A control that operates across an entire entity and, as such, is not bound by, or associated with, individual processes.
What is Entity-Level Controls?
A finding, determination, or judgment derived from the internal auditor's test results from an assurance or consulting engagement.
What is an Observation?
An activity that is designed to deter unintended events from occuring.
What is Preventative Control?
The freedom of conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner.
What is Independence?
Free-form compositions used to describe a process.
What is a Narrative?
Controls that operate for the entire activity (area, process, or program). Examples are review of cost center reports, inventorty counts, and the soft controls that influence the mini-control environment within the activity, which may or may not be consistent with that of the organization as a whole.
What is Activity-Level Controls?
The standards, measures, or expectations used in making an evaluation and/or verification of an observation (what should exist).
What is Criteria?
A sampling technique in which each item in the defined population has an equal opportunity of being selected.
What is Random Sampling?
a non-statistical technique used to select a sample without intentional bias to include or exclude a sample item that is expected to be representative of the population.
What is Haphazard Sampling?
Am activity that operates within a specific process for the purpose of achieving process-level objectives.
What is a Process-Level Control?
An activity that is designed to discover undesirable events that have already occurred; must occur on timely basis to be considered effective.
What is Detective Control?
The reason for the difference between the expected and actual conditions (why the difference exists).
What is Cause?
A nonrandom sample selected using the auditor's judgement in some way.
What is a Judgemental Sample?
Disclosure must be made to the engagement client prior to accepting the engagement.
What is Objectivity?
The portion of inherent risk that remains after management executes its risk responses.
What is a Residual Risk?
An activity that, if key controls do not fully operate effectively, may help to reduce the related risk. Such controls also can back up or duplicate multiple controls and may operate across multiple processes and risks. Will not, by itself, reduce risk to an acceptable level.
What is Compensating Control?
The factual evidence hat the internal auditr found in the course of the examination (what does exist).
What is Condition?
Confirmations that ask for a response only if the information is not accurate.
What is Negative Confirmations?
Confirmations that ask for a response regarding whether the information is accurate or not.
What is Positive Confirmations?
The combination of internal and external risk factors in their pure, uncontrolled state, or, the gross risk that exists, assuming there are no internal controls in place.
What is Inherent Risk?
A control that causes or encourages a desirable event to occur. Examples are guidelines, training programs, and incentive compensation plans; also includes soft controls like tone at the top.
What is Directive Control?
The risk or exposure the organization and/or others encounter because the condition is not consistent with the criteria.
What is Effect?
A sampling technique that allows the auditor to define with precision how representative the sample will be.
What is Statistical Sampling?
The boundaries of acceptable outcomes related to achieving business objectives.
What is Tolerance?
Actions carries out by management to assure the accomplishment of their objectives, including the setting up of oversight for an objective and the alignment of people, processes, and technology to accomplish that objective.
What is a Management Control?