Instruction Mode: In-class & Online Instruction
Professor: Multiple Professors
Resource(s): | Type | Description | Optional | Other | Textbook(s): Reding, K. R., Sobel, P. J., Anderson, U. L., Head, M.
J., & Ramamoorti, S. (2013). Internal Auditing: Assurance & Advisory
Services (3rd ed.). The IIA Research Foundation.
Recommended Reading: International Standards for the Professional
Practice of Internal Auditing (Standards) - The Institute of Internal
Auditors (IIA); Code of Ethics - IIA
Assigned readings from: Periodicals - The Institute of Internal
Auditors (IIA); Other
Audit cases as selected by instructor |
Applicable student group(s): Bachelor of Business Administration
Course Details: Module 1: Introduction to Internal Auditing
- Define internal auditing and evaluate the social and economic purpose (scope) of internal audit activity
- Explain the various types of internal audit assignment
- Define risk and enterprise risk management (ERM) and the relationship to internal control
- Explain the role of management in the achievement of internal controls
- Identify the role of the internal auditor and the audit committee in ensuring good governance and compare it to the role of the external auditor
- Describe the role of the internal auditor in promoting an ethical culture and applying ethical judgment
Learning Outcome(s): 1, 2
Module 2: Internal Audit Standards
- Explain the International Professional Practices Framework (IPPF) and describe the three mandatory elements
- Explain the standard-setting process for the International Standards for the Professional Practice of Internal Auditing (Standards)
- Describe the Attribute and Performance standards of the Standards
- Describe the Code of Ethics
- Determine the purpose and content of an internal audit charter
- Explain the importance, requirements and impairment of independence and objectivity
- Evaluate independence in internal audit (consulting) engagements
- Describe the main standards for proficiency and professional due care
- Describe the standards for managing the internal audit department and quality assurance
- Identify the requirements of using outsourced resources
- Other topics in internal audit standards
Learning Outcome(s): 1, 7
Module 3: Risk Management, Control, Frameworks, and Governance
Identify different types of enterprise risk (strategic, operational, reporting, compliance)Explain the contribution of internal audit and the audit committee in the overall governance, risk management and control processes of an organization
- Explain the enterprise risk model (ERM) framework and its purpose in identifying risks
- Assess the role of the internal audit function in ERM
- Explain the risk assessment process and the impact on audit planning
- Evaluate the objectives of internal controls and the optimization of resources
- explain the nature, criteria and inherent limitations of various control frameworks (including (Committee of Sponsoring Organizations of the Treadway Commission (COSO), Criteria of Control Framework (CoCo))
- Describe the process of using a control framework to assess controls in an organization
- Explain the control self-assessment process, identify advantages and disadvantages, and describe how continuous monitoring can improve the effectiveness of internal controls
- Describe the Performance Standards for governance for internal auditors and the audit committee
- Other risk management, control, and governance topics
Learning Outcome(s): 2, 6
Module 4: Internal Audit Engagement Planning
- Describe the overall internal audit process, and identify the main phases and explain their purpose
- Determine the long-term (strategic) and short-term (annual) engagement planning requirements including:
- Explain how an audit universe is defined
- Identify factors that impact overall risk assessment
- Evaluate the risk assessment matrix (likelihood and impact)
- Explain the following components of an engagement plan:
- Process objectives: adequate criteria to evaluate governance, risk management and controls; significant risks to process objectives; potential for errors and fraud preliminary risk assessment; scope of the engagement; other engagement planning topics
- Apply the Performance Standards and create an internal audit engagement plan
Learning Outcome(s): 3, 4, 7
Assignment/Report (1) 5%
Module 5: Performing the Internal Audit Engagement
- Describe the main components of the examination phase
- Explain the purpose of and describe the steps of an internal audit work program
- Evaluate the sufficiency and appropriateness of audit evidence
- Develop audit criteria and prepare an audit work program using a risk-based approach
- Evaluate audit results to identify control weaknesses and discuss the implication of any deficiencies
- Describe the use of computer-assisted audit techniques (CAATs) and distinguish between systems-oriented and data-oriented (CAATs)
- Explain the purpose and benefits of using a generalized audit software
- Identify the components and the standards for preparing audit working paper files
- Identify potential fraud factors and differentiate between the responsibility of management and internal audit in preventing and detecting fraud
- Describe the fraud investigation process, the contents of a fraud report and the Role of internal audit
- Identify the impact of computer fraud and information technology on internal auditing
- Other performance topics
Learning Outcome(s): 3, 4, 5, 6, 7, 8
Mid-Term Exam (Module 1 - 5) 30%
Module 6: Communicating Internal Audit Results and Monitoring Progress
- Identify effective interview skills and describe the recommended approaches to conflict management
- Identify the objectives of internal audit reporting
- Describe the standards for internal audit reports
- Determine the information to be included in an internal audit report, evaluate the factors to consider when drafting recommendations, and explain the purpose of reviewing the report with management prior to release
- Draft an internal audit report
- Explain the importance of and determine the steps in monitoring internal audit recommendations
- Apply the performance standards to report on audit findings
Learning Outcome(s): 5, 7
Module 7: The Impact of Information Technology on Internal Auditing
- Explain how IT functions and controls affect the internal audit process
- Discuss the development and specialization of IT auditing
- Identify IT risks and their impact on an organization
- Evaluate various IT control frameworks (including ITGC, GTAG, COBIT)
- Identify the types of general computer controls and application controls in an IT environment and develop audit procedures to test for operating effectiveness
- Identify the types of controls used to manage risks in an IT communication and network environment and in an end-user computing environment
- Automated controls, manual controls,
- Data entry and access controls
- Processing controls
- End-user and business unit computing controls
- Specific controls
- Explain the implications of emerging technologies for internal audit
- Determine the impact of e-commerce for internal audit
- Other information technology topics
Learning Outcome(s): 8
Assignment/Report (2) 5%
Module 8: Operational Auditing: Marketing, Purchasing, and Production
- For the marketing, purchasing and production processes and/or functional areas:
- Explain the main activities and risks
- Create a basic audit program (including comprehensive audit
- techniques) using a risk-based approach
- Analyze data using generalized audit software
- Evaluate internal audit results to identify control weaknesses
Learning Outcome(s): 4, 5, 7, 8, 9
Module 9: Operational Auditing: Human Resources Management, Treasury, Strategic Planning and Financial Reporting
- For human resource management, treasury, and strategic planning processes and/or functional areas:
- Explain the main activities and risks
- Create a basic audit program (including a comprehensive audit)
- techniques) using a risk-based approach
- Analyze data using generalized audit software
- Evaluate internal audit results to identify control weaknesses
- Explain the role of the internal auditor in the financial reporting process, the regulatory reporting requirements and the overall implications of regulatory reporting and assurance
- Explain the mechanisms for compliance including the Sarbanes-Oxley Act (SOX) of 2002
Learning Outcome(s): 4, 5, 7, 8, 9
Internal Audit Case Due 15%
Module 10: Internal Auditing in the Public and Not-For-Profit Sectors
- Identify the main activities and risks specific to the public sector
- Discuss governance in the public sector and explain how public sector auditors and audit committees contribute to governance
- Explain the role of the Auditor General and distinguish it from the role of the internal auditor in the public sector
- Explain the standards for internal auditing in the public sector
- Explain the components of comprehensive auditing in the public sector, including value-for-money auditing
- Identify the main activities, risks and governance in the not-for-profit sector
- Determine the special internal audit considerations for not-for-profit companies
- Other public and not-for-profit sector topics
Learning Outcome(s): 10
Assignment/Report (3) 5%
Final Comprehensive Exam 40%