-
ASSURANCE SERVICES
OBJECTIVE EXAMINATION OF EVIDENCE FOR THE PURPOSE OF PROVIDING AN INDEPENDENT ASSESSMENT ON RISK MANAGEMENT, CONTROL, OR GOVERNANCE PROCESSES FOR AN ORGANIZATION
-
CHARTER
IN TERMS OF THE INTERNAL AUDIT ACTIVITY, A FORMAL WRITTEN DOCUMENT THAT DEFINES THE ACTIVITY'S PURPOSE, AUTHORITY AND RESPONSIBILITY.
-
ACCEPTABLE RISK LEVEL
A RISK LEVEL DERIVED FROM AN ORGANIZATION'S LEGAL AND REGULATORY COMPLIANCE RESPONSIBILITIES, ITS THREAT PROFILE, AND ITS BUSINESS DRIVERS AND IMPACTS.
-
CHANGE MANAGEMENT
THE CONTINUOUS PROCESS OF PLANNING AND DIRECTING CHANGES THAT OCCUR WITHIN AN ORGANIZATION TO ACHIEVE AN INTENDED RESULT.
-
ANALYTICAL REVIEW
A TYPE OF REVIEW THAT EXAMINES RELATIONSHIPS AMONG INFORMATION.
-
ACCEPTABLE RISK
A TYPE OF RISK THAT REVOLVES AROUND THE BUSINESS IMPACT THAT WOULD BE EXPERIENCED IF CERTAIN RISKS WERE REALIZED.
-
ACTIVE CONTROL
A TYPE OF CONTROL THAT PREVENTS OR DETECTS A DEVIATION FROM THE APPROVED PROCEDURE
-
ADEQUATE CONTROL
A LEVEL OF CONTROL THAT IS PRESENT IF MANAGEMENT HAS PLANNED AND ORGANIZED IN A MANNER THAT PROVIDES REASONABLE ASSURANCE THAT THE ORGANIZATION'S RISKS HAVE BEEN MANAGED EFFECTIVELY AND THAT THE ORGANIZATION'S GOALS AND OBJECTIVES WILL BE ACHIEVED EFFICIENTLY AND ECONOMICALLY.
-
BLOCK DIAGRAM
A PICTORIAL REPRESENTATION OF A PROCESS OR ACTIVITY, TYPICALLY INCLUDING A SERIES OF BOXES AND CONNECTING LINES TO INDICATE ASSOCIATED/ASSOCIATION AND DIRECTION/ORDER.
-
CERTIFICATION
THE SYSTEMATIC MEASUREMENT OF CHARACTERISTICS SUCH AS EDUCATION AND EXPERIENCE THAT RESULTS IN RECOGNITION OF AN INDIVIDUAL AS ONE WHO MEETS THE SUGGESTED KNOWLEDGE AND OTHER MINIMUM REQUIREMENTS FOR A POSITION OR A PROFESSION.
-
CHIEF AUDIT EXECUTIVE
(CAE)
THE TOP POSITION IN AN ORGANIZATION RESPONSIBLE FOR INTERNAL AUDIT ACTIVITIES
-
CODE OF ETHICS
PRINCIPLES RELEVANT TO THE PROFESSION AND PRACTICE OF INTERNAL AUDITING AND RULES OF CONDUCT THAT DESCRIBE BEHAVIOR EXPECTED OF INTERNAL AUDITORS.
-
COMPLIANCE
THE CONFORMITY AND ADHERENCE TO POLICIES, PLANS, PROCEDURES, LAWS, REGULATIONS, CONTRACTS, OR OTHER REQUIREMENTS.
-
CONFLICT
WHEN PARTIES DISAGREE OVER SUBSTANTIVE ISSUES OR WHEN EMOTIONAL ANTAGONISMS PREVAIL AND RESULT IN FRICTION BETWEEN PARTIES.
-
CONFLICT OF INTEREST
ANY RELATIONSHIP THAT IS OR APPEARS TO BE NOT IN THE BEST INTEREST OF THE ORGANIZATION; WOULD PREJUDICE AN INDIVIDUAL'S ABILITY TO PERFORM HIS OR HER DUTIES AND RESPONSIBILITIES OBJECTIVELY.
-
CONFLICT RESOLUTION
A SITUATION IN WHICH THE UNDERLYING REASONS FOR A CONFLICT ARE ELIMINATED.
-
CONSTRUCTIVE CONFLICT
A TYPE OF CONFLICT THAT LEADS TO BENEFICIAL RESULTS; CAN TRANSFORM THE WAYS IN WHICH INDIVIDUALS INTERACT AND IMPROVE THE QUALITY OF CONFLICT OUTCOMES.
-
CONSULTING SERVICES
ADVISORY AND RELATED CLIENT SERVICE ACTIVITIES, THE NATURE AND SCOPE OF WHICH ARE AGREED WITH THE CLIENT AND WHICH ARE INTENDED TO ADD VALUE AND IMPROVE AN ORGANIZATION'S GOVERNANCE, RISK MANAGEMENT, AND CONTROL PROCESSES WITHOUT THE INTERNAL AUDITOR ASSUMING MANAGEMENT RESPONSIBILITY.
-
CONTINUING PROFESSIONAL DEVELOPMENT
THE MEANS BY WHICH MEMBERS OF A PROFESSION MAINTAIN, IMPROVE, AND BROADEN KNOWLEDGE, SKILLS, AND COMPETENCE REQUIRED IN THEIR PROFESSIONAL LIVES.
-
CONTROL
ANY ACTION TAKEN BY MANAGEMENT, THE BOARD, AND OTHER PARTIES TO MANAGE RISK AND INCREASE THE LIKELIHOOD THAT ESTABLISHED OBJECTIVES AND GOALS WILL BE ACHIEVED.
-
CONTROL DEFICIENCY
A CONDITION THAT WARRANTS ATTENTION AS A POTENTIAL OR REAL SHORT COMING THAT LEAVES THE ORGANIZATION EXCESSIVELY AT RISK.
-
CONTROL ENVIRONMENT
THE ATTITUDE AND ACTIONS OF THE BOARD AND MANAGEMENT REGARDING THE SIGNIFICANCE OF CONTROL WITHIN THE ORGANIZATION; PROVIDES THE DISCIPLINE AND STRUCTURE FOR THE ACHIEVEMENT OF THE PRIMARY OBJECTIVES OF THE SYSTEM OF INTERNAL CONTROL.
-
CONTROL FRAMEWORK
A RECOGNIZED SYSTEM OF CONCEPTS ENCOMPASSING ALL ELEMENTS OF INTERNAL CONTROL.
-
CONTROL PROCESSES
THE POLICIES, PROCEDURES, AND ACTIVITIES THAT ARE PART OF A CONTROL FRAMEWORK, DESIGNED TO ENSURE THAT RISKS ARE CONTAINED WITHIN THE RISK TOLERANCES ESTABLISHED BY THE RISK MANAGEMENT PROCESS.
-
CONTROL SELF-ASSESSMENT
A VARIETY OF ASSESSMENT TECHNIQUES, INCLUDING FACILITATED WORKSHOPS AND SURVEYS, IN WHICH THE ASSESSMENT IS PERFORMED BY PEOPLE INVOLVED IN THE AREA OR PROCESS BEING ASSESSED RATHER THAN BY AN INDEPENDENT PARTY.
-
CORPORATE VALUES
AN ORGANIZATION'S STANDARDS OF BEHAVIOR.
-
DETECTIVE CONTROL
A TYPE OF CONTROL THAT IS REACTIVE AND THAT DETECTS UNDESIRABLE EVENTS THAT HAVE OCCURRED.
-
DIRECTIVE CONTROL
A TYPE OF CONTROL THAT IS PROACTIVE AND THAT CAUSES OR ENCOURAGES A DESIRABLE EVENT TO OCCUR; EXAMPLES INCLUDE: GUIDELINES, TRAINING PROGRAMS, INCENTIVE PLANS.
-
DYSFUNCTIONAL CONFLICT
TYPE OF CONFLICT THAT ERODES RELATIONSHIPS AND DERAILS PROGRESS TOWARD GOALS.
-
ENGAGEMENT
A SPECIFIC INTERNAL AUDIT ASSIGNMENT, TASK, OR REVIEW ACTIVITY, SUCH AS INTERNAL AUDIT, CONTROL SELF-ASSESSMENT REVIEW, FRAUD EXAMINATION OR CONSULTANCY.
-
ENGAGEMENT OBJECTIVES
BROAD STATEMENTS DEVELOPED BY INTERNAL AUDITORS THAT DEFINE INTENDED ENGAGEMENT ACCOMPLISHMENTS.
-
ENGAGEMENT WORK PROGRAM
A DOCUMENT THAT LISTS THE PROCEDURES TO BE FOLLOWED DURING AN ENGAGEMENT, DESIGNED TO ACHIEVE THE ENGAGEMENT PLAN.
-
ENTERPRISE RISK MANAGEMENT
(ERM)
A STRUCTURED, CONSISTENT, AND CONTINUOUS PROCESS ACROSS THE WHOLE ORGANIZATION FOR IDENTIFYING, ASSESSING, DECIDING ON RESPONSES TO, AND REPORTING ON OPPORTUNITIES AND THREATS THAT AFFECT THE ACHIEVEMENT OF ITS OBJECTIVES.
-
EVENT
AN INCIDENT OR OCCURENCE RESULTING FROM INTERNAL OR EXTERNAL SOURCES THAT AFFECTS THE IMPLEMENTATION OF STRATEGY OR ACHIEVMENT OF OBJECTIVES.
-
FLOWCHART
A GRAPHICAL REPRESENTATION OF THE ACTUAL OR IDEAL PATH FOLLOWED BY ANY SERVICE OR PRODUCT; PROVIDES A VISUAL SEQUENCE OF THE STEPS IN A PROCESS, ILLUSTRATES THE RELATIONSHIP BETWEEN PARTS AND IDENTIFIES WHAT THE PROCESS DOES OR SHOULD DO.
-
FRAUD
ANY ILLEGAL ACTS CHARACTERIZED BY DECEIT, CONCEALMENT OR VIOLATION OF TRUST.
-
FRAUD RISK
THE PROBABILITY THAT FRAUD WILL OCCUR AND THE POTENTIAL SEVERITY OR CONSEQUENCES TO THE ORGANIZATION WHEN IT OCCURS.
-
GOVERNANCE
THE COMBINATION OF PROCESSES AND STRUCTURES IMPLEMENTED BY THE BOARD IN ORDER TO INFORM, DIRECT, MANAGE, AND MONITOR THE ACTIVITIES OF THE ORGANIZATION TOWARD THE ACHIEVEMENT OF ITS OBJECTIVES.
-
INHERENT LIMITATIONS
LIMITATIONS OF RISK MANAGEMENT, CONTROL AND GOVERNANCE RELATED TO HUMAN JUDGMENT, RESOURCE LIMITATIONS, AND THE NEED TO BALANCE THE COSTS OF CONTROLS IN RELATION TO EXPECTED BENEFITS.
-
INHERENT RISKS
THE RISK DERIVED FROM THE ENVIRONMENT WITHOUT THE MITIGATING EFFECTS OF INTERNAL CONTROLS
-
INTERNAL AUDIT ACTIVITY
A DEPARTMENT, DIVISION, TEAM OF CONSULTANTS, OR OTHER PRACTITIONERS THAT PROVIDE INDEPENDENT, OBJECTIVE ASSURANCE, AND CONSULTING SERVICES DESIGNED TO ADD VALUE AND IMPROVE AN ORGANIZATION'S OPERATIONS.
-
INTERNAL AUDIT CRITERIA
THE BENCHMARKS AGAINST WHICH THE SUBJECT MATTER OF AN ENGAGEMENT CAN BE ASSESSED.
-
INTERNAL AUDITING
AN INDEPENDENT, OBJECTIVE, ASSURANCE AND CONSULTING ACTIVITY DESIGNED TO ADD VALUE AND IMPROVE AN ORGANIZATION'S OPERATIONS; BRING A SYSTEMATIC, DISCIPLINED APPROACH TO EVALUATE AND IMPROVE THE EFFECTIVENESS OF RISK MANAGEMENT, CONTROL AND GOVERNANCE PROCESSES.
-
INTERNAL CONTROL
A PROCESS DESIGNED TO PROVIDE REASONABLE ASSURANCE REGARDING THE ACHIEVEMENT OF OBJECTIVES IN THE CATEGORIES OF EFFECTIVENESS AND EFFICIENCY OF OPERATIONS, RELIABILITY OF FINANCIAL REPORTING, AND COMPLIANCE WITH APPLICABLE LAWS AND REGULATIONS.
-
INTERNAL CONTROL QUESTIONNAIRE
(ICQ)
A PRECONSTRUCTED ARRAY OF QUESTIONS USED TO ELICIT KEY INFORMATION ABOUT INTERNAL CONTROL.
-
MITIGATING CONTROLS
CONTROLS THAT COMPENSATE FOR THE LACK OF AN EXPECTED CONTROL; FOR EXAMPLE, CLOSE SUPERVISORY REVIEW MAY COMPENSATE FOR A LACK OF SEGREGATION OF DUTIES WHERE A SMALL STAFF SIZE MAKES PROPER SEGREGATION IMPRACTICAL.
-
NARRATIVES
A MAPPING PROCESS THAT PROVIDES A STEP-BY-STEP PICTURE OF A PROCESS IN A SINGLE DOCUMENT WITHOUT THE USE OF DETAILED SYMBOLS OR KEYS.
-
OPPORTUNITY
AS RELATED TO RISK, AN UNCERTAIN EVENT WITH A POSITIVE CONSEQUENCE.
-
PASSIVE CONTROL
A TYPE OF CONTROL THAT OPERATES WITHOUT HUMAN INTERVENTION; MAY BE BUILT INTO A COMPUTER SYSTEM OR A RELATIONSHIP OR PROCESS THAT POSSESSES CONTROL IMPLICATIONS.
-
PERVASIVE RISK
THE TYPE OF RISK FOUND THROUGHOUT THE ENVIRONMENT.
-
PREVENTATIVE CONTROL
A TYPE OF PROACTIVE CONTROL THAT DETERS UNDESIRABLE EVENTS FROM OCCURRING.
-
RESIDUAL RISK
THE RISK REMAINING AFTER MANAGEMENT TAKES ACTION TO REDUCE THE IMPACT AND LIKELIHOOD OF AN ADVERSE EVENT, INCLUDING CONTROL ACTIVITIES IN RESPONDING TO A RISK.
-
RISK
THE POSSIBILITY OF AN EVENT OCCURRING THAT WILL HAVE AN IMPACT ON THE ACHIEVEMENT OF OBJECTIVES; MEASURED IN TERMS OF IMPACT AND LIKELIHOOD.
-
RISK ANALYSIS
THE IDENTIFICATION OF RISK, THE MEASUREMENT OF RISK, AND THE PROCESS OF PRIORITIZING RISK OR SELECTING ALTERNATIVES BASED ON RISK.
-
RISK APPETITE
THE AMOUNT OF RISK AN ORGANIZATION IS WILLING TO ACCEPT IN PURSUIT OF VALUE.
-
RISK CLASSIFICATION
THE ASSIGNMENT OF RISK INTO CATEGORIES, SUCH AS FINANCIAL RISK, OPERATIONAL RISK, STRATEGIC RISK, OR REPUTATION RISK.
-
RISK IDENTIFICATION
THE METHOD OF RECOGNIZING POSSIBLE THREATS AND OPPORTUNITIES.
-
RISK MANAGEMENT
A PROCESS TO IDENTIFY, ASSESS, MANAGE, AND CONTROL POTENTIAL EVENTS OR SITUATIONS TO PROVIDE REASONABLE ASSURANCE REGARDING THE ACHIEVEMENT OF AN ORGANIZATION'S OBJECTIVES.
-
RISK MEASUREMENT
THE EVALUATION OF THE MAGNITUDE OF RISK.
-
RISK PRIORITIZATION
RANKING RISKS, FORMALLY OR INFORMALLY, FROM THE HIGHEST TO THE LOWEST.
-
RISK RESPONSE
THE ACTIONS TAKEN TO MANAGE RISK.
-
RISK TOLERANCE
THE ACCEPTABLE LEVELS OF VARIATION RELATIVE TO THE ACHIEVEMENT OF OBJECTIVES.
-
SECURITY RISK MANAGEMENT
THE PROCESSES AN ORGANIZATION PUTS INTO PLACE SO THAT SECURITY CONTROLS AND EXPENDITURES ARE FULLY COMMENSURATE WITH THE RISKS TO WHICH THE ORGANIZATION IS EXPOSED.
-
STAFFING
THE PROCESS OF IDENTIFYING HUMAN CAPITAL NEEDS FOR THE INTERNAL AUDIT FUNCTION AND INTERNAL AUDIT ACTIVITIES AND ENSURING THAT QUALIFIED INDIVIDUALS ARE AVAILABLE FOR ENGAGEMENTS.
|
|