You are on page 1of 57

Auditing Dictionary of Terms

The words defined below all have appeared on CPA exam questions, so they are worth knowing if you are
studying for the auditing exam. We wrote this over several years to include in our seminar workbooks to help
people understand the terminology tested on the exam. Our BEC, REG, and FAR workbooks have similar
glossaries, as do our self study books.

acceptance sampling is sampling to determine whether internal control compliance is greater than or less
than the tolerable deviation rate.

accounting and review services are official pronouncements covering compilation and review engagements.
Compilation is presenting in the form of financial statements information that is the representation of
management (owners) without expressing assurance. Review is inquiry and analytical procedures to provide
the accountant a basis for expressing limited assurance that there are no material modifications that should
be made to the statements for them to be in conformity with U.S. generally accepted accounting principles.

accounting data includes journals, ledgers and other records, such as spreadsheets, that support financial
statements. It may be in computer readable form or on paper.

accounting estimate An approximation of a financial statement element. Estimates are included in historical
financial statements because some amounts are uncertain pending outcome of future events and relevant data
about events that have occurred cannot be accumulated on a timely, cost-effective basis.

accounting principles are alternative ways of reporting and disclosing information in financial statements and
related footnotes.

accounts receivable Debts due from customers from sales of products and services reported as a current
asset.

accounting research bulletins (ARBs) were issued years ago to set generally accepted accounting principles.
Some have not been superseded by pronouncements of the Accounting Principles Board and the Financial
Accounting Standards Board. Those old pronouncements still qualify as generally accepted accounting
principles.

adjusting entries are accounting entries made at the end of an accounting period to allocate items between
accounting periods.

adverse An audit opinion that the financial statements as a whole are not in conformity with U.S. GAAP.

advisory services are a consulting service in which the CPA develops the findings, conclusions, and
recommendations presented for client decision-making. This differs from attestation, where the CPA
expresses a conclusion about a written assertion of another.

aggregate (aggregated) Constituting the whole. Aggregate expenses include expenses of all divisions combined
for the entire year.
agreed-upon procedures An engagement where the client specifies procedures and the accountant agrees to
perform those procedures. An accountant may accept an engagement to apply agreed-upon procedures to
financial statement elements, where the scope of the engagement is not sufficient to express an opinion, if the
users assume responsibility for sufficiency of the procedures, and use of the report is restricted to specified
users.

aicpa American Institute of Certified Public Accountants. The professional organization of CPAs in the U.S.
It is a private organization of CPAs, not an arm of the government. Each state issues CPA certificates, not the
AICPA. Since each state makes its own laws, each state could prepare and grade their own CPA examination.
However, each state uses the uniform CPA exam prepared and graded by the AICPA.

allocation Distribution according to a plan. Depreciation, amortization, and depletion are methods to allocate
costs to periods benefited.

allowance for doubtful accounts A contra asset account with a credit balance used to reduce the carrying
amount of accounts receivable to net realizable value. The allowance balance is the estimated total of
uncollectible accounts included in accounts receivable.

allowance for sampling risk The difference between a sample estimate and the projected population
characteristic at a specified sampling risk. This allowance is also the difference between the expected error
rate and the tolerable deviation rate.

analytical procedure A comparison of financial statement amounts with an auditor's expectation. An example
is to compare actual interest expense for the year (a financial statement amount) with an estimate of what
that interest expense should be. The estimate can be found by multiplying a reasonable interest rate times the
average balance of interest bearing debt outstanding during the year (the auditor's expectation). If actual
interest expense differs significantly from the expectation, the auditor explains the difference in audit
documentation.

analyze Identify and classify items for further study.

anticipated Expected.

apb opinions The Accounting Principles Board existed before the Financial Accounting Standards Board. It
issued opinions, some of which are still part of generally accepted accounting principles.

application control Programmed procedure in application software designed to ensure completeness and
accuracy of information.

appropriate audit evidence is valid and reliable.

approve To authorize. A manager authorizes a cash payment by signing a voucher providing approval for the
disbursement.

arm's length transactions are transactions between people who have no relationship other than that of buyer
and seller. The price is the true fair market value of the goods or services sold. If you buy or sell something to
a close relative, you might give better terms than to an unrelated party, so the price might not represent the
true market value of the goods or services.

ascertain An audit procedure to determine or to discover with certainty. For example, to ascertain the date
on which an investment was purchased by examining source documents.

assertion Management asserts financial statements are correct with regard to existence or occurrence of
assets, liabilities or transactions, completeness of information in the financial statements, rights and
obligations at a point in time, appropriate valuation or allocation, presentation, and disclosure.

assess To determine the value, significance, or extent of.


assessed Determined. The level of control risk determined by the auditor, based on tests of controls, is the
assessed level of control risk.

assurance The level of confidence one has.

attest (attestation) report In an attest engagement, a practitioner issues a written conclusion about the
reliability of a written assertion that is the responsibility of another.

attorney's letter is signed by the client's lawyer and addressed to the auditor. It is the auditor's primary
means to corroborate information furnished by management about litigation, claims, and assessments.

attribute sampling The characteristic tested is a property that has only two possible values (an error exists or
it does not).

audit adjustment is a correction of a financial information misstatement identified by the auditor, whether
recorded or not.

audit committee A committee of the board of directors responsible for oversight of the financial reporting
process, selection of the independent auditor, and receipt of audit results.

audit documentation (working papers) are records kept by the auditor of procedures applied, tests
performed, information obtained, and pertinent conclusions reached in the engagement. The documentation
provides the principal support for the auditor's report.

audit objective In obtaining evidence in support of financial statement assertions, the auditor develops
specific audit objectives in light of those assertions. For example, an objective related to the completeness
assertion for inventory balances is that inventory quantities include all products, materials, and supplies on
hand.

audit planning is developing an overall strategy for the audit. The nature, extent, and timing of planning
varies with size and complexity of the entity, experience with the entity, and knowledge of the entity's
business.

audit risk A combination of the risk that material errors will occur in the accounting process and the risk the
errors will not be discovered by audit tests. Audit risk includes uncertainties due to sampling (sampling risk)
and to other factors (nonsampling risk).

auditing standards board Statements on Auditing Standards are issued by the auditing standards board, the
body of the AICPA designated to issue auditing pronouncements.

authorize (authorization) To give permission for. A manager authorizes a transaction by signing a voucher
authorizing the disbursement.

backup A copy of a computer program or file stored separately from the original.

batch A set of computer data or jobs to be processed in a single program run.

benford's law is a mathematical law that applies to any population of numbers derived from other numbers
(such as the dollar amount of a sale, found by multiplying the quantity sold times the unit price). It holds that
30% of the time the first non-zero digit of this derived number will be one, and it will be a nine only 4.6% of
the time. Benford's law is used by auditors to identify fictitious populations of numbers.

bill of lading A document issued by a carrier to a shipper, listing and acknowledging receipt of goods for
transport and specifying terms of delivery.

blind trust A financial arrangement in which a person avoids possible conflict of interest by transferring
financial affairs to a fiduciary who has sole asset management discretion. The person establishing the trust
also gives up the right to information regarding the assets.

cancel supporting documents To mark supporting documents as having been used to support a transaction so
the same documents can't be used to support another transaction. An example is stamping vouchers "paid.”

capitalized Recorded as an asset. A capitalized lease is in substance a purchase to the lessee. An asset is
recorded equal to the present value of the lease payments, which is also recorded as a liability. Payments,
partly interest and partly principal, are made on the lease liability. The leased asset is depreciated by the
lessee as though it were legally owned by the lessee.

caveat A warning or caution.

check digit A redundant digit added to a code to check accuracy of other characters in the code.

check register A listing of checks issued in numeric sequence and in order by date issued.

classification Arrangement or grouping. Assets and liabilities are normally classified as current or
noncurrent.

collateralize To pledge property as security (collateral) for a debt.

collusion A secret agreement between two or more parties for fraud or deceit.

comfort letter A letter written by the auditor to an underwriter of securities, which expresses an opinion
about whether the audited financial statements and schedules in the registration statement comply as to form
with applicable accounting requirements of the SEC Act of 1933 and related rules and regulations adopted by
the SEC. Procedures performed are specified by the underwriter.

comparability Users evaluate accounting information by comparison. Similar companies account for similar
transactions in similar ways. Another goal is comparison of one company's information from one period to
the next (consistency). Operating trends should not be disguised by changing accounting methods.

comparative Financial statements of a prior period shown with those of the current period to aid in
comparisons between periods.

compare (comparison) An audit procedure. The auditor observes similarities and differences between items
such as an account from one year to the next.

compensating balance An offsetting balance. A requirement by some banks that a borrower maintain a
minimum balance in a checking or savings account as a condition of a loan. The offsetting balance increases
the effective interest rate to the bank since the net amount loaned is reduced but the interest paid is
unchanged.

competence of an internal audit staff is a function of qualifications, including education, certification, and
supervision.

compile (compilation) A compilation is presenting in the form of financial statements information that is the
representation of management without expressing assurance. Compilation of a financial projection is
assembling prospective statements based on assumptions of a responsible party, considering appropriateness
of presentation, and issuing a compilation report. No assurance is provided on the statements or underlying
assumptions. The accountant need not be independent.

completeness Assertions about completeness deal with whether all transactions and accounts that should be in
the financial statements are included. For example, management asserts that all purchases of goods and
services are included in the financial statements. Similarly, management asserts that notes payable in the
balance sheet include all such obligations of the entity.

compliance Following applicable internal control procedures, rules, or laws.


comprehensive basis of accounting A complete set of rules other than U.S. GAAP applied to all items in a set
of financial statements. Examples include a basis of accounting required by a regulatory agency, a basis of
accounting the entity uses for its income tax return and the cash receipts and disbursements basis.

computer controls Internal controls performed by computer (software controls) as opposed to manual
controls. Also means general and application controls over the computer processing of data.

condensed financial statements are presented in considerably less detail than complete financial statements.

confirm (confirmation) Communication with outside parties to authenticate internal evidence.

consignment Transfer of possession but not title to goods. Title stays with the consignor, while the consignee
has possession.

consistency To achieve comparability of information over time, the same accounting methods must be
followed. If accounting methods are changed from period to period, the effects must be disclosed.

consulted Sought advice or information.

consulting services performed by CPAs include consultations, advisory services, implementation services,
product services, transaction services, and staff and support services.

contingency is an existing condition involving uncertainty as to possible gain (gain contingency) or loss (loss
contingency) that will be resolved by future events. Estimates, such as the useful life of an asset, are not
contingencies. Eventual expiration of the asset's utility is not uncertain.

continuing auditor is the auditor of the current year who also audited the financial statements of the client for
the previous year.

continuing accounting significance means matters normally included in the permanent audit documentation,
such as the analysis of balance sheet accounts, and those relating to contingencies. Such information from a
prior year is used by the auditor in the current year's audit and is updated each year.

control A policy or procedure that is part of internal control.

control accounts are general ledger accounts that report totals of details included in subsidiary ledger
accounts. For example, Accounts Receivable is a general ledger account with a balance equal to the total of
the individual receivables included in the subsidiary accounts receivable ledger.

control deficiencies exist when the design or operation of a control does not allow employees, in their assigned
functions, to prevent or detect misstatements on a timely basis.

control environment is the attitude, awareness, and actions of the board, management, owners, and others
about the importance of control. This includes integrity and ethical rules, commitment to competence, board
or audit committee participation, organizational structure, assignment of authority and responsibility, and
human resource policies and practices.

control policies and procedures Control activities are the policies and procedures that help ensure
management directives are carried out. Those pertinent to an audit include performance reviews,
information processing, physical controls and segregation of duties.

control risk The risk that material error in a balance or transaction class will not be prevented or detected on
a timely basis by internal controls.

controller An officer who supervises financial affairs of an entity. In internal control the controller is often
the person with record keeping (general ledger) responsibilities, as contrasted with asset custody,
management decision-making, and internal audit functions.
corroborate (corroborating) (corroboration) (corroborative) To strengthen with other evidence, to make
more certain.

count Enumerate some characteristic such as the number of items in inventory.

cumulative effect of changing to a new accounting principle is the effect on retained earnings at the beginning
of the current period. Only the direct effect (net of income tax effect) is considered.

current ratio Total current assets divided by total current liabilities.

custodian One who has possession or is in charge of something. Some entities entrust investment securities to
a bank, which is custodian of the company's securities.

custody Possession.

cutoff Designating a point of termination. An auditor uses tests of cutoff to obtain evidence that transactions
for each year are included in the financial statements of the appropriate year.

defalcation To misuse or embezzle funds.

deficiency An internal control shortcoming or opportunity to strengthen internal controls.

detection risk The risk audit procedures will lead to a conclusion that material error does not exist when in
fact such error does exist.

detective control A control designed to discover an unintended event or result.

deviation Departure from prescribed internal control. Often expressed as a rate at which the departure
occurs.

disclaimer (disclaim) A statement that the auditor is unable to express an opinion as to the presentation of
financial statements in conformity with U.S. GAAP.

disclosure Revealing information. Financial statement footnotes are one way of providing necessary
disclosures.

discovery sampling Acceptance sampling (sampling to determine whether internal control compliance is
greater than or less than the tolerable deviation rate) when the expected attribute occurrence rate is zero.

document (documentary) (documentation) Written or printed paper that bears information that can be used
to furnish decisive evidence. Could also be a recording, computer readable information, or a photograph.

dollar unit sampling (also known as probability proportional to size sampling) A sampling plan that bases the
likelihood of selecting a particular account on the relative size of that account, so larger accounts have a
greater probability of being selected for the sample than smaller accounts.

dual date If a major event comes to the auditor's attention between the report date and issuance of the report,
the financial statements may include the event as an adjustment or disclosure. The auditor dual dates the
audit report (as of the end of fieldwork, except footnote XX, which is dated later).

dual-purpose test Audit procedures are classified as substantive tests or tests of controls. If a procedure
provides both types of evidence it is a dual-purpose test.

edi “Electronic Data Interchange” is the use of communication between an entity and customers or suppliers
to transact business electronically. Purchase, shipping, billing, cash receipts, and cash disbursements can be
completed entirely by exchanging electronic messages.
edit checks Reasonableness, validity, limit, and completeness tests that are programmed routines designed to
check input data and processing results for completeness, accuracy and reasonableness.

edp “Electronic Data Processing”. Processing of information by computer as opposed to handwritten records.

effective income tax rate The income tax provision (expense) shown on an income statement divided by pretax
income. This differs from the statutory rate because of deductions, credits, and exclusions.

effective internal control Reasonable assurance that the entity’s operational objectives are achieved, that
published financial statements are reliably prepared, and applicable laws and regulations are complied with.

effectiveness Producing a desired outcome. An audit procedure is effective if the evidence supports a correct
conclusion.

efficiency The ratio of the audit evidence produced to audit resources used.

embedded audit modules are included in the client’s data processing systems to facilitate the acquisition of
data needed by auditors.

embedded control performance deals with unexpected changes to data.

embezzlement To take assets in violation of trust.

encryption is scrambling data so it is meaningless to anyone but the intended recipient, who has the key to
unscramble the data.

engagement letter A letter that represents the understanding about the engagement between the client and
the CPA. The letter identifies the financial statements and describes the nature of procedures to be
performed. It includes an explanation of the objectives of the procedures, an explanation that the financial
information is the responsibility of the company's management, and a description of the form of report.

environment The control environment is the attitude, awareness, and actions of the board, management,
owners, and others about importance of control. It includes integrity and ethical rules, commitment to
competence, board or audit committee participation, organization structure, assignment of authority and
responsibility, and human resource policies and practices.

error Unintentional misstatements or omissions in financial statements. Errors may involve mistakes in
gathering or processing accounting data, incorrect estimates from oversight or misinterpretation of facts, and
mistakes in application of principles relating to amount, classification, presentation or disclosure.

estimation sampling is sampling to estimate the actual value of a population characteristic within a range of
tolerable misstatement.

evidence (evidential matter) includes written and electronic information (such as checks, records of electronic
fund transfers, invoices, contracts, and other information) that permits the auditor to reach conclusions
through reasoning.

examination is evaluating the preparation of prospective statements, support underlying assumptions, and
presentation. The accountant reports whether, in his or her opinion, the statements conform to AICPA
guidelines and assumptions provide a reasonable basis for the responsible party's forecast. The accountant
should be independent, proficient, plan the engagement, supervise assistants, and obtain sufficient evidence to
provide a reasonable basis for the report.

examine (examining) As an audit procedure to examine something is to look at it critically.

except for A qualified opinion. An auditor can qualify the audit opinion for both departures from U.S. GAAP
in the financial statements and restrictions on the scope of the audit. The opinion paragraph of the qualified
report is worded "In our opinion, except for..."

execute (execution) To carry out an internal control procedure, such as to sign and mail a check after
inspecting supporting documents.

existence Assertions about existence deal with whether assets or liabilities exist at a given date. For example,
management asserts that finished goods inventories in the balance sheet are available for sale.

expenditure Cash paid or liability incurred.

explanatory A paragraph added to an audit report to explain something, such as the reason for a qualified or
adverse opinion.

explicitly Fully and clearly expressed, leaving nothing implied.

extend means to multiply one number by another (to test extensions is to test the accuracy of multiplication
done by the client). To extend audit procedures is to apply additional audit procedures to obtain more
evidence.

extent of an audit test is the sample size. A small number of transactions provides less assurance than a large
sample. There is more risk your conclusion will be incorrect if you use a smaller sample size.

fasab Federal Accounting Standards Advisory Board. An organization that sets GAAP in the U.S. for federal
government entities.

fasb Financial Accounting Standards Board. A nongovernment private organization that sets GAAP in the
U.S. for profit making entities and not-for-profit nongovernmental organizations.

field work The performance of audit procedures outside the CPA's office. Much field work, but not all, is
done in the client's offices after the balance sheet date.

fifo “First In First Out” inventory cost flow.

financial forecasts are prospective financial statements that present expected future financial position, results
of operations, and cash flows based on expected conditions. A financial forecast is of the most likely future
scenario.

financial projections are prospective financial statements that present, given one or more hypothetical
assumptions, an entity's expected financial position, results of operations, and changes in financial position. A
financial projection includes several alternative scenarios while a forecast is the single most likely scenario.

financial institution confirmation request A confirmation sent to the client's bank or other financial
institution asking the bank to confirm directly to the auditor information about balances at a particular date.

flowchart A schematic representation of a sequence of operations in an accounting system or computer


program. Also called a flow diagram or flow sheet.

foot a column is to add a column of numbers.

fraud A deliberate deception to secure unfair or unlawful gain. False representation intended to deceive
relied on by another to that person's injury. Fraud includes fraudulent financial reporting undertaken to
render financial statements misleading, sometimes called management fraud, and misappropriation of assets,
sometimes called defalcations.

gaap “Generally Accepted Accounting Principles.” According to Rule 203 of the AICPA Code of Professional
Conduct, GAAP for nongovernment entities include (in a conflict the source earlier in the list prevails): 1.
FASB Statements and Interpretations, APB Opinions, ARBs. 2. FASB Technical Bulletins, AICPA Guides
and AICPA Statements of Position. 3. Positions of the FASB Emerging Issues Task Force and AICPA
Practice Bulletins. 4. AICPA accounting interpretations, FASB staff "Qs and As", and widely recognized
industry practices. 5. FASB Concepts Statements, textbooks, articles.

gaas “Generally Accepted Auditing Standards.” The ten auditing standards adopted by the membership of
the AICPA. Auditing standards differ from audit procedures in that "procedures" relate to acts to be
performed, whereas "standards" deal with quality of the performance of those acts and objectives of the
procedures.

gasb Government Accounting Standards Board. A nongovernment private organization that sets GAAP in
the United States for nonfederal governmental entities.

general controls Policies and procedures to assure proper operation of computer systems, including controls
over network operations, software acquisition and maintenance, and access security.

general journal A book of original entry in a double-entry system. The journal lists transactions and indicates
accounts to which they are posted. The general journal includes all transactions not included in specialized
journals used for cash receipts, cash disbursements, and other common transactions.

general ledger A record to which monetary transactions are posted (in the form of debits and credits) from a
journal. It is the final record from which financial statements are prepared. General ledger accounts are
often control accounts that report totals of details included in subsidiary ledgers.

general standard In the ten U.S. generally accepted auditing standards there are three general standards: 1.
The examination is to be performed by a person or persons having adequate technical training and
proficiency as an auditor. 2. In all matters relating to the assignment, an independence in mental attitude is to
be maintained by the auditor. 3. Due professional care is to be exercised in performing the examination and
preparation of the report.

generalized audit software Packaged computer programs used on a variety of computers during audit field
work to read computer files, select information, perform calculations, create data files, and print reports in a
format specified by the auditor.

going concern assumption assumes the company will continue in operation long enough to realize its
investment in assets through operations (as opposed to sale). Presenting assets at historical cost is justified by
assuming productive assets will be used rather than sold. This makes market values irrelevant and supports
accounting methods that match the actual cost of an asset to periods benefited.

government auditing standards A book issued by the comptroller general of the United States, sometimes
called the "yellow book." Government Auditing Standards contains standards for audits of government
organizations, programs, activities, and functions and of government assistance received by contractors, not-
for-profit organizations, and other nongovernment organizations. These standards, which include designing
the audit to provide reasonable assurance of detecting material misstatements resulting from noncompliance
with provisions of contracts or grant agreements that have a direct and material effect on determination of
financial statement amounts, are followed when required by law, regulation, agreement, contract, or policy.
For financial audits, Government Auditing Standards prescribes fieldwork and reporting standards beyond
those required by GAAS.

gross margin percentage The gross margin from an income statement divided by net sales revenue.

hard copy A printed copy of information as opposed to information stored in computer readable form.

hardware A computer and associated physical equipment involved in data processing or communications
functions as opposed to software (the computer programs that provide instructions the computer follows).

hardware control Computer controls built into physical equipment by the manufacturer.

hash total A control total that has no meaning in itself except for control, e.g., total social security numbers of
employees paid.
hedges protect an entity against the risk of adverse price or interest-rate movements on its assets, liabilities,
or anticipated transactions. A hedge avoids or reduces risk by counterbalancing losses with gains on separate
positions.

Image-processing systems scan documents into electronic images for storage. Reference and source
documents may not be retained after conversion.

immaterial Of no importance. Something in financial statements that will not change decisions of investors.

implementation of internal control means the auditor determines that the relevant controls exist and that the
entity is using them.

implicitly Implied or understood even though not directly expressed.

implied control performance deals with expected changes to data.

incompatible duties Internal control systems rely on separation of duties to reduce the chance of errors or
fraud. Duties are incompatible if they should be separated for control. For example, one person should not be
in a position to both embezzle funds and to hide the embezzlement by changing the recorded accountability.

incorrect acceptance The risk of incorrect acceptance is the risk the sample supports the conclusion that the
recorded balance is not materially misstated when it is materially misstated.

incorrect rejection The risk of incorrect rejection is the risk the sample supports the conclusion that the
recorded balance is materially misstated when it is not materially misstated.

independent In all matters relating to the assignment, an independence in mental attitude is to be maintained
by the auditors. This means freedom from bias, which is possible even when auditing one's own business
(independence in fact). However, it is important that the auditor be independent in appearance (that others
believe the auditor is independent).

information systems consist of infrastructure (physical and hardware components), software, people,
procedures (manual and automated), and data.

inherent limitation The potential effectiveness of an entity's internal control is subject to inherent limitations.
Human fallibility, collusion, and management override are examples.

inherent risk The susceptibility of a balance or transaction class to error that could be material, when
aggregated with other errors, assuming no related internal controls.

input controls Computer controls designed to provide reasonable assurance that transactions are properly
authorized before processed by the computer, accurately converted to machine readable form and recorded
in the computer, that data files and transactions are not lost, added, duplicated or improperly changed, and
that incorrect transactions are rejected, corrected and, if necessary, resubmitted on a timely basis.

inquire (inquiry) Ask questions of client personnel.

inspect (inspection) As an audit procedure, to scrutinize or critically examine a document. As part of a CPA
firm's quality control system, a procedure to monitor the effectiveness of the system.

integrated test facility (integrated test data) A "dummy" unit (e.g., a department or employee) is established.
Test (fictitious) transactions are posted to the dummy unit during the normal processing cycle. If test
transactions are processed correctly that provides evidence that transactions of other units are processed
correctly as well.

integrity Consistent adherence to an ethical code. If client management lacks integrity the auditor must be
more skeptical than usual.
interim audit procedures are done during the year under audit, before year-end.

interim financial information means financial statements of a time period less than a full year.

internal auditors are employees of the client responsible for providing analyses, evaluations, assurances,
recommendations, and other information to the entity's management and board. An important responsibility
of internal auditors is to monitor performance of controls.

internal control Policies and procedures designed to provide reasonable assurance that specific entity
objectives will be achieved. It consists of the control environment, risk assessment, control activities,
information and communications, and monitoring.

internal control questionnaire A list of questions about the existing internal control system to be answered
(with answers such as yes, no, or not applicable) during audit fieldwork. The questionnaire is a part of the
documentation of the auditor's understanding of the client's internal controls.

internal control weakness A defect in the design or operation of internal controls.

introductory paragraph The first paragraph of the auditor's standard report which identifies the financial
statements audited and states the financial statements are the responsibility of management and that the
auditor's responsibility is to express an opinion on the financial statements based on the audit.

inventory tag A tag attached to inventory items that identifies the inventory items to aid in counting the
physical inventory.

inverse The opposite or reverse. An inverse relationship between two variables means that when one
increases the other decreases.

investee The company in which an investment is held. Often used to describe an equity method investment, in
which the investor reports a share of the investee's net income.

invoice An itemized list of goods shipped or services rendered with costs.

isb Independence Standards Board.

journal A book of original entry in a double-entry system. The journal lists all transactions and the accounts
to which they are posted.

just-in-time An inventory system that attempts to minimize inventory costs that do not add value for the
customer. It arranges for suppliers to deliver small quantities of raw materials just before those units are
needed in production. Storing, insuring, and handling raw materials are costs that add no value to the
product, and are minimized in a just in time system.

kiting Drawing a bank check on insufficient funds to take advantage of the time required for collection.

lapping A scheme to cover an embezzlement by using payments made by one customer to reduce the
receivables balance of another customer.

lead schedule The schedule at the beginning of audit documentation that summarizes the detailed schedules.

lifo “Last In First Out” inventory cost flow.

limit test (limit check). A computer program step that compares data with predetermined limits as a
reasonableness test (hours worked over 60 per week).

liquidity The availability of cash or ability to obtain it quickly. Debt paying ability.
lockbox (bank lockbox) speeds the availability of funds from cash collections by reducing the time from the
customer mailing the check until the funds are available to spend. Remittances are sent to a bank near the
customer and the bank deposits funds speedily to the payee's account.

management controls are controls performed by one or more managers.

management representation letter A letter addressed to the auditor, signed by the client's chief executive
officer and chief financial officer. During an audit, management makes many representations to the auditor.
Written representations from management in the letter confirm oral representations given to the auditor,
document the continuing appropriateness of such representations, and reduce the possibility of
misunderstanding.

manual controls are controls performed manually, not by computer.

material (materiality) Information important enough to change an investor's decision. Insignificant


information has no effect on decisions, so there is no need to report it. Materiality includes the absolute value
and relationship of an amount to other information.

material weakness is a significant deficiency in internal controls that results in more than a remote likelihood
that a material misstatement of the financial statements will not be prevented or detected.

memos Written records supporting journal entries. Credit memos support credits, while debit memos
support debit entries.

misappropriate To embezzle or appropriate dishonestly for one's own use.

misstatement Stated wrongly or falsely. Untrue financial statement information.

mitigating Reducing in force or intensity.

monitoring Evaluation of the firm’s system of quality control to provide reasonable assurance that it is
designed appropriately and operating effectively.

narrative A written description of an internal control system.

nature of audit testing means the type of testing, such as tests of internal controls, tests of transactions, or
tests of balances in balance sheet accounts.

negative assurance A statement of what the CPA does not know as opposed to what the CPA believes (positive
assurance). A statement that the CPA was "not aware of material modifications that should be made to
financial statements for them to conform with U.S. generally accepted accounting principles" is negative
assurance used in review reports.

negative confirmation request The negative form of accounts receivable confirmation asks the client's
customer to respond only if the customer disagrees with the balance determined by the client. The positive
form asks the customer to respond whether the customer agrees or disagrees with the client's receivable
balance. The negative form is used when controls over receivables are strong and accounts receivable consists
of many accounts with small balances. The positive form is used when controls are weak or there are fewer,
but larger, accounts.

nonsampling risk is audit risk not due to sampling. An auditor may apply a procedure to all transactions or
balances and fail to detect a material misstatement. Nonsampling risk includes the possibility of selecting
audit procedures that are not appropriate to achieve a specific objective. For example, confirming recorded
receivables cannot reveal unrecorded receivables. Nonsampling risk can be reduced to a negligible level
through adequate planning and supervision.

objective A goal.
objectivity The internal auditors' objectivity depends on the organizational status of the internal audit
function, whether the internal auditor has direct access and reports regularly to the board, the audit
committee, or owner-manager, and who oversees internal auditor employment decisions.

obligations Assertions about obligations deal with whether liabilities are obligations of the entity at a given
date. For example, management asserts that amounts capitalized for leases in the balance sheet represent the
cost of the entity's rights to leased property and that the corresponding lease liability represents an obligation
of the entity.

obliterate To do away with something so as to leave no trace.

observe (observation) Watch and test a client action (such as taking inventory).

occurrence Assertions about occurrence deal with whether recorded transactions have occurred during a
given period. For example, management asserts that sales in the income statement represent the exchange of
goods or services with customers for cash or other consideration.

online Access to a computer for immediate processing without having to wait for a batch of transactions to be
processed at a later time.

operating effectiveness How an internal control was applied, the consistency with which it was applied, and
by whom.

operating income from continuing operations is reported on an income statement.

opinion A CPA's conclusion held with confidence but not substantiated by positive knowledge or proof.

opinion paragraph The paragraph in the audit report that expresses the auditor's conclusions. The wording
of the standard, unqualified opinion paragraph is: "In our opinion, the financial statements referred to above
present fairly, in all material respects, the financial position of XYZ Company at December 31, year A, and
the results of its operations and its cash flows for the year then ended in conformity with U.S. generally
accepted accounting principles."

order is a listing of goods or services requested from a supplier with specifications and desired delivery
method. A company starts the purchase process internally with a requisition, which results in an order being
transmitted to a supplier. When the supplier ships the goods or provides the service, an invoice is sent to the
customer telling the customer the specifications, delivery method, and price of those goods or services.

overall review The objective of the overall review stage of the audit is to assess conclusions reached, and
evaluate the overall financial statement presentation. The overall review includes reading the financial
statements and notes and considering adequacy of evidence gathered in response to unusual or unexpected
balances. Results of an overall review may indicate the need for additional evidence.

parallel processing is the simultaneous performance of multiple operations, usually in reference to computer
systems.

parallel simulation testing is the simultaneous performance of multiple operations. It provides evidence of the
validity of processing if the second processing system yields the same results as the first. Auditors use their
own generalized audit software to process the same data as was processed by the client’s software. If the
output of the audit software is the same as the output of the client’s software that is evidence that the client’s
software is performing properly.

parity bit An extra bit added to a string of bits to increase the accuracy of data transmission.

password A sequence of characters required to gain access to a computer system. Passwords are used to
restrict computer system access to only authorized persons.

payroll Department that determines amounts of wage or salary due to each employee.
peer review A practice monitoring program in which the audit documentation of one CPA firm is periodically
reviewed by independent partners of other firms to determine that it conforms to the standards of the
profession.

pending Legal proceedings not yet decided.

per diem An allowance for daily expenses. Often used to reimburse employees for estimated expenses as
opposed to accounting for each small component of the expenses.

permanent audit documentation includes items of continuing accounting significance, such as the analysis of
balance sheet accounts and contingencies. Such information from a prior year is used in the current audit and
updated each year. Sometimes called the continuing file.

perpetrate Carry out an action such as a crime.

perpetual An inventory accounting system updated for each addition to inventory and each issuance from
inventory, so the records indicate the exact quantity on hand at any moment. The alternative is a periodic
inventory system where actual inventory on hand is determined only once a year.

personal financial statements of individuals present assets and liabilities at estimated current value on an
individual's balance sheet (statement of financial condition). A statement of changes in net worth presents
major changes in net worth during a period. The accrual basis is used for assets and liabilities, which are
presented in order of liquidity and maturity, without classification as to current and noncurrent. The cash
value of life insurance less the amount of loans against it is an asset. Deferred income tax on the difference
between the income tax basis and estimated current values is presented between liabilities and equity.

personnel The department that maintains records of each individual's employment.

persuasive Having the power to influence. Most audit evidence is persuasive, but not conclusive.

pervasive Having the ability to permeate. An error is pervasive if it is material to more than one of the
primary financial statements.

piecemeal opinion Expression of an opinion on an item in financial statements is not permitted as part of a
disclaimer or adverse opinion on the financial statements as a whole because it would tend to overshadow or
contradict a disclaimer of opinion or an adverse opinion.

plan Audit planning is developing an overall strategy for conduct and scope of the audit. The nature, extent,
and timing of planning vary with size and complexity of the entity, experience with the entity, and knowledge
of the business. In planning the audit, the auditor considers the entity's business and its industry, its
accounting policies and procedures, methods used to process accounting information, the planned assessed
level of control risk, and the auditor's preliminary judgment about audit materiality.

pledge Something given as security to guarantee payment of a debt.

population size The number of items in the population from which a sample is drawn.

positive assurance A statement as to what the CPA believes. An example is an opinion that the financial
statements are presented fairly in conformity with U.S. GAAP. The opposite is negative assurance, a
statement about what the CPA does not know. A statement that the CPA was "not aware of material
modifications that should be made to financial statements for them to conform with U.S. generally accepted
accounting principles" is negative assurance used in review reports.

positive confirmation (positive request) The positive form of receivables confirmation asks the customer to
respond whether the customer agrees or disagrees with the client's reported receivable balance. The negative
form of accounts receivable confirmation asks the client's customer to respond only if the customer disagrees
with the balance determined by the client. The negative form is used when controls over receivables are
strong and accounts receivable consists of many accounts with small balances. The positive form is used when
controls are weak or there are fewer, but larger, accounts.

predecessor auditor The auditor of a client for a prior year who no longer audits that client.

presentation Assertions about presentation deal with whether particular financial statement components are
properly classified and described. For example, management asserts that long-term liabilities in the balance
sheet will not mature in one year. Similarly, management asserts that extraordinary items in the income
statement are properly classified and described.

presumptively mandatory quality control requirements apply unless, in rare circumstances, the firm
documents the justification for the departure and how the alternative procedures performed in the
circumstances were sufficient to achieve the objectives of the requirement. The word “should” indicates a
presumptively mandatory requirement.

preventative control A control designed to avoid an unintended event.

principal auditor The auditor responsible for the greater portion of financial statements. The principal
auditor may assume responsibility for the work of the other auditor or divide responsibility with the other
auditor.

pro forma The objective of pro forma financial information is to show effects on historical financial
information as if a proposed event had occurred earlier.

probability proportional to size (pps) (also known as dollar unit) sampling A sampling plan that bases the
likelihood of selecting a particular account on the relative size of that account, so larger accounts have a
greater probability of being selected for the sample than smaller accounts.

probable A contingent loss is probable if it is uncertain but likely to happen.

procedure An action, such as a step performed as part of an audit program or as part of the client's internal
controls.

processing control is an internal control included in computer software designed to assure that all
transactions are handled as authorized and none omitted or added.

production cycle The portion of an entity that acquires resources and converts them to the product or service
for customers.

production order A document that initiates the manufacturing process.

proficiency as an auditor includes the auditor's formal education and subsequent experience. The
independent auditor must undergo training adequate in technical scope, including commensurate general
education. The assistant entering an auditing career must obtain experience with proper supervision and
review of his or her work by a more experienced auditor.

program An audit program is a listing of audit procedures to be performed in completing the audit. A
computer program (software) is a listing of steps to be performed in processing the data.

programmed controls are built into computer software and include reasonableness tests, control totals, and
sequence checks.

pronouncements of the FASB and GASB are rules that determine the principles for external financial
reporting and disclosure.

prospective financial statements are either financial forecasts or financial projections. Prospective financial
statements may cover a period that has partially expired. Statements for periods that have completely expired
are not prospective financial statements.
prospectus A registration statement filed with the SEC includes audited financial statements (balance sheet,
income statement, and statement of cash flows) for the previous three years. A prospectus contains the same
information and must be supplied to all parties to whom offers are made. There is a twenty-day waiting
period between the filing of the registration statement and the first sale of securities. During this period,
preliminary ads and a "red herring" prospectus can be provided to offerees but it must be clearly marked as
preliminary.

proxy A power of attorney granting a third party the right to a stockholder's vote. When management or
others solicit proxies from stockholders a copy of the proxy statement must be filed with the SEC ten days
before mailing the solicitation. The proxy statement must include all information relevant to the matter voted
on.

purchase order A document from a buyer to a seller placing an order and listing quantities and specifications.

purport Intending to present.

qualified (qualify) An audit opinion that the financial statements as a whole are presented in conformity with
U.S. GAAP, with the exceptions noted.

qualitative Relating to the quality of a trait, as opposed to quantitative, which means expressed as a number.

quality control systems provide a CPA firm with reasonable assurance that personnel comply with
professional standards and the firm's standards of quality, independence, integrity, and objectivity. It covers
personnel management, acceptance and continuance of clients, engagement performance, and monitoring.

quantitative (quantitatively) Expressed as a number, as opposed to qualitative measurement.

questionnaire An internal control questionnaire is a list of questions about the internal control system to be
answered (with answers such as yes, no, or not applicable) during audit fieldwork. The questionnaire is part
of the documentation of the auditor's understanding of the client's internal controls.

quick ratio Quick assets divided by current liabilities. Quick assets are current assets less inventories and
prepaid expenses.

random sample (random-number sampling) Identical probability of each population item being selected for a
sample. Also, the use of random numbers to select a random sample from a population.

ratio The relation between two quantities expressed as the quotient of one divided by the other. The ratio of 8
to 2 is written 8/2 and equals four. Financial statement ratios are used as analytical procedures in audits.

ratio estimation In audit sampling a ratio of the proportion of errors in the sample applied to the population
value to estimate total error.

reasonable assurance (in audit report) An auditor works within economic limits. The audit opinion, to be
economically useful, must be formed in a reasonable time and at reasonable cost. The auditor must decide,
exercising professional judgment, whether evidence available within limits of time and cost is sufficient to
justify an opinion.

reasonable assurance (in internal control) An internal control, no matter how well designed and operated,
cannot guarantee that an entity’s objectives will be met because of inherent limitations in all internal control
systems.

reaudit When an auditor is asked to audit and report on financial statements that have been previously
audited and reported on.

recalculate Perform procedures again and compare to original results.


receiving report A document completed in the receiving department, which identifies the purchase order that
initiated the purchase, and the date, quantity, and condition of goods received.

recomputation Perform procedures again and compare to original results.

reconcile (reconciliation) A schedule establishing agreement between separate sources of information, such as
accounting records reconciled with the financial statements.

registration statement A statement submitted to officially provide the SEC with information about an
offering of securities. A registration statement includes audited financial statements (balance sheet, income
statement, and statement of cash flows) for the previous three years.

regression analysis A statistical method for finding the relationship between two or more variables. Also
called least squares or linear regression.

regulation s-x is a regulation of the SEC that explains the format of information to be submitted to the SEC.
It is entitled "Form and Content of and Requirements for Financial Statements, Securities Act of 1933,
Securities Exchange Act of 1934, Public Utility Holding Company Act of 1935, Investment Company Act of
1940, and Energy Policy and Conservation Act of 1975."

related parties are those with whom the client has a relationship that might destroy the self-interest of one of
the parties (accounting is based on measurement of arm's length transactions). Related parties include
affiliates of the client, principle owners, management (decision makers who control business policy) and
members of their immediate families.

reliable (reliability) Different audit evidence provides different degrees of assurance to the auditor. When
evidence can be obtained from independent sources outside an entity it provides greater assurance of
reliability for an independent audit than that secured solely in the entity. More effective internal controls
provide assurance about reliability of the accounting data and financial statements. The independent
auditor's direct personal knowledge, from physical examination, observation, computation, and inspection, is
more persuasive than information obtained indirectly.

remittance Sending money to someone. A remittance advice is a record of the amount sent, purpose of the
payment, and associated account identification.

remote A contingency with only a slight chance of occurring. In computer processing of information, a distant
computer.

reperformance The repeating by the auditor of a computation made by the client to check its accuracy.

reportable condition Matters coming to the auditor's attention that are communicated to the audit committee
because they are significant deficiencies in internal control which could adversely affect the ability to record,
process, summarize, and report financial data.

representation A letter from management to the auditor representing that the financial statements are fairly
presented. The letter is addressed to the independent auditor, and dated at the date of the auditor's report. It
is signed by members of management whom the auditor believes are responsible for, and knowledgeable
about, matters covered (chief executive officer and chief financial officer).

requisition A formal written request for something needed. A purchase by a company is initiated internally
by a requisition, resulting in the issuance of a purchase order to the outside supplier.

revenue cycle The portion of a company that fills customer orders, accounts for receivables, and collects those
receivables.

review To examine again. The overall review of audit documentation is completed after field work. A peer
review is a practice monitoring program in which audit documentation of one CPA firm is periodically
reviewed by independent partners of other firms to determine that they conform to professional standards.
An analytical review is a type of substantive audit procedure. A review of financial statements of a nonpublic
company is an engagement that results in the expression of less assurance than an audit, but more than in a
compilation. A review of interim financial statements of a public company consists of analytical procedures
and inquiries.

rfid “radio frequency identification tag” is attached to and identifies a thing such as an item in inventory, a
case of items, a pallet of cases, a car passing through a reader on a toll way, or a person passing through a
doorway. It is like a UPC (universal product code) on items in a store, but can be scanned from a longer
distance. A transceiver sends an activating signal and receives identification information. An active RFID tag
has an internal battery and has a longer range than a passive tag which is powered by the radio signal it
receives.

rights Assertions about rights deal with whether the entity has rights to the asset at a given date. For
example, management asserts that amounts capitalized for leases in the balance sheet represent the cost of the
entity's rights to leased property.

risk analysis An analysis of the possibility of suffering loss.

sample size The number of population items selected when a sample is drawn from a population.

sampling error Unless the auditor examines 100% of the population, there is some chance the sample results
will mislead the auditor. This risk is sampling error. The larger the sample, the less chance of sampling error
and the greater the reliability of the results.

sampling risk The possibility that conclusions drawn from the sample may not represent correct conclusions
for the entire population.

sarbanes-oxley act established the Public Company Accounting Oversight Board and added requirements for
publicly traded companies, their officers, boards and auditors. It increased penalties for corporate financial
fraud.

sas "Statements on Auditing Standards" are interpretations of U.S. generally accepted auditing standards
issued by the AICPA’s auditing standards board.

scope The type of engagement. The scope of an engagement might be a review, an audit, or a compilation. A
scope limitation is a restriction on the evidence the auditor can gather.

scope paragraph The paragraph in the audit report that explains the scope of the engagement. The wording
of the standard scope paragraph is: "We conducted our audit in accordance with U.S. generally accepted
auditing standards. Those standards require that we plan and perform the audit to obtain reasonable
assurance about whether the financial statements are free of material misstatement. An audit includes
examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An
audit also includes assessing the accounting principles used and significant estimates made by management,
as well as evaluating the overall financial statement presentation. We believe that our audit provides a
reasonable basis for our opinion."

sec The Securities and Exchange Commission is an agency that administers Federal securities laws which
require disclosure of information about publicly traded securities. The SEC investigates securities fraud and
regulates securities exchanges and brokers.

second request When an auditor confirms receivables, some customers of the client fail to respond to the first
confirmation request. Another request sent to the same customers is the second request.

secured transaction Right to repossess goods as security for payment of a debt.

segregation of duties means assigning different people the responsibilities of authorizing transactions,
recording transactions, and maintaining custody of assets. Segregation of duties reduces the opportunities for
one person to both perpetrate and conceal errors or fraud.
self-checking digit An extra digit is added to a number. The extra digit is computed from the other digits in
the number. The computer program can then check input by recomputing and comparing the check digit.
This is a useful control over the input of account numbers.

service auditor The auditor of an organization that provides services such as data processing or pension trust
administration to other organizations (the users). Auditors of the users (user auditors) rely on a report from
the service auditor about controls in the service organization that apply to financial statements of the user
organization they are auditing.

significant deficiency is a control deficiency that adversely affects the entity's ability to report financial data
reliably such that there is more than a remote likelihood that a misstatement of the financial statements that
is more than inconsequential will not be prevented or detected.

shipping document A document prepared when goods are shipped. It lists the date shipped, the customer,
method of shipment, and quantities and specifications of goods shipped.

simulation Representation of the operation or features of one process or system through the use of another.
Computer simulation of waiting lines can determine the number of employees needed to serve customers at a
particular time.

single audit act This federal legislation requires state and local governments that receive federal aid of
$500,000 or more in a fiscal year to have an audit under the act. A government that receives less than
$500,000 can have an audit under the act or with specific laws and regulations of programs in which the
government participates. Auditors report whether the audited entity has followed laws and regulations that
may have a material effect on each major federal aid program.

software Programs and languages that control computer hardware.

specialist An expert at activities not usually done by auditors (such as an appraiser for valuation).

sqcs Statement on Quality Control Standards.

ssars Statements on Standards for Accounting and Review Services (SSARS) are pronouncements concerning
unaudited financial information of a nonpublic entity issued by the AICPA Accounting and Review Services
Committee.

standard deviation A statistic used to measure dispersion equal to the square root of the arithmetic mean of
the squares of the deviations from the arithmetic mean.

statistical Making inferences in uncertain situations using applied mathematics. Measurements from a small
group, the sample, are used to infer the behavior of a larger group, the population. Probability theory
determines how well the sample represents the population.

stop-or-go sampling Taking a sample from a population and checking after each sample item is drawn
whether the sample supports a desired conclusion. Sampling ceases as soon as that conclusion is supported.

stratify To arrange a population or a sample in distinct layers. Stratified sampling is used in audi

ing to select a greater percentage of accounts with high balances than of accounts with low balances.

subject to Years ago there was a type of qualified audit opinion that was worded "In our opinion, subject
to....." Auditors are no longer permitted to issue such opinions.

subsequent events affect the client and occur between the balance sheet date and issuance of the financial
statements. Some such events provide additional evidence about conditions that existed at the balance sheet
date, such as the bankruptcy of a customer with a history of financial difficulty. The financial statements are
adjusted to reflect this evide
nce. Conditions that did not exist at the balance sheet date, such as fire that destroyed the client's plant after
the balance sheet date, may be so significant as to require disclosure.

subsidiary ledger The detailed information that totals to the balance in the general ledger account. The total
of all customer accounts receivable included in the subsidiary ledger of accounts receivable is the balance in
the general ledger accounts receivable account.

substantiated Supported with proof or evidence.

substantive A substantive audit procedure is a direct test of a financial statement balance.

successor auditor The auditor of a client for the current year when that client had another auditor in prior
years. The auditor who no longer audits that client is the predecessor auditor.

sufficiency (sufficient) A measure of the quantity of audit evidence. The independent auditor's objective is to
obtain sufficient appropriate evidence to provide a reasonable basis for an opinion.

supervise Supervision is directing efforts of assistants in the audit and determining whether objectives were
accomplished. Elements of supervision include instructing assistants, keeping informed of problems,
reviewing work performed, and dealing with differences of opinion among firm personnel. The appropriate
extent of supervision depends on the complexity of subject matter and qualifications of persons performing
the work.

suppliers provide goods or services to an audited entity. Sometimes called vendors.

systrust engagements A CPA tests a business system for its ability to operate without material error and
reports on its reliability.

test A sample from a population to estimate characteristics of the population.

test count As part of inventory audit procedures auditors normally observe the client's employees counting
physical inventory. A test count is inventory counted by the auditors to check the client's count.

test data is run through a computer program to test the software. Test data can be used to test compliance
with controls in the software.

test of controls (tests of the operating effectiveness of internal controls) Auditors evaluate the design of
controls, then determine if the controls are in operation. In order to rely on the controls they must also obtain
evidence as to whether the controls are operating effectively.

test of detail Direct tests of financial statement balances (substantive audit procedures) that are not analytical
procedures. If tests of details are performed as tests of controls as well as substantive tests they are "dual-
purpose" tests.

tick marks in audit work papers are footnotes represented by a symbol instead of by a number. They indicate
procedures that have been carried out on specific items in the work papers.

times interest earned Income before interest and taxes divided by interest expense.

timing of audit testing means when the procedure is performed. If you perform a test of balances procedure
before year end there is a risk that internal controls are inadequate to provide assurance up through the
balance sheet date. There is less risk if you do the procedure as of the balance sheet date.

tolerable deviation rate is the maximum rate of deviation from an internal control that will allow the auditor
to place the planned reliance on that control.

tolerable misstatement When planning a sample for a substantive test of details, the auditor considers how
much monetary misstatement may exist without causing the financial statements to be materially misstated.
This maximum misstatement is the tolerable misstatement for the sample.

trace Follow a transaction through the steps of the system.

treasurer The officer who controls the entity's funds. The treasurer normally signs checks and is responsible
for cash management.

treasury stock is stock of the corporation that has been issued and later reacquired. It is not an asset. It is a
reduction of stockholders' equity. Treasury stock can be recorded at either its cost or its par value.

trend analysis An analysis of the change in something over time. Analytical procedures, which compare
financial statement ratios of different years, are an example of trend analysis.

trial balance A statement of open debit and credit accounts in a ledger to test their equality.

turnover Inventory turnover is a measure of the time from receipt of inventory to its sale. It is found by
dividing cost of sales by average inventory. Receivables turnover is a measure of the time it takes to collect
receivables. It is found by dividing net credit sales by average net receivables. Employee turnover is the rate
at which new employees replace old employees.

unconditional requirements apply in all cases. Quality control standards use the words “must” or “is
required” for an unconditional requirement.

unqualified An audit opinion that the financial statements are in conformity with U.S. GAAP.

update (updated) If an auditor notices events that affect financial statements on which an audit report has
been issued, they are considered when updating the report on those statements. If those statements are
changed, the updated report says they have been restated and expresses the appropriate opinion. If an
updated opinion differs from the previous opinion, an explanatory paragraph preceding the opinion
paragraph explains that the report has been updated and discloses the date and type of opinion previously
expressed, and events that caused the revision.

user auditor A “service auditor” is the auditor of an organization that provides services such as data
processing or pension trust administration to other organizations (the users). Auditors of the users (user
auditors) rely on a report from the service auditor about controls in the service organization that apply to
financial statements of the user organization they are auditing.

validity check Software control over input of data to a computer system. Data is compared with the type of
data properly included in each input field, e.g., only letters in a name field.

valuation An assertion made by management that each asset and liability is recorded at an appropriate
carrying value.

value-added network A telecommunications network providing communication facilities, which enhance


basic telecommunications services. They add value by passing, storing and converting messages. Also known
as service providers and EDI service providers. Operated by a clearing house, an organization that provides
message/file collection, routing and distribution service on behalf of other organizations.

variable sampling The characteristic tested has many possible values (such as dollar value of inventory).

variance A statistical measure of dispersion in a population. The variance is the square of the standard
deviation. The standard deviation equals the square root of the arithmetic mean of the squares of deviations
from the arithmetic mean.

vendors provide goods or services to an entity. Also called suppliers.

verify (verification) Prove accuracy of numbers or existence of assets.


vouch Prove accuracy of accounting entries by tracing to supporting documents.

voucher A document in support of an expenditure. The signature of an appropriate official on the voucher is
authorization for the treasurer to issue a check.

webtrust engagements A CPA issues an opinion on a web site when the business and information privacy
practices, transaction integrity, and protection of customer information meet certain standards.

working papers (written audit documentation) Records kept by the auditor of procedures applied, tests
performed, information obtained, and pertinent conclusions in the engagement.

write-off Cancellation of part or all of a balance. Costs incurred that have no future utility are charged
(written-off) to an expense or loss account, not carried forward as an asset.

write-up In dollar terms a write-up is an intentional increase in the carrying value of an asset. In narrative
terms a write-up is a description of something or some event.

Accounting Institute Seminars® (AIS) provides intensive author taught review courses for
people taking the United States CPA examination.

These seminars are taught in person by one of the two authors of the course and are
offered in a number of cities in the U.S. each year.

For information on the seminars, return to the CPA Exam Home Page at AIS-CPA.COM.

We also offer self study CPA exam books written by the same authors.

Most are available on-line, for download to your computer.

The electronic version is less expensive than paper books.

You can magnify pages on your screen, fill the screen (view - full screen), search for terms,
and print pages.

Best of all, you can start studying it now instead of waiting days for it to arrive!

For more information on e-books or for paper copies, refer to CPA REVIEW SELF
STUDY BOOKS.
Call AIS Toll Free at (800) 635-9442
A real person in the Mountain Time zone answers this number weekdays between 9 and 5.

AIS...We provide the formula...


Comments or questions to Yvette at yvetteh (at sign) AIS-CPA.com

Copyright© 1995-2008 Accounting Institute Seminars®, Inc.

All Rights Reserved


Skip logo, search and navigation. Go to the Content

Top of Form
default_collection default_frontend xml_no_dtd default_frontend 3CHOME/%3E

Search

Search

Bottom of Form
UoB » Schools and Departments » Internal Audit » Resources and Publications » Internal Audit Terms of
Reference »

Navigation Section
Skip fast find section and go to the main content

Top of Form
Fast find

Fast find

Go

Bottom of Form

• »
Internal Audit Homepage

• »
Staff

• »
Resources and Publications

• »
Our Service Commitment

• »
HEFCE Code of Practice

• »
Internal Audit Terms of Reference

• »
Audit Committee Terms of Reference

• »
Code of Practice on Corporate Governance

• »
Who we are/What we do

• »
The Audit Process

• »
Our Services

• »
Managing Risks

• »
Useful Links

• »
FAQs

Internal Audit Terms of Reference


Introduction
Scope
Responsibilities
Standards
Approach
Independence
Access
Reporting
Liaison
Introduction
1. The Internal Audit Service is responsible for conducting an independent appraisal of all the
University's activities, financial and otherwise. It provides a service to the whole University,
including Council and all levels of management. It is not an extension of, nor a substitute for,
good management. The Internal Audit Service is responsible for giving assurance to Council and
the Designated Officer (the Vice-Chancellor) on all control arrangements. It also assists
management by evaluating and reporting to them the effectiveness of the controls for which they
are responsible. It remains the duty of management, not the Head of Internal Audit, to operate an
adequate system of internal control. It is for management to determine whether or not to accept
audit recommendations and to recognise and accept the risks of not taking action.
Back to top
Scope
2. All the institution's activities, funded from whatever source, fall within the remit of the internal
audit service. The internal audit service will consider the adequacy of controls necessary to
secure propriety, economy, efficiency and effectiveness in all areas. It will seek to confirm that
management have taken the necessary steps to achieve these objectives and manage the
associated risks.

The scope of internal audit work should cover all operational and management controls and
should not be restricted to the audit of systems and controls necessary to form an opinion on the
financial statements. This does not imply that all systems will be subject to review, but that all
will be included in the audit risk assessment and hence considered for review following the
assessment of risk. It follows that if internal audit is to give an opinion on the whole system then
that will include academic operations. The role of internal audit in this area is to confirm that
there are adequate systems for the management of teaching and learning and research. For
example, internal audit could confirm that the examination system is operating effectively and
meeting its objectives, but this does not mean that internal audit should form academic
judgements. Similarly, internal audit might review a research grant to ensure that the
requirements of the grant have been met, but it should not form a view on the merit of the
research undertaken.
3. It is not within the remit of the Internal Audit Service to question the appropriateness of policy
decisions. However, the Internal Audit Service is required to examine the arrangements by which
such decisions are made, monitored and reviewed.
4. The Internal Audit Service may also conduct any special reviews requested by Council, Audit
Committee or the Designated Officer (the Vice-Chancellor), provided such reviews do not
compromise its objectivity, independence or achievement of the approved audit plan.
Back to top
Responsibilities
5. The Head of Internal Audit is required to give an annual opinion to Council and the Vice-
Chancellor, through the Audit Committee, on the adequacy and effectiveness of the whole
internal control system within the University, and the extent to which Council can rely on it. S/he
will also comment on other activities for which Council is responsible, and to which the Internal
Audit Service has access. The Head of Internal Audit gives an opinion on whether the control
arrangements, including those for economy, efficiency and effectiveness, are adequate and
properly applied.
6. To provide the required assurance, the internal audit service will undertake a programme of
work, based on a strategy authorised by the governing body on the advice of the audit
committee. The programme will evaluate the arrangements in place:
a. To establish and monitor the achievement of organisational objectives.

b. To identify, assess and manage risks to those objectives.

c.To advise on, formulate and evaluate policy within the responsibilities of the designated officer.

d. To ensure compliance with policies, laws and regulations.

e. To ascertain the integrity and reliability of financial and other information provided to
management and stakeholders, including that used in decision making.

f. To ascertain that systems of control are laid down and operate to promote the economic,
efficient and effective use of resources and to safeguard assets.
Back to top
Standards
7. The Internal Audit Service's work will be performed with due professional care, in accordance
with appropriate professional auditing practice and the standards laid down in the Auditing
Guideline “Guidance for Internal Auditors”. It will also have regard for H M Treasury Standards,
the Government Internal Audit Standards, and will comply with the HEFCE Audit Code of Practice.

In achieving its objectives the internal audit service will develop and implement an audit strategy
that assesses the institution’s arrangements for risk management, control and governance and
for achieving value for money.

8. The Head of Internal Audit is responsible for implementing measures to monitor the
effectiveness of the service and compliance with standards. In addition, the Audit Committee
should consider and approve the performance measures used by internal audit, and should also
consider asking the external auditor to provide an independent assessment of internal audit's
effectiveness.
Back to top
Approach
9. In achieving its objectives the Internal Audit Service will:
a. Identify all elements of control systems on which it is proposed to rely, and establish a review
cycle.
b. Evaluate those systems, identify inappropriate or inadequate controls, and recommend
improvements in procedures or practices.
c. Ascertain that those systems of control are laid down and operate to promote the most
economic, efficient and effective use of resources.
d. Draw attention to any apparently uneconomical or otherwise unsatisfactory result flowing from
decisions, practices or policies.
e. Liaise with external auditors, and with the HEFCE Audit Service.
Back to top
Independence
10. The Internal Audit Service has no executive role, nor does it have any responsibility for the
development, implementation or operation of systems. However, it may provide advice on risk
management, control and governance, value for money and related matters subject to resource
constraints and the need to maintain objectivity. For day-to-day administrative purposes only, the
Head of Internal Audit reports to the Director of Finance. The Head of Internal Audit has right of
access to the Designated Officer.
11. Within the University, responsibility for risk management control and governance
assignments and value for money rests fully with council and management, who should ensure
that appropriate and adequate arrangements exist without reliance on the University’s Internal
Audit Service. To preserve the objectivity and impartiality of the internal auditors’ professional
judgement, responsibility for implementing audit recommendations rests with management.
Back to top
Access
12. The Internal Audit Service has rights of access to all of the University's records, information
and assets which it considers necessary to fulfil its responsibilities. Rights of access to other
bodies funded by the University should be set out in the conditions of funding. The Head of
Internal Audit has a right of direct access to the Chairman of Council, the Chairman of the Audit
Committee and the Vice-Chancellor. In turn, the Internal Audit Service agrees to comply with any
requests from the external auditors and the HEFCE Audit Service for access to any information,
files or working papers obtained or prepared during audit work that they need to discharge their
responsibilities.
Back to top
Reporting
13. The head of the internal audit service must submit an annual report to the governing body
and designated officer through the audit committee. The report must relate to the institution’s
financial year, and include any significant issues up to the date of preparing the report which
affect the opinion. The report should give an opinion on the adequacy and effectiveness of the
institution’s arrangements for:
• risk management, control and governance, and

• economy, efficiency and effectiveness

and the extent to which the governing body can rely on them. The auditor should also prepare,
before the beginning of the year, an audit risk assessment and strategy supported by an
assessment of resource needs. These should be submitted to the governing body for approval
following consultation with relevant managers and the designated officer, and after consideration
by the audit committee.
14. The Head of Internal Audit is accountable to the Designated Officer and Council through the
Audit Committee for the performance of the service. S/he should also report audit findings to
relevant managers (including the Designated Officer) and draw the attention of the Audit
Committee to key issues and recommendations.
15. The Internal Audit Service will usually produce its reports, in writing, within one month of
completion of each audit, giving an opinion on the system reviewed and making
recommendations to improve systems where appropriate. These reports are copied to the
Registrar and Secretary and may be copied to the Audit Committee. Managers are required to
respond to each audit report, usually within one month of issue, stating their proposed action
with a timetable for implementing agreed recommendations. Material recommendations will
usually be followed up some six to twelve months later. In addition the Audit Committee will
monitor the implementation of audit recommendations.
16. Any serious weaknesses, significant fraud or major accounting breakdown discovered during
the normal course of audit work will be reported to the Vice-Chancellor and, if necessary, to the
HEFCE Accounting Officer, the Chairman of the Audit Committee and the Chairman of Council.
Back to top
Liaison
17. The Internal Audit Service will liaise with the external auditors and the HEFCE Audit Service to
enhance the level of service it provides to the institution.

Footer Section
These pages are maintained by Internal Audit
University of Birmingham, Edgbaston, Birmingham, B15 2TT, UK
Tel: +44 (0)121 414 3344

Legal |Privacy |Accessibility |University contacts

Last Published: Thursday, 17-Jul-2008 21:36:45 BST

Top of Form

sector:accounting smartpro

Top of Form Search

choose
Choose an area of interest:
SmartPros Accou
Bottom of Form
Top of Form
Bottom of Form
Home | Member Services | News | Resource Library | Career Center | Professional Education | Marketplace | Investor Relations

Bottom of Form

Member Sign Up
Member Log On
Edit Member Profile
Newsletters
Editorial Inquiries
Privacy Policy
Reader Profile
About Us
Contact Us
Advertise

NewsLine
Columnists & Columns
Newsletters
Opinion Poll

Search Archives
Resources/Tools
Associations, Societies & Firms
Federal and State Link Library
Newsletters & Journals
CPA Exam Study Guides
Glossary of Terms

Search Jobs
Post Resume
Career Resources
Company Gallery
Professional Designations
Internships
Colleges & Universities
Post Jobs/Search Resumes

Login to Professional Education Center


Login to FMN Online
Login to CPA Report Online
Login to FMN Self-Study PEC
Login to CPA Report Self-Study PEC
FMN Video Subscriber Center
CPA Report Video Subscriber Center
Accounting & Finance CPE Programs
Corporate Training
Ethics & Compliance
Association Reseller Program
e-Learning Consulting
Engineering Education Programs

Professional Education Center


Wiley Book Corner

Choose an area of interest:

Accounting | A & A | Ethics & Compliance | Financial Planning | HR & Training | International | Legal |
Corporate Finance | Students | Tax | Tech

Auditing Glossary of Terms


SmartPros and Accounting Institute Seminars® are proud to bring you an online glossary of auditing
terms. Definitions are provided by Accounting Institute Seminars. The words defined below all have
appeared on CPA exam questions, so they are worth knowing if you are studying for the auditing exam.
acceptance sampling is sampling to determine whether internal control compliance is greater than or
less than the tolerable deviation rate.
accounting and review services are official pronouncements covering compilation and review
engagements. Compilation is presenting in the form of financial statements information that is the
representation of management (owners) without expressing assurance. Review is inquiry and analytical
procedures to provide the accountant a basis for expressing limited assurance that there are no material
modifications that should be made to the statements for them to be in conformity with U.S. generally
accepted accounting.

accounting data includes journals, ledgers and other records, such as spreadsheets, that support
financial statements. It may be in computer readable form or on paper.

accounting estimate An approximation of a financial statement element. Estimates are included in


historical financial statements because some amounts are uncertain pending outcome of future events
and relevant data about events that have occurred cannot be accumulated on a timely, cost-effective
basis.
accounting principles are alternative ways of reporting and disclosing information in financial
statements and related footnotes.

accounts receivable Debts due from customers from sales of products and services. Normally a
current asset.

adjusting entries are accounting entries made at the end of an accounting period to allocate items
between accounting periods.

adverse An audit opinion that the financial statements as a whole are not in conformity with U.S.
GAAP.

advisory services are a consulting service in which the CPA develops the findings, conclusions, and
recommendations presented for client decision-making. This differs from attestation, where the CPA
expresses a conclusion about a written assertion of another.

aggregate (aggregated) Constituting the whole. Aggregate expenses include expenses of all divisions
combined for the entire year.

agreed-upon procedures An engagement where the client specifies procedures and the accountant
agrees to perform those procedures. An accountant may accept an engagement to apply agreed-upon
procedures to financial statement elements, where the scope of the engagement is not sufficient to
express an opinion, if the users assume responsibility for sufficiency of the procedures, and use of the
report is restricted to specified users.

AICPA or American Institute of Certified Public Accountants The professional organization of


CPAs in the U.S. It is a private organization of CPAs, not an arm of the government. Each state issues
CPA certificates, not the AICPA. Since each state makes its own laws, each state could prepare and
grade their own CPA examination. However, each state uses the uniform CPA exam prepared and
graded by the AICPA.

allocation Distribution according to a plan. Depreciation, amortization, and depletion are methods to
allocate costs to periods benefited.
allowance for doubtful accounts A contra asset account with a credit balance used to reduce the
carrying amount of accounts receivable to net realizable value. The allowance balance is the estimated
total of uncollectible accounts included in accounts receivable.

allowance for sampling risk The difference between a sample estimate and the projected population
characteristic at a specified sampling risk. This allowance is also the difference between the expected
error rate and the tolerable deviation rate.

analytical procedure A comparison of financial statement amounts with an auditor's expectation. An


example is to compare actual interest expense for the year (a financial statement amount) with an
estimate of what that interest expense should be. The estimate can be found by multiplying a
reasonable interest rate times the average balance of interest bearing debt outstanding during the year
(the auditor's expectation). If actual interest expense differs significantly from the expectation, the
auditor explains the difference in audit documentation.

analyze Identify and classify items for further study.

anticipated Expected.

application control Programmed procedure in application software designed to ensure completeness


and accuracy of information.

approve To authorize. A manager authorizes a cash payment by signing a voucher providing approval
for the disbursement.

arm's length transactions are transactions between people who have no relationship other than that
of buyer and seller. The price is the true fair market value of the goods or services sold. If you buy or
sell something to a close relative, you might give better terms than to an unrelated party, so the price
might not represent the true market value of the goods or services.

ascertain An audit procedure to determine or to discover with certainty. For example, to ascertain the
date on which an investment was purchased by examining source documents.
assertion Management asserts financial statements are correct with regard to existence or occurrence
of assets, liabilities or transactions, completeness of information in the financial statements, rights and
obligations at a point in time, appropriate valuation or allocation, presentation, and disclosure.

assess To determine the value, significance, or extent of.

assessed Determined. The level of control risk determined by the auditor, based on tests of controls, is
the assessed level of control risk.

assurance The level of confidence one has.

attest (attestation) report In an attest engagement, a practitioner issues a written conclusion about
the reliability of a written assertion that is the responsibility of another party.

attorney's letter is signed by the client's lawyer and addressed to the auditor. It is the auditor's
primary means to corroborate information furnished by management about litigation, claims, and
assessments.

attribute sampling The characteristic tested is a property that has only two possible values (an error
exists or it does not).

audit adjustment, whether or not recorded by the entity, is a proposed correction of the financial
statements that may not have been detected except through audit procedures.

audit committee A committee of the board of directors responsible for oversight of the financial
reporting process, selection of the independent auditor, and receipt of audit results.

audit documentation (working papers) are records kept by the auditor of procedures applied, tests
performed, information obtained, and pertinent conclusions reached in the engagement. The
documentation provides the principal support for the auditor's report.
audit objective In obtaining evidence in support of financial statement assertions, the auditor develops
specific audit objectives in light of those assertions. For example, an objective related to the
completeness assertion for inventory balances is that inventory quantities include all products,
materials, and supplies on hand.

audit planning is developing an overall strategy for the audit. The nature, extent, and timing of
planning varies with size and complexity of the entity, experience with the entity, and knowledge of the
entity's business.

audit risk A combination of the risk that material errors will occur in the accounting process and the
risk the errors will not be discovered by audit tests. Audit risk includes uncertainties due to sampling
(sampling risk) and to other factors (nonsampling risk).

Auditing Standards Board Statements on Auditing Standards are issued by the auditing standards
board, the body of the AICPA designated to issue auditing pronouncements.

authorize (authorization) To give permission for. A manager authorizes a transaction by signing a


voucher authorizing the disbursement.

backup A copy of a computer program or file stored separately from the original.

batch A set of computer data or jobs to be processed in a single program run.

Benford's law is a mathematical law that applies to any population of numbers derived from other
numbers (such as the dollar amount of a sale, found by multiplying the quantity sold times the unit
price). It holds that 30% of the time the first non-zero digit of this derived number will be one, and it
will be a nine only 4.6% of the time. Benford's law is used by auditors to identify fictitious populations
of numbers.

bill of lading A document issued by a carrier to a shipper, listing and acknowledging receipt of goods
for transport and specifying terms of delivery.
blind trust A financial arrangement in which a person avoids possible conflict of interest by transferring
financial affairs to a fiduciary who has sole asset management discretion. The person establishing the
trust also gives up the right to information regarding the assets.

cancel supporting documents To mark supporting documents as having been used to support a
transaction so the same documents can't be used to support another transaction. An example is
stamping vouchers "paid."

capitalized Recorded as an asset. A capitalized lease is in substance a purchase to the lessee. An asset
is recorded equal to the present value of the lease payments, which is also recorded as a liability.
Payments, partly interest and partly principal, are made on the lease liability. The lease asset is
depreciated by the lessee as though it were legally owned by the lessee.

caveat A warning or caution.

check digit A redundant digit added to a code to check accuracy of other characters in the code.

check register A listing of checks issued, normally in numeric sequence and in order by date issued.

classification Arrangement or grouping. Assets and liabilities are normally classified as current or
noncurrent.

collateralize To pledge property as security (collateral) for a debt.

collusion A secret agreement between two or more parties for fraud or deceit.

comfort letter A letter written by the auditor to an underwriter of securities, which expresses an
opinion about whether the audited financial statements and schedules in the registration statement
comply as to form with applicable accounting requirements of the Act and related rules and regulations
adopted by the SEC. Procedures performed are specified by the underwriter.
comparability Users evaluate accounting information by comparison. Similar companies account for
similar transactions in similar ways. Another goal is comparison of one company's information from one
period to the next (consistency). Operating trends should not be disguised by changing accounting
methods.

comparative Financial statements of a prior period shown with those of the current period to aid in
comparisons between periods.

compare (comparison) An audit procedure. The auditor observes similarities and differences among
similar items such as an account from one year to the next.

compensating balance An offsetting balance. A requirement by some banks that a borrower maintain
a minimum balance in a checking or savings account as a condition of a loan. The offsetting balance
increases the effective interest rate to the bank since the net amount loaned is reduced but the interest
paid is unchanged.

competence of an internal audit staff is a function of qualifications, including education, certification,


and supervision. Competent audit evidence is valid and reliable.

compile (compilation) A compilation is presenting in the form of financial statements information that
is the representation of management without expressing assurance. Compilation of a financial
projection is assembling prospective statements based on assumptions of a responsible party,
considering appropriateness of presentation, and issuing a compilation report. No assurance is provided
on the statements or underlying assumptions. The accountant need not be independent.

completeness Assertions about completeness deal with whether all transactions and accounts that
should be in the financial statements are included. For example, management asserts that all purchases
of goods and services are included in the financial statements. Similarly, management asserts that
notes payable in the balance sheet include all such obligations of the entity.

compliance Following applicable rules or laws.

comprehensive basis of accounting A complete set of rules other than U.S. GAAP applied to all
items in a set of financial statements. Examples include a basis of accounting required by a regulatory
agency, a basis of accounting the entity uses for its income tax return and the cash receipts and
disbursements basis.

computer controls Internal controls performed by computer (software controls) as opposed to manual
controls. Also means general and application controls over the computer processing of data.

condensed financial statements are presented in considerably less detail than complete financial
statements.

confirm (confirmation) Communication with outside parties to authenticate internal evidence.

consignment Transfer of possession but not title to goods. Title stays with the consignor, while the
consignee has possession.

consistency To achieve comparability of information over time, the same accounting methods must be
followed. If accounting methods are changed from period to period, the effects must be disclosed.

consulted Sought advice or information.

consulting services performed by CPAs include consultations, advisory services, implementation


services, product services, transaction services, and staff and support services.

contingency is an existing condition involving uncertainty as to possible gain (gain contingency) or loss
(loss contingency) that will be resolved by future events. Estimates, such as the useful life of an asset,
are not contingencies. Eventual expiration of the asset's utility is not uncertain.

continuing auditor is the auditor of the current year who also audited the financial statements of the
client for the previous year.

continuing accounting significance Matters of continuing accounting significance are those normally
included in the permanent audit documentation, such as the analysis of balance sheet accounts, and
those relating to contingencies. Such information from a prior year is used by the auditor in the current
year's audit and is updated each year.
control accounts are general ledger accounts that report totals of details included in subsidiary ledger
accounts. For example, Accounts Receivable is a general ledger account with a balance equal to the
total of the individual receivables included in the subsidiary accounts receivable ledger.

control A policy or procedure that is part of internal control.

control environment is the attitude, awareness, and actions of the board, management, owners, and
others about the importance of control. This includes integrity and ethical rules, commitment to
competence, board or audit committee participation, organizational structure, assignment of authority
and responsibility, and human resource policies and practices.

control policies and procedures Control activities are the policies and procedures that help ensure
management directives are carried out. Those pertinent to an audit include performance reviews,
information processing, physical controls and segregation of duties.

control risk The risk that material error in a balance or transaction class will not be prevented or
detected on a timely basis by internal controls.

controller An officer who supervises financial affairs of an entity. In internal control the controller is
often the person with record keeping (general ledger) responsibilities, as contrasted with asset custody,
management decision-making, and internal audit functions.

corroborate (corroborating) (corroboration) (corroborative) To strengthen with other evidence, to


make more certain.

count Enumerate some characteristic such as the number of items in inventory.

cumulative effect of changing to a new accounting principle is the effect on retained earnings at the
beginning of the current period. It is included in net income after extraordinary items. Only the direct
effect (net of income tax effect) is considered.

current ratio Total current assets divided by total current liabilities.


custodian One who has possession or is in charge of something. Some entities entrust investment
securities to a bank, which is custodian of the company's securities.

custody Possession.

cutoff Designating a point of termination. An auditor uses tests of cutoff to obtain evidence that
transactions for each year are included in the financial statements of the appropriate year.

defalcation To misuse or embezzle funds.

deficiency An internal control shortcoming or opportunity to strengthen internal controls.

detection risk The risk audit procedures will lead to a conclusion that material error does not exist
when in fact such error does exist.

detective control A control designed to discover an unintended event or result.

deviation Departure from prescribed internal control. Often expressed as a rate at which the departure
occurs.

disclaimer (disclaim) A statement that the auditor is unable to express an opinion as to the presentation
of financial statements in conformity with U.S. GAAP.

disclosure Revealing information. Financial statement footnotes are one way of providing necessary
disclosures.

discovery sampling Acceptance sampling (sampling to determine whether internal control compliance is
greater than or less than the tolerable deviation rate) when the expected attribute occurrence rate is
zero.

document (documentary) (documentation) Written or printed paper that bears information that can be
used to furnish decisive evidence. Could also be a recording, computer readable information, or a
photograph.

dual date If a major event comes to the auditor's attention between the report date and issuance of
the report, the financial statements may include the event as an adjustment or disclosure. The auditor
dual dates the audit report (as of the end of fieldwork, except footnote XX, which is dated later).

dual-purpose test Audit procedures are classified as substantive tests or tests of controls. If a
procedure provides both types of evidence it is a dual-purpose test.

EDI or Electronic Data Interchange is the use of communication between an entity and customers or
suppliers to transact business electronically. Purchase, shipping, billing, cash receipt, and cash
disbursements can be completed entirely by exchanging electronic messages.

edit check Reasonableness, validity, limit, and completeness tests that are programmed routines
designed to check input data and processing results for completeness, accuracy and reasonableness.

EDP or Electronic Data Processing Processing of information by computer as opposed to handwritten


records.

effective income tax rate The income tax provision (expense) shown on an income statement divided
by pretax income. This differs from the statutory rate because of deductions, credits, and exclusions.

effective internal control Reasonable assurance that the entity’s operational objectives are achieved,
that published financial statements are reliably prepared, and applicable laws and regulations are
complied with.

effectiveness Producing a desired outcome. An audit procedure is effective if the evidence supports a
correct conclusion.

efficiency The ratio of the audit evidence produced to audit resources used.

embedded control performance deals with unexpected changes to data.


embezzlement To take assets in violation of trust.

encryption is scrambling data so it is meaningless to anyone but the intended recipient, who has the
key to unscramble the data.

engagement letter A letter that represents the understanding about the engagement between the
client and the CPA. The letter identifies the financial statements and describes the nature of procedures
to be performed. It includes an explanation of the objectives of the procedures, an explanation that the
financial information is the responsibility of the company's management, and a description of the form
of report.

environment The control environment is the attitude, awareness, and actions of the board,
management, owners, and others about importance of control. It includes integrity and ethical rules,
commitment to competence, board or audit committee participation, organization structure, assignment
of authority and responsibility, and human resource policies and practices.

error Unintentional misstatements or omissions in financial statements. Errors may involve mistakes in
gathering or processing accounting data, incorrect estimates from oversight or misinterpretation of
facts, and mistakes in application of principles relating to amount, classification, presentation or
disclosure.

estimation sampling is sampling to estimate the actual value of a population characteristic within a
range of tolerable misstatement.

evidence (evidential matter) includes written and electronic information (such as checks, records of
electronic fund transfers, invoices, contracts, and other information) that permits the auditor to reach
conclusions through reasoning.

examination is evaluating the preparation of prospective statements, support underlying assumptions,


and presentation. The accountant reports whether, in his or her opinion, the statements conform to
AICPA guidelines and assumptions provide a reasonable basis for the responsible party's forecast. The
accountant should be independent, proficient, plan the engagement, supervise assistants, and obtain
sufficient evidence to provide a reasonable basis for the report.
examine (examining) As an audit procedure, to examine something is to look at it critically.

except for A qualified opinion. An auditor can qualify the audit opinion for both departures from U.S.
GAAP in the financial statements and restrictions on the scope of the audit. The opinion paragraph of
the qualified report is worded "In our opinion, except for..."

execute (execution) To carry out an internal control procedure, such as to sign and mail a check after
inspecting supporting documents.

existence Assertions about existence deal with whether assets or liabilities exist at a given date. For
example, management asserts that finished goods inventories in the balance sheet are available for
sale.

expenditure Cash paid or liability incurred.

explanatory A paragraph added to an audit report to explain something, such as the reason for a
qualified or adverse opinion.

explicitly Fully and clearly expressed, leaving nothing implied.

extend means to multiply one number by another (to test extensions is to test the accuracy of
multiplication done by the client). To extend audit procedures is to apply additional audit procedures to
obtain more evidence.

FASAB or Federal Accounting Standards Advisory Board An organization that sets GAAP in the
U.S. for federal government entities.

FASB or Financial Accounting Standards Board A nongovernment private organization that sets
GAAP in the U.S. for profit making entities and not-for-profit nongovernmental organizations.

field work The performance of audit procedures outside the CPA's office. Much field work, but not all, is
done in the client's offices after the balance sheet date.
FIFO or First In First Out inventory cost flow.

financial forecasts are prospective financial statements that present expected future financial
position, results of operations, and cash flows based on expected conditions. A financial forecast is of
the most likely future scenario.

financial projections are prospective financial statements that present, given one or more
hypothetical assumptions, an entity's expected financial position, results of operations, and changes in
financial position. A financial projection includes several alternative scenarios while a forecast is the
single most likely scenario.

financial institution confirmation request A confirmation sent to the client's bank or other financial
institution asking the bank to confirm directly to the auditor information about balances at a particular
date.

flowchart A schematic representation of a sequence of operations in an accounting system or computer


program. Also called a flow diagram or flow sheet.

foot a column is to add a column of numbers.

fraud A deliberate deception to secure unfair or unlawful gain. False representation intended to deceive
relied on by another to that person's injury. Fraud includes fraudulent financial reporting undertaken to
render financial statements misleading, sometimes called management fraud, and misappropriation of
assets, sometimes called defalcations.

GAAP or Generally Accepted Accounting Principles According to Rule 203 of the AICPA Code of
Professional Conduct, GAAP for nongovernment entities include (in a conflict the source earlier in the list
prevails): 1. FASB Statements and Interpretations, APB Opinions, ARBs. 2. FASB Technical Bulletins,
AICPA Guides and AICPA Statements of Position. 3. Positions of the FASB Emerging Issues Task Force
and AICPA Practice Bulletins. 4. AICPA accounting interpretations, FASB staff "Qs and As", and widely
recognized industry practices. 5. FASB Concepts Statements, textbooks, articles.

GAAS or Generally Accepted Auditing Standards The ten auditing standards adopted by the
membership of the AICPA. Auditing standards differ from audit procedures in that "procedures" relate to
acts to be performed, whereas "standards" deal with measures of the quality of the performance of
those acts and objectives of the procedures.

GASB or Government Accounting Standards Board A nongovernment private organization that sets
GAAP in the United States for governmental entities.

general controls Policies and procedures to assure proper operation of computer systems, including
controls over data center and network operations, software acquisition and maintenance, and access
security.

general journal A book of original entry in a double-entry system. The journal lists transactions and
indicates accounts to which they are posted. The general journal includes all transactions not included in
specialized journals used for cash receipts, cash disbursements, and other common transactions.

general ledger A record to which monetary transactions are posted (in the form of debits and credits)
from a journal. It is the final record from which financial statements are prepared. General ledger
accounts are often control accounts that report totals of details included in subsidiary ledgers.

general standard In the ten U.S. generally accepted auditing standards there are three general
standards: 1. The examination is to be performed by a person or persons having adequate technical
training and proficiency as an auditor. 2. In all matters relating to the assignment, an independence in
mental attitude is to be maintained by the auditor. 3. Due professional care is to be exercised in
performing the examination and preparation of the report.

generalized audit software Packaged computer programs used on a variety of computers during
audit field work to read computer files, select information, perform calculations, create data files, and
print reports in a format specified by the auditor.

going concern assumption assumes the company will continue in operation long enough to realize its
investment in assets through operations (as opposed to sale). Presenting assets at historical cost is
justified by assuming productive assets will be used rather than sold. This makes market values
irrelevant and supports accounting methods that match the actual cost of an asset to periods benefited.

Government Auditing Standards A book issued by the comptroller general of the United States,
sometimes called the "yellow book." Government Auditing Standards contains standards for audits of
government organizations, programs, activities, and functions and of government assistance received
by contractors, not-for-profit organizations, and other nongovernment organizations. These standards,
which include designing the audit to provide reasonable assurance of detecting material misstatements
resulting from noncompliance with provisions of contracts or grant agreements that have a direct and
material effect on determination of financial statement amounts, are followed when required by law,
regulation, agreement, contract, or policy. For financial audits, Government Auditing Standards
prescribes fieldwork and reporting standards beyond those required by GAAS.

gross margin percentage The gross margin from an income statement divided by net sales revenue.

hard copy A printed copy of information as opposed to information stored in computer readable form.

hardware A computer and associated physical equipment involved in data processing or communications
functions as opposed to software (the computer programs that provide instructions the computer
follows).

hardware control Computer controls built into physical equipment by the manufacturer.

hash total A control total that has no meaning in itself except for control, e.g., total social security
numbers of employees paid.

hedges protect an entity against the risk of adverse price or interest-rate movements on its assets,
liabilities, or anticipated transactions. A hedge avoids or reduces risk by counterbalancing losses with
gains on separate positions.

Image-processing systems scan documents into electronic images for storage. Reference and source
documents may not be retained after conversion.

immaterial Of no importance. Something in financial statements that will not change decisions of
investors.

implicitly Implied or understood even though not directly expressed.

implied control performance deals with expected changes to data.


incompatible duties Internal control systems rely on separation of duties to reduce the chance of
errors or fraud. Duties are incompatible if they should be separated for control. For example, one
person should not be in a position to both embezzle funds and to hide the embezzlement by changing
the recorded accountability.

incorrect acceptance The risk of incorrect acceptance is the risk the sample supports the conclusion
that the recorded balance is not materially misstated when it is materially misstated.

incorrect rejection The risk of incorrect rejection is the risk the sample supports the conclusion that
the recorded balance is materially misstated when it is not materially misstated.

independent In all matters relating to the assignment, an independence in mental attitude is to be


maintained by the auditors. This means freedom from bias, which is possible even when auditing one's
own business (independence in fact). However, it is important that the auditor be independent in
appearance (that others believe the auditor is independent).

information systems consist of infrastructure (physical and hardware components), software, people,
procedures (manual and automated), and data.

inherent limitation The potential effectiveness of an entity's internal control is subject to inherent
limitations. Human fallibility, collusion, and management override are examples.

inherent risk The susceptibility of a balance or transaction class to error that could be material, when
aggregated with other errors, assuming no related internal controls.

input control Computer controls designed to provide reasonable assurance that transactions are
properly authorized before processed by the computer, accurately converted to machine readable form
and recorded in the computer, that data files and transactions are not lost, added, duplicated or
improperly changed, and that incorrect transactions are rejected, corrected and, if necessary,
resubmitted on a timely basis.

inquire (inquiry) Ask questions of client personnel.


inspect (inspection) As an audit procedure, to scrutinize or critically examine a document. As part of
a CPA firm's quality control system, to monitor the effectiveness of the system.

integrated test facility A "dummy" unit (e.g., a department or employee) is established. Test
(fictitious) transactions are posted to the dummy unit during the normal processing cycle. If test
transactions are processed correctly that provides evidence that transactions of other units are
processed correctly as well.

integrity Consistent adherence to an ethical code. If client management lacks integrity the auditor
must be more skeptical than usual.

interim audit procedures are done during the year under audit, before year-end.

interim financial information is financial statements of a time period less than a full year.

internal auditors are employees of the client responsible for providing analyses, evaluations,
assurances, recommendations, and other information to the entity's management and board. An
important responsibility of internal auditors is to monitor performance of controls.

internal control Policies and procedures designed to provide reasonable assurance that specific entity
objectives will be achieved. It consists of: the control environment, risk assessment, control activities,
information and communications, and monitoring.

internal control questionnaire A list of questions about the existing internal control system to be
answered (with answers such as yes, no, or not applicable) during audit fieldwork. The questionnaire is
a part of the documentation of the auditor's understanding of the client's internal controls.

internal control weakness A defect in the design or operation of internal controls. A material
weakness is a reportable condition that does not reduce to a relatively low level the risk that material
errors or fraud would not be detected in a timely manner by employees in the normal course of their
duties.

introductory paragraph The first paragraph of the auditor's standard report, which identifies the
financial statements audited, states the financial statements are the responsibility of management and
that the auditor's responsibility is to express an opinion on the financial statements based on the audit.

inventory tag A tag attached to inventory items that identifies the inventory items to aid in counting
the physical inventory.

inverse The opposite or reverse. An inverse relationship between two variables means that when one
increases the other decreases.

investee The company in which an investment is held. Often used to describe an equity method
investment, in which the investor reports a share of the investee's net income.

invoice An itemized list of goods shipped or services rendered with costs.

ISB Independence Standards Board.

Go to J-Z Glossary

About SmartPros | Accounting Products | Professional Education | Marketing Services | Consulting | Engineering Products |
Contact Us
© 2007 SmartPros Ltd.

Internal
Audit Home
Internal Auditing Terms
Vision & A | B | C | D | E | F | G | H-I | J-M | N-O | P | Q | R | S | T | U-Z
Mission
Our Charter
Organizatio The standards and the accompanying Guidelines employ terms which have
n Chart been given the following meanings in the context of the Standards:
Contact
Information A
Ask the Activity Reports of the internal auditing department highlight significant
Auditors audit findings and recommendations and inform senior management and the
Affiliations board of any significant deviations from approved audit work schedules,
& Links staffing plans, and financial budgets, and the reasons for them. (110.01.6)
Publication Adequate Control is present if management has planned and organized
s (designed) in a manner which provides reasonable assurance that the
CPE organization's objectives and goals will be achieved efficiently and
Resource economically. (300.02.4)
Audit
Terms Analytical Auditing Procedures are performed by studying and comparing
relationships among both financial and non-financial information. The
Feedback
Form application of analytical auditing procedures is based on the premise that, in
the absence of known conditions to the contrary, relationships among
IU Home information may reasonably be expected to exist and continue. Examples of
Search contrary conditions include unusual or nonrecurring transactions or events;
accounting, organizational, operational, environmental, and technological
changes; inefficiencies; ineffectiveness; errors; irregularities, or illegal acts.
(420.01.1 b and c)
Appreciation means the ability to recognize the existence of problems or
potential problems and to determine the further research to be undertaken or
the assistance to be obtained. (250.01.4)
Audit Objectives are broad statements developed by internal auditors and
define intended audit accomplishments. (410.01.1a)
Audit Procedures are the tasks the internal auditor undertakes for
collecting, analyzing, interpreting, and documenting information during an
audit. Audit procedures are the means to attain audit objectives. (410.01.1a)
Audit Program is a document which lists the audit procedures to be
followed during an audit. The audit program also states the objectives of the
audit. (410.01.6a)
Audit Report is a signed, written document which presents the purpose,
scope, and results of the audit. Results of the audit may include findings,
conclusions (opinions), and recommendations. (430.01, 430.04 and
430.04.5)
Audit Scope refers to the activities covered by an internal audit. Audit scope
includes, where appropriate:
• Audit objectives
• Nature and extent of auditing procedures performed
• Time period audited
• Related activities not audited in order to delineate the boundaries of the
audit (430.04.4)
Audit Work Schedules include (a) what activities are to be audited; (b)
when they will be audited; and (c) the estimated time required, taking into
account the scope of the audit work planned and the nature and extent of
audit work performed by others. (520.04)
Audit Working Papers record the information obtained, the analyses made,
and conclusions reached during an audit. Audit working papers support the
bases for the findings and recommendations to be reported. (420.01.5 and
420.01.5c)
Auditable Activities consist of those subjects, units, or systems which are
capable of being defined and evaluated. Auditable activities may include:
• Policies, procedures, and practices
• Cost centers, profit centers, and investment centers
• General ledger account balances
• Information systems (manual and computerized)
• Major contracts and programs
• Organization units such as product or service lines
• Functions such as electronic data processing, purchasing, marketing,
production, finance, accounting, and human resources
• Financial statements
• Laws and regulations (520.04.5)
Auditee includes any individual, unit, or activity of the organization that is
audited.
Authorization implies that the authorizing authority has verified and
validated that the activity or transaction conforms with established policies
and procedures. (300.03.2a)
Authorizing includes initiating or granting permission to perform activities or
transactions. (300.03.2a)
Top of Page
B
Board includes boards of directors, audit committees of such boards, heads
of agencies or legislative bodies to whom internal auditors report, boards of
governors or trustees of nonprofit organizations, and any other designated
governing bodies of organizations.
C
Cause is the reason for the difference between the expected and actual
conditions (why the difference exists). (430.04.7c)
Charter of the internal auditing department is a formal written document
which defines the departments purpose, authority, and responsibility. The
charter should (a) establish the department's position within the
organization; (b) authorize access to records, personnel, and physical
properties relevant to the performance of audits; and (c) define the scope of
internal auditing activities. (110.01.4)
Code of Ethics of The Institute of Internal Auditors (IIA) sets forth standards
of conduct for Members of The IIA and Certified Internal Auditors to
effectively discharge their responsibilities. The Code of Ethics calls for high
standards of honesty, objectivity, diligence, and loyalty. (240.01)
Conclusions (Opinions) are the internal auditor's evaluations of the effects
of the findings on the activities reviewed. Conclusions usually put the
findings in perspective based upon their overall implications. (430.04.8)
Condition is the factual evidence which the internal auditor found in the
course of the examination (what does exist). (430.04.7b)
Conflicts of Interest refers to any relationship which is or appears to be not
in the best interest of the organization. A conflict of interest would prejudice
an individual's ability to carry out their duties and responsibilities objectively.
(280.01)
Control is any action taken by management to enhance the likelihood that
established objectives and goals will be achieved. Management plans,
organizes, and directs the performance of sufficient actions to provide
reasonable assurance that objectives and goals will be achieved. Thus,
control is the result of proper planning, organizing, and directing by
management. (300.06)
Control Environment refers to the attitude and actions of the board and
management regarding the significance of control within the organization.
The control environment provides the discipline and structure for the
achievement of the primary objectives of the system of internal control.
The control environment includes the following elements:
• Integrity and ethical values
• Management's philosophy and operating style
• Organizational structure
• Assignment of authority and responsibility
• Human resource policies and practices
• Competence of personnel (300.07.4)
Cost-Benefit Relationship means that the potential loss associated with
any exposure or risk is weighed against the cost to control it. (300.02.5)
Criteria are the standards, measures, or expectations used in making an
evaluation and/or verification (what should exist). (430.04.7a)
Top of Page
D
Detective Controls are actions taken to detect and correct undesirable
events which have occurred. (300.06.1)
Directing involves, in addition to accomplishing objectives and planned
activities, authorizing and monitoring performance, periodically comparing
actual with planned performance, and documenting these activities to
provide additional assurance that systems operate as planned. (300.03.2)
Directive Controls are actions taken to cause or encourage a desirable
event to occur. (300.06.1)
Director of Internal Auditing and Director identify the top position in an
internal auditing department. The term also includes such titles as General
Auditor, Chief Internal Auditor, Chief Audit Executive, and Inspector General.
Due Professional Care calls for the application of the care and skill
expected of a reasonably prudent and competent internal auditor in the
same or similar circumstances. Due professional care is exercised when
internal audits are performed in accordance with the Standards for the
Professional Practice of Internal Auditing. The exercise of due professional
care requires that.
• Internal auditors be independent of the activities they audit
• Internal audits be performed by those persons who collectively possess the
necessary knowledge, skills, and disciplines to conduct the audit properly
• Audit work be planned and supervised
• Audit reports be objective, clear, concise, constructive, and timely
• Internal auditors follow up on reported audit findings to ascertain that
appropriate action was taken (280.01)
Top of Page
E
Economical Performance accomplishes objectives and goals at a cost
commensurate with the risk. (300.02.7)
Effect is the risk or exposure the auditee organization and/or others
encounter because the condition is not the same as the criteria (the impact
of the difference). (430.04.7d)
Effective Control is present when management directs systems in such a
manner as to provide reasonable assurance that the organizations
objectives and goals will be achieved. (300.03.1)
Efficient Performance accomplishes objectives and goals in an accurate
and timely fashion with minimal use of resources. (300.02.6)
Error as it relates to internal audit reports is an unintentional misstatement
or omission of significant information in a final audit report. (430.03.1b)
External Auditors refers to those audit professionals who perform
independent annual audits of an organization's financial statements.
External Reviews of the internal auditing department are performed to
appraise the quality of the department's operations. External reviews should
be performed by qualified persons who are independent of the organizations
and who do not have either a real or apparent conflict of interest. (560.04)
Top of Page
F
Findings are pertinent statements of fact. Audit findings emerge by a
process of comparing what should be with what is. (430.04.6 and .7)
Flowchart is a representation, primarily through the use of symbols, of the
sequence of activities in a system (process, operation, function, or activity).
(420.01.5d)
Follow-up by internal auditors is defined as a process by which they
determine the adequacy, effectiveness, and timeliness of actions take by
management on reported audit findings. Such findings also include relevant
findings made by external auditors and others. (440.01.1)
Formal Internal Reviews are periodic self-assessments of the internal
auditing department to appraise the quality of the audit work performed.
These reviews generally are performed by a team or an individual selected
by the director of internal auditing. (560.03.1)
Fraud encompasses an array of irregularities and illegal acts characterized
by intentional deception. (280.01.1)
G
Goals are specific objectives of specific systems and may be otherwise
referred to as operating or program objectives or goals, operating standards,
performance levels, targets, or expected results. (300.02.2)
Guidelines are suitable means of meeting the General and Specific
Standards for the Professional Practice of Internal Auditing. (Introduction)
Top of Page
H-I
Illegal Acts refers to violations of laws and governmental regulations.
(280.01.1)
Independence allows internal auditors to carry out their work freely and
objectively. This concept requires that internal auditors be independent of
the activities they audit. Independence is achieved through organizational
status and objectivity. (100.01)
Information is data the internal auditor obtains during an audit to provide a
sound basis for audit findings and recommendations. Information should be
sufficient, competent, relevant, and useful. (420.01.2)
Internal Auditing is an independent appraisal function established within an
organization to examine and evaluate its activities as a service to the
organization. The objective of internal auditing is to assist members of the
organization in the effective discharge of their responsibilities. To this end,
internal auditing furnishes them with analyses, appraisals,
recommendations, counsel, and information concerning the activities
reviewed. The audit objective includes promoting effective control at
reasonable cost. (Introduction)
Internal Auditing Department includes any unit or activity within an
organization which performs internal auditing functions.
Internal Auditor is an individual within an organization's internal auditing
department who is assigned the responsibility of performing internal auditing
functions.
Internal Control is a process within an organization designed to provide
reasonable assurance regarding the achievement of the following primary
objectives:
• The reliability and integrity of information
• Compliance with policies, plans, procedures, laws, and regulations
• The safeguarding of assets
• The economical and efficient use of resources
• The accomplishment of established objectives and goals for operations or
programs (300.05)
Irregularity refers to the intentional misstatement or omission of significant
information in accounting records, financial statements, other reports,
documents or records. Irregularities include (a) fraudulent financial reporting
which renders financial statements misleading and (b) misappropriation of
assets. Irregularities involve:
• Falsification or alteration of accounting or other records and supporting
documents
• Intentional misapplication of accounting principles
• Misrepresentation or intentional omission of events, transactions, or other
significant information (280.01.1)
Top of Page
J-M
Management includes those individuals with responsibilities for setting
and/or achieving the organization's objectives.
Monitoring encompasses supervising, observing, and testing activities and
appropriately reporting to responsible individuals. Monitoring provides an
ongoing verification of progress toward achievement of objectives and goals.
(300.03.2b)
N-O
Objectives are the broadest statements of what the organization chooses to
accomplish. (300.02.1)
Objectivity is an independent mental attitude which requires internal
auditors to perform audits in such a manner that they have an honest belief
in their work product and that no significant quality compromises are made.
Objectivity requires internal auditors not to subordinate their judgment on
audit matters to that of others. (120.01 and .02)
Operations refers to the recurring activities of an organization directed
toward producing a product or rendering a service. such activities may
include, but are not limited to, marketing, sales, production, purchasing,
human resources, finance and accounting, and governmental assistance.
(350.01.1)
Top of Page
P
Preventive Controls are actions taken to deter undesirable events form
occurring. (300.06.1)
Proficiency means the ability to apply knowledge to situations likely to be
encountered and to deal with them without extensive recourse to technical
research and assistance. (250.01.1)
Programs refers to special purpose activities of an organization. such
activities include, but are not limited to, the raising of capital, sale of a
facility, fund-raising campaigns, new product or service introduction
campaigns, capital expenditures, and special purpose government grants.
(350.01.2)
Purpose Statements in audit reports describe the audit objectives and may,
where necessary, inform the reader why the audit was conducted and what
it was expected to achieve. (430.04.3)
Q
Quality Assurance is a program by which the director of internal auditing
evaluates the operations of the internal auditing department. The purpose of
the quality assurance program is to provide reasonable assurance that
internal auditing work conforms with the Standards for the Professional
Practice of Internal Auditing, the internal auditing department's charter, and
other applicable standards. The quality assurance program should include
the following elements:
• Supervision
• Internal reviews
• External reviews (560.01)
Top of Page
R
Ratio Analysis is the study of financial condition and performance through
ratios derived from items in the financial statements or from other financial or
non-financial information. (420.01.1h)
Reasonableness Test is a comparison of an estimated amount, calculated
by the use of relevant financial and non-financial information, with a
recorded amount. (420.01.1h)
Recommendations are actions the internal auditor believes necessary to
correct existing conditions or improve operations. (430.05.1)
Regression Analysis is a mathematical procedure which is used to
determine and measure the predictive relationship between one variable
(dependent variable) and one or more other variables (independent
variables). (420.01.1h)
Risk is the probability that an event or action may adversely affect the
organization or activity under audit. (410.01.1b and 520.04.2)
Risk Assessment is a systematic process for assessing and integrating
professional judgments about probable adverse conditions and/or events.
The risk assessment process should provide a means of organizing and
integrating professional judgments for development of the audit work
schedule. (520.04.10)
Risk Factors are the criteria used to identify the relative significance of, and
likelihood that, conditions and/or events may occur that could adversely
affect the organization. (520.04.6)
Top of Page
S
Scope Limitation is a restriction placed upon the internal auditing
department that precludes the department from accomplishing its objectives
and plans. Among other things, a scope limitation may restrict the:
• Scope defined in the charter
• Department's access to records, personnel, and physical properties relevant
to the performance of audits
• Approved audit work schedule
• Performance of necessary auditing procedures
• Approved staffing plan and financial budget (110.01.5b)
Senior Management refers to those individuals to whom the director of
internal auditing is responsible.
Significant is the level of importance or magnitude assigned to an item,
event, information, or problem by the internal auditor.
Significant Audit Findings are those conditions which, in the judgment of
the director of internal auditing, could adversely affect the organization.
Significant audit findings may include conditions dealing with irregularities,
illegal acts, errors, inefficiency, waste, ineffectiveness, conflicts of interest,
and control weaknesses. (110.01.6b)
Standards for the Professional Practice of Internal Auditing (the
Standards) are the criteria by which the operations of an internal auditing
department are evaluated and measured. They are intended to represent
the practice of internal auditing as it should be.
Statement of Responsibilities of Internal Auditing is a document which
presents in summary from the:
• Objective and scope of internal auditing
• Responsibility and authority of the internal auditing department
• Independence of internal auditors
Supervision is a continuing process, beginning with planning and ending
with the conclusion of the audit assignment. Supervision includes:
• Providing suitable instructions to subordinates at the outset of the audit and
approving the audit program
• Seeing that the approved audit program is carried out unless deviations are
both justified and authorized
• Determining that audit working papers adequately support the audit findings,
conclusions, and reports
• Making sure that audit reports are accurate, objective, clear, concise,
constructive, and timely
• Determining that audit objectives are being met (230.01 and .02)
Survey is a process for gathering information, without detailed verification,
on the activity being examined. The main purposes are to:
• Understand the activity under review
• Identify significant areas warranting special emphasis
• Obtain information for use in performing the audit
• Determine whether further auditing is necessary (410.01.5a)
System (process, operation, function, or activity) is an arrangement, a set,
or a collection of concepts, parts, activities, and/or people that are
connected or interrelated to achieve objectives and goals. (This definition
applies to both manual and automated systems.) A system may also be a
collection of subsystems operating together for a common objective or goal.
(300.02.3)
T
Trend Analysis is the analysis of the changes in a given item of information
over a period of time. (420.01.1h)
U-Z
Understanding means the ability to apply broad knowledge to situations
likely to be encountered, to recognize significant deviations, and to be able
to carry out the research necessary to arrive at reasonable solutions.
(250.01.3)
Top of Page
Issued by the Internal Auditing Standards Board, December 1995.