Brink's Modern Internal Auditing

Brink's Modern Internal Auditing

by Robert R. Moeller
Released January 2016
Publisher(s): Wiley
ISBN: 9781119016984

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

The complete guide to internal auditing for the modern world

Brink's Modern Internal Auditing: A Common Body of Knowledge, Eighth Edition covers the fundamental information that you need to make your role as internal auditor effective, efficient, and accurate. Originally written by one of the founders of internal auditing, Vic Brink and now fully updated and revised by internal controls and IT specialist, Robert Moeller, this new edition reflects the latest industry changes and legal revisions.  This comprehensive resource has long been—and will continue to be—a critical reference for both new and seasoned internal auditors alike. Through the information provided in this inclusive text, you explore how to maximize your impact on your company by creating higher standards of professional conduct and greater protection against inefficiency, misconduct, illegal activity, and fraud.

A key feature of this book is a detailed description of an internal audit Common Body of Knowledge (CBOK), key governance; risk and compliance topics that all internal auditors need to know and understand.  There are informative discussions on how to plan and perform internal audits including the information technology (IT) security and control issues that impact all enterprises today.  Modern internal auditing is presented as a standard-setting branch of business that elevates professional conduct and protects entities against fraud, misconduct, illegal activity, inefficiency, and other issues that could detract from success.

  • Contribute to your company's productivity and responsible resource allocation through targeted auditing practices
  • Ensure that internal control procedures are in place, are working, and are leveraged as needed to support your company's performance
  • Access fully-updated information regarding the latest changes in the internal audit industry
  • Rely upon a trusted reference for insight into key topics regarding the internal audit field

Brink's Modern Internal Auditing: A Common Body of Knowledge, Eighth Editionpresents the comprehensive collection of information that internal auditors rely on to remain effective in their role.

Table of contents

  1. Preface
  2. Part 1: Foundations of Modern Internal Auditing
    1. Chapter 1: Significance of Internal Auditing in Enterprises Today: An Update
      1. 1.1 Internal Auditing History and Background
      2. 1.2 Mission of Internal Auditing
      3. 1.3 Organization of this Book
      4. Note
    2. Chapter 2: An Internal Audit Common Body of Knowledge
      1. 2.1 What Is a CBOK? Experiences from Other Professions
      2. 2.2 What Does an Internal Auditor Need to Know?
      3. 2.3 An Internal Auditing CBOK
      4. 2.4 Another Attempt: The IIA Research Foundation’s CBOK
      5. 2.5 Essential Internal Audit Knowledge Areas
      6. Notes
  3. Part 2: Importance of Internal Controls
    1. Chapter 3: The COSO Internal Control Framework
      1. 3.1 Understanding Internal Controls
      2. 3.2 Revised COSO Framework Business and Operating Environment Changes
      3. 3.3 The Revised COSO Internal Control Framework
      4. 3.4 COSO Internal Control Principles
      5. 3.5 COSO Internal Control Components: The Control Environment
      6. 3.6 COSO Internal Control Components: Risk Assessment
      7. 3.7 COSO Internal Control Components: Internal Control Activities
      8. 3.8 COSO Internal Control Components: Information and Communication
      9. 3.9 COSO Internal Control Components: Monitoring Activities
      10. 3.10 The COSO Framework’s Other Dimensions
    2. Chapter 4: The 17 COSO Internal Control Principles
      1. 4.1 COSO Internal Control Framework Principles
      2. 4.2 Control Environment Principle 1: Integrity and Ethical Values
      3. 4.3 Control Environment Principle 2: Role of the Board of Directors
      4. 4.4 Control Environment Principle 3: Authority and Responsibility Needs
      5. 4.5 Control Environment Principle 4: Commitment to a Competent Workforce
      6. 4.6 Control Environment Principle 5: Holding People Accountable
      7. 4.7 Risk Assessment Principle 6: Specifying Appropriate Objectives
      8. 4.8 Risk Assessment Principle 7: Identifying and Analyzing Risks
      9. 4.9 Risk Assessment Principle 8: Evaluating Fraud Risks
      10. 4.10 Risk Assessment Principle 9: Identifying Changes Affecting Internal Controls
      11. 4.11 Control Activities Principle 10: Selecting Control Activities That Mitigate Risks
      12. 4.12 Control Activities Principle 11: Selecting and Developing Technology Controls
      13. 4.13 Control Activities Principle 12: Policies and Procedures
      14. 4.14 Information and Communication Principle 13: Using Relevant, Quality Information
      15. 4.15 Information and Communication Principle 14: Internal Communications
      16. 4.16 Information and Communication Principle 15: External Communications
      17. 4.17 Monitoring Principle 16: Internal Control Evaluations
      18. 4.18 Monitoring Principle 17: Communicating Internal Control Deficiencies
      19. Note
    3. Chapter 5: Sarbanes-Oxley (SOx) and Beyond
      1. 5.1 Key Sarbanes-Oxley Act (SOx) Elements
      2. 5.2 Performing Section 404 Reviews under AS5
      3. 5.3 AS5 Rules and Internal Audit
      4. 5.4 Impact of the Sarbanes-Oxley Act
      5. Notes
    4. Chapter 6: COBIT and Other ISACA Guidance
      1. 6.1 Introduction to COBIT
      2. 6.2 COBIT Framework
      3. 6.3 Principle 1: Meeting Stakeholder Needs
      4. 6.4 Principle 2: Covering the Enterprise End to End
      5. 6.5 Principle 3: A Single Integrated Framework
      6. 6.6 Principle 4: Enabling a Holistic Approach
      7. 6.7 Principle 5: Separating Governance from Management
      8. 6.8 Using COBIT to Assess Internal Controls
      9. 6.9 Mapping COBIT to COSO Internal Controls
      10. Notes
    5. Chapter 7: Enterprise Risk Management: COSO ERM
      1. 7.1 Risk Management Fundamentals
      2. 7.2 COSO ERM: Enterprise Risk Management
      3. 7.3 COSO ERM Key Elements
      4. 7.4 Other Dimensions of COSO ERM: Enterprise Risk Objectives
      5. 7.5 Entity-Level Risks
      6. 7.6 Putting It All Together: Auditing Risk and COSO ERM Processes
      7. Notes
  4. Part 3: Planning and Performing Internal Audits
    1. Chapter 8: Performing Effective Internal Audits
      1. 8.1 Initiating and Launching an Internal Audit
      2. 8.2 Organizing and Planning Internal Audits
      3. 8.3 Internal Audit Preparatory Activities
      4. 8.4 Starting the Internal Audit
      5. 8.5 Developing and Preparing Audit Programs
      6. 8.6 Performing the Internal Audit
      7. 8.7 Wrapping Up the Field Engagement Internal Audit
      8. 8.8 Performing an Individual Internal Audit
    2. Chapter 9: Standards for the Professional Practice of Internal Auditing
      1. 9.1 What Is the IPPF?
      2. 9.2 The Internal Auditing Professional Practice Standards: A Key IPPF Component
      3. 9.3 Content of the IIA Standards
      4. 9.4 Codes of Ethics: The IIA and ISACA
      5. 9.5 Internal Audit Principles
      6. 9.6 IPPF Future Directions
      7. Notes
    3. Chapter 10: Testing, Assessing, and Evaluating Audit Evidence
      1. 10.1 Gathering Appropriate Audit Evidence
      2. 10.2 Audit Assessment and Evaluation Techniques
      3. 10.3 Internal Audit Judgmental Sampling
      4. 10.4 Statistical Audit Sampling: An Introduction
      5. 10.5 Developing a Statistical Sampling Plan
      6. 10.6 Audit Sampling Approaches
      7. 10.7 Attributes Sampling Audit Example
      8. 10.8 Attributes Sampling Advantages and Limitations
      9. 10.9 Monetary Unit Sampling
      10. 10.10 Other Audit Sampling Techniques
      11. 10.11 Making Efficient and Effective Use of Audit Sampling
      12. Notes
    4. Chapter 11: Continuous Auditing and Computer-Assisted Audit Techniques
      1. 11.1 Implementing Continuous Assurance Auditing
      2. 11.2 ACL, NetSuite, BusinessObjects, and Other Continuous Assurance Systems
      3. 11.3 Benefits of CAA
      4. 11.4 Computer-Assisted Audit Tools and Techniques
      5. 11.5 Determining the Need for CAATTs
      6. 11.6 Steps to Building Effective CAATTs
      7. 11.7 Importance of Using CAATTs for Audit Evidence Gathering
      8. 11.8 XBRL: The Internet-Based Extensible Marking Language
      9. Notes
    5. Chapter 12: Control Self-Assessments and Internal Audit Benchmarking
      1. 12.1 Importance of Control Self-Assessments
      2. 12.2 CSA Model
      3. 12.3 Launching the CSA Process
      4. 12.4 Evaluating CSA Results
      5. 12.5 Benchmarking and Internal Audit
      6. 12.6 Better Understanding Internal Audit Activities
      7. Notes
    6. Chapter 13: Areas to Audit: Establishing an Audit Universe and Audit Programs
      1. 13.1 Defining the Scope and Objectives of the Internal Audit Universe
      2. 13.2 Assessing Internal Audit Capabilities and Objectives
      3. 13.3 Audit Universe Time and Resource Limitations
      4. 13.4 “Selling” an Audit Universe Concept to the Audit Committee and Management
      5. 13.5 Assembling Audit Programs: Audit Universe Key Components
      6. 13.6 Audit Universe and Program Maintenance
  5. Part 4: Organizing and Managing Internal Audit Activities
    1. Chapter 14: Charters and Building the Internal Audit Function
      1. 14.1 Establishing an Internal Audit Function
      2. 14.2 Audit Committee and Management Authorization of an Audit Charter
      3. 14.3 Establishing an Internal Audit Function
      4. Notes
    2. Chapter 15: Managing the Internal Audit Universe and Key Competencies
      1. 15.1 Auditing in the Weeds: Problems with Reviews of Nonmainstream Audit Areas
      2. 15.2 Importance of an Audit Universe Schedule: What Is Right or Wrong
      3. 15.3 Importance of Internal Audit Key Competencies
      4. 15.4 Importance of Internal Audit Risk Management
      5. 15.5 Internal Auditor Interview Skills
      6. 15.6 Internal Audit Analytical and Testing Skills Competencies
      7. 15.7 Internal Auditor Documentation Skills
      8. 15.8 Recommending Results and Corrective Actions
      9. 15.9 Internal Auditor Negotiation Skills
      10. 15.10 An Internal Auditor Commitment to Learning
      11. 15.11 Importance of Internal Auditor Core Competencies
    3. Chapter 16: Planning Audits and Understanding Project Management
      1. 16.1 The Project Management Process
      2. 16.2 PMBOK: The Project Management Book of Knowledge
      3. 16.3 PMBOK Program and Portfolio Management
      4. 16.4 Planning an Internal Audit
      5. 16.5 Understanding the Environment: Planning and Launching an Internal Audit
      6. 16.6 Audit Planning: Documenting and Understanding the Internal Control Environment
      7. 16.7 Performing Appropriate Internal Audit Procedures and Wrapping Up the Audit
      8. 16.8 Project Management Best Practices and Internal Audit
      9. Note
    4. Chapter 17: Documenting Audit Results through Process Modeling and Workpapers
      1. 17.1 Internal Audit Documentation Requirements
      2. 17.2 Process Modeling for Internal Auditors
      3. 17.3 Internal Audit Workpapers
      4. 17.4 Workpaper Document Organization
      5. 17.5 Workpaper Preparation Techniques
      6. 17.6 Internal Audit Document Records Management
      7. 17.7 Importance of Internal Audit Documentation
      8. Notes
    5. Chapter 18: Reporting Internal Audit Results
      1. 18.1 The Audit Report Framework
      2. 18.2 Purposes and Types of Internal Audit Reports
      3. 18.3 Published Audit Reports
      4. 18.4 Alternative Audit Report Formats
      5. 18.5 Internal Audit Reporting Cycle
      6. 18.6 Internal Audit Communications Problems and Opportunities
      7. 18.7 Audit Reports and Understanding People in Internal Auditing
  6. Part 5: Impact of Information Systems on Internal Auditing
    1. Chapter 19: ITIL® Best Practices, the IT Infrastructure, and General Controls
      1. 19.1 Importance of IT General Controls
      2. 19.2 Client-Server and Small Systems General IT Controls
      3. 19.3 Client-Server Computer Systems
      4. 19.4 Small Systems Operations Internal Controls
      5. 19.5 Auditing IT General Controls for Small IT Systems
      6. 19.6 Mainframe Legacy System Components and Controls
      7. 19.7 Internal Control Reviews of Classic Mainframe or Legacy IT Systems
      8. 19.8 Legacy of Large System General Control Reviews
      9. 19.9 ITIL® Service Support and Delivery IT Infrastructure Best Practices
      10. 19.10 Service Delivery Best Practices
      11. 19.11 Auditing IT Infrastructure Management
      12. 19.12 Internal Auditor CBOK Needs for IT General Controls
      13. Notes
    2. Chapter 20: BYOD Practices and Social Media Internal Audit Issues
      1. 20.1 The Growth and Impact of BYOD
      2. 20.2 Understanding the Enterprise BYOD Environment
      3. 20.3 BYOD Security Policy Elements
      4. 20.4 Social Media Computing
      5. 20.5 Enterprise Social Media Computing Risks and Vulnerabilities
      6. 20.6 Social Media Policies
    3. Chapter 21: Big Data and Enterprise Content Management
      1. 21.1 Big Data Overview
      2. 21.2 Big Data Governance, Risk, and Compliance Issues
      3. 21.3 Big Data Management, Hadoop, and Security Issues
      4. 21.4 Compliance Monitoring and Big Data Analytics
      5. 21.5 Internal Auditing in a Big Data Environment
      6. 21.6 Enterprise Content Management Internal Controls
      7. 21.7 Auditing Enterprise Content Management Processes
      8. Notes
    4. Chapter 22: Reviewing Application and Software Management Controls
      1. 22.1 IT Application Components
      2. 22.2 Selecting Applications for Internal Audit Reviews
      3. 22.3 Preliminary Steps to Performing Application Controls Reviews
      4. 22.4 Completing the IT Application Controls Audit
      5. 22.5 Application Review Example: Client-Server Budgeting System
      6. 22.6 Auditing Applications under Development
      7. 22.7 Importance of Reviewing IT Application Controls
      8. Notes
    5. Chapter 23: Cybersecurity, Hacking Risks, and Privacy Controls
      1. 23.1 Hacking and IT Network Security Fundamentals
      2. 23.2 Data Security Concepts
      3. 23.3 Importance of IT Passwords
      4. 23.4 Viruses and Malicious Program Code
      5. 23.5 System Firewall Controls
      6. 23.6 Social Engineering IT Risks
      7. 23.7 IT Systems Privacy Concerns
      8. 23.8 The NIST Cybersecurity Framework
      9. 23.9 Auditing IT Security and Privacy
      10. 23.10 PCI DSS Fundamentals
      11. 23.11 Security and Privacy in the Internal Audit Department
      12. 23.12 Internal Audit’s Privacy and Cybersecurity Roles
    6. Chapter 24: Business Continuity and Disaster Recovery Planning
      1. 24.1 IT Disaster and Business Continuity Planning Today
      2. 24.2 Auditing Business Continuity Planning Processes
      3. 24.3 Building the IT Business Continuity Plan
      4. 24.4 Business Continuity Planning and Service Level Agreements
      5. 24.5 Auditing Business Continuity Plans
      6. 24.6 Business Continuity Planning Going Forward
      7. Notes
  7. Part 6: Internal Audit and Enterprise Governance
    1. Chapter 25: Board Audit Committee Communications
      1. 25.1 Role of the Audit Committee
      2. 25.2 Audit Committee Organization and Charters
      3. 25.3 Audit Committee’s Financial Expert and Internal Audit
      4. 25.4 Audit Committee Responsibilities for Internal Audit
      5. 25.5 Audit Committee Review and Action on Significant Audit Findings
      6. 25.6 Audit Committee and Its External Auditors
      7. 25.7 Whistleblower Programs and Codes of Conduct
      8. 25.8 Other Audit Committee Roles
      9. Note
    2. Chapter 26: Ethics and Whistleblower Programs
      1. 26.1 Enterprise Ethics, Compliance, and Governance
      2. 26.2 Ethics First Steps: Developing a Mission Statement
      3. 26.3 Understanding the Ethics Risk Environment
      4. 26.4 Summarizing Ethics Survey Results: Do We Have a Problem?
      5. 26.5 Enterprise Codes of Conduct
      6. 26.6 Whistleblower and Hotline Functions
      7. 26.7 Auditing the Enterprise’s Ethics Functions
      8. 26.8 Improving Corporate Governance Practices
      9. Notes
    3. Chapter 27: Fraud Detection and Prevention
      1. 27.1 Understanding and Recognizing Fraud
      2. 27.2 Red Flags: Fraud Detection Signs for Internal Auditors
      3. 27.3 Public Accounting’s Role in Fraud Detection
      4. 27.4 IIA Standards for Detecting and Investigating Fraud
      5. 27.5 Fraud Investigations for Internal Auditors
      6. 27.6 Information Technology Fraud Prevention Processes
      7. 27.7 Fraud Detection and the Internal Auditor
      8. Notes
    4. Chapter 28: Internal Audit GRC Approaches and Other Compliance Requirements
      1. 28.1 The Road to Effective GRC Principles
      2. 28.2 GRC Risk Management Components
      3. 28.3 GRC and Internal Audit Enterprise Compliance Issues
      4. 28.4 Importance of Effective GRC Practices and Principles
  8. Part 7: The Professional Internal Auditor
    1. Chapter 29: Professional Certifications: CIA, CISA, and More
      1. 29.1 Certified Internal Auditor Responsibilities and Requirements
      2. 29.2 Beyond the CIA: Other IIA Certifications
      3. 29.3 Importance of the CIA Specialty Certification Examinations
      4. 29.4 Certified Information Systems Auditor
      5. 29.5 Certified Information Security Manager
      6. 29.6 Certified in the Governance of Enterprise IT
      7. 29.7 Certified in Risk and Information Systems Control
      8. 29.8 Certified Fraud Examiner
      9. 29.9 Certified Information Systems Security Professional
      10. 29.10 ASQ Internal Audit Certifications
      11. 29.11 Other Internal Auditor Certifications
    2. Chapter 30: The Modern Internal Auditor as an Enterprise Consultant
      1. 30.1 Standards for Internal Audit as an Enterprise Consultant
      2. 30.2 Launching an Internal Audit Internal Consulting Facility
      3. 30.3 Ensuring an Audit and Consulting Separation of Duties
      4. 30.4 Consulting Best Practices
      5. 30.5 Expanded Internal Audit Services to Management
  9. Part 8: The Other Sides of Auditing: Professional Convergence
    1. Chapter 31: Quality Assurance Auditing and ASQ Standards
      1. 31.1 Duties and Responsibilities of ASQ Quality Auditors
      2. 31.2 Role of the Quality Auditor
      3. 31.3 Performing ASQ Quality Audits
      4. 31.4 Quality Assurance Reviews of the Internal Audit Function
      5. 31.5 Launching the Internal Audit Quality Assurance Review
      6. 31.6 Reporting the Results of an Internal Audit Quality Assurance Review
      7. 31.7 Future Directions for Quality Assurance Auditing
    2. Chapter 32: Six Sigma and Lean Techniques for Internal Audit
      1. 32.1 Six Sigma Background and Concepts
      2. 32.2 Implementing Six Sigma
      3. 32.3 Six Sigma Leadership Roles and Responsibilities
      4. 32.4 Launching an Enterprise Six Sigma Project
      5. 32.5 Lean Six Sigma
      6. 32.6 Auditing Six Sigma Processes
      7. 32.7 Six Sigma in Internal Audit Operations
      8. Notes
    3. Chapter 33: ISO and Worldwide Internal Audit Standards
      1. 33.1 ISO Standards Background
      2. 33.2 ISO Standards Overview
      3. 33.3 ISO 38500 IT Governance Standard
      4. 33.4 ISO Standards and the COSO Internal Control Framework
      5. 33.5 Internal Audit and International Auditing Standards
      6. Notes
    4. Chapter 34: A CBOK for the Modern Internal Auditor
      1. 34.1 Part One: Foundations of Internal Auditing CBOK Requirements
      2. 34.2 Part Two: Importance of Internal Controls CBOK Requirements
      3. 34.3 Part Three: Planning and Performing Internal Audit CBOK Requirements
      4. 34.4 Part Four: Organizing and Managing Internal Audit Activities CBOK Requirements
      5. 34.5 Part Five: Impact of IT on Internal Auditing CBOK Requirements
      6. 34.6 Part Six: Internal Audit and Enterprise Governance CBOK Requirements
      7. 34.7 Part Seven: Internal Auditor PROFESSIONAL CBOK Requirements
      8. 34.8 Part Eight: The Other Sides of INTERNAL Auditing: Professional Convergence CBOK Requirements
      9. 34.9 A CBOK for the Modern Internal Auditor
      10. Notes
  10. About the Author
  11. Index
  12. EULA

Product information

  • Title: Brink's Modern Internal Auditing
  • Author(s): Robert R. Moeller
  • Release date: January 2016
  • Publisher(s): Wiley
  • ISBN: 9781119016984