- Audit Function
- Audit Staff
- Internal Audit Charter
- Control Assessment
- Audit Terminology
- University Governance Policy
State & Local:
Audit Objectives are broad statements developed by internal auditors and define intended audit accomplishments.
Audit Procedures are the tasks the internal auditor undertakes for collecting, analyzing, interpreting, and documenting information during an audit. Audit procedures are the means to attain audit objectives.
Audit Program is a document which lists the audit procedures to be followed during an audit. The audit program also states the objectives of the audit.
Audit Report is a signed, written document which presents the purpose, scope, and results of the audit. Results of the audit may include findings, conclusions (opinions), and recommendations.
Audit Scope refers to the activities covered by an internal audit. Audit scope includes, where appropriate:
- Audit objectives
- Nature and extent of auditing procedures performed
- Time period audited
- Related activities not audited in order to delineate the boundaries of the audit
Audit Working Papers record the information obtained, the analyses made, and conclusions reached during an audit. Audit working papers support the bases for the findings and recommendations to be reported.
Auditable Activities consist of those subjects, units, or systems which are capable of being defined and evaluated. Auditable activities may include:
- Policies, procedures, and practices
- Cost centers, profit centers, and investment centers
- General ledger account balances
- Information systems (manual and computerized)
- Major contracts and programs
- Organization units such as product or service lines
- Functions such as electronic data processing, purchasing, marketing, production, finance, accounting, and human resources
- Financial statements
- Laws and regulations
Auditee includes any individual, unit, or activity of the organization that is audited.
Cause is the reason for the difference between the expected and actual conditions (why the difference exists).
Charter of the internal auditing department is a formal written document which defines the departments purpose, authority, and responsibility. The charter should (a) establish the department's position within the organization; (b) authorize access to records, personnel, and physical properties relevant to the performance of audits; and (c) define the scope of internal auditing activities.
Code of Ethics of The Institute of Internal Auditors (IIA) sets forth standards of conduct for Members of The IIA and Certified Internal Auditors to effectively discharge their responsibilities. The Code of Ethics calls for high standards of honesty, objectivity, diligence, and loyalty.
Conclusions (Opinions) are the internal auditor's evaluations of the effects of the findings on the activities reviewed. Conclusions usually put the findings in perspective based upon their overall implications.
Condition is the factual evidence which the internal auditor found in the course of the examination (what does exist).
Control is any action taken by management to enhance the likelihood that established objectives and goals will be achieved. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved. Thus, control is the result of proper planning, organizing, and directing by management.
Control Environment refers to the attitude and actions of the board and management regarding the significance of control within the organization. The control environment provides the discipline and structure for the achievement of the primary objectives of the system of internal control.
The control environment includes the following elements:
- Integrity and ethical values
- Management's philosophy and operating style
- Organizational structure
- Assignment of authority and responsibility
- Human resource policies and practices
- Competence of personnel
Cost-Benefit Relationship means that the potential loss associated with any exposure or risk is weighed against the cost to control it.
Criteria are the standards, measures, or expectations used in making an evaluation and/or verification (what should exist).
Detective Controls are actions taken to detect and correct undesirable events which have occurred.
Due Professional Care calls for the application of the care and skill expected of a reasonably prudent and competent internal auditor in the same or similar circumstances. Due professional care is exercised when internal audits are performed in accordance with the Standards for the Professional Practice of Internal Auditing. The exercise of due professional care requires that
- Internal auditors be independent of the activities they audit
- Internal audits be performed by those persons who collectively possess the necessary knowledge, skills, and disciplines to conduct the audit properly
- Audit work be planned and supervised
- Audit reports be objective, clear, concise, constructive, and timely
- Internal auditors follow up on reported audit findings to ascertain that appropriate action was taken
Effective Control is present when management directs systems in such a manner as to provide reasonable assurance that the organizations objectives and goals will be achieved.
Efficient Performance accomplishes objectives and goals in an accurate and timely fashion with minimal use of resources.
External Auditors refers to those audit professionals who perform independent annual audits of an organization's financial statements.
Findings are pertinent statements of fact. Audit findings emerge by a process of comparing what should be with what is.
Flowchart is a representation, primarily through the use of symbols, of the sequence of activities in a system (process, operation, function, or activity).
Fraud encompasses an array of irregularities and illegal acts characterized by intentional deception.
Goals are specific objectives of specific systems and may be otherwise referred to as operating or program objectives or goals, operating standards, performance levels, targets, or expected results.
Independence allows internal auditors to carry out their work freely and objectively. This concept requires that internal auditors be independent of the activities they audit. Independence is achieved through organizational status and objectivity.
Internal Auditing is an independent appraisal function established within an organization to examine and evaluate its activities as a service to the organization. The objective of internal auditing is to assist members of the organization in the effective discharge of their responsibilities. To this end, internal auditing furnishes them with analyses, appraisals, recommendations, counsel, and information concerning the activities reviewed. The audit objective includes promoting effective control at reasonable cost.
Internal Control is a process within an organization designed to provide reasonable assurance regarding the achievement of the following primary objectives:
- The reliability and integrity of information
- Compliance with policies, plans, procedures, laws, and regulations
- The safeguarding of assets
- The economical and efficient use of resources
- The accomplishment of established objectives and goals for operations or programs
Irregularity refers to the intentional misstatement or omission of significant information in accounting records, financial statements, other reports, documents or records. Irregularities include (a) fraudulent financial reporting which renders financial statements misleading and (b) misappropriation of assets. Irregularities involve:
- Falsification or alteration of accounting or other records and supporting documents
- Intentional misapplication of accounting principles
- Misrepresentation or intentional omission of events, transactions, or other significant information
Management includes those individuals with responsibilities for setting and/or achieving the organization's objectives
Objectivity is an independent mental attitude which requires internal auditors to perform audits in such a manner that they have an honest belief in their work product and that no significant quality compromises are made. Objectivity requires internal auditors not to subordinate their judgment on audit matters to that of others.
Preventive Controls are actions taken to deter undesirable events form occurring.
Purpose Statements in audit reports describe the audit objectives and may, where necessary, inform the reader why the audit was conducted and what it was expected to achieve
Reasonableness Test is a comparison of an estimated amount, calculated by the use of relevant financial and non-financial information, with a recorded amount.
Recommendations are actions the internal auditor believes necessary to correct existing conditions or improve operations.
Regression Analysis is a mathematical procedure which is used to determine and measure the predictive relationship between one variable (dependent variable) and one or more other variables (independent variables).
Risk is the probability that an event or action may adversely affect the organization or activity under audit.
Risk Assessment is a systematic process for assessing and integrating professional judgments about probable adverse conditions and/or events. The risk assessment process should provide a means of organizing and integrating professional judgments for development of the audit work schedule.
Risk Factors are the criteria used to identify the relative significance of, and likelihood that, conditions and/or events may occur that could adversely affect the organization
Scope Limitation is a restriction placed upon the internal auditing department that precludes the department from accomplishing its objectives and plans. Among other things, a scope limitation may restrict the:
- Scope defined in the charter
- Department's access to records, personnel, and physical properties relevant to the performance of audits
- Approved audit work schedule
- Performance of necessary auditing procedures
- Approved staffing plan and financial budget
Significant Audit Findings are those conditions which, in the judgment of the director of internal auditing, could adversely affect the organization. Significant audit findings may include conditions dealing with irregularities, illegal acts, errors, inefficiency, waste, ineffectiveness, conflicts of interest, and control weaknesses.
Standards for the Professional Practice of Internal Auditing (the Standards) are the criteria by which the operations of an internal auditing department are evaluated and measured. They are intended to represent the practice of internal auditing as it should be.
Survey is a process for gathering information, without detailed verification, on the activity being examined. The main purposes are to:
- Understand the activity under review
- Identify significant areas warranting special emphasis
- Obtain information for use in performing the audit
- Determine whether further auditing is necessary
System (process, operation, function, or activity) is an arrangement, a set, or a collection of concepts, parts, activities, and/or people that are connected or interrelated to achieve objectives and goals. (This definition applies to both manual and automated systems.) A system may also be a collection of subsystems operating together for a common objective or goal.