Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
1
Request for Proposal
To provide updates to
Internal Auditing: Assurance and Advisory Services
30 August 2019
Issued by:
Internal Audit Foundation 1035 Greenwood Blvd., Suite 401
Lake Mary, Florida 32746 USA
www.theiia.org/Foundation
2
1. Introduction
The Internal Audit Foundation, a Washington, D.C., nonprofit organization headquartered in Lake Mary, Florida, is seeking an author, or team of authors, to collaborate with on the update of Internal Auditing: Assurance and Advisory Services (textbook) and is soliciting proposals in response to this Request for Proposal (RFP).
2. Project Background and Description
In Q1 2019, the Foundation conducted market research via surveys and individual interviews to validate the interest and need for updates to the textbook. The research confirmed the need and identified several new topic areas as identified below (see Section 3: Project Scope and Deliverables).
A. Project overview
This fifth edition is an update to the fourth edition and will address:
1) Technology disruptions to the profession
2) Additional focus on critical thinking (case studies)
3) Updated revisions to the Lines of Defense
4) A global perspective that includes:
a) Multinational examples
b) Interpersonal skills related to global differences
B. This product supports the Foundation’s overall mission to expand knowledge and
understanding of internal auditing and to advance the profession globally by providing
an understanding of the definition, overview, and processes of internal auditing for
students and new entrants to the internal audit profession.
C. This revision to the textbook is intended to enhance internal audit students’ knowledge
and understanding of the following:
1) The Competency Framework for Internal Audit Practitioners
2) International Standards for the Professional Practice of Internal Auditing (Standards)
3) Alignment of textbook topics to the Certified Internal Auditor (CIA) exam
4) Lines of Defense (revised)
5) Business disruptions
6) New technologies (e.g., artificial intelligence [AI], robotic process automation [RPA],
machine learning, etc.)
D. Intended audience (typical user profile)
1) Primary and secondary audiences
a) Internal Auditing Education Partnership (IAEP) programs and students
b) Internal audit departments
3
E. Target industry/sector for this product and its global application
1) Global/universal audience
2) Educational institutions
3) New audit shops
4) Audit shops with rotational and non-internal audit background hires
F. Other possible content uses
1) One continuous case study
2) Additional ad hoc cases
3) Some cases could be reclassified as research projects/group assignments (e.g., many
Knowledge Leader/Protiviti projects)
3. Project Scope and Deliverables
The table of contents for the fourth edition is included as an attachment to this RFP.
However, alternative configurations of the content/chapters will be considered. Please see
below for topics that are to be included in the update.
A. Revisions to include
1) The internal audit environment
a. Governance, risk management, and control (GRC)
i. Governance – Ch 3
ii. Risk – Ch 4-5
iii. Control – Ch 6
1. Inclusion of compliance as a subset of control
b. Revised Three Lines of Defense (introduce early to provide a proper basis for
better discussion of GRC)
2) Guidance
a. International Professional Practices Framework (IPPF)
b. Public sector auditing standards
3) Competencies – Ch 1 – Competencies Needed to Excel as an Internal Auditor
a. New competency framework (consider adding to existing chapter or as a
standalone chapter)
4) Introduction to the Engagement Process (Ch 12)
a. Engagement-level risk assessment
B. Disruptive innovations (add chapter or weave throughout content) 1) Discuss disruptive innovations and new technologies that will impact what internal
auditors audit, the additional skill sets required, and how audit engagements will change. (We want to spark excitement – why it’s an exciting field to be in!) a. Automation (e.g., blockchain, RPA, cognitive intelligence, etc.)
4
b. Business disruptions (e.g., Uber/taxi, Netflix/Blockbuster, Amazon/malls, automated/driverless vehicles, etc.)
2) NOTE: May incorporate and discuss these innovations and their effects on business models (and business processes) in Ch 5 and the risks of these innovations in Ch 7.
3) Suggested resources: Internal Audit of the Future (PwC/IAF), IA’s Response to Disruptive Innovation (Christ, et al.), Blockchain Technology and IA (Crowe/IAF), Agile Auditing (Rick Wright)
C. Ethics and culture (woven throughout the book)
1) Discuss corporate culture and codes of ethics and why they should be audited a. Suggested resources: The IIA’s Professional Guidance (PGs) and the culture
maturity matrix in Evaluating Culture (Angie Chin) 2) Add to chapter on Governance and Internal Controls (Ch 3)
a. Auditing corporate culture and ethics
D. Soft skills (add chapter or weave throughout content)
1) NOTE: This section could be a new chapter that combines with competencies for internal auditors earlier in the book; re: Ch 3 or 7 (before or after the GRC Ch [3-6]).
2) Discuss interpersonal skills needed especially by internal auditors, such as communication, organizational, critical thinking, emotional intelligence, cognitive bias, etc. a. Consideration of global communication differences b. Global organizational differences
3) Soft skills a. Critical thinking
i. Sampling
ii. Risk management decision-making process
iii. Critical thinking -> decision making
1. Impacted by bias
iv. Consider problem solving for internal auditors
b. Cognitive bias c. Recency bias d. Ethics e. Business acumen
Chapters [3-6]) i. Goals and objectives of the organization
1. Organizational structure
ii. Goals and objectives of the business function
1. Business process flowchart
f. Ability to get insights from internships 4) NOTE: May incorporate and discuss soft skills within the Competency Framework
chapter.
5
5) Suggested resources: People Centric Skills 2.0 (Danny Goldberg), Total Quality Auditing (Amanda Jo Erven), The Art of Diagnosis: Solving the Right Problem the First Time (re: bias) (Jackson Nickerson)
E. CIA certification (add to narrative throughout the book)
1) Create a recurring narrative throughout the book that “points to CIA certification” and, where applicable, aligns text topics with the CIA exam. For instance, what part of the CIA exam is each chapter related to? How does it tie in? This may be done by adding a callout box to each chapter. Consider adding exam practice questions to help encourage sitting for certification. a. NOTE: The objective of this book is NOT to prepare for the CIA exam; rather, to
make students/readers aware that there is a natural progression to the profession and certain parts of the book are relevant to eventual professional certification.
b. Suggested resources: CIA exam syllabus, The IIA’s CIA Exam Practice Questions, and the IPPF
F. Data Analytics and Audit Sampling (Ch 11) (revise chapter)
1) Reduce size of chapter; eliminate excessive detail on performing statistical sampling; rather, emphasize how data analytics works and how auditors use it.
2) Explore the use of technology and software for data analysis and sampling. 3) Suggested resources: Data Analytics (Grant Thornton/IAF)
G. Risk Management (Ch 4) (revise chapter)
1) Revise explanation of certain risk-related topics, such as: a. Organizational vs process level – this can be confusing to students. For example,
there is risk at the organization level, but there's also risk at the process level. The current edition does try to distinguish between the two, but it also conflates the two. Make clearer that the risk assessment for the individual engagement is different than the risk assessment for the annual planning. Perhaps separate the two concepts. Do a better job of showing the interrelationships among the different risks.
b. Risk matrices – the way in which the current edition deems risk and control matrices, or RCMs, is not accurately portrayed. RCMs should have the control objective clearly stated, the risk clearly stated, and the control activity clearly stated.
2) Suggested resources: Guide to Risk Assessment, 2nd edition (Rick Wright) H. End-of-chapter questions (revise)
1) Revise end-of-chapter questions to increase strategic and critical thinking. Build more context, more of an explanation into each of the scenarios that have questions asked. (Don't assume students understand anything about the process. A paragraph or two is sufficient if it's well done.)
2) Add “challenge” questions pulled from the CIA Exam Study Guide.
6
I. Case study (prefer to add) 1) Refer to previous fourth edition and propose how to weave in a case study
throughout the text or as an appendix. 4. Project Timeline
RFP and Selection 08/2019 – 11/2020 Contracting 11/2019 – 01/2020 Content Development 01/2020 – 09/2020 Copy Editing/Typesetting 09/2020 – 12/2020 Manufacturing 12/2020 – 02/2021 Release 03/2021
5. Submission Guidelines and Requirements
The following submission guidelines and requirements apply to this RFP. First and foremost, only qualified individuals with prior experience on projects such as this should submit proposals in response to this RFP. Respondents may propose to be an individual team member working on one specific topic/section(s) of the project, or be included as part of a team proposing to work on the entire project. Proposals to provide overall editorial services separate from content development may also be submitted. Proposals should include a summary page and appendices as described below, and should
be organized in the following order:
A. Proposal summary page
1) Proposal title
2) Primary author’s name, contact information, and credentials
3) Date proposal submitted
B. Project description and approach
1) Approach to the scope of work
2) Description/role of team members
3) Annotated table of contents. Note: The table of contents of the fourth edition is
included with this RFP, but alternative arrangements of the content will be
considered.
4) Projected timeline for completion
5) Project budget
C. Author(s)
1) Brief description of qualifications and experience of each author
7
2) A review of author’s previous works if applicable (books, articles, etc.)
D. Appendices
1) Curriculum vitae (CV) for each author (three pages maximum)
2) Previous author affiliation with The IIA or Internal Audit Foundation (previous
research or educational products published, volunteer participation, chapter officer,
etc.)
3) Samples of previous similar work
4) References
6. Evaluation Criteria
The Foundation will evaluate proposals based on the following factors: a. Responsiveness to the requirements set forth in this RFP b. Relevant past performance/experience c. Samples of previous relevant work d. Project budget and cost
The Internal Audit Foundation reserves the right to award to the bidder that presents the best value to the Foundation and to the internal audit profession as determined solely by the Foundation in its absolute discretion.
7. Project Timeline
The Proposal Award timeline is as follows:
Request for Proposal Issuance 30 August 2019
Questions and Clarification Period 30 Aug - 13 Sept 2019
Responses to RFP Due 27 September 2019
Selection of Top Bidders/Notification to Unsuccessful Bidders 28 October 2019
Contract Award and Negotiation 11/2019 – 01/2020
Project Start 31 January 2020
Project Completion 31 January 2021
8. Project Budget
While cost is a factor, other criteria will form the basis of the award decision, as more fully described in the Evaluation Criteria section above. Bidders should include their financial compensation expectations within their proposal.
8
9. Key Contacts and Project Management
Interested parties should submit proposals by no later than 27 September 2019 to:
The Internal Audit Foundation Attn: Carrie Summerlin, Vice President
1035 Greenwood Blvd., Suite 401 Lake Mary, Florida 32746 USA
To learn more about the Internal Audit Foundation, go to www.theiia.org/Foundation.
CONTENTS
Preface xv
Acknowledgments xix
About the Authors xxi
FU N DAM ENTAL I NTERNAL AU D IT CO N CEPTS
CHAPTER 1
Introduction to Internal Auditing 1-1
Learning Objectives 1-1
Definition of Internal Auditing 1-3
The Relationship Between Auditing and Accounting 1-7
Financial Reporting Assurance Services: External Versus Internal 1-8
The Internal Audit Profession 1-9
The Institute of Internal Auditors 1-13
Competencies Needed to Excel As an Internal Auditor 1-17
Internal Audit Career Paths 1-20
Summary 1-22
Review Questions 1-23
Multiple-Choice Questions 1-24
Discussion Questions 1-26
Cases 1-27
CHAPTER 2
The International Professional Practices Framework: Authoritative Guidance for the Internal Audit Profession 2-1
Learning Objectives 2-1
The History of Guidance Setting for the Internal Audit Profession 2-2
The International Professional Practices Framework 2-4
Mandatory Guidance 2-6
Recommended Guidance 2-27
IIA-4e-FM-v8.indd 5 3/7/17 7:42 AM
How the International Professional Practices Framework is Kept Current 2-32
Standards Promulgated by Other Organizations 2-35
Summary 2-38
Review Questions 2-39
Multiple-Choice Questions 2-40
Discussion Questions 2-43
Cases 2-44
CHAPTER 3
Governance 3-1
Learning Objectives 3-1
Governance Concepts 3-3
The Evolution of Governance 3-15
Opportunities to Provide Insight 3-17
Summary 3-18
Appendix 3-A: Summary of Key U.S. Regulations 3-19
Review Questions 3-21
Multiple-Choice Questions 3-22
Discussion Questions 3-24
Cases 3-25
CHAPTER 4
Risk Management 4-1
Learning Objectives 4-1
Overview of Risk Management 4-2
COSO ERM Framework 4-4
ISO 31000:2009 Risk Management – Principles and Guidelines 4-16
The Role of the Internal Audit Function in ERM 4-19
The Impact of ERM on Internal Audit Assurance 4-22
Opportunities to Provide Insight 4-23
Summary 4-23
Review Questions 4-25
Multiple-Choice Questions 4-26
Discussion Questions 4-28
Cases 4-29
IIA-4e-FM-v8.indd 6 3/7/17 7:42 AM
CHAPTER 5
Business Processes and Risks 5-1
Learning Objectives 5-1
Business Processes 5-2
Documenting Business Processes 5-8
Business Risks 5-10
Business Process Outsourcing 5-24
Opportunities to Provide Insight 5-26
Summary 5-27
Appendix 5-A: Applying the Concepts: Risk Assessment for Student Organizations 5-28
Review Questions 5-32
Multiple-Choice Questions 5-33
Discussion Questions 5-35
Cases 5-36
CHAPTER 6
Internal Control 6-1
Learning Objectives 6-1
Frameworks 6-2
Definition of Internal Control 6-7
The Objectives, Components, and Principles of Internal Control 6-8
Internal Control Roles and Responsibilities 6-17
Limitations of Internal Control 6-20
Viewing Internal Control from Different Perspectives 6-23
Types of Controls 6-24
Evaluating the System of Internal Controls: An Overview 6-28
Opportunities to Provide Insight 6-29
Summary 6-30
Review Questions 6-31
Multiple-Choice Questions 6-32
Discussion Questions 6-34
Cases 6-35
IIA-4e-FM-v8.indd 7 3/7/17 7:42 AM
CHAPTER 7
Information Technology Risks and Controls 7-1
Learning Objectives 7-1
Key Components of Modern Information Systems 7-6
IT Opportunities and Risks 7-10
IT Governance 7-13
IT Risk Management 7-13
IT Controls 7-14
Implications of IT for Internal Auditors 7-20
Sources of IT Audit Guidance 7-23
Summary 7-25
Review Questions 7-27
Multiple-Choice Questions 7-28
Discussion Questions 7-30
Cases 7-32
CHAPTER 8
Risk of Fraud and Illegal Acts 8-1
Learning Objectives 8-1
Overview of Fraud in Today’s Business World 8-2
Definitions of Fraud 8-6
The Fraud Triangle 8-10
Key Principles for Managing Fraud Risk 8-12
Governance Over the Fraud Risk Management Program 8-15
Fraud Risk Assessment 8-18
Illegal Acts and Response 8-20
Fraud Prevention 8-22
Fraud Detection 8-24
Fraud Investigation and Corrective Action 8-25
Understanding Fraudsters 8-26
Implications for Internal Auditors and Others 8-28
Opportunities to Provide Insight 8-33
Summary 8-33
Review Questions 8-35
Multiple-Choice Questions 8-36
Discussion Questions 8-38
Cases 8-39
IIA-4e-FM-v8.indd 8 3/7/17 7:42 AM
CHAPTER 9
Managing the Internal Audit Function 9-1
Learning Objectives 9-1
Positioning the Internal Audit Function in the Organization 9-3
Planning 9-7
Communication and Approval 9-8
Resource Management 9-9
Policies and Procedures 9-13
Coordinating Assurance Efforts 9-14
Reporting to the Board and Senior Management 9-16
Governance 9-18
Risk Management 9-19
Control 9-21
Quality Assurance and Improvement Program (Quality Program Assessments) 9-22
Performance Measurements for the Internal Audit Function 9-26
Use of Technology to Support the Internal Audit Process 9-26
Opportunities to Provide Insight 9-29
Summary 9-29
Review Questions 9-31
Multiple-Choice Questions 9-32
Discussion Questions 9-35
Cases 9-36
CHAPTER 10
Audit Evidence and Working Papers 10-1
Learning Objectives 10-1
Audit Evidence 10-1
Audit Procedures 10-4
Working Papers 10-14
Summary 10-16
Review Questions 10-18
Multiple-Choice Questions 10-19
Discussion Questions 10-22
Cases 10-24
IIA-4e-FM-v8.indd 9 3/7/17 7:42 AM
CHAPTER 11
Data Analytics and Audit Sampling 11-1
Learning Objectives 11-1
Data Analytics 11-2
Steps to Internal Audit Data Analytics 11-5
Use of Data Analytics 11-6
Future of Internal Audit Data Analytics 11-7
Audit Sampling 11-9
Statistical Audit Sampling in Tests of Controls 11-11
Nonstatistical Audit Sampling in Tests of Controls 11-20
Statistical Sampling in Tests of Monetary Values 11-23
Summary 11-26
Review Questions 11-27
Multiple-Choice Questions 11-28
Discussion Questions 11-31
Cases 11-33
CO N DUCTI N G I NTERNAL AU D IT EN GAG EM ENTS
CHAPTER 12
Introduction to the Engagement Process 12-1
Learning Objectives 12-1
Types of Internal Audit Engagements 12-2
Overview of the Assurance Engagement Process 12-3
The Consulting Engagement Process 12-12
Summary 12-12
Review Questions 12-14
Multiple-Choice Questions 12-15
Discussion Questions 12-17
Cases 12-18
IIA-4e-FM-v8.indd 10 3/7/17 7:42 AM
CHAPTER 13
Conducting the Assurance Engagement 13-1
Learning Objectives 13-1
Determine Engagement Objectives and Scope 13-4
Understand the Auditee 13-8
Identify and Assess Risks 13-21
Identify Key Controls 13-28
Evaluate the Adequacy of Control Design 13-30
Create a Test Plan 13-31
Develop a Work Program 13-33
Allocate Resources to the Engagement 13-35
Conduct Tests to Gather Evidence 13-37
Evaluate Evidence Gathered and Reach Conclusions 13-39
Develop Observations and Formulate Recommendations 13-41
Opportunities to Provide Insight 13-41
Summary 13-46
Review Questions 13-50
Multiple-Choice Questions 13-51
Discussion Questions 13-53
Cases 13-55
CHAPTER 14
Communicating Assurance Engagement Outcomes and Performing Follow-Up Procedures 14-1
Learning Objectives 14-1
Engagement Communication Obligations 14-2
Perform Observation Evaluation and Escalation Process 14-5
Conduct Interim and Preliminary Engagement Communications 14-17
Develop Final Engagement Communications 14-19
Distribute Formal and Informal Final Communications 14-22
Perform Monitoring and Follow-Up 14-28
IIA-4e-FM-v8.indd 11 3/7/17 7:42 AM
Other Types of Engagements 14-30
Summary 14-30
Review Questions 14-32
Multiple-Choice Questions 14-33
Discussion Questions 14-36
Cases 14-38
CHAPTER 15
The Consulting Engagement 15-1
Learning Objectives 15-1
Providing Insight Through Consulting 15-4
The Difference Between Assurance and Consulting Services 15-5
Types of Consulting Services 15-7
Selecting Consulting Engagements to Perform 15-11
The Consulting Engagement Process 15-13
Consulting Engagement Working Papers 15-18
The Changing Landscape of Consulting Services 15-21
Capabilities Needed 15-21
The Impact of Culture and the Internal Auditor as a Trusted Advisor 15-23
Opportunities to Provide Insight 15-24
Summary 15-25
Review Questions 15-26
Multiple-Choice Questions 15-27
Discussion Questions 15-29
Cases 15-30
Notes BM-1
Glossary BM-7
Appendices BM-19
Appendix A: The IIA’s Code of Ethics BM-19
Appendix B: The IIA’s International Standards for the Professional Practice of Internal Auditing BM-21
Index BM-39
IIA-4e-FM-v8.indd 12 3/7/17 7:42 AM
ADDITIONAL CONTENT ON THE COMPANION WEBSITEACL Software
CaseWare IDEA Software
TeamMate+
The IIA’s Code of Ethics
The IIA’s International Standards for the Professional Practice of Internal Auditing
Case StudiesCase Study 1, “Auditing Entity-Level Controls”
Case Study 2, “Auditing the Compliance and Ethics Program”
Case Study 3, “Performing a Blended Consulting Engagement”
Case Study 3, “Performing a Blended Consulting Engagement, abridged version”
Students and instructors can access this material at the following address: www.theiia.org/IAtextbook
IIA-4e-FM-v8.indd 13 3/7/17 7:42 AM