审计师行业专长的英文著作

An audit is an evaluation of an organization, system, process, project or product. It is performed by a competent, independent, objective, and unbiased person or persons, known as auditors. The purpose is to verify that the subject of the audit was completed or operates according to approved and accepted standards, statutes, regulations, or practices. It also evaluates controls to determine if conformance will continue, and recommends necessary changes in policies, procedures or controls. Auditing is a part of some quality control certifications such as ISO evaluate conformance now and into the future. An inspection evaluates conformance in the past. Both are important parts of management.[edit]Financial AuditAn important type of audit is the financial audit. It is designed to determine whether financial statements are fairly presented in accordance with Generally Accepted Accounting Principles (GAAP). Financial audits are carried out for companies, registered charities and some government/public financial reports are not always audited by outside auditors. Some governments have elected or appointed auditors.[An Internal Audit is an audit of the subjects internal processes in order to allow the subject to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and make recommendations for improvement over the risk management, internal control, and governance main difference between Internal and External auditing is that External audit focusses on financial statements, whereas Internal Audit focusses on processes, be it financial or Institute of Internal Auditors (IIA) was established in 1941. It is an international professional association of more than 117,000 members with global headquarters in the United States. Throughout the world, The IIA is recognized as the internal audit profession’s leader in certification, education, research, and technological IIA governs the only professional qualification for Internal Auditors, the Certified Internal Auditor (CIA) computer security audit is a process that can verify that certain standards have been met, and identify areas in need of remediation or improvement. Decades ago, identifying problem areas had to be done by a team of human auditors, but now software can analyse what's on a computer, and present a story that you do not need to be an expert to comprehend. It is important to use software that stays current with rapidly evolving security threats. Software cannot resolve the whole problem. Computer Users need to evaluate the reports, make changes to correct the problems, then rerun the reports. When success is achieved in resolving all the identified problems, we can raise the bar on the standards we are trying to security audits go beyond information technology audits, which audit what is on the computer system and how it is being used, to verify programs are working as intended, and the data is reliable, to also verify that none of the data is being tampered with, or can be tampered with, to show incorrect results. MSP managed service provider also conducts EVS Such as Virtual IT Solution . Example, the risk of insider embezzlement can be detected by an information technology audit. Auditing information security can be part of an information technology audit conducted by a team of human auditors with expertise in the computer system being audited and the application software there. Computer security audits go beyond annual financial audits and physical inventory audits to the data content, which are standard processes in most businesses. They also look into how the data is stored, on a hard disk or other storage area and whether the data is secure. Home users of personal computers cannot afford the price tag of a standard audit so they have to make do with whatever diagnosis tools are readily available for their are some activities in common between computer security audits and auditing information information security tends to be top down comprehensive analysis, typically only at major corporations, such as those traded on the stock market, followed by education in the areas that need fixing. Smaller companies and home users cannot justify this expense. a computer security audit is bottom up what can be resolved using automated software tools, combined with access to a panorama of education, from which the affected users can pick and choose which topics to learn at their own computer security audit article describes what any individual computer user, any business enterprise, government agency, non-profit organization, can do, relatively inexpensively, to find out what security remediation is needed, much of which they can do themselves, and get education to see how to improve their security into the future. Some of the discoveries will lead to calling on professional help associated with part of what is done by auditing information security and other consultants. Implementation of computer security audits often comes with access to continuing education, which is marketed different ways by the vendors of computer security audit tools. Some provide up-front consulting, others offer some amount of free tech support evolution of computer technology resembles that of the automobile in that computers have become ubiquitous consumer commodities. Almost anyone can buy a computer and start using it with almost no training. Unlike cars, however, computers present potentially complex security issues that go far beyond a layman's understanding. Many computer systems are delivered with defaults that are insecure if installed, while much standard software has been designed without concern for security, then sold to millions of computer users, who might not realize the potential failure to include security in most software is not because of any nefarious motives by the computer software publishers, but rather an outgrowth of computer security education being thought of as specialized training that is not deemed essential for computer programming. Also many programmers are self-taught, using text books that teach the mechanics of writing in some computer language without a bigger picture of what it means to write quality software that has good security, performance, ease-of-use, interoperability, good database design, and satisfies other information technology goals. Thus the vast majority of computer programmers know absolutely nothing about how to design their work products for good computer lack of security within many computer ingredients has led to a market for computer security tools to test computer systems to locate computer insecurity problems that can be repaired, provide computer users and owners with explicit instructions how to fix the problems, and include resources to help computer users get educated on doing a better job of security, whether they using personal computers at home elsewhere, or organizational use of larger networks.审计是评价一个组织，制度，程序，项目或产品。它是由一个有资格，独立，客观和公正的人或数人，被称为审计。这样做的目的是验证问题的审计工作已经完成或根据核准和接受的标准，法规，规章，或做法。同时，也计算控制，以确定是否符合将继续下去，并建议必要的改变政策，程序或控制。审计是一种部分的一些质量控制认证，如ISO 9000国际标准。审计评价符合现在和将来。检查评估的一致性在过去。两者都是重要组成部分的管理。[编辑]财务审计一个重要类型的审计是财务审计。它的目的是，以确定是否是比较财务报表中提出的按照一般公认会计原则（ GAAP ） 。财务审计进行了公司，注册慈善机构和一些政府/公共机构。政府财务报告并不总是由外部审计师审计。一些政府已经选出或任命审计员。[内部审计是审计的对象的内部程序，以便使这个问题能实现其目标，使一个系统的，有纪律的方式来评价和提出改进建议的风险管理，内部控制和治理进程。二者的主要区别内部和外部审计是外部审计专注于财务报表，而专注于内部审计程序，无论是财政或没有。内部审计研究所（ IIA部）成立于1941年。这是一个国际性的专业协会的成员超过117,000的全球总部设在美国。在世界各地，在国际投资协定被认为是内部审计行业的领导者认证，教育，研究和技术指导。国际投资协定管辖的唯一专业资格的内部审计，内部审计员的认证（中情局）的资格。计算机安全审计是一个过程，可以验证某些标准已得到满足，并确定需要的地区的补救或改善。十年前，查明问题领域已经做的一组人的审计，但现在的软件可以分析什么是计算机上的，和现在的故事，你不需要成为一个专家理解。重要的是要使用的软件，保持目前的迅速变化的安全威胁。软件不能解决整个问题。电脑用户需要评估报告，进行变更，纠正问题，然后重新执行报告。当取得成功，解决所有发现的问题，我们可以提高律师的标准，我们正在努力实现的目标。计算机安全审计超越信息技术审计，审计什么是对计算机系统以及它是如何被使用，以验证程序的工作打算，以及数据是可靠的，也没有确认的数据是用篡改，或可以篡改，显示不正确的结果。中型项目管理服务提供商还开展电动汽车，如虚拟IT解决方案 。例如，风险内幕挪用公款可以侦测到的信息技术审计。信息安全审计可以的一个组成部分进行了信息技术审计由一组人的审计专长的计算机系统被审计和应用软件存在。计算机安全审计超出年度财务审计和实物盘存审计的数据内容，这是标准的过程中，大多数企业。他们还探讨如何在数据存储，硬盘或其他存储区和数据是否是安全的。家庭用户的个人电脑无法承受的价格标准的审计，以便他们做出这样的诊断工具是什么随时可供他们使用。有一些共同的活动之间的计算机安全审计和审计信息安全。审计信息安全往往是自上而下的全面分析，一般只在大型企业，如交易的股票市场，其次是教育领域，需要确定。规模较小的公司和家庭用户不能证明这笔费用。计算机安全审计是自下而上什么都可以解决使用自动化的软件工具，再加上进入一个全景的教育，使受影响的用户可以选择的主题，以了解自己的进度。这台计算机安全审计的文章描述了任何个人计算机用户，任何企业，政府机构，非营利组织，可以做，相对廉价，找出安全整治是必要的，其中大部分可以做自己，并获得教育了解如何改善他们的安全的未来。一些新发现将导致呼吁专业人士的帮助与部分是什么做的审计信息安全和其他顾问。实施计算机安全审计往往有机会获得继续教育，这是销售方式不同的供应商的计算机安全审计工具。有些提供前期咨询，提供一些其他数额的免费技术支持的时间。演变的计算机技术相似的汽车，电脑已成为无所不在的消费商品。几乎任何人都可以购买电脑，并开始使用它几乎没有训练。不同的汽车，但是，目前潜在的复杂的计算机安全问题已经远远超出一个门外汉的理解。很多计算机系统提供的默认设置是不安全的，如果安装的，虽然标准的软件已经设计而不关心安全，然后出售给数以百万计的电脑用户，谁可能没有意识到的潜在危险。这不包括在最安全的软件，并非因为任何邪恶的动机的计算机软件出版商，而是延伸计算机安全教育被认为是专门培训，不认为是必不可少的计算机编程。也有许多程序员是自学成才的，使用的教科书的力学教授编写的一些计算机语言中没有更大的图片是什么意思写高质量的软件，具有良好的安全性，性能，易用性，互操作性，良好的数据库设计，并满足其他信息技术的目标。因此，绝大多数的电脑程序员知道绝对没有任何有关如何设计其产品，良好的工作计算机安全。这种缺乏安全的许多计算机配料导致了市场对电脑的安全工具，以测试电脑系统的电脑查找不安全问题，可以修复，提供电脑使用者和所有者的明确指示如何解决这一问题，包括资源，以帮助计算机用户可以得到的教育搞好安全，无论他们使用的个人电脑在国内其他地方，或组织使用较大的网络。

发展：国际内部审计师协会(Institute of Internal Auditors‚IIA)是由内部审计人员组成的国际性审计职业团体。成立于1941年。其前身美国内部审计师协会。其会员称之为国际注册内部审计师。 1941年以前美国只有个别的内部审计人员、内部审计小组或机构。由于当时企业规模较小，管理水平较低，那时的内部审计一般是在单位内部的会计机构管理和控制之下，从事一些防护性审查，保护财产，查找弊端的工作。而且人数较少，在单位的地位和作用很低，不构成单位内部一项独立的职能。被视为会计的秘书。 随着公司规模的扩大，管理阶层需要别人的帮助，这种情况为内审的发展提供了机会。1941年春，在公用事业部门有两个组织：爱迪生电力研究所和美国电气化联合会，首先建立了内部审计分委会。4月邀请北美公司内部审计负责人约翰.B.瑟斯顿（）作题为《内部审计――管理之必需》的讲演，使会议的参加者受到很大的鼓舞。会后他们在纽约一致认为：在公用事业行业中，内部审计要作为独立的职业从会计行业分离出来。就在这时维克托.Z.布林克()出版了《内部审计的性质、作用和程序方法》一书，把内部审计提高到理论的高度，进一步推动了内部审计人员建立内审职业机构的兴趣。于是在1941年9月23日由24名会员成立了创立委员会，由阿瑟.E.霍尔德()任主席。10月27日通过了协会章程。1941年12月9日举行了第一次年会(成立大会），选举约翰.B.瑟斯顿为第一任主席。宣告美国内部审计师协会的成立。它标志着内部审计从此成为一种独立的职业。 协会成立初只在纽约设有分会，后来发展到底特律、芝加哥、费城、洛衫机和克利夫兰。然而，至此协会也只是美国的协会。1944年协会在加拿在多伦多设立分会，开始跨越国境。随后，1948年又在伦敦设立分会，逐步发展成为国际性组织。国际内部审计师协会由国家分会、各国的一般分会、审计俱乐部和个人会员组成。我国中国内部审计学会在1987年加入该组织。 主要工作：IIA的内部审计行业的主要是全球的声音,公认的权威,公认的业界领袖,首席主,主要的教育家。成员的内部审计工作、风险管理、公司治理、内部控制、审计、教育信息技术和安全性。关注重点：协会面向全球，以“经验分离，共同前进”作为自己的座右铭。进入20世纪90年代以来，协会更把“在全世界范围内提高内部审计的形象”作为战略目标。 LZ可以自己整合下。。。求给分啊

楼上正解。。！ 给个网站吧，自己用google翻译看

两种参考书：兆泰的一套4本每科都有，威廉的5本只是前三科的，因为威廉是老美出题的，只有前三门，第四门属于国内出题，兆泰的才有。你要是可以免试第四门就选择不一样的。有审计经验的可以直接看兆泰，都是根据内审标准讲解习题，量不是很大；没基础的建议看威廉，每门都有1000多道习题，以前的考试题得到老美授权的，足够了你看。

一楼不知道答案就不用来回答了吧