Preface ix CIA Exam Content Syllabus and Specifications xi CIA Exam-Taking Tips xviii Professional Standards 1 Performance Standards 2 Domain 1: Managing the Internal Audit Activity (20%) 26 Internal Audit Operations 27 Risk-Based Internal Audit Plan 39 Assurance Engagements 51 Consulting Engagements 285 Coordination between Internal Auditors and Others 341 Communicating and Reporting 357 Domain 2: Planning the Engagement (20%) 366 Objectives and Scope of Audit Engagement 367 Risk Assessment for Auditable Areas 375 Engagement Work Program 391 Audit Resources for Audit Engagements 398 Domain 3: Performing the Engagement (40%) 400 Information-Gathering Tools and Techniques 401 Sampling Methods and Statistical Analysis 417 Data Analysis and Evaluation Techniques 470 Audit Analytics 503 Audit and Legal Evidence 549 Audit Workpapers 556 Engagement Supervision 561 Domain 4: Communicating Results and Monitoring Progress (20%) 565 Communication Quality and Elements 566 Audit Reporting Process 587 Residual Risk and Risk Acceptance 592 Monitoring Audit Progress 598 Appendix Risks to Internal Audit Activity 603 The IIA's Three-Lines-of-Defense Model 611 Audit Metrics and Key Performance Indicators 616 Characteristics of Effective Auditors and Audit Function 622 Sarbanes-Oxley Act of 2002 636 About the Author 649 Index 651

S. RAO VALLABHANENI is an educator, author, publisher, consultant, and practitioner in business with more than thirty years of management and teaching experience in auditing, accounting, manufacturing, and IT consulting in both public and private sectors. He is the author of more than sixty trade books, study guides, review guides, monographs, audit guides, and articles in auditing and IT. He holds twenty-four professional certifications in business management in Accounting, Auditing, Finance, Information Technology, Manufacturing, Quality, and Human Resource fields.