Terms Flashcards Preview

IT Auditing > Terms > Flashcards

Flashcards in Terms Deck (27)
Loading flashcards...

Audit Charter

A document approved by those charged with governance that defines the purpose, authority and responsibility of the internal audit activity.

The charter should:

• Establish the internal audit function’s position within the enterprise

• Authorise access to records, personnel and physical properties relevant to the performance of IS audit and assurance engagements

• Define the scope of the audit function’s activities


Audit Engagement

A specific audit assignment, task or review activity



The freedom from conditions that threaten objectivity or the appearance of objectivity. Such threats to objectivity must be managed at the individual auditor, engagement, functional and organisational levels. Independence includes
Independence of mind and Independence in appearance.



A condition that causes a weakness or diminished ability to execute audit objectives


Independence in Appearance

The avoidance of facts and circumstances that are so significant that a reasonable
and informed third party would be likely to conclude, weighing all the specific facts and circumstances, that a firm, audit function or a member of the audit team’s integrity, objectivity or professional scepticism has been compromised.


Independence of Mind

The state of mind that permits the expression of a conclusion without being
affected by influences that compromise professional judgement, thereby allowing an individual to act with integrity and exercise objectivity and professional scepticism.



The ability to exercise judgement, express opinions and present recommendations

with impartiality


Auditor Opinion

A formal statement expressed that
describes the scope of the audit, the procedures used to produce the report and
whether or not the findings support that the audit criteria have been met.

The types of opinions are:

• Unqualified opinion—Notes no exceptions or none of the exceptions noted a
ggregate to a significant deficiency

• Qualified opinion—Notes exceptions aggregated to a significant deficiency (
but not a material weakness)

• Adverse opinion—Notes one or more significant deficiencies aggregating to a m
aterial weakness

Note: A disclaimer of opinion it is issued when the auditor is unable to obtain s
ufficient appropriate audit evidence on which to base an opinion


Professional skepticism

An attitude that includes a questioning mind and a critical assessment of audit evidence.



The ability to perform a specific task, action or function successfully



Possessing skill and experience



Any formal declaration or set of declarations about the subject matter made

by management.



The standards and benchmarks used to measure and present the subject matter and against which an IS auditor evaluates the subject matter.

Criteria should be:

• Objective—Free from bias

• Complete—Include all relevant factors to reach a conclusion

• Relevant—Relate to the subject matter

• Measurable—Provide for consistent measurement

• Understandable


Audit Risk

The risk of reaching an incorrect conclusion based upon audit findings. The three

components of audit risk are:

• Control risk

• Detection risk

• Inherent risk


Assurance Engagement

An objective examination of evidence for the purpose of providing an assessment on risk management, control or governance processes for the enterprise.


Audit Subject Matter Risk

Risk relevant to the area under review:

• Business risk (customer capability to pay, credit worthiness, market factors, etc.)
•Contract risk (liability, price, type, penalties, etc.)
•Country risk (political, environment, security, etc.)
•Project risk (resources, skill set, methodology, product stability, etc.)
•Technology risk (solution, architecture, hardware and software infrastructure network, delivery channels, etc.)


Control Risk

The risk that a material error exists that would not be prevented or detected on a
timely basis by the system of internal control.


Detection Risk

The risk that the IS audit or assurance professional’s substantive procedures will
not detect an error that could be material, individually or in combination with other errors.


Inherent Risk

The risk level or exposure without taking into account the actions that management has taken or might take (e.g., implementing controls).



An audit concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context of the enterprise as a whole.


Risk Assessment

A process used to identify and evaluate risk and its potential effects


Substantive Testing

Obtaining audit evidence on the completeness, accuracy or existence of activities or transactions during the audit period


Material Weakness

A deficiency or a combination of deficiencies in internal control, such that there is a reasonable possibility that a material misstatement will not be prevented or detected on a timely basis.


Appropriate Evidence

The measure of the quality of the evidence


Sufficient Evidence

The measure of the quantity of evidence; supports all material questions to the audit objective and scope



Violation of an established management policy or regulatory requirement.


Relevant Information

Relating to controls, tells the evaluator something meaningful about the operation of the underlying controls or control component.