FOCUSNOTES2015

Wiley CiAexcel exAm RevieW

FOCUSNOTES2015

Wiley CiAexcel exAm RevieW

PART 3Internal Audit Knowledge Elements

S. RAO VALLABHANENI

Cover image: John Wiley & Sons, Inc.Cover design: John Wiley & Sons, Inc.

Copyright © 2015 by S. Rao Vallabhaneni. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600, or on the Web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Library of Congress Cataloging-in-Publication Data:ISBN 978-1-119-09519-4 (Paperback); ISBN 978-1-119-09760-0 (ebk); ISBN 978-1-119-09763-1 (ebk); ISBN 978-1-119-09526-2 (Part 1); ISBN 978-1-119-09525-5 (Part 2); ISBN 978-1-119-09533-0 (Set)

Printed in the United States of America10 9 8 7 6 5 4 3 2 1

Contents

Preface .............................................................................................................................. xiiiCIA Exam Study Preparation Resources ............................................................................xvCIA Exam-Taking Tips and Techniques ..............................................................................xixCIA Exam Content Specifi cations .....................................................................................xxi

Domain 1 Governance and Business Ethics (5–15%) ................................................ 1 Corporate/Organizational Governance Principles .................................................... 1 Roles and Responsibilities of the Audit Committee .................................................17 Business Ethics .......................................................................................................18 Corporate Social Responsibility ............................................................................. 29

Domain 2 Risk Management (10–20%) ...................................................................... 34 Corporate Risk Management .................................................................................. 34 Enterprise Risk Management ................................................................................. 37

Domain 3 Organizational Structures, Business Processes, and Risks (15–25%) ................................................................................... 40

Risk/Control Implications of Different Organizational Structures ............................ 40 Types of Organizational Structures ......................................................................... 41 Schemes in Various Business Cycles ..................................................................... 51 Business Process Analysis ..................................................................................... 65

ftoc.indd vftoc.indd v 3/4/13 2:26 PM3/4/13 2:26 PM

Contents vi

Business Process Reengineering and Business Process Improvement ............... 67 Benchmarking ........................................................................................................ 68 Production Process Flows ...................................................................................... 69 Design of Performance Measurement Systems ..................................................... 70 Performance ........................................................................................................... 71 Productivity ............................................................................................................. 72 Components of Productivity Measurement ............................................................ 73 Criteria for Productivity Improvement ..................................................................... 73 Balanced Scorecard System ...................................................................................76 Inventory Management Techniques and Concepts ................................................ 78 Electronic Data Systems ........................................................................................104 Business Development Life Cycles ....................................................................... 112 International Organization for Standardization Framework .................................... 115 Outsourcing Business Processes ..........................................................................123

Domain 4 COMMUNICATION (5–10%) .......................................................................132 Communication Skills ............................................................................................132 Stakeholder Relationships .....................................................................................140

ftoc.indd viftoc.indd vi 3/4/13 2:26 PM3/4/13 2:26 PM

Contents vii

Domain 5 Management and Leadership Principles (10–20%) ................................150 Strategic Management ..........................................................................................150 Strategic Planning Process ...................................................................................153 Global Analytical Techniques .................................................................................155 Porter’s Competitive Strategies .............................................................................159 Industry Environments ...........................................................................................163 Evolution of Global Markets ...................................................................................166 Strategic Decisions ................................................................................................167 Portfolio Techniques of Competitive Analysis .........................................................169 Forecasting ............................................................................................................172 Quality Management .............................................................................................176 Decision Analysis ...................................................................................................195 Decision Making ................................................................................................... 204 Organizational Behavior ........................................................................................215 Group Dynamics ................................................................................................... 221 Human Resource Management ............................................................................ 226 Risk/Control Implications of Different Leadership Styles ...................................... 233 Management Skills ............................................................................................... 235

ftoc.indd viiftoc.indd vii 3/4/13 2:26 PM3/4/13 2:26 PM

Contents viii

Team Building ....................................................................................................... 242 Negotiation and Confl ict Management ................................................................. 251 Project Management and Change Management ................................................. 263 Change Management Techniques ........................................................................ 271

Domain 6 INFORMATION TECHNOLOGY AND BUSINESS CONTINUITY (15–25%) ......................................................... 275

Security ................................................................................................................. 275 System Security .................................................................................................... 282 Firewalls ................................................................................................................ 293 Routers .................................................................................................................. 304 Sensors ................................................................................................................. 307 Hardware and Software Guards ........................................................................... 308 Demilitarized Zones ...............................................................................................311 Information Protection ............................................................................................313 Identifi cation and Authentication .......................................................................... 333 Encryption ............................................................................................................. 347 Application Development ..................................................................................... 366

ftoc.indd viiiftoc.indd viii 3/4/13 2:26 PM3/4/13 2:26 PM

Contents ix

System Infrastructure .............................................................................................412 Database Systems ................................................................................................ 427 Cloud Computing Systems ................................................................................... 435 Functional Areas of Information Technology Operations ....................................... 444 Enterprise-Wide Resource Planning System, Customer-Relationship

Management System, and Software Licensing and Piracy Management ............ 453 Data and Network Communications and Connections ......................................... 463 Business Continuity .............................................................................................. 531

Domain 7 Financial Management (13–23%) ............................................................ 559 Financial Accounting and Finance: Basic Concepts of

Financial Accounting ............................................................................................ 559 Intermediate Concepts of Financial Accounting ................................................... 565 Advanced Concepts of Financial Accounting....................................................... 571 Financial Statement Analysis ................................................................................ 584 Types of Debt and Equity ...................................................................................... 590 Financial Instruments ............................................................................................ 596 Cash Management ............................................................................................... 599

ftoc.indd ixftoc.indd ix 3/4/13 2:26 PM3/4/13 2:26 PM

Contents x

Valuation Models ...................................................................................................613 Capital Budgeting ................................................................................................. 621 Cost of Capital Evaluation ..................................................................................... 629 Taxation Schemes ................................................................................................. 638 Mergers, Acquisitions, and Divestitures ................................................................ 640 Managerial Accounting: General Concepts.......................................................... 647 Costing Systems ................................................................................................... 648 Cost Concepts ...................................................................................................... 656 Relevant Costs ...................................................................................................... 668 Cost-Volume-Profi t Analysis .................................................................................. 669 Transfer Pricing ......................................................................................................676 Responsibility Accounting .................................................................................... 679 Operating Budgets ............................................................................................... 681

Domain 8 Global Business Environment (0–10%) .................................................. 687 Economic/Financial Environments ........................................................................ 687 Cultural/Political Environments .............................................................................. 703 Legal and Economic Concepts .............................................................................713 Impact of Government Legislation and Regulation on Business ..........................718

ftoc.indd xftoc.indd x 3/4/13 2:26 PM3/4/13 2:26 PM

Contents xi

Appendix Sarbanes-Oxley Act of 2002 .................................................................... 735 Title II—Auditor Independence ............................................................................. 736 Title III—Corporate Responsibility ........................................................................ 737 Title IV—Enhanced Financial Disclosures ............................................................ 739

About the Author...............................................................................................................741Index .................................................................................................................................743

ftoc.indd xiftoc.indd xi 3/4/13 2:26 PM3/4/13 2:26 PM

ftoc.indd xiiftoc.indd xii 3/4/13 2:26 PM3/4/13 2:26 PM

Preface

The Wiley CIAexcel Exam Review Focus Notes 2014 are developed for each of the three parts of the Certified Internal Auditor (CIA) exam 2014 sponsored by the Institute of Internal Auditors (IIA). The purpose of the Focus Notes is to digest and assimilate the vast amounts of knowledge, skills, and abilities tested on the CIA exam in a clear, concise, easy-to-read, and easy-to-use format anywhere and anytime to achieve success in the exam.

Each of the Focus Notes book topics is organized in the same way as the Wiley CIAexcel Exam Review book topics, that is, one Focus Notes book for each of the three-part review books. This clear linkage makes the exam study time more efficient and long-lasting, and provides the ability to recall important concepts, tools, and techniques, and the IIA Standards tested on the CIA exams. The Focus Notes can be used with any other study materials that you have determined works best for you to prepare for the CIA Exam. The Focus Notes provide a quick and easy refresher to the material that you are studying.

The Wiley Focus Notes are similar to index cards and flash cards in terms of purpose. The Focus Notes com-plement and supplement, not substitute for, the Wiley Review books, where the former provides a summarized theory and the latter provides a detailed theory.

For those students who are exclusively studying with Wiley’s preparation resources, we sincerely recom-mend the CIA Exam candidate study the Focus Notes and Glossary section for each part a few weeks prior to taking the actual exam for maximum retention and recall of the subject matter, assuming that the candidate has previously studied the Wiley CIAexcel Exam Review books.

fpref.indd 13 02-05-2014 09:48:40

The Focus Notes books will be especially useful to auditors who are traveling on an audit assignment, as well as others who are not traveling, due to their small and compact size, giving portability. The simplified summaries included in this material will help you learn the essential knowledge as well as help you retain them for years to come. The Focus Notes book can also be used as a desk reference on a post-exam basis, similar to a dictionary.

Preface xiv

fpref.indd 14 02-05-2014 09:48:40

CIA Exam Study Preparation Resources

We recommend the following study plan and three review products for each Part of the CIA Exam to succeed in the exam:

• Read each part ’s review book (Theory)

• Practice the web-based online test bank software (Practice)

• Reinforce the theoretical concepts by studying the Focus Notes (Theory)

A series of review books have been prepared for the candidate to utilize for all three parts of the new CIA exam. Each part ’s review book includes a comprehensive coverage of the subject matter (theory) followed by some sample practice multiple-choice (M/C) questions with answers and explanations (practice). The sample practice M/C questions included in the review book are taken from Wiley ’s web-based online test software to show you the fl avor of questions. Each part ’s review book contains a glossary section, which is a good source for answering M/C questions on the CIA Exam.

The web-based online test bank software is a robust review product that simulates the format of the actual CIA Exam in terms of look and feel, thus providing intense practice and greater confi dence to the CIA Exam can-didates. The thousands of sample practice questions (5,275 plus) included in the online test bank can provide greater confi dence and solid assurance to CIA exam candidates in that they are preparing well for all the required topics tested in the exam. All practice questions include explanations for the correct answer and are organized by domain topics within each part. Visit www.wileycia.com.

flast.indd xvflast.indd xv 3/6/13 5:49 PM3/6/13 5:49 PM

The following is a part summary showing the number of sample practice questions included in the online test bank and the number of questions tested in the actual CIA Exam.

Part Summary Wiley Sample Practice

Questions CIA Exam Actual Test

Questions

Part 1 750+ 125

Part 2 725+ 100

Part 3 3,800+ 100

Total Questions in Three Parts 5,275+ 325

Focus Notes provide a quick review and reinforcement of the important theoretical concepts, which are pre-sented in a summary manner taken from the details of the review books. The Focus Notes can be studied just before the exam, during travel time, or any other time available to the student.

When combined, these three review products provide a great value to CIA Exam students and we are positive that they will recognize the value when they see it, feel it, and experience it.

CIA Exam Study Preparation Resources xvi

flast.indd xviflast.indd xvi 3/6/13 5:49 PM3/6/13 5:49 PM

We suggest a sequential study approach in four steps for each part of the exam, as follows:

Step 1. Read the glossary section at the end of each part ’s review book for a better understanding of key technical terms

Step 2. Study the theory from the each part ’s review book

Step 3. Practice the multiple-choice questions from the online test bank for each part

Step 4. Read the Focus Notes for each part for a quick review and reinforcement of the important theoreti-cal concepts

In addition, the CIA Exam candidates should read Practice Guides from the IIA because these guides pro-vide detailed guidance for conducting internal audit activities. They include detailed processes and procedures, such as tools and techniques, audit work programs, and step-by-step audit approaches, as well as examples of audit deliverables. These Practice Guides are not included in the Wiley Review Books due to their voluminous size and the fact that they are available from www.theiia.org.

CIA Exam Study Preparation Resources xvii

flast.indd xviiflast.indd xvii 3/6/13 5:49 PM3/6/13 5:49 PM

flast.indd xviiiflast.indd xviii 3/6/13 5:49 PM3/6/13 5:49 PM

CIA Exam-Taking Tips and Techniques

The types of questions a candidate can expect to see in the CIA Exam are objective and scenario-based multiple-choice (M/C) questions. Answering the M/C questions requires a good amount of practice and effort.

The following tips and techniques will be helpful in answering the CIA Exam questions:

• Stay with your fi rst impression of the correct choice.

• Know the subject area or topic. Don ’t read too much into the question.

• Remember that questions are independent of specifi c country, products, practices, vendors, hardware, software, or industry.

• Read the last sentence of the question fi rst followed by all choices and then the body (stem) of the question.

• Read the question twice or read the underlined or circled keywords twice, and watch for tip-off words, such as not, except, all, every, always, never, least, or most , which denote absolute conditions.

• Do not project the question into your organizational environment, practices, policies, procedures, stand-ards, and guidelines. The examination is focusing on the IIA ’s Professional Standards and Publications and on the CIA ’s exam syllabus (i.e., content specifi cations).

• Try to eliminate wrong choices as quickly as possible. When you get down to two semifi nal choices, take a big-picture approach. For example, if choice A and D are the semifi nalists, and choice D could be a part of choice A, then select choice A; or if choice D could be a more complete answer, then select choice D.

flast.indd xixflast.indd xix 3/6/13 5:49 PM3/6/13 5:49 PM

• Don ’t spend too much time on one question. If you are not sure of an answer, move on, and go back to it if time permits. The last resort is to guess the answer. There is no penalty for guessing the wrong answer.

Remember that success in any professional examination depends on several factors required of any student such as time management skills, preparation time and effort levels, education and experience levels, memory recall of the subject matter, state of the mind before or during the exam, and decision-making skills.

CIA Exam-Taking Tips and Techniques xx

flast.indd xxflast.indd xx 3/6/13 5:49 PM3/6/13 5:49 PM

CIA Exam Content Specifi cations

Part 3 of the CIA Exam is called Internal Audit Knowledge Elements and the exam duration is 2.0 hours (120 minutes) with 100 multiple-choice questions. The following is a breakdown of topics in this Part.

Domain I: Governance and Business Ethics (5–15%)*

A. Corporate/organizational governance principles (A)**

B. Environmental and social safeguards (A)

C. Corporate social responsibility (A)

Domain II: Risk Management (10–20%)

A. Risk management techniques (A)

B. Organizational use of risk frameworks (A)

* Indicates the relative range of weights assigned to this topic area for both theory and practice sections in the CIA Exam.

** Indicates the level of difficulty for each topic in the CIA Exam expressed as (A) for Awareness and (P) for Profi ciency. (A) = Candidates must exhibit awareness (i.e., knowledge of terminology and fundamentals) in these topic areas. (P) = Candidates must exhibit profi ciency (i.e., thorough understanding and ability to apply concepts) in these topic areas.

flast.indd xxiflast.indd xxi 3/6/13 5:49 PM3/6/13 5:49 PM

Domain III: Organizational Structure, Business Processes, and Risks (15–25%)

A. Risk/control implications of different organizational structures (A)

B. Structure (e.g., centralized/decentralized) (A)

C. Typical schemes in various business cycles (e.g., procurement, sales, knowledge, and supply-chain management) (A)

D. Business process analysis (e.g., workfl ow analysis, bottleneck management, and Theory of Constraints) (A)

E. Inventory management techniques and concepts (A)

F. Electronic funds transfer (EFT) and electronic data interchange (EDI) (A)

G. Business development life cycles ((A)

H. The International Organization for Standardization (ISO) framework (A)

I. Outsourcing business processes (A)

CIA Exam Content Specifi cations xxii

flast.indd xxiiflast.indd xxii 3/6/13 5:49 PM3/6/13 5:49 PM

Domain IV: Communication (5–10%)

A. Communication (e.g., the process, organizational dynamics, and impact of computerization) (A)

B. Stakeholder relationships (A)

Domain V: Management and Leadership Principles (10–20%)

A. Strategic management

• Forecasting (A)

• Quality management (e.g., TQM and Six Sigma) (A)

• Decision analysis (A)

B. Organizational behavior

• Organizational theory (A)

• Organizational behavior (e.g., motivation, impact of job design, rewards, and schedules) (A)

• Group dynamics (e.g., traits, development stages, organizational politics, and effectiveness) (A)

CIA Exam Content Specifi cations xxiii

flast.indd xxiiiflast.indd xxiii 3/6/13 5:49 PM3/6/13 5:49 PM

• Knowledge of human resource processes (e.g., individual performance management, supervision, per-sonnel sourcing/staffing, and staff development) (A)

• Risk/control implications of different leadership styles (A)

C. Management skills

• Lead, inspire, and guide people, building organizational commitment and entrepreneurial orientation (A)

• Create group synergy in pursuing collective goals (A)

D. Confl ict management

• Confl ict resolution (e.g., competitive, cooperative, and compromise) (A)

• Negotiation skills (A)

• Confl ict management (A)

• Added-value negotiating (A)

E. Project management and change management

• Change management (A)

• Project management techniques (A)

CIA Exam Content Specifi cations xxiv

flast.indd xxivflast.indd xxiv 3/6/13 5:49 PM3/6/13 5:49 PM

Domain VI: IT and Business Continuity (15–25%)

A. Security

• System security (e.g., fi rewalls and access controls) (A)

• Information protection (e.g., viruses and privacy) (A)

• Application authentication (A)

• Encryption (A)

B. Application development

• End-user computing (A)

• Change control (A)

• Systems development methodology (A)

• Application development (A)

• Information systems development (A)

CIA Exam Content Specifi cations xxv

flast.indd xxvflast.indd xxv 3/6/13 5:49 PM3/6/13 5:49 PM

C. System infrastructure

• Workstations (A)

• Databases (A)

• IT control frameworks (e.g., eSAC and COBIT) (A)

• Functional areas of IT operations (e.g., data center operations) (A)

• Enterprise-wide resource planning (ERP) software (e.g., SAP R3) (A)

• Data and network communications and connections (e.g., LAN, VAN, and WAN) (A)

• Servers (A)

• Software licensing (A)

• Mainframe (A)

• Operating systems (A)

D. Business continuity

• IT contingency planning (A)

CIA Exam Content Specifi cations xxvi

flast.indd xxviflast.indd xxvi 3/6/13 5:49 PM3/6/13 5:49 PM

Domain VII: Financial Management (13–23%)

A. Financial accounting and fi nance

• Basic concepts and underlying principles of fi nancial accounting (e.g., statements, terminology, and relationships) (A)

• Intermediate concepts of fi nancial accounting (e.g., bonds, leases, pensions, intangible assets, and research and development) (A)

• Advanced concepts of fi nancial accounting (e.g., consolidation, partnerships, and foreign currency transactions) (A)

• Financial statement analysis (e.g., ratios) (A)

• Types of debt and equity (A)

• Financial instruments (e.g., derivatives) (A)

• Cash management (e.g., treasury functions) (A)

• Valuation models (A)

• Business valuation (A)

CIA Exam Content Specifi cations xxvii

flast.indd xxviiflast.indd xxvii 3/6/13 5:49 PM3/6/13 5:49 PM

• Inventory valuation (A)

• Capital budgeting (e.g., cost of capital evaluation) (A)

• Taxation schemes (e.g., tax shelters and VAT) (A)

B. Managerial accounting

• Managerial accounting: general concepts (A)

• Costing systems (e.g., activity-based and standard) (A)

• Cost concepts (e.g., absorption, variable, and fi xed) (A)

• Relevant cost (A)

• Cost-volume-profi t analysis (A)

• Transfer pricing (A)

• Responsibility accounting (A)

• Operating budget (A)

CIA Exam Content Specifi cations xxviii

flast.indd xxviiiflast.indd xxviii 3/6/13 5:49 PM3/6/13 5:49 PM