CIA Exam 1: Glossary

  1. Add Value
    the internal audit activity adds value to the organization when it provides objective and relevant assurance, and contributes to the effectiveness and efficiency of governance, risk management, and control processes
  2. Adequate Control
    Present if management has planned and organized in a manner that provides reasonable assurance that the organization's risks have been managed effectively and that the organization's goals and objectives will be achieved efficiently and economically
  3. Assurance Services
    An objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization
  4. Board
    An organization's governing body. Any designated body of the organization, including the audit committee whom the chief audit executive may functionally report
  5. Charter
    The internal audit charter is a formal document that defines the internal audit activity's purpose, authority, and responsibility. The internal audit charter establishes the internal audit activity's position within the organization; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities
  6. Chief Audit Executive
    CAE describes a person in a senior position responsible for effectively managing the internal audit activity in accordance with the internal audit charter and the Definition of Internal Auditing, the Code of Ethics, and the Standards. The CAE or others reporting to the CAE will have appropriate professional certifications and qualifications. The specific job title of the CAE may vary across organizations.
  7. Code of Ethics
    Principles relevant to the profession and practice of internal auditing, and Rules of Conduct that describe behavior expected of internal auditors. The Code of Ethics applies to both parties and entities that provide internal audit services. the purpose of the Code of Ethics is to promote and ethical culture in the global profession of internal auditing
  8. Compliance
    Adherence to policies, plans, procedures, laws, regulations, contracts, or other requirements
  9. Conflict of Interest
    Any relationship that is, or appears to be, not in the interest of the organization. A conflict of interest would prejudice an individual's ability to perform his or her duties and responsibilities objective
  10. Consulting Services
    Advisory and related client service activities, the nature and scope of which are agreed with the client, are intended to add value and improve an organization's governance, risk management, and control processes without the internal auditor assuming management responsibility. Examples include counsel, advice, facilitation, and training
  11. Control
    Any action taken by management, the board, and other paries to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved
  12. Control Environment
    • The attitude and actions of the board and management regarding the importance of control within the organization. The control environment provides the discipline and structure for the achievement of the primary objectives of the system of internal control. The control environment includes:
    • Integrity and ethical values
    • Management's philosophy and operating style
    • Organizational structure
    • Assignment of authority and responsibility
    • Human resource policies and practices
    • Competence of personnel
  13. Control Processes
    The policies, procedures, and activities that are part of a control framework, designed to ensure that risks are contained within the risk tolerances established by the risk management process
  14. Engagement
    A specific internal audit assignment, task, or review activity, such as an internal audit, control self-assessment review, fraud examination, or consultancy. An engagement may include multiple tasks or activities designed to accomplish a specific set of related objectives
  15. Engagement Objectives
    Borad statements developed by internal auditors that define intended engagement accomplishments
  16. Engagement Work Program
    A document that lists the procedures to be followed during an engagement, designed to achieve the engagement plan
  17. External Service Provider
    A person or firm outside of the organization that has special knowledge, skill, and experience in a particular discipline
  18. Fraud
    Any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage
  19. Governance
    The combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives
  20. Impairment
    Impairment to organizational independence and individual objectivity may include personal conflict of interest, scope limitations, restrictions on access to records, personnel, and properties, and resource limitations
  21. Independence
    The freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner
  22. Information Technology Governance
    Consists of the leadership, organizational structures, and processes that ensure that the enterprise's information technology supports the organization's strategies and objectives
  23. Information Technology Controls
    Controls that support business management and governance as well as provide general and technical controls over information technology infrastructures such as applications, information, infrastructure, and people
  24. Internal Audit Activity
    A department, division, team of consultants, or other practitioner(s) that provides independent, objective assurance and consulting services designed to add value and improve an organization's operations. The internal audit activity helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management and control processes
  25. International Professional Practices Framework
    The conceptual framework that organizes the authoritative guidance promulgated by the IIA. Authoritative Guidance is comprised of two categories: mandatory and strongly recommended
  26. Must
    The Standards use the word "must" to specify an unconditional requirement
  27. Objectivity
    An unbiased mental attitude that allos internal auditors to perform engagements in such a manner that they believe in their work product and that no quality compromises are made. Objectivity requires that internal auditors do not subordinate their judgement on audit matters to others.
  28. Residual Risk
    The risk remaining after management takes action to reduce the impact and likelihood of an adverse event, including control activities in responding to a risk
  29. Risk
    The possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood.
  30. Risk Appetite
    The level of risk that an organization is willing to accept
  31. Risk Management
    A process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization's objectives
  32. Should
    The standards us the word "should" where conformance is expected unless, when applying professional judgement, circumstances justify deviation
  33. Significace
    The relative importance of a matter within the context in which it is being considered, including quantitative and qualitative factors, such as magnitude, nature, effect, relevance, and impact. Professional judgement assists internal auditors when evaluating the significance of matters within the context of the relevant objectives
  34. Standard
    A professional pronouncement promulgated by the Internal Audit Standards Board that delineates the requirements for performing a broad range of internal audit activities, and for evaluating internal audit performance
  35. Technology-based Audit Techniques
    Any automated audit tool, such as generalized audit software, test data generators, computerized audit programs, specialized audit utilities, and computer-assisted audit techniques (CAATs)
Card Set
CIA Exam 1: Glossary
CIA Exam 1: Glossary