CIA Audit Exam Part 1

  1. ASSURANCE SERVICES
    OBJECTIVE EXAMINATION OF EVIDENCE FOR THE PURPOSE OF PROVIDING AN INDEPENDENT ASSESSMENT ON RISK MANAGEMENT, CONTROL, OR GOVERNANCE PROCESSES FOR AN ORGANIZATION
  2. CHARTER
    IN TERMS OF THE INTERNAL AUDIT ACTIVITY, A FORMAL WRITTEN DOCUMENT THAT DEFINES THE ACTIVITY'S PURPOSE, AUTHORITY AND RESPONSIBILITY.
  3. ACCEPTABLE RISK LEVEL
    A RISK LEVEL DERIVED FROM AN ORGANIZATION'S LEGAL AND REGULATORY COMPLIANCE RESPONSIBILITIES, ITS THREAT PROFILE, AND ITS BUSINESS DRIVERS AND IMPACTS.
  4. CHANGE MANAGEMENT
    THE CONTINUOUS PROCESS OF PLANNING AND DIRECTING CHANGES THAT OCCUR WITHIN AN ORGANIZATION TO ACHIEVE AN INTENDED RESULT.
  5. ANALYTICAL REVIEW
    A TYPE OF REVIEW THAT EXAMINES RELATIONSHIPS AMONG INFORMATION.
  6. ACCEPTABLE RISK
    A TYPE OF RISK THAT REVOLVES AROUND THE BUSINESS IMPACT THAT WOULD BE EXPERIENCED IF CERTAIN RISKS WERE REALIZED.
  7. ACTIVE CONTROL
    A TYPE OF CONTROL THAT PREVENTS OR DETECTS A DEVIATION FROM THE APPROVED PROCEDURE
  8. ADEQUATE CONTROL
    A LEVEL OF CONTROL THAT IS PRESENT IF MANAGEMENT HAS PLANNED AND ORGANIZED IN A MANNER THAT PROVIDES REASONABLE ASSURANCE THAT THE ORGANIZATION'S RISKS HAVE BEEN MANAGED EFFECTIVELY AND THAT THE ORGANIZATION'S GOALS AND OBJECTIVES WILL BE ACHIEVED EFFICIENTLY AND ECONOMICALLY.
  9. BLOCK DIAGRAM
    A PICTORIAL REPRESENTATION OF A PROCESS OR ACTIVITY, TYPICALLY INCLUDING A SERIES OF BOXES AND CONNECTING LINES TO INDICATE ASSOCIATED/ASSOCIATION AND DIRECTION/ORDER.
  10. CERTIFICATION
    THE SYSTEMATIC MEASUREMENT OF CHARACTERISTICS SUCH AS EDUCATION AND EXPERIENCE THAT RESULTS IN RECOGNITION OF AN INDIVIDUAL AS ONE WHO MEETS THE SUGGESTED KNOWLEDGE AND OTHER MINIMUM REQUIREMENTS FOR A POSITION OR A PROFESSION.
  11. CHIEF AUDIT EXECUTIVE
    (CAE)
    THE TOP POSITION IN AN ORGANIZATION RESPONSIBLE FOR INTERNAL AUDIT ACTIVITIES
  12. CODE OF ETHICS
    PRINCIPLES RELEVANT TO THE PROFESSION AND PRACTICE OF INTERNAL AUDITING AND RULES OF CONDUCT THAT DESCRIBE BEHAVIOR EXPECTED OF INTERNAL AUDITORS.
  13. COMPLIANCE
    THE CONFORMITY AND ADHERENCE TO POLICIES, PLANS, PROCEDURES, LAWS, REGULATIONS, CONTRACTS, OR OTHER REQUIREMENTS.
  14. CONFLICT
    WHEN PARTIES DISAGREE OVER SUBSTANTIVE ISSUES OR WHEN EMOTIONAL ANTAGONISMS PREVAIL AND RESULT IN FRICTION BETWEEN PARTIES.
  15. CONFLICT OF INTEREST
    ANY RELATIONSHIP THAT IS OR APPEARS TO BE NOT IN THE BEST INTEREST OF THE ORGANIZATION; WOULD PREJUDICE AN INDIVIDUAL'S ABILITY TO PERFORM HIS OR HER DUTIES AND RESPONSIBILITIES OBJECTIVELY.
  16. CONFLICT RESOLUTION
    A SITUATION IN WHICH THE UNDERLYING REASONS FOR A CONFLICT ARE ELIMINATED.
  17. CONSTRUCTIVE CONFLICT
    A TYPE OF CONFLICT THAT LEADS TO BENEFICIAL RESULTS; CAN TRANSFORM THE WAYS IN WHICH INDIVIDUALS INTERACT AND IMPROVE THE QUALITY OF CONFLICT OUTCOMES.
  18. CONSULTING SERVICES
    ADVISORY AND RELATED CLIENT SERVICE ACTIVITIES, THE NATURE AND SCOPE OF WHICH ARE AGREED WITH THE CLIENT AND WHICH ARE INTENDED TO ADD VALUE AND IMPROVE AN ORGANIZATION'S GOVERNANCE, RISK MANAGEMENT, AND CONTROL PROCESSES WITHOUT THE INTERNAL AUDITOR ASSUMING MANAGEMENT RESPONSIBILITY.
  19. CONTINUING PROFESSIONAL DEVELOPMENT
    THE MEANS BY WHICH MEMBERS OF A PROFESSION MAINTAIN, IMPROVE, AND BROADEN KNOWLEDGE, SKILLS, AND COMPETENCE REQUIRED IN THEIR PROFESSIONAL LIVES.
  20. CONTROL
    ANY ACTION TAKEN BY MANAGEMENT, THE BOARD, AND OTHER PARTIES TO MANAGE RISK AND INCREASE THE LIKELIHOOD THAT ESTABLISHED OBJECTIVES AND GOALS WILL BE ACHIEVED.
  21. CONTROL DEFICIENCY
    A CONDITION THAT WARRANTS ATTENTION AS A POTENTIAL OR REAL SHORT COMING THAT LEAVES THE ORGANIZATION EXCESSIVELY AT RISK.
  22. CONTROL ENVIRONMENT
    THE ATTITUDE AND ACTIONS OF THE BOARD AND MANAGEMENT REGARDING THE SIGNIFICANCE OF CONTROL WITHIN THE ORGANIZATION; PROVIDES THE DISCIPLINE AND STRUCTURE FOR THE ACHIEVEMENT OF THE PRIMARY OBJECTIVES OF THE SYSTEM OF INTERNAL CONTROL.
  23. CONTROL FRAMEWORK
    A RECOGNIZED SYSTEM OF CONCEPTS ENCOMPASSING ALL ELEMENTS OF INTERNAL CONTROL.
  24. CONTROL PROCESSES
    THE POLICIES, PROCEDURES, AND ACTIVITIES THAT ARE PART OF A CONTROL FRAMEWORK, DESIGNED TO ENSURE THAT RISKS ARE CONTAINED WITHIN THE RISK TOLERANCES ESTABLISHED BY THE RISK MANAGEMENT PROCESS.
  25. CONTROL SELF-ASSESSMENT
    A VARIETY OF ASSESSMENT TECHNIQUES, INCLUDING FACILITATED WORKSHOPS AND SURVEYS, IN WHICH THE ASSESSMENT IS PERFORMED BY PEOPLE INVOLVED IN THE AREA OR PROCESS BEING ASSESSED RATHER THAN BY AN INDEPENDENT PARTY.
  26. CORPORATE VALUES
    AN ORGANIZATION'S STANDARDS OF BEHAVIOR.
  27. DETECTIVE CONTROL
    A TYPE OF CONTROL THAT IS REACTIVE AND THAT DETECTS UNDESIRABLE EVENTS THAT HAVE OCCURRED.
  28. DIRECTIVE CONTROL
    A TYPE OF CONTROL THAT IS PROACTIVE AND THAT CAUSES OR ENCOURAGES A DESIRABLE EVENT TO OCCUR; EXAMPLES INCLUDE: GUIDELINES, TRAINING PROGRAMS, INCENTIVE PLANS.
  29. DYSFUNCTIONAL CONFLICT
    TYPE OF CONFLICT THAT ERODES RELATIONSHIPS AND DERAILS PROGRESS TOWARD GOALS.
  30. ENGAGEMENT
    A SPECIFIC INTERNAL AUDIT ASSIGNMENT, TASK, OR REVIEW ACTIVITY, SUCH AS INTERNAL AUDIT, CONTROL SELF-ASSESSMENT REVIEW, FRAUD EXAMINATION OR CONSULTANCY.
  31. ENGAGEMENT OBJECTIVES
    BROAD STATEMENTS DEVELOPED BY INTERNAL AUDITORS THAT DEFINE INTENDED ENGAGEMENT ACCOMPLISHMENTS.
  32. ENGAGEMENT WORK PROGRAM
    A DOCUMENT THAT LISTS THE PROCEDURES TO BE FOLLOWED DURING AN ENGAGEMENT, DESIGNED TO ACHIEVE THE ENGAGEMENT PLAN.
  33. ENTERPRISE RISK MANAGEMENT
    (ERM)
    A STRUCTURED, CONSISTENT, AND CONTINUOUS PROCESS ACROSS THE WHOLE ORGANIZATION FOR IDENTIFYING, ASSESSING, DECIDING ON RESPONSES TO, AND REPORTING ON OPPORTUNITIES AND THREATS THAT AFFECT THE ACHIEVEMENT OF ITS OBJECTIVES.
  34. EVENT
    AN INCIDENT OR OCCURENCE RESULTING FROM INTERNAL OR EXTERNAL SOURCES THAT AFFECTS THE IMPLEMENTATION OF STRATEGY OR ACHIEVMENT OF OBJECTIVES.
  35. FLOWCHART
    A GRAPHICAL REPRESENTATION OF THE ACTUAL OR IDEAL PATH FOLLOWED BY ANY SERVICE OR PRODUCT; PROVIDES A VISUAL SEQUENCE OF THE STEPS IN A PROCESS, ILLUSTRATES THE RELATIONSHIP BETWEEN PARTS AND IDENTIFIES WHAT THE PROCESS DOES OR SHOULD DO.
  36. FRAUD
    ANY ILLEGAL ACTS CHARACTERIZED BY DECEIT, CONCEALMENT OR VIOLATION OF TRUST.
  37. FRAUD RISK
    THE PROBABILITY THAT FRAUD WILL OCCUR AND THE POTENTIAL SEVERITY OR CONSEQUENCES TO THE ORGANIZATION WHEN IT OCCURS.
  38. GOVERNANCE
    THE COMBINATION OF PROCESSES AND STRUCTURES IMPLEMENTED BY THE BOARD IN ORDER TO INFORM, DIRECT, MANAGE, AND MONITOR THE ACTIVITIES OF THE ORGANIZATION TOWARD THE ACHIEVEMENT OF ITS OBJECTIVES.
  39. INHERENT LIMITATIONS
    LIMITATIONS OF RISK MANAGEMENT, CONTROL AND GOVERNANCE RELATED TO HUMAN JUDGMENT, RESOURCE LIMITATIONS, AND THE NEED TO BALANCE THE COSTS OF CONTROLS IN RELATION TO EXPECTED BENEFITS.
  40. INHERENT RISKS
    THE RISK DERIVED FROM THE ENVIRONMENT WITHOUT THE MITIGATING EFFECTS OF INTERNAL CONTROLS
  41. INTERNAL AUDIT ACTIVITY
    A DEPARTMENT, DIVISION, TEAM OF CONSULTANTS, OR OTHER PRACTITIONERS THAT PROVIDE INDEPENDENT, OBJECTIVE ASSURANCE, AND CONSULTING SERVICES DESIGNED TO ADD VALUE AND IMPROVE AN ORGANIZATION'S OPERATIONS.
  42. INTERNAL AUDIT CRITERIA
    THE BENCHMARKS AGAINST WHICH THE SUBJECT MATTER OF AN ENGAGEMENT CAN BE ASSESSED.
  43. INTERNAL AUDITING
    AN INDEPENDENT, OBJECTIVE, ASSURANCE AND CONSULTING ACTIVITY DESIGNED TO ADD VALUE AND IMPROVE AN ORGANIZATION'S OPERATIONS; BRING A SYSTEMATIC, DISCIPLINED APPROACH TO EVALUATE AND IMPROVE THE EFFECTIVENESS OF RISK MANAGEMENT, CONTROL AND GOVERNANCE PROCESSES.
  44. INTERNAL CONTROL
    A PROCESS DESIGNED TO PROVIDE REASONABLE ASSURANCE REGARDING THE ACHIEVEMENT OF OBJECTIVES IN THE CATEGORIES OF EFFECTIVENESS AND EFFICIENCY OF OPERATIONS, RELIABILITY OF FINANCIAL REPORTING, AND COMPLIANCE WITH APPLICABLE LAWS AND REGULATIONS.
  45. INTERNAL CONTROL QUESTIONNAIRE
    (ICQ)
    A PRECONSTRUCTED ARRAY OF QUESTIONS USED TO ELICIT KEY INFORMATION ABOUT INTERNAL CONTROL.
  46. MITIGATING CONTROLS
    CONTROLS THAT COMPENSATE FOR THE LACK OF AN EXPECTED CONTROL; FOR EXAMPLE, CLOSE SUPERVISORY REVIEW MAY COMPENSATE FOR A LACK OF SEGREGATION OF DUTIES WHERE A SMALL STAFF SIZE MAKES PROPER SEGREGATION IMPRACTICAL.
  47. NARRATIVES
    A MAPPING PROCESS THAT PROVIDES A STEP-BY-STEP PICTURE OF A PROCESS IN A SINGLE DOCUMENT WITHOUT THE USE OF DETAILED SYMBOLS OR KEYS.
  48. OPPORTUNITY
    AS RELATED TO RISK, AN UNCERTAIN EVENT WITH A POSITIVE CONSEQUENCE.
  49. PASSIVE CONTROL
    A TYPE OF CONTROL THAT OPERATES WITHOUT HUMAN INTERVENTION; MAY BE BUILT INTO A COMPUTER SYSTEM OR A RELATIONSHIP OR PROCESS THAT POSSESSES CONTROL IMPLICATIONS.
  50. PERVASIVE RISK
    THE TYPE OF RISK FOUND THROUGHOUT THE ENVIRONMENT.
  51. PREVENTATIVE CONTROL
    A TYPE OF PROACTIVE CONTROL THAT DETERS UNDESIRABLE EVENTS FROM OCCURRING.
  52. RESIDUAL RISK
    THE RISK REMAINING AFTER MANAGEMENT TAKES ACTION TO REDUCE THE IMPACT AND LIKELIHOOD OF AN ADVERSE EVENT, INCLUDING CONTROL ACTIVITIES IN RESPONDING TO A RISK.
  53. RISK
    THE POSSIBILITY OF AN EVENT OCCURRING THAT WILL HAVE AN IMPACT ON THE ACHIEVEMENT OF OBJECTIVES; MEASURED IN TERMS OF IMPACT AND LIKELIHOOD.
  54. RISK ANALYSIS
    THE IDENTIFICATION OF RISK, THE MEASUREMENT OF RISK, AND THE PROCESS OF PRIORITIZING RISK OR SELECTING ALTERNATIVES BASED ON RISK.
  55. RISK APPETITE
    THE AMOUNT OF RISK AN ORGANIZATION IS WILLING TO ACCEPT IN PURSUIT OF VALUE.
  56. RISK CLASSIFICATION
    THE ASSIGNMENT OF RISK INTO CATEGORIES, SUCH AS FINANCIAL RISK, OPERATIONAL RISK, STRATEGIC RISK, OR REPUTATION RISK.
  57. RISK IDENTIFICATION
    THE METHOD OF RECOGNIZING POSSIBLE THREATS AND OPPORTUNITIES.
  58. RISK MANAGEMENT
    A PROCESS TO IDENTIFY, ASSESS, MANAGE, AND CONTROL POTENTIAL EVENTS OR SITUATIONS TO PROVIDE REASONABLE ASSURANCE REGARDING THE ACHIEVEMENT OF AN ORGANIZATION'S OBJECTIVES.
  59. RISK MEASUREMENT
    THE EVALUATION OF THE MAGNITUDE OF RISK.
  60. RISK PRIORITIZATION
    RANKING RISKS, FORMALLY OR INFORMALLY, FROM THE HIGHEST TO THE LOWEST.
  61. RISK RESPONSE
    THE ACTIONS TAKEN TO MANAGE RISK.
  62. RISK TOLERANCE
    THE ACCEPTABLE LEVELS OF VARIATION RELATIVE TO THE ACHIEVEMENT OF OBJECTIVES.
  63. SECURITY RISK MANAGEMENT
    THE PROCESSES AN ORGANIZATION PUTS INTO PLACE SO THAT SECURITY CONTROLS AND EXPENDITURES ARE FULLY COMMENSURATE WITH THE RISKS TO WHICH THE ORGANIZATION IS EXPOSED.
  64. STAFFING
    THE PROCESS OF IDENTIFYING HUMAN CAPITAL NEEDS FOR THE INTERNAL AUDIT FUNCTION AND INTERNAL AUDIT ACTIVITIES AND ENSURING THAT QUALIFIED INDIVIDUALS ARE AVAILABLE FOR ENGAGEMENTS.
Author
jnelson
ID
61188
Card Set
CIA Audit Exam Part 1
Description
Certified Internal Audit Exam Part 1
Updated