John has trained and advised thousands of auditors and managers while in private practice, at the AT&T School of Business, and The Institute of Internal Auditors.  John has developed and delivered a number of business programs that include, Consulting: A Value Added Services, The Tools and Techniques That Make It Work, COSO: The Steps To Success, and Help Your Client Succeed with Control Self-Assessment.

John frequently speaks at public seminars, professional associations, state and federal agencies, and corporations.  His work has included developing and delivering risk and control management programs specifically focused for the needs of Senior Executives, Boards of Directors, and Audit Committees.  

The McKeever CCSA Study System is available as a workbook, CD-ROM, and Internet Portal.

The workbook and CD-ROM versions are used as you would a book - one user at a time.

With licensing for the CD-ROM or Internet Portal you may print one copy of the workbook from the Acrobat PDF file copy that is included.

When a user has completed using the McKeever CCSA Study System that user may transfer all material to another user as part of this licensing without addition fee.

With licensing for the CD-ROM or Internet Portal a user can share this resource with others by printing additional paper copies by paying online a fee of $75 for each additional paper copy at www.pleier.com.

Click on any words that are underlined like the wording Domain 1 - CSA Fundamentals to go to that particular information.

In each module you will find a description of the domain covered in that module.  You will also find sample questions with answers and explanations. 

When you see the red stop sign like above you will be asked to answer a question or questions to test your understanding of what you read.  When you decide on each answer click the link provided to check the accuracy of your answer.  When your review is complete click the BACK button of your browser to return to the module you were studying.

In addition to studying the 137 sample questions with answers and explanations within the modules we recommend that you study all of the 167 questions found in the Application Questions module after you complete your study of all other modules. 

Click the link that follows the question to check the accuracy of your answer. 

After reviewing the accuracy of your answer click the BACK button of your browser to return to the Application Questions.

At the end of each module you can click the BACK button of your browser to return to this Overview Page.

Note: The size of the lettering that you are seeing on the screen depends on your browser settings. To change the size of the lettering when using Internet Explorer or FireFox select View > Text Size.

Order Online

Course Overview

The Certification in Control Self-Assessment® (CCSA®) is a specialty certification program offered by The Institute of Internal Auditors (The IIA). It is designed for all practitioners of Control Self-Assessment (CSA) – not only internal auditors.  Gaining the required knowledge of areas such as risk and control models - often considered the realm of auditors only - exposes CSA practitioners from all backgrounds to the concepts that are vital in effectively using CSA to help clients achieve their objectives. 

At the end of this module, the participant will:

•    understand about the IIA CCSA Exam

•    understand about McKeever CCSA Study System

•    learn how to Study for the CCSA Exam

•    be more comfortable addressing the CCSA exam questions

The objective of this module is to better prepare the participant to pass the Certification in Control Self-Assessment examination by discussing and analyzing the technical dimensions of this domain and discussing techniques to best manage multiple-choice questions about CSA Fundamentals. 

At the end of this module, the participant will understand about CSA and:

•    Code of Ethics

•    Ownership and accountability for control

•    Reliance on operational expertise

•    Comparison to traditional techniques of risk and control evaluation

•    Control awareness and education

•    Cooperation, participation, and partnership

Domain 2 - CSA Program Integration

The objective of this module is to better prepare the participant to pass the Certification in Control Self-Assessment examination by discussing and analyzing the technical dimensions of this domain and discussing techniques to best manage multiple-choice questions about CSA Program Integration.

At the end of this module, the participant will understand about CSA and:

•    Alternative approaches to CSA

•    Cost / benefit analysis for implementation of the CSA process

•    Strategic CSA program planning methodologies or techniques, including resource allocation

•    Organizational theory and behavior

•    Change management and business process reengineering

•    Presentation techniques for successful integration

•    Client feedback mechanisms (e.g. interviews, surveys)

Domain 3 - Elements of the CSA Process

The objective of this module is to better prepare the participant to pass the Certification in Control Self-Assessment examination by discussing and analyzing the technical dimensions of this domain and discussing techniques to best manage multiple choice-questions about Elements of the CSA Process. 

At the end of this module, the participant will understand about CSA and:

•    Management's priorities and concerns

•    Project and logistics management

•    Business objectives, processes, challenges, and threats for the area under review

•    Resource identification and allocation of participants and CSA team

•    Culture of area under review

•    Question development techniques

•    Technology supporting the CSA process

•    Facilitation techniques and tools

•    Group dynamics

•    Fraud awareness

•    Evaluation / analytical tools and techniques

•    Formulating recommendations or actions plans

•    Nature of evidence

•    Reporting techniques and considerations

•    Motivational techniques

•    Monitoring, tracking, and follow-up techniques

•    Awareness of legal, regulatory, and ethical considerations

Domain 4:  Business Objectives & Organizational Performance

The objective of this module is to better prepare the participant to pass the Certification in Control Self-Assessment examination by discussing and analyzing the technical dimensions of this domain and discussing techniques to best manage multiple-choice questions about Business Objectives & Organizational Performance.  

At the end of this module, the participant will understand about CSA and:

•    Strategic and operational planning processes

•    Objective setting, including alignment to the organization's mission and values

•    Performance measures

•    Performance management

•    Data collection and validation techniques

Domain 5 – Risk Identification & Assessment

At the end of this module, the participant will understand about CSA and:

•    Risk Theory

•    Risk models / frameworks

•    Risk management techniques / cost-benefit analysis

•    Using CSA in Enterprise Risk Management (ERM)

The objective of this module is to better prepare the participant to pass the Certification in Control Self-Assessment examination by discussing and analyzing the technical dimensions of this domain and discussing techniques to best manage multiple-choice questions about Control Theory and Application. 

At the end of this module, the participant will understand about CSA and:

•    Corporate governance, control theory, and models

•    Methods for judging and communicating the overall effectiveness of the system of internal control

•    Relationship between informal and formal controls

•    Techniques for evaluating formal controls

•    Techniques for evaluating informal controls and control environments

•    Control documentation techniques

•    Control design and application

•    Techniques for determining control history for the organization

• Lists 17 additional references you might consider if you need a more in-depth study of any the topics discussed in any domain

Appendix

• Increase the accuracy of the answers to questionnaires
  
  
• Increase the rate of return
  
  
• Sampling
  
  
• What Auditors Need To Know about Sampling
  
  
• Code of Ethics

Application Questions

• Over 160 application questions (numerous others in each module)

• Answers to the over 160 application questions with explanations how to determine the "best answer" if you see this type question on the CCSA Examination

Following are examples of the way that questions are presented within each module to help you better understand the approach to answer questions on the CCSA exam:

1) Within each module questions and answers are presented as follows:

CSA: Fundamentals

2) Periodically throughout the modules you are asked to test your understanding of that module:

In the CD-Rom and portal versions you are presented with a question this way:

89.  The Vice President of Operations and the Vice President of Finance have expressed concern about the working relationships among various business units within the company.  The change in upper management six years ago recognized the opportunities for new markets and aggressively went after those markets.  As a result, the company has grown from a $2 Million gross income to a $12 Million gross income in five years.  The organization’s overall philosophy has changed from one of complacence to an aggressively competitive organization.  This new excitement of success and business outlook has enhanced the competitiveness among departments.  Hence, in the opinion of some members of upper management, this new environment has caused uncertainty about the continued future success of the company.  In the words of one Vice President, “It seems now that the numbers are what is strived for not the vision.”  The concerned executives have asked their risk and control team to develop a model that would help refocus the overall mission.  Which of the following would be the best model to address the over all picture and the portfolio of success inhibitors?

There is a substantial amount of “fluff” (extra material) in this question.  However, there are some keys that can be identified which can help with the selection of the best answer.  There are suggestions that the organization has grown at a rapid rate in a short time.

Risk increases proportionally with volatility and change.  There are concerns of increased competition and less teamwork among departments.  This is systemic of a substantial decrease in communications.  Communication is a major component in both the COSO and ERM models.  Communication is an interrelationship issue woven throughout the organization.  COSO addresses this interrelationship of communication.  However, COSO does not expand on the effective interrelationship requirement.  Finally, the question suggests a concern for vision and strategic management.  Strategic management is not specifically addressed in the COSO model.  Strategic management is specifically emphasized in the ERM model.     

The best answer is c. This answer is a definition of the expanded COSO model now named Enterprise Risk Management (ERM).  ERM addresses the portfolio of risk including the risks among sub-functions of an organization, along with the internal and external risks.  It also includes the COSO philosophy and the basic risk model of probability and impact.  ERM adequately addresses controls in all dimensions, hard and soft.

In essence ERM looks at all types of risk that can impact the achievement of objectives.  The term portfolio of risk is defined specifically in the ERM model documentation.  In addition, the ERM documentation addresses the strategic plan of an organization.  Strategic planning includes the impacts on success by external forces, such as competition, technology changes, and rapid growth. 

ERM does not replace nor is it intended to replace COSO or other existing risk and control models.  It is intended to enhance these other models and the perspective of risk and control management.      

                             STOP

                                           Turn To The Application Question Module.

                                                Answer The Following Questions.

                                                                     24, 32 & 76

                       Then Turn To The Application Question Answer & Explanations Module.

                       Review And Study The Answers And Explanations For These Questions.

There is a substantial amount of “fluff” (extra material) in this question.  However, there are some keys that can be identified which can help with the selection of the best answer.  There are suggestions that the organization has grown at a rapid rate in a short time.

Risk increases proportionally with volatility and change.  There are concerns of increased competition and less teamwork among departments.  This is systemic of a substantial decrease in communications.  Communication is a major component in both the COSO and ERM models.  Communication is an interrelationship issue woven throughout the organization.  COSO addresses this interrelationship of communication.  However, COSO does not expand on the effective interrelationship requirement.  Finally, the question suggests a concern for vision and strategic management.  Strategic management is not specifically addressed in the COSO model.  Strategic management is specifically emphasized in the ERM model.     

The best answer is c. This answer is a definition of the expanded COSO model now named Enterprise Risk Management (ERM).  ERM addresses the portfolio of risk including the risks among sub-functions of an organization, along with the internal and external risks.  It also includes the COSO philosophy and the basic risk model of probability and impact.  ERM adequately addresses controls in all dimensions, hard and soft.

In essence ERM looks at all types of risk that can impact the achievement of objectives.  The term portfolio of risk is defined specifically in the ERM model documentation.  In addition, the ERM documentation addresses the strategic plan of an organization.  Strategic planning includes the impacts on success by external forces, such as competition, technology changes, and rapid growth. 

ERM does not replace nor is it intended to replace COSO or other existing risk and control models.  It is intended to enhance these other models and the perspective of risk and control management.    

We appeciate your feedback. 

Send your feedback concerning this product to pleier@pleier.com.

• 21st Century Audit Management “Opportunities and Challenges“ by a number of contributing authors

• A Practitioners Guide to Performance Auditing - Second Edition by Muhammad Akram Khan

• Achieving Auditor Excellence by David McNamee

• Auditing Fraud - Complete Publications, Threat Scenarios, Purchasing & Contracts Fraud by David McNamee

• Auditing IT Infrastructures by Alan Oliphant

• Auditing Purchasing and Contracts by David McNamee

• Control Self Assessment by David McNamee

• Exceeding Expectations by John D. Tongren

• Internal Auditing: Basics & Best Practices by David McNamee

• IT Auditing: An Adaptive Process by Robert E. Davis

• IT Auditing: Assuring Information Assets Protection by Robert E. Davis

• IT Auditing: Business Continuity and Disaster Recovery by Robert E. Davis

• IT Auditing: Information Assets Protection by Robert E. Davis

• IT Auditing: Information Security Governance by Robert E. Davis

• IT Auditing: Irregular and Illegal Acts by Robert E. Davis

• IT Auditing: IT Governance by Robert E. Davis

• IT Auditing: IT Outsourcing - Balancing Risk vs. Reward by Michael Lapelosa

• IT Auditing: IT Service Delivery and Support by Robert E. Davis

• IT Auditing: The Basics by Michael Lapelosa

• IT Auditing: The Process by Robert E. Davis
  

• Internal Auditor Toolkit by Michael Lapelosa

• McKeever CCSA Study System - Second Edition by John J. McKeever

• Modern Integrated Audit Approach by Michael Lapelosa

• Operational Auditing: Adding Value to Organizations by John D. Tongren

• Risk Management - Best Practice, Case Studies, and Related Material by a number of contributing authors

• Risk Management and Risk Assessment by David McNamee

• Transitioning from Internal Audit to Internal Assurance
  

Print Order Form - PDF

Print Order Form - Word Document

Order Online