Term
|
Definition
The set of connected activities linked with each other for the purpose of achieving one or more business objectives.
Ch. 5 |
|
|
Term
|
Definition
What an entity desires to achieve. When referring to what an organization wants to achieve, these are called business objectives, and may be classified as strategic, operations, reporting, and compliance.
Ch. 5 |
|
|
Term
|
Definition
Is provided by improving opportunities to achieve organizational objectives, identifying operational improvement, and/or reducing risk exposure.
Ch. 5 |
|
|
Term
|
Definition
Refers to how management plans to achieve the organization's objectives.
Ch. 5
|
|
|
Term
|
Definition
Begins at the entity level with the organization's objectives, and then identifies the key processes critical to the success of each of the organization's objectives.
Ch. 5 |
|
|
Term
|
Definition
| Begins by looking at all processes directly at the activity level, and then aggregates the identified process across the organization |
|
|
Term
| Key Performance Indicator |
|
Definition
A metric or other form of measuring whether a process or individual tasks are operating within prescribed tolerances.
Ch. 5 |
|
|
Term
|
Definition
Pictorial representation of inputs, steps, workflows, and outputs.
Ch. 5 |
|
|
Term
|
Definition
The possibility that an event will occur and adversely affect the achievement of objectives
Ch. 5 |
|
|
Term
|
Definition
The identification and analysis (typically in terms of impact and likelihood) of relevant risk to the achievement of an organization's objectives, forming a basis for determining how the risks should be managed.
Ch. 5 |
|
|
Term
|
Definition
Avoid, Reduce, Share, and Accept.
Ch. 5 |
|
|
Term
|
Definition
The process plays a direct and key role in managing the risk.
Ch. 5
|
|
|
Term
|
Definition
The process helps to manage the risk indirectly.
Ch. 5 |
|
|
Term
|
Definition
| An objective examination of evidence for the purpose of providing an independent assessment on governance, risk, management, and control processes for the organization. |
|
|
Term
|
Definition
| An engagement involving an objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control process for the organization. |
|
|
Term
|
Definition
Part of annual plan
Compliance requirment
Postmortem
Significant changes |
|
|
Term
|
Definition
| What an auditee wants to achieve. |
|
|
Term
|
Definition
| What is or is not included within an engagement. |
|
|
Term
|
Definition
| A discrete and recognizable portion or component of a process. |
|
|
Term
|
Definition
| The subsidiary business unit, department, group, or other established subdivision of an organization that is the subject of an assurance engagement. |
|
|
Term
|
Definition
| What the auditee is striving to achieve. |
|
|
Term
| COSO Objective Categories |
|
Definition
- Operations
- Reporting
- Compliance
- Strategic
|
|
|
Term
|
Definition
- Inputs
- Processing
- Outputs
|
|
|
Term
|
Definition
| Reviewing and evaluating existing information, which may be financial or nonfinancial, to determine whether it is consistent with predetermined expectations. |
|
|
Term
| Computer-assisted Audit Techniques |
|
Definition
| Automated audit techniques, such as generalized audit software, utility software, test data, application software tracing and mapping, and audit expert systems, that help the internal auditor directly test controls built into computerized information systems and data contained in computer files. |
|
|
Term
|
Definition
| Controls that operate across an entire entity and, as such, are not bound by, or associated with, individual processes. |
|
|
Term
|
Definition
| Depicts the broad inputs, activities, workflows, and interactions with other processes and outputs. |
|
|
Term
|
Definition
| Expands on a process map to include computer systems and applications, document flows, detailed risks and controls, manual versus automated steps, elapsed time, and owners of key steps. |
|
|
Term
| Reasons for Narrative Memoranda |
|
Definition
- Simple process
- Complicated steps
- Process owner request
- More efficient
|
|
|
Term
| Key Performance Indicator |
|
Definition
| A metric or other form of measuring whether a process or individual tasks are operating withing prescribed tolerances. |
|
|
Term
|
Definition
| Any illegal act characterized by deciet, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage. |
|
|
Term
|
Definition
| The possibility that an even will occur and adversely affect the achievement of objectives. |
|
|
Term
|
Definition
| The identification and analysis (typically in terms of impact and likelihood) of relevant risks to the achievement of an organization's objectives, forming a basis for determining how the risks should be managed. |
|
|
Term
|
Definition
| The severity of outcomes caused by risk events. Can be measured in financial, reputation, legal, or other types of outcomes. |
|
|
Term
|
Definition
| The probablilty that a risk event will occur. |
|
|
Term
|
Definition
| The amount of risk, on a braod level, an organization is willing to accept in pursuit of its business objectives. |
|
|
Term
|
Definition
| The acceptable levels of risk size and variation relative to the achivement of objectives, which must allign with the organziation's risk appetite. |
|
|
Term
|
Definition
| An activity designed to reduce risk associated with a critical business objective. |
|
|
Term
|
Definition
| Assessment of whether management has planned and organized (designed) the control in a manner that provides reasonable assurance that the related risks can be managed to an acceptable level. |
|
|
Term
|
Definition
| A level of assurance that is supported by generally accepted auditing procedures and judgments. Reasonable assurance can apply to judgments surrounding the effectiveness of internal controls, the mitigation on risks, the achivement of objectives, or other engagement-related conclusions. |
|
|
Term
|
Definition
| A document that lists the procedures to be followed during an engagement, designed to achieve the engagement plan. |
|
|
Term
|
Definition
- Internal auditors
- Other people (internal/external)
- Travel
- Technology
- Other
|
|
|
Term
|
Definition
| Supplements the in-house internal audit function through the use of third-party vendor services for the purposes of gaining subject matter expertise for a specific engagement or filling a gap in needed resources to complete the internal audit plan. |
|
|
Term
|
Definition
| Assessment of whether management has executed (operated) the controls in a manner that provides reasonable assurance that risks have been managed effectively and that the goals and objectives will be achieved efficiently and economically. |
|
|
Term
|
Definition
| A finding, determination, or judgment derived from the internal auditor's test results. |
|
|
