Flashcards in Terms Deck (27)
A document approved by those charged with governance that defines the purpose, authority and responsibility of the internal audit activity.
The charter should:
• Establish the internal audit function’s position within the enterprise
• Authorise access to records, personnel and physical properties relevant to the performance of IS audit and assurance engagements
• Define the scope of the audit function’s activities
A specific audit assignment, task or review activity
The freedom from conditions that threaten objectivity or the appearance of objectivity. Such threats to objectivity must be managed at the individual auditor, engagement, functional and organisational levels. Independence includes
Independence of mind and Independence in appearance.
A condition that causes a weakness or diminished ability to execute audit objectives
Independence in Appearance
The avoidance of facts and circumstances that are so significant that a reasonable
and informed third party would be likely to conclude, weighing all the specific facts and circumstances, that a firm, audit function or a member of the audit team’s integrity, objectivity or professional scepticism has been compromised.
Independence of Mind
The state of mind that permits the expression of a conclusion without being
affected by influences that compromise professional judgement, thereby allowing an individual to act with integrity and exercise objectivity and professional scepticism.
The ability to exercise judgement, express opinions and present recommendations
A formal statement expressed that
describes the scope of the audit, the procedures used to produce the report and
whether or not the findings support that the audit criteria have been met.
The types of opinions are:
• Unqualified opinion—Notes no exceptions or none of the exceptions noted a
ggregate to a significant deficiency
• Qualified opinion—Notes exceptions aggregated to a significant deficiency (
but not a material weakness)
• Adverse opinion—Notes one or more significant deficiencies aggregating to a m
Note: A disclaimer of opinion it is issued when the auditor is unable to obtain s
ufficient appropriate audit evidence on which to base an opinion
An attitude that includes a questioning mind and a critical assessment of audit evidence.
The ability to perform a specific task, action or function successfully
Possessing skill and experience
Any formal declaration or set of declarations about the subject matter made
The standards and benchmarks used to measure and present the subject matter and against which an IS auditor evaluates the subject matter.
Criteria should be:
• Objective—Free from bias
• Complete—Include all relevant factors to reach a conclusion
• Relevant—Relate to the subject matter
• Measurable—Provide for consistent measurement
The risk of reaching an incorrect conclusion based upon audit findings. The three
components of audit risk are:
• Control risk
• Detection risk
• Inherent risk
An objective examination of evidence for the purpose of providing an assessment on risk management, control or governance processes for the enterprise.
Audit Subject Matter Risk
Risk relevant to the area under review:
• Business risk (customer capability to pay, credit worthiness, market factors, etc.)
•Contract risk (liability, price, type, penalties, etc.)
•Country risk (political, environment, security, etc.)
•Project risk (resources, skill set, methodology, product stability, etc.)
•Technology risk (solution, architecture, hardware and software infrastructure network, delivery channels, etc.)
The risk that a material error exists that would not be prevented or detected on a
timely basis by the system of internal control.
The risk that the IS audit or assurance professional’s substantive procedures will
not detect an error that could be material, individually or in combination with other errors.
The risk level or exposure without taking into account the actions that management has taken or might take (e.g., implementing controls).
An audit concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context of the enterprise as a whole.
A process used to identify and evaluate risk and its potential effects
Obtaining audit evidence on the completeness, accuracy or existence of activities or transactions during the audit period
A deficiency or a combination of deficiencies in internal control, such that there is a reasonable possibility that a material misstatement will not be prevented or detected on a timely basis.
The measure of the quality of the evidence
The measure of the quantity of evidence; supports all material questions to the audit objective and scope
Violation of an established management policy or regulatory requirement.