Audit Terms

A-B | C | D | E | F-G | H-I | J-M | N-O | P-R | S-Z



Add Value – Organizations exist to create value or benefit to their owners, other stakeholders,
customers, and clients. This concept provides purpose for their existence. Value is
provided through their development of products and services and their use of resources
to promote those products and services. In the process of gathering data to understand
and assess risk, internal auditors develop significant insight into operations and
opportunities for improvement that can be extremely beneficial to their organization.
This valuable information can be in the form of consultation, advice, written communications,
or through other products all of which should be properly communicated to the appropriate
management or operating personnel.


Adequate Control – Present if management has planned and organized (designed) in a manner that provides
reasonable assurance that the organization’s risks have been managed effectively and
that the organization’s goals and objectives will be achieved efficiently and economically.


Assertions – Implied or expressed representations by management about the accounts in the financial
statements. Management assertions are obtained in the following five broad categories:


Existence or occurrence assertion

ll assets and liabilities actually existed at the balance sheet date


All revenues and expenditures included in the financial statements actually occurred
during he period covered by the financial statements


The events recognized in the financial statements represent real transactions.No account
balances are overstated

The financial statements contain information pertaining to the current period only


Completeness assertion

The financial statements contain all the information that is related to the current

No account balances are understated

Rights and obligations assertion Assets accurately represent the organization’s rights

Liabilities accurately represent the organization’s obligations

Valuation or allocation assertion All account balances represent their true value

Includes an evaluation of adequacy of reserves (e.g. allowance for doubtful accounts)

Includes an evaluation of appropriate allocation of costs (e.g. depreciation)

Presentation and disclosure assertion All transactions are appropriately classified

Appropriate disclosure in the notes to the financial statements are present

Assurance Services – An objective examination of evidence for the purpose of providing an independent
assessment on risk management, control, or governance processes for the organization.
Examples may include financial, performance, compliance, system security, and due
diligence engagements.


Audit Scope – The activities covered by an internal audit, which may include, when appropriate:

Audit objectives

Nature and extent of auditing procedures performed

Time period audited

Related activities not audited in order to delineate the boundaries of the audit

Auditee – Any individual, unit, or activity of the organization that is audited.

Authorization – Implies that the authorizing authority has verified and validated
that the activity or transaction conforms with established policies and procedures.


Back to Top



Cause – The reason for the difference between the expected and actual conditions (why the
difference exists).


Charter – The charter of the internal audit activity is a formal written document that defines
the activity’s purpose, authority, and responsibility. The charter should (a) establish
the internal audit activity’s position within the organization; (b) authorize access
to records, personnel, and physical properties relevant to the performance of engagements;
and (c) define the scope of internal audit activities.


Code of Ethics – The purpose of the Code of Ethics of The Institute of Internal Auditors (IIA) is
to promote an ethical culture in the global profession of internal auditing. A code
of ethics is necessary and appropriate for the profession of internal auditing, founded
as it is on the trust placed in its objective assurance about risk, control, and governance.
The Code of Ethics applies to both individuals and entities that provide internal
audit services. The Code of Ethics provides principles and rules of conduct in the
areas of integrity, objectivity, confidentiality, and competency.


Compensating Controls – Are used to “counterbalance” the effects of an internal control weakness.

Compliance – The ability to reasonably ensure conformity and adherence to organization policies,
plans, procedures, laws, regulations, and contracts.


Conclusions – The internal auditor’s evaluations of the effects of the findings on the activities
reviewed. Conclusions usually put the findings in perspective based upon their overall
implications. Conclusions are sometimes referred to as opinions.

Condition – The factual evidence which the internal auditor found in the course of the examination
(what does exist).


Conflict of Interest – Any relationship that is or appears to be not in the best interest of the organization.
A conflict of interest would prejudice an individual’s ability to perform his or her
duties and responsibilities objectively.


Consulting Services – Advisory and related client service activities, the nature and scope of which are
agreed upon with the client and which are intended to add value and improve an organization’s
operations. Examples include counsel, advice, facilitation, process design, and training.


Control – Any action taken by management, the board, and other parties to enhance risk management
and increase the likelihood that established objectives and goals will be achieved.
Management plans, organizes, and directs the performance of sufficient actions to
provide reasonable assurance that objectives and goals will be achieved.

Control Environment – The attitude and actions of the board and management regarding the significance
of control within the organization. The control environment provides the discipline
and structure for the achievement of the primary objectives of the system of internal
control. The control environment includes the following elements:

Integrity and ethical values.

Management’s philosophy and operating style.

Organizational structure.

Assignment of authority and responsibility.

Human resource policies and practices.

Competence of personnel.

Cost-Benefit Relationship – Indicates that the potential loss associated with any exposure or risk is weighed
against the cost to control it.

Criteria – The standards, measures, or expectations used in making an evaluation and/or
verification (what should exist).


Back to Top


Detective Controls – Actions taken to detect and correct undesirable events which have occurred.


Directing – Involves, in addition to accomplishing objectives and planned activities, authorizing
and monitoring performance, periodically comparing actual with planned performance,
and documenting these activities to provide additional assurance that systems operate
as planned.

Directive Controls – Actions taken to cause or encourage a desirable event to occur.


Back to Top


Economical Performance – Accomplishes objectives and goals at a cost commensurate with the risk.


Effect – The risk or exposure the auditee organization and/or others encounter because the
condition is not the same as the criteria (the impact of the difference).

Effective Control – Is present when management directs systems in such a manner as
to provide reasonable assurance that the organizations objectives and goals will be


Efficient Performance – Accomplishes objectives and goals in an accurate and timely fashion with minimal
use of resources.


Error – An unintentional misstatement or omission of significant information in a final
audit report.External Auditors refers to those audit professionals who perform independent
annual audits of an organization’s financial statements.


Back to Top


F – G
Findings – Pertinent statements of fact. Audit findings emerge by a process of comparing what
should be with what is.


Follow-up – A process by which internal auditors determine the adequacy, effectiveness, and
timeliness of actions take by management on reported audit findings (include relevant
findings made by external auditors and others).

Fraud – Any illegal acts characterized by deceit, concealment, or violation of trust. These
acts are not dependent upon the application of threat of violence or of physical force.
Frauds are perpetrated by individuals and organizations to obtain money, property,
or services; to avoid payment or loss of services; or to secure personal or business
advantage. Frauds are intentional, while errors are unintentional.

Goals – Specific objectives of specific systems and may be otherwise referred to as operating
or program objectives or goals, operating standards, performance levels, targets,
or expected results.


Back to Top

Illegal Acts – Refers to violations of laws and governmental regulations.


Impairments – Impairments to individual objectivity and organizational independence may include
personal conflicts of interest, scope limitations, restrictions on access to records,
personnel, and properties, and resource limitations (funding).


Independence – Allows internal auditors to carry out their work freely and objectively. This concept
requires that internal auditors be independent of the activities they audit. Independence
is achieved through organizational status and objectivity.

Information – Data the internal auditor obtains during an audit to provide a sound
basis for audit findings and recommendations. Information should be sufficient, competent,
relevant, and useful.


Internal Auditing – An independent, objective assurance and consulting activity designed to add value
and improve an organization’s operations. It helps an organization accomplish its
objectives by bringing a systematic, disciplined approach to evaluate and improve
the effectiveness of risk management, control, and governance processes.


Internal Auditor is an individual within an organization’s internal auditing department who is assigned
the responsibility of performing internal auditing functions.


Internal Control – A process within an organization designed to provide reasonable assurance regarding
the achievement of the following primary objectives:

The reliability and integrity of information

Compliance with policies, plans, procedures, laws, and regulations

The safeguarding of assets

The economical and efficient use of resources

The accomplishment of established objectives and goals for operations or programs

Irregularity – The intentional misstatement or omission of significant information in accounting
records, financial statements, other reports, documents or records. Irregularities
include fraudulent financial reporting which renders financial statements misleading
and misappropriation of assets. Irregularities involve:

Falsification or alteration of accounting or other records and supporting documents

Intentional misapplication of accounting principles

Misrepresentation or intentional omission of events, transactions, or other significant

Back to Top


Management – Those individuals with responsibilities for setting and/or achieving the organization’s


Monitoring – Encompasses supervising, observing, and testing activities and appropriately reporting
to responsible individuals. Monitoring provides an ongoing verification of progress
toward achievement of objectives and goals.


Back to Top

Objectives – The broadest statements of what the organization chooses to accomplish.


Objectivity – An unbiased mental attitude that requires internal auditors to perform engagements
in such a manner that they have an honest belief in their work product and that no
significant quality compromises are made. Objectivity requires internal auditors not
to subordinate their judgment on audit matters to that of others.


Back to Top

Preventive Controls – Actions taken to deter undesirable events from occurring.


Professional Skepticism – An attitude that includes a questioning mind and critical assessment of audit evidence.
Some examples demonstrating the application of professional skepticism in response
to the auditor’s assessment of the risk of material misstatement due to fraud include

increased sensitivity in the selection of the nature and extent of documentation to
be examined in support of material transactions, and

increased recognition of the need to corroborate management explanations or representations
concerning material matters, such as further analytical procedures, examination of
documentation, or discussion with others within or outside the entity.

Recommendations – Actions the internal auditor believes necessary to correct existing conditions
or improve operations.

Risk – The uncertainty of an event occurring that could have an impact on the achievement
of objectives. Risk is measured in terms of consequences and likelihood.

Risk Assessment – The identification and analysis of relevant risks associated with
the achievement of objectives.

Risk Factors – The criteria used to identify the relative significance of, and likelihood that,
conditions and/or events may occur that could adversely affect the organization. Risk
factors can be external or internal. External risk factors are outside the organization,
usually beyond management’s span of control. Internal risk factors are within the
university, usually within management’s span of control.


Back to Top


Significant – The level of importance or magnitude assigned to an item, event, information, or
problem by the internal auditor.


Substance over form – The auditor considers whether the financial statements reflect the financial reality
of the entity rather than the legal form of the transactions and events which underlie


Standards for the Professional Practice of Internal Auditing (the Standards) – The criteria by which the operations of an internal auditing department are evaluated
and measured. The purpose of the Standards is to (a) Delineate basic principles that
represent the practice of internal auditing as it should be; (b) Provide a framework
for performing and promoting a broad range of value-added internal audit activities;
(c) Establish the basis for the measurement of internal audit performance; and (d)
Foster improved organizational processes and operations.


Back to Top