《CCSA Exam contents.doc》由会员分享,可在线阅读,更多相关《CCSA Exam contents.doc(13页珍藏版)》请在三一办公上搜索。
1、Domain I: CSA FundamentalsDomain I - CSA Fundamentals (5 - 10%)A. Code of Ethics (P)B. Ownership and accountability for control (P)C. Reliance on operational expertise (P)D. Comparison to traditional techniques of risk and control evaluation (P)E. Control awareness and education (P)F. Cooperation, p
2、articipation, and partnership (P) P = Candidates must exhibit proficiency (thorough understanding; ability to apply concepts) in these topic areas.A = Candidates must exhibit awareness (knowledge of terminology and fundamentals) in these topic areas.Domain II - CSA Program Integration (15 - 25%)A. A
3、lternative approaches to CSA (A)B. Supporting technology alternatives (A) 1. Database 2. Electronic voting 3. Presentation software and hardware 4. Project management softwareC. Cost/benefit analysis for implementation of the CSA process (A)D. Organizational theory and behavior (A) 1. Structure 2. P
4、hilosophy 3. Culture 4. Management style 5. GovernanceE. Strategic and operational planning processes (A)F. Change management and business process reengineering (A)G. Presentation techniques for successful integration (A)H. Organizational risk and control processes (A) 1. Quality management 2. Risk
5、management 3. Safety audits 4. Environmental audits 5. Internal and external auditI. Client feedback mechanisms (e.g., interviews, surveys) (A)J. Strategic CSA program planning methodologies or techniques, including resource allocation (A) Domain III: Elements of the CSA ProcessDomain III - Elements
6、 of the CSA Process (15 - 25%)A. Managements priorities and concerns (P)B. Project and logistics management (P)C. Business objectives, processes, challenges, and threats for the area under review (P)D. Resource identification and allocation (A) 1. Participants 2. CSA teamE. Culture of area under rev
7、iew (P)F. Question development techniques (P)G. Technology supporting the CSA process (P)H. Facilitation techniques and tools (P)I. Group dynamics (P)J. Fraud awareness (A) 1. Red flags/symptoms of fraud 2. Communication and investigation channels 3. Responding to evidenceK. Evaluation/analytical to
8、ols and techniques (trend analysis, data synthesis, scenarios) (A)L. Formulating recommendations or actions plans (practical, feasible, cost-effective) (P)M. Nature of evidence (sufficiency, relevance, adequacy) (A)N. Reporting techniques and considerations (types, audience, sensitive issues, access
9、 to information) (P)O. Motivational techniques (creating support and commitment for recommendations) (A)P. Monitoring, tracking, and follow-up techniques (A)Q. Awareness of legal, regulatory, and ethical considerations (A)R. Measuring CSA program effectiveness (A)Domain IV: Business Objectives/Organ
10、izational PerformanceDomain IV - Business Objectives and Organizational Performance (10 - 15%)A. Strategic and operational planning processes (A)B. Objective setting, including alignment to the organizations mission and values (P)C. Performance measures (P) 1. Financial 2. Operational 3. Qualitative
11、D. Performance management (P) 1. Aligning individual, group, and organizational objectives/goals 2. Designing congruent incentivesE. Data collection and validation techniques (e.g., benchmarking, auditing, consensus testing, etc.) (A)Domain V: Risk Identification and AssessmentDomain V - Risk Identi
12、fication and Assessment (15 - 20%)A. Risk Theory (P) 1. Defining risk 2. Relationship of risk to strategic, operational, or process objectives 3. Risk tolerance, residual risk, and exposure 4. Impact assessmentB. Risk models/frameworks (including COSOs Enterprise Risk Management/ Integrated Framewor
13、k) (P)C. Understanding the risks inherent in common business processes (P)D. Application of risk identification and assessment techniques (P)E. Risk management techniques/cost-benefit analysis (P) 1. Transfer, manage, or accept 2. Impact/cost-benefit analysis F. Using CSA in enterprise risk manageme
14、nt (P)Domain VI: Control Theory and ApplicationDomain VI - Control Theory and Application (20 - 25%)A. Corporate governance, control theory, and models (P) 1. Accountability and responsibility for control 2. Defining control 3. Relationship between risk, control, and objectivesB. Methods for judging
15、 and communicating the overall effectiveness of the system of internal control (P) 1. Using CSA to support managements assertion on controlsC. Relationship between informal and formal controls (P)D. Techniques for evaluating formal controls (manual or automated) (P)E. Techniques for evaluating infor
16、mal controls/control environment (P)F. Control documentation techniques (P) 1. Flowcharting 2. Business process mapping 3. Control charts 4. Control questionnaires 5. Internal Control over financial reportingG. Control design and application (P) 1. Defining control objectives 2. Control design (e.g.
17、, preventive, detective, corrective; informal, formal) 3. Cost/benefitsH. Techniques for determining control track record for the organization (e.g., reviews, audits, other assessments) (A)Exam Preparation Resources Certification in Control Self-Assessment (CCSA)Study GuideThe IIA publishes a CCSA s
18、tudy guide to assist candidates in preparing for the exam. It is available for order through The IIARFs Bookstore. The guide provides a general overview of the topics that will be covered in the exam. However, it is critical that candidates perform additional study in areas where their experience or
19、 background dictates the need for additional review. A list of reference materials is included in the study guide to provide additional resources to supplement your studies.Other Study GuidesThe IIARFs Bookstore also offers several other general study guides to assist candidates in preparing for the
20、 CCSA exam. Candidates may use the exam content outline in conjunction with this or other books on CSA and related topics to prepare for the CCSA exam. Control Self-Assessment: A Practical Guide by Larry Hubbard Business Risk Assessment by David McNamee Internal Control - Integrated Framework*, spon
21、sored by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and researched and written by Coopers & Lybrand LLP McKeever CCSA Study System by John J. McKeeverSample Exam QuestionsThe IIA includes a limited number of sample CCSA exam questions (with answers) on its Web site t
22、o give candidates an understanding of the types of questions that typically appear on the exam.IIA SeminarsThe IIA offers the following seminars on CSA practices and principles that may assist candidate in preparing for the CCSA exam: Enterprise Risk Management: Whats New? Whats Next? (featuring COS
23、Os ERM Framework) Evaluating Internal Controls: A COSO-based Approach Introduction to Control Self-assessment Sarbanes-Oxley Act: Impact on Information Technology SOX Primer - Charting your Course SOX 404 Readiness Workshop Value-added Business Controls: The Right Way to Manage Risk CCSA candidates
24、may also consider taking The IIAs Facilitating Results Using CSA seminar to satisfy the facilitation requirement of the CCSA program.CCSA Review CourseJohn J. McKeever, CCSA, CFE, CQA, CPC, president of Contemporary Business Concepts, offers a CCSA review course as a third-party independent training
25、 consultant. He may be reached by phone, (203) 312-0153, or by e-mail, johncbc. The McKeever CCSA Study System is now available at The IIARFs Bookstore.IIA Member DiscountsReminder, IIA members receive preferred discount pricing on most of the CCSA study materials available through The IIARFs online
26、 bookstore, in additional to hundreds of other internal auditing educational products.For CCSA candidates outside the United States - we recommend you refer to your countrys internal control guidelines (e.g. COCO-Canada; Cadbury-United Kingdom; Vienot-France; King-South Africa) to prepare for the CC
27、SA exam.1. Which is a basic philosophy underlying facilitated workshop approaches to CSA?A. Effective control should be a shared responsibility involving all employees.B. Internal control should be solely the responsibility of senior management. C. Operational personnel should be independently asses
28、sing internal control. D. The internal audit department should be primarily responsible for internal control evaluations.Question from Domain I(A) Correct. Employees at all levels are responsible for internal control and getting together to discuss it in a facilitated workshop reinforces employees r
29、esponsibility.(B) Incorrect. Internal control is a responsibility of senior management, but not solely their responsibility. While senior management is ultimately responsible for overall internal control, choice A is better because it is an underlying philosophy of CSA. (C) Incorrect. While operatio
30、nal personnel will assess internal control in CSA, their assessments are not considered independent since they perform the work. Internal auditors are often called upon to provide independent assessment of internal control through validation or follow-up of CSA results. (D) Incorrect. This is not an
31、 underlying philosophy of CSA. Possible reference: Control Self-Assessment: A Practical Guide. By Larry Hubbard. pp. 5-7. Control Self-Assessment: Experience, Current Thinking, and Best Practices. Prepared by Arthur Andersen LLP for The IIA-Ottawa Chapter. p. 2.2. Which phrase best describes a contr
32、ol-based CSA process?A. evaluating, updating, and streamlining selected control processes.B. examining how well controls are working in managing key risks.C. analyzing the gap between control design and control frameworks .D. determining the cost-effectiveness of controls.Question from Domain II(A)
33、Incorrect. This phrase best describes a process-based approach, although control processes are not the only processes reviewed in this approach.(B) Correct. A control-based approach concentrates on how well controls are working to manage risks. The key risks and controls are generally identified bef
34、ore the workshop. (C) Incorrect. While control design could be compared to control frameworks in a control-based approach, this does not adequately describe the process. A control-based process is more likely to examine the gap between control design and control effectiveness in managing risks. (D)
35、Incorrect. Cost-effectiveness could be discussed in a control-based CSA workshop, but it is not the primary focus of this process. Possible reference: Control Self-Assessment: A Practical Guide. By Larry Hubbard. pp. 15-17, 94-95 (from IIA PPP 98-2).3. During a meeting prior to a CSA workshop, the u
36、nit manager tells the facilitator that previous attempts at group discussion have met with staff resistance. How should the facilitator respond?A. Agree that a CSA workshop would be inappropriate.B. Discuss the reasons for previous resistance and ways to prevent or reduce it.C. Explain how open part
37、icipants were in CSA workshops conducted elsewhere in the company. D. Reassure the manager that CSA overcomes resistance.Question from Domain II(A) Incorrect. Canceling the workshop would not be appropriate based solely on a possibility of staff resistance to group discussions. (B) Correct. Preparat
38、ion through pre-workshop interviews and meetings allows the facilitator to discuss potential problems or culture issues with management or attendees. The facilitator can then be prepared to address these issues in the workshop. (C) Incorrect. While successes in other departments may be used in marke
39、ting CSA, they would only be relevant in this situation if the other participants had been originally resistant to group discussion as well. Choice B is a better response. (D) Incorrect. Although CSA may often overcome resistance to group discussion, it is not guaranteed. Choice B is a better respon
40、se because it addresses the need to prepare for possible resistance. Possible reference: Control Self-Assessment: A Practical Guide. By Larry Hubbard. pp. 45-46.v4. Which is LEAST likely to impair the implementation of CSA in an organization?A. using inadequate facilitators.B. neglecting to use voti
41、ng software.C. lacking management support.D. selecting a complex project for the pilot.Question from Domain II(A) Incorrect. This is a major pitfall that can impair the implementation of CSA. Use of inadequate or untrained facilitators can ruin an otherwise well-planned CSA session. (B) Correct. Whi
42、le voting software can add significantly to the workshop process, it is not an absolute requirement for successful CSA implementation. For example, many smaller organizations or organizations with an open culture can have successful CSA workshops without voting software. (C) Incorrect. This is a maj
43、or pitfall that can impair the implementation of CSA. It is important to get managements agreement, commitment, and conviction that they will make the process work. (D) Incorrect. This is a major pitfall that can impair the implementation of CSA. Starting small is the best way to proceed with an ini
44、tial project. Starting with a complex project greatly increases the likelihood of failure. Possible reference: Control Self-Assessment: A Practical Guide. By Larry Hubbard. pp. 8, 47-49, 73, 87-89. Control Self-Assessment: Experience, Current Thinking, and Best Practices. Prepared by Arthur Andersen
45、 LLP for The IIA-Ottawa Chapter. p. 47.5. How does electronic voting technology contribute to the CSA process?A. by reducing reliance on facilitators.B. by automating the CSA process.C. by promoting anonymity to gather and quantify data.D. by limiting candidate discussion to topics being voted uponQ
46、uestion from Domain III(A) Incorrect. Electronic voting is only a tool. Facilitators are still required to run the workshop and promote discussion. (B) Incorrect. Voting technology is only a tool within the CSA process. It does not automate the whole CSA process. (C) Correct. Electronic voting allow
47、s individual participants to secretly register their beliefs/perceptions on issues being discussed. In addition, it can accumulate and quantify their votes in graphic feedback. (D) Incorrect. Electronic voting does not limit discussion. If other topics are presented by attendees, the facilitator may broaden the discussion to include these topics, as appropriate. Possible reference: Control Self-Assessment: A Practical Guide. By Larry Hubbard. pp. 47-49. Control Self-Assessment: Experien
