (P)1. Ethics/Compliancea. Investigate and recommend resolution for ethics/compliance complaintsb. Determine disposition of ethics violationsc. Foster healthy ethical climated. Maintain and administer business conduct policy (e.g., conflict of interest)e. Report on compliance2. Risk Managementa. Develop and implement an organization-wide risk and control frameworkb. Coordinate enterprise-wide risk assessmentc. Report corporate risk assessment to boardd. Review business continuity planning process3. Privacya. Determine privacy vulnerabilitiesb. Report on compliance4. Information or physical securitya. Determine security vulnerabilitiesb. Determine disposition of security violationsc. Report on complianceE. Governance, Risk, and Control Knowledge Elements (15-25%)1. Corporate governance principles (A)2. Alternative control frameworks (A)3. Risk vocabulary and concepts (P)4. Risk management techniques (P)5. Risk/control implications of different organizational structures (P)6. Risk/control implications of different leadership styles (A)7. Change management (A)8. Conflict management (A)9. Management control techniques (P)10. Types of control (e.g., preventive, detective, input, output) (P)F. Plan Engagements (15-25%) (P)1. Initiate preliminary communication with engagement client2. Conduct a preliminary survey of the area of engagementa. Obtain input from engagement clientb. Perform analytical reviewsc. Perform benchmarkingd. Conduct interviewse. Review prior audit reports and other relevant documentationf. Map processesg. Develop checklists3. Complete a detailed risk assessment of the area (prioritize or evaluate risk/control factors)4. Coordinate audit engagement efforts witha. External auditorb. Regulatory oversight bodies5. Establish/refine engagement objectives and identify/finalize the scope of engagement6. Identify or develop criteria for assurance engagements (criteria against which to audit)7. Consider the potential for fraud when planning an engagementa. Be knowledgeable of the risk factors and red flags of fraudb. Identify common types of fraud associated with the engagement areac. Determine if risk of fraud requires special consideration whenconducting an engagement8. Determine engagement procedures9. Determine the level of staff and resources needed for the engagement10. Establish adequate planning and supervision of the engagement11. Prepare engagement work programPart 2 - Conducting the Internal Audit EngagementA. Conduct Engagements (25-35%) (P)1. Research and apply appropriate standards:a. IIA Professional Practices Framework (Code of Ethics, Standards,Practice Advisories)b. Other professional, legal, and regulatory standards2. Maintain an awareness of the potential for fraud when conducting an engagementa. Notice indicators or symptoms of fraudb. Design appropriate engagement steps to address significant riskof fraudc. Employ audit tests to detect fraudd. Determine if any suspected fraud merits investigation3. Collect data4. Evaluate the relevance, sufficiency, and competence of evidence5. Analyze and interpret data6. Develop work papers7. Review work papers8. Communicate interim progress9. Draw conclusions10. Develop recommendations when appropriate11. Report engagement resultsa. Conduct exit conferenceb. Prepare report or other communicationc. Approve engagement reportd. Determine distribution of reporte. Obtain management response to report12. Conduct client satisfaction survey13. Complete performance appraisals of engagement staffB. Conduct Specific Engagements (25-35%) (P)1. Conduct assurance engagementsa. Fraud investigation1) Determine appropriate parties to be involved with investigation2) Establish facts and extent of fraud (e.g., interviews, interrogationsand data analysis)3) Report outcomes to appropriate parties4) Complete a process review to improve controls to prevent fraudand recommend changesb. Risk and control self-assessment1) Facilitated approach(a) Client-facilitated(b) Audit-facilitated2) Questionnaire approach3) Self-certification approachc. Audits of third parties and contract auditingd. Quality audit engagementse. Due diligence audit engagementsf. Security audit engagementsg. Privacy audit engagementsh. Performance (key performance indicators) audit engagementsi. Operational (efficiency and effectiveness) audit engagementsj. Financial audit engagementsk. Information technology (IT) audit engagements1) Operating systems(a) Mainframe(b) Workstations(c) Server2) Application development(a) Application authentication(b) Systems development methodology(c) Change control(d) End user computing3) Data and network communications/connections (e.g., LAN, VAN,and WAN)4) Voice communications5) System security (e.g., firewalls, access control)6) Contingency planning7) Databases8) Functional areas of IT operations (e.g., data center operations)9) Web infrastructure10) Software licensing11) Electronic funds transfer (EFT)/Electronic data interchange (EDI)12) e-Commerce13) Information protection (e.g., viruses, privacy)14) Encryption15) Enterprise-wide resource planning (ERP) software (e.g., SAP R/3)l. Compliance audit engagements2. Conduct consulting engagementsa. Internal control trainingb. Business process reviewc. Benchmarkingd. Information technology (IT) and systems developmente. Design of performance measurement systemsC. Monitor Engagement Outcomes (5-15%) (P)1. Determine appropriate follow-up activity by the internal audit activity2. Identify appropriate method to monitor engagement outcomes3. Conduct follow-up activity4. Communicate monitoring plan and resultsD. Fraud Knowledge Elements (5-15%)1. Discovery sampling (A)2. Interrogation techniques (A)3. Forensic auditing (A)4. Use of computers in analyzing data (P)5. Red flag (P)6. Types of fraud (P)E. Engagement Tools (15-25%)1. Sampling (A)a. Nonstatistical (judgmental)b. Statistical2. Statistical analyses (process control techniques) (A)3. Data gathering tools (P)a. Interviewingb. Questionnairesc. Checklists4. Analytical review techniques (P)a. Ratio estimationb. Variance analysis (e.g., budget vs. actual)c. Other reasonableness tests5. Observation (P)6. Problem solving (P)7. Risk and control self-assessment (CSA) (A)8. Computerized audit tools and techniques (P)a. Embedded audit modulesb. Data extraction techniquesc. Generalized audit software (e.g., ACL, IDEA)d. Spreadsheet analysise. Automated work papers (e.g., Lotus Notes, Auditor Assistant)9. Process mapping including flowcharting (P)Part 3 - Business Analysis and Information TechnologyA. Business Processes (15-25%)1. Quality management (e.g., TQM) (A)2. The International Organization for Standardization (ISO) framework (A)3. Forecasting (A)4. Project management techniques (P)5. Business process analysis (e.g., workflow analysis and bottleneck management, theory of constraints) (P)6. Inventory management techniques and concepts (P)7. Marketing - pricing objectives and policies (A)8. Marketing - supply chain management (A)9. Human Resources (Individual performance management and measurement; supervision; environmental factors that affectperformance; facilitation techniques; personnel sourcing/staffing; training and development; safety) (P)10. Balanced scorecard (A)B. Financial Accounting and Finance (15-25%)1. Basic concepts and underlying principles of financial accounting (e.g., statements, terminology, relationships) (P)2. Intermediate concepts of financial accounting (e.g., bonds, leases, pensions, intangible assets, R&D) (A)3. Advanced concepts of financial accounting (e.g., consolidation, partnerships, foreign currency transactions) (A)4. Financial statement analysis (P)5. Cost of capital evaluation (A)6. Types of debt and equity (A)7. Financial instruments (e.g., derivatives) (A)8. Cash management (treasury functions) (A)9. Valuation models (A)a. Inventory valuationb. Business valuation10. Business development life cycles (A)C. Managerial Accounting (10-20%)1. Cost concepts (e.g., absorption, variable, fixed) (P)2. Capital budgeting (A)3. Operating budget (P)4. Transfer pricing (A)5. Cost-volume-profit analysis (A)6. Relevant cost (A)7. Costing systems (e.g., activity-based, standard) (A)8. Responsibility accounting (A)D. Regulatory, Legal, and Economics (5-15%) (A)1. Impact of government legislation and regulation on business2. Trade legislation and regulations3. Taxation schemes4. Contracts5. Nature and rules of legal evidence6. Key economic indicatorsE. Information Technology - IT (30-40%) (A)1. Control frameworks (e.g., COBIT)2. Data and network communications/connections (e.g., LAN, VAN, and WAN)3. Electronic funds transfer (EFT)4. e-Commerce5. Electronic data interchange (EDI)6. Functional areas of IT operations (e.g., data center operations)7. Encryption8. Information protection (e.g. viruses, privacy)9. Evaluate investment in IT (cost of ownership)10. Enterprise-wide resource planning (ERP) software (e.g., SAP R/3)11. Operating systems12. Application development13. Voice communications14. Contingency planning15. Systems security (e.g. firewalls, access control)16. Databases17. Software licensing18. Web infrastructureP=Candidates must exhibit proficiency (thorough understanding and ability to apply concepts) in these topic areas. A=Candidates must exhibit awareness (knowledge of terminology and fundamentals) in these topic areas.Part 4 - Business Management SkillsA. Strategic Management (20-30%) (A)1. Global analytical techniquesa. Structural analysis of industriesb. Competitive strategies (e.g., Porter's model)c. Competitive analysisd. Market signalse. Industry evolution2. Industry environmentsa. Competitive strategies related to:1) Fragmented industries2) Emerging industries3) Declining industriesb. Competition in global industries1) Sources/impediments2) Evolution of global markets3) Strategic alternatives4) Trends affecting competition3. Strategic decisionsa. Analysis of integration strategiesb. Capacity expansionc. Entry into new businesses4. Portfolio techniques of competitive analysis5. Product life cyclesB. Global Business Environments (15-25%) (A)1. Cultural/legal/political environmentsa. Balancing global requirements and local imperativesb. Global mindsets (personal characteristics/competencies)c. Sources and methods for managing complexities and contradictionsd. Managing multicultural teams2. Economic/financial environmentsa. Global, multinational, international, and multilocal compared and contrastedb. Requirements for entering the global market placec. Creating organizational adaptabilityd. Managing training and developmentC. Organizational Behavior (15-25%) (A)1. Motivationa. Relevance and implication of various theoriesb. Impact of job design, rewards, work schedules, etc.2. Communicationa. The processb. Organizational dynamicsc. Impact of computerization3. Performancea. Productivityb. Effectiveness4. Structurea. Centralized/decentralizedb. Departmentalizationc. New configurations (e.g., hourglass, cluster, network)D. Management Skills (20-30%) (A)1. Group dynamicsa. Traits (e.g., cohesiveness, roles, norms, groupthink)b. Stages of group developmentc. Organizational politicsd. Criteria and determinants of effectiveness2. Team buildinga. Methods used in team buildingb. Assessing team performance3. Leadership skillsa. Theories compared and contrastedb. Leadership grid (topology of leadership styles)c. Mentoring4. Personal time managementE. Negotiating (5-15%) (A)1. Conflict resolutiona. Competitive/cooperativeb. Compromise, forcing, smoothing, etc.2. Added-value negotiatinga. Descriptionb. Specific stepsP=Candidates must exhibit proficiency (thorough understanding and ability to apply concepts) in these topic areas. A=Candidates must exhibit awareness (knowledge of terminology and fundamentals) in these topic areas.。

关于报考科目。

CIA考试一共有四门课程，分别是《内部审计在治理、风险和控制中的作用》、《实施内部审计业务》、《经营分析和信息技术》和《经营管理技术》。

第一、二门交叉的内容比较多，模拟题中经常有第一部分的题目出现在第二部分，反之亦然，有时都分不清这是第一部分还是第二部分的题；而且考试时也会经常碰到串题的现象。

因此新考生报考时最好第一、二门一起报，这样看书时能全面复习就不怕考试串题了。

但如果有一门未通过，下次再考时就只能两门一起看了。

如果有比较充裕时间看书的话，最好前三门一起报，因为第一、二门的考试范围里也涉及第三门中信息技术审计的内容。

关于平时看书做题。

只要掌握了适合你的学习方法，逐步培养出比较准确的题感，通过CIA考试并不难。

我的总体感觉是CIA还是一门需要花费大量时间去努力准备的考试，如果想花很少时间就能通过几乎不可能，除非你平时就是干审计这一职业的。

知识在于平时的积累，对考CIA的大多数人来说都是在职学习，平时工作很忙还要兼顾家庭，不能保证有大段连续的学习时间用于CIA备考复习。

但时间是可以一点点挤出来的，只要做个有心人，每天挤出个把小时来看书应该能做得到，就算有个十分钟空闲做个三五道习题也行，积少成多可以达到同样的效果，题感也是靠经常不断的学习思考、反复练习方能培养出来的。

所以考CIA还贵在每天坚持，不能看三天停个十天半月的，那样效果适得其反。

只有持之以恒的决心和坚持不懈的努力，方能体会到成功的喜悦。

关于考试心态。

既然准备考这个试，就应该充分重视它，但也不必压力过大、看得过重。

心态放平和不必把目标定的过高（诸如一定要一次通过三门或四门），平时只要做到认真对待，保证看书时间和适量的做题就可以了。

在考场上，一开始的紧张情绪绝大多数考生都会有，做了几题后这种紧张情绪就应该慢慢化解，取而代之的是全身心的投入和思考，尽快地把自己调整到最佳的考场状态，正常发挥平时的积累。

对一些没遇到过或不能肯定选哪个答案的题目，则在脑子里飞快的思索和联想，还不能确定的就再读一遍题目和答案，划出题干中的关键句子和词语，同时进行扩散性思维，运用排除法、联想法等方法进行综合判断、选择。

精选CIA英文词汇缩写考生在做题过程中往往会遇到一些词汇的英文缩写，这些缩写往往是似曾相识的感觉但又说不出个所以，但又会影响到做题，因此在这里特收集一些词汇的缩写表达，希望对大家做题有所帮助。

ADA American with Disabilities Act 《美国伤残人士法案》ANCOM Andean Common Market 安第斯共同市场ANSI American National Standards Institute 美国国家标准局ASEAN(Association of South East Asian Nations) 东南亚国家联盟APEC(Asia-Pacific Economic Cooperation) 亚洲-太平洋经济合作组织ASQ(American Society for Quality ) 美国质量协会ACH(Automated clearing house ) 自动票据交易所CCITT（International Telegraph and Telephone ConsultativeCommittee ）国际电报电话顾问委员会ASCII(American Standard Code for Information Interchange) 美国信息交换标准码BCD（binary coded decimal）二进制编码的十进制BISDN(broadband-ISDN) 宽带ISDNDBMS(Database management systems software) 数据库性能监控DSL(Digital subscriber line) 数字用户环线DQDB (Distributed-queue dual-bus Standard 分布式队列双总线标准Domain name service (DNS) 域名服务FTP（file transfer protocol）文件传输协议HTTP（Hypertext transfer protocol ）超文本链接协议IMAP(internal mail access protocol) 网络邮件访问协议IP(internet protocol) 因特网协议MGCP(Media gateway control protocol) 媒体网关控制协议PIN（personal identification code）个人识别码SMTP（simple mail transport protocol）简单邮件传输协议ICMP(internal control message protocol) 内部控制信息协议MAC(message authentication code ) 消息认证码EDTCs(electronic depository transfer checks) 电子存款转账支票EDI(Electronic data interchange) 电子数据交换DES（Data encryption standard）数据加密标准DSS(Digital signature standard) 数字签名标准BEP（Breakeven point）盈亏平衡点CM（contribution margin）边际贡献CPI (consumer price index) 消费品价格指数COQ(cost of quality) 质量成本CVP(cost-volume-profit) analysis 本量利分析DSO（days sales outstanding）ratio 应收账款回收天数比率EPS(Earnings per share) 每股收益GNP（Gross national product）国民生产总值IRR (internal rate of return )method 内部回报率法GM(gross margin) 毛利MCC（marginal cost of capital）边际资本成本MIRR（modified internal rate of return）修正的内部回报率ROE(Return on common equity) radio 普通股权益报酬率ROA（Return on total assets）ratio 总资产收益率WACC(Weighted-average cost of capital) 加权平均资本成本PPI(producer price index) 生产者价格指数CAPM（Capital asset pricing model）资本资产定价模型C&E(Cause-and-effect) diagrams 因果图EVA(Economic-value-added) model 经济增加值模型IOS(investment opportunity schedule) 投资机会图MVA (market-value-added)model 市场增加值模型LOB（lin-of-balance）平衡线DRP（Distribution requirements planning）分销需求计划MPS (master production schedule) 主生产规划MRO（materials requirements planning）材料需求计划TQM(Total quality management ) 全面质量管理CMP（critical path method）关键路径法FIFO (first-in, first-out)method 先进先出法LIFO(last-in, first-out)method 后进先出法DTCs(Depository transfer checks) 存款转账支票A/R(accounts receivable)financing 应收账款融资BS7799(British Standard) 英国标准7799BP(break point) 拐点CCTV(closed-circuit television) 闭路电视CO(Central office) 中心办公室CHAP(Challenge handshake authentication protocol) 挑战握手认证协议GAAP(generally accepted accounting principles) 公认会计原则EOQ(Economic order quantity) 经济订货批量FS (free slack) 自由松弛G2C(Government to citizen) 政府对个人GERT(Graphical evaluation and review technique) 图表评估审查技术PERT（program evaluation and review techniques）计划评审技术JIT(Just –in-time) 适时制MFN(Most-favored-nation )status 最惠国待遇PPBS(planning, programming, and budgeting systems)计划、项目和预算系统PPP（point-to-point protocol）点对点协议eSAC( Electronic systems assurance and control ) 电子系统保障与控制SAC(systems assurance and control ) 系统保证和控制SPC(statistical process control) 统计流程控制SCF（statement of Cash Flows）现金流量表SSE(sum of squares error) 误差平方和SSR(Sum of squares regression) 回归平方和TSS（total sum of squares）总平方和VAT(value-added taxation) 增值税WBS（work breakdown structure）工作分解结构。

美国情报规章制度一、简介美国情报规章制度（United States Intelligence Community）是美国政府为了维护国家安全以及获取、分析情报信息而建立的组织体系。

该制度涵盖了多个情报机构, 包括中央情报局（CIA）、国家安全局（NSA）等。

本文将对美国情报规章制度进行详细介绍，包括其组织结构、职责和作用。

二、组织结构美国情报规章制度由联邦政府内的17个情报机构组成，这些机构共同负责收集、分析和提供情报信息以支持国家安全决策。

以下是美国情报规章制度的主要机构：1.中央情报局（CIA）：负责收集外国情报和提供情报支持给政府决策者。

2.国家安全局（NSA）：负责收集和分析外国电子情报。

3.国防情报局（DIA）：为美国国防部提供军事情报支持。

4.联邦调查局（FBI）：负责调查并收集国内情报。

5.国务院情报与研究局（INR）：负责分析政策制定所需的外交情报。

此外，还有其他部门和机构，如财政部情报办公室、能源部情报办公室等。

三、职责和作用美国情报规章制度的主要职责是收集、分析和提供情报信息，以支持国家安全决策和行动。

以下是它的几个主要作用：1.情报收集：各个情报机构通过多种途径、包括间谍活动、技术侦查和开源情报收集，获取各类情报信息。

2.情报分析：情报机构对收集到的情报进行分析和解读，以获取更多的信息和洞察，提供决策者所需的情报支持。

3.情报共享：情报机构之间进行情报共享，以确保各方对整个情报图景有全面的了解，并帮助协调行动。

4.反情报行动：情报机构也负责采取措施阻止、揭露和驱逐敌对情报机构和间谍活动，以保护国家安全。

5.情报评估：情报机构对国家安全环境进行分析和评估，以帮助政府决策者了解威胁和挑战。

6.反恐行动：情报机构还积极参与打击国际恐怖主义活动，为反恐部门提供情报支持。

四、法律监管为了确保情报机构的合法性和遵守法律，美国设立了一系列法律和监管机构来监督其活动。

以下是几个重要的法律和监管机构：1.情报委员会：负责监督情报机构的活动，确保情报收集和分析的合法性和透明性。

8.Conflict management（Awareness Level）冲突管理9.Managementcontroltechniques（Proficiency Level）管理控制技术10.Typescontrol（preventive，detective，input，output）（ProficiencyLevel）控制类型（预防型、检查型、输入、输出）F.PlanEngagements（15-25percent）（ProficiencyLevel）策划审计业务（15-25%）Initiatepreliminarycommunicationwithengagementclient开展与审计业务客户的初步沟通2.Conductapreliminarysurveyoftheareaofengagement对审计业务范围实施初步调查a.Obtaininputfromengagementclient从审计业务客户处获得信息b.Performanalytical reviews进行分析性复核c.Perform benchmarking进行基准比较d.Conduct interviews实施面谈Reviewpriorauditreportsandotherrelevantdocumentation查阅以前的审计报告和其他相关资料f.Mapprocesses绘制流程图g.Develop Checklists编制检查清单pleteadetailedrisk assessmentofthearea （prioritize orevaluaterisk/controlfactors）完成相关领域的详细风险评估（对风险/控制因素进行排序或评估）4.Coordinateauditengagementeffortswith与以下方面协调审计业务工作a.Externalauditor外部审计师b.Regulatory oversight bodies法规监督机构5.Establish/refine engagement objectivesandfinalizethescopeofengagement.建立/完善审计业务的目标，确定审计业务的范围6.Identifyordevelopcriteriaforassuranceengagements（criteriaagainstwhichtoaudit）确认或开发保证业务的标准（审计所依照的标准）7.Considerthepotentialforfraudwhenplanninganengagement在策划审计业务时考虑舞弊的潜在可能a.Beknowledgeableoftheriskfactorsandredflagsoffraud理解舞弊的风险因素和危险信号b.Identifycommontypesoffraudassociatedwiththeengagementarea.确认与审计业务范围相关的一般舞弊类型c.Determineifriskoffraudrequiresspecialconsiderationwhenconductinganengagement在实施审计业务时确定是否需要对舞弊的风险进行特殊考虑8.Determineengagementprocedures.确定审计业务步骤9.Determinethelevelstaffandresourcesneededfortheengagement确定审计业务所需的人员水平和资源10.Establishadequateplanningandsupervisionofengagement.建立对审计业务充分的计划和监督11.Prepareengagementworkprogram.编制审计业务工作方案。

（经营管理）CIA经营管理技术C I A P a r t4经营管理技术目录.............................................................................................................. - 1 -- 1 -- 1 -- 1 -- 3 -.................................................................................... - 3 -- 3 -- 5 -.................................................................................... - 5 -- 5 -- 6 -- 7 -- 7 -- 7 -- 7 -- 7 -- 7 -- 8 -................................................................................................................. - 9 -- 9 -.................................................................................... - 9 -- 9 -................................................................................. - 9 -- 10 -- 10 -- 10 -- 10 -- 10 -- 10 -..................................................................................... - 11 -- 11 -- 11 -..................................................................................... - 11 -- 11 -- 12 -..................................................................................... - 12 -- 13 -- 13 -................................................................................. - 13 -- 14 -- 14 -- 14 -- 14 -- 15 -................................................................................. - 15 -- 15 -- 16 -- 16 -................................................................................. - 16 -- 16 -- 17 -- 17 -..................................................... - 17 -- 17 -- 18 -- 18 -- 19 -- 19 -- 19 -- 19 -- 20 -- 20 -- 20 -.............................................................................. - 21 -- 21 -- 23 -- 23 -- 23 -- 23 -- 23 -........................................................................................................... - 25 -- 25 -...................................................................................... - 25 -- 25 -- 26 -...................................................................................... - 26 -- 26 -- 27 -....................................................................................................... - 29 -- 29 -- 29 -....................................................................................................... - 30 -- 30 -- 30 -- 30 -...................................................................................... - 30 -- 30 -- 30 -........................................................................................................... - 31 -- 31 -- 31 -- 31 -- 32 -- 32 -- 32 -- 32 -....................................................................................................... - 34 -- 34 -- 34 -- 34 -...................................................................................... - 34 -- 34 -- 35 -...................................................................................... - 35 -....................................................................................................... - 36 -- 36 -- 36 -- 36 -- 36 -- 38 - ...................................................................................................... - 38 -- 38 -- 38 -- 38 -- 39 -.................................................................................. - 39 -......................................... - 39 -- 39 -- 40 -- 40 -......................................... - 40 -- 41 -................................................................................. - 41 -- 41 -- 42 -- 42 -- 42 -- 42 -- 42 -- 42 -- 43 -- 43 -- 43 -.............................................................. - 43 -- 43 -- 44 -.................................................................................. - 44 -- 44 -- 44 -- 45 -...................................................................................... - 45 -- 45 -- 45 -- 45 -................................................................................................................................ - 46 -- 46 -- 46 -- 46 -- 46 -- 47 -.............................................................. - 47 -.................................................................. - 47 -.................................................................. - 47 -- 48 -- 48 -- 48 -- 48 -- 48 -- 48 -- 48 -- 49 -- 49 -- 49 -- 49 -- 49 -- 49 -- 50 -- 50 -- 50 -- 51 -- 52 -- 52 -- 52 -- 53 -- 53 -- 54 -- 54 -- 54 -- 54 -- 55 -- 55 -- 55 -- 55 -- 56 -.................................................................................................. - 56 -- 56 -- 56 -- 56 -- 56 -- 56 -- 57 -- 58 -- 58 -- 58 -- 60 -- 61 -- 61 -- 61 -- 62 -- 62 -- 62 -- 62 -..................................................................................................... - 63 -..................................................................................................... - 63 -..................................................................................................... - 63 -........................................................................ - 64 -- 64 -........................................................................................................... - 64 -- 64 -- 64 -- 65 -- 65 -- 65 -- 65 -- 65 -- 66 -- 66 -- 66 -...................................................................................... - 67 -- 67 -- 67 -- 67 -................ - 67 -- 68 -- 68 -- 68 -- 68 -- 68 -- 69 -- 69 -- 69 -- 69 -- 69 -- 70 -- 70 -- 70 -- 70 -.............................................................. - 70 -.................................................................. - 70 -.................................................................. - 70 -- 71 -............ - 71 -.................................................................................. - 71 -- 71 -- 71 -- 71 -- 71 -.................................................................. - 71 -- 72 -- 72 -- 72 -- 72 -- 72 -- 72 -- 72 -- 73 -............................................................................ - 73 -- 73 -- 73 -- 73 -- 73 -............................................................................ - 74 -- 74 -............................................................................ - 74 -................................................... - 74 -- 74 -- 74 -........................................................................................................... - 74 -- 74 -........................................................................................... - 75 -- 75 -- 75 -- 75 -........................................................................................................... - 75 -- 75 -- 76 -- 77 -........................................................................................... - 77 -- 78 -........................................................................................................... - 78 -- 78 -- 78 -- 78 -- 78 -.............................................................. - 78 -........................................................................................................... - 78 -1战略管理（20-25%）1.1企业战略管理1.1.1产业与市场分析1.1.1.1产业分析构成产业环境的5类要素1：1.1.1.1.1产业竞争强度影响参业竞争强度的因素包括：☑现有竞争企业的数量和力量对比；☑成本结构，固定成本越高，则强度越大，反之亦然；☑产品差异；☑退出障碍（制度障碍、信息障碍、经济障碍[专门的资产、业务之间的互补关系、情绪上的障碍]）和转移成本；☑生产能力扩大方式；☑竞争者类型；☑产业投资目的。

2008年度CIA考试大纲Part I - The Internal Audit Activity′s Role in Governance，Risk，and Control第一部分：内部审计在治理、风险和控制中的作用A．Comply With the IIA′s Attribute Standards（15——25percent）（Proficiency Level）遵守国际内部审计师协会的属性标准（15%——25%）（要求熟练掌握）1.Define purpose，authority，and responsibility of the internal audit activity.明确内部审计的宗旨、权力和职责。

a.Determine if purpose，authority，and responsibility of internal audit activity are clearly documented/approved.确定内部审计的宗旨、权力和职责是否清楚地以书面形式记录并获得批准。

b.Determine if purpose，authority，and responsibility of internal audit activity are communicated to engagement clients.确定内部审计的宗旨、权力和职责是否通报审计业务客户。

c.Demonstrate an understanding of the purpose，authority，and responsibility of the internal audit activity.阐明内部审计的宗旨、权力和职责。

2．Maintain independence and objectivity.保持独立性和客观性。

a.Foster independence.加强独立性。

1）Understand organizational independence.理解机构的独立性。

内部审计在治理风险和控制中的作用A 遵守国际内审协会的属性标准（熟练掌握）1、明确内部审计的宗旨、权力和职责（1000）a 确定内审的宗旨、权力和职责是否清楚地以书面形式记录并获得批准内部审计：是一种独立、客观的保证工作与咨询业务活动，它的目的是为组织增加价值并提高组织的运作效率。

它采用系统化、规范化的方法来对风险管理、控制及治理程序进行评价，提高它们的效率，从而帮助实现组织目标。

业务：保证工作和咨询活动目的：为组织增加价值并提高组织运作效率方法：方法系统化、规范化对象：风险管理、控制及治理程序进行评价书面文件形式：内部审计章程。

要求与《标准》一致，并经批准，也作为评价内审工作质量和业绩依据，处理分歧的依据要求：1、内审地位 2、授权接触人、资料、实物 3、活动范围批准章程组织：董事会、审计委员会、相关治理机构和高级管理层b确定内审的宗旨、权力和职责是否通报业务委托人业务委托人：审计监督对象，更是审计服务对象通报目的：消除分歧，分清责任，取信合作实现审计目标c阐明内审的宗旨、权力和职责宗旨：审计活动要达到的目标权力：实现目标的保证职责：需要履行的责任首席审计执行官定期评价，并报高级管理层和董事会，首席审计执行官的任期《标准》没有规定2、保持独立性和客观性（1100）a 加强独立性独立性：独立于所审查的活动之外，包括机构独立和人员独立，是否独立就看有没有干扰其活动机构独立性：在组织中享有经费、人事、内部管理、业务开展等方面的相对独立性，不受管理层和其他方面的干扰、阻挠开展活动，机构独立性更重要。

不承担组织经营责任机构获得独立性：1、审计章程规定2、向谁报告，理想的是向董事会、审计委员会和相关治理机构CEO（报告行政工作）上述机构必须有足够的权力，这也是CAE报告时应考虑的因素。

3、CAE与上述交流沟通，参加相关监督职责会议4、人事任命，理想的是董事会任免CAE5、审计委员会组成，理想的是没有管理层人员b加强客观性客观性：是指一种公正的、不偏不倚的态度或精神状态，不与任何方面达成质量妥协，或把自己的观点凌驾于审计事务的判断之上客观性政策：1、审计人员工作避免利益冲突或偏见，可定期轮换工作2、审计人员不承担经营责任，如果承担至少一年后才能审计自己过去工作的地方3、审计工作结果要审查4、对实施前的控制系统进行检查和提出建议，但不能设计、安装和经营该系统5、可以接受大家都能得到的小礼物，不能接受有工作关系的人员送的酬金和礼物个人客观性：1、安排审计人员工作避免利益冲突或偏见，应定期轮换工作，2、不依附他人观点，可依赖外部审计意见3、诚信工作，不作质量妥协4、工作底稿和结果应审查5、不接受礼金和礼物合规性审计客观性强，经营审计、绩效审计、财务控制审计主管判断多独立性和客观性受到侵害怎么办：1、审计人员与被审单位有利益冲突，CAE重新指派2、审计范围受到限制，书面报告其影响给董事会或权力机构3、具体情况在审计报告或工作报告中进行披露谁来监督首席审计执行官：独立内部审计机构以外的有关方面3、确定是否具备必要的知识、技能和胜任能力（1200）熟练：不必寻求广泛的技术研究和帮助就能完成特定审计工作的能力具备能力：1、熟练的内审标准、程序和技术2、理解（不一定熟练）管理原则、会计学、法律、税收、信息技术等，不要求在会计原则和技术上有广泛的鉴别能力3、交际能力，与被审计单位保持满意关系，不包括审计风险的交流和沟通4、接受后续教育上述能力作为审计机构应当集体具有，知识能力互补，所以具有专业工程技术人员只要有兴趣也可到审计机构工作4、开发和/或取得内部审计活动所必须的知识、技能和胜任能力更专业的领域可以寻求外部帮助，这些领域包括：1、信息技术、统计学、税收、翻译等2、资产评估3、合同完成程度4、舞弊和安全调查5、精算福利欠款6、解释法律、管理和技术7、兼并和收购首席审计执行官负责评价外部能力，但与董事会、高级管理层或其他人员有私人关系和专业关系，与本组织有经济、技术、利益关系的将有损外部审计的独立性5、运用应有的职业审慎职业审慎：运用专业熟练和技术发现损害组织利益的行为，对一些现象保持警惕，对控制不当地方提出改进建议。