click below
click below
Normal Size Small Size show me how
Acct 465 - Chp13
IA terms
Question | Answer |
---|---|
An engagement involving an objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processess for the organization. | Assurance Engagement |
What an audit wants to achieve | Engagement objectives |
What is or is not included within an engagement | Scope |
A discrete and recognizable portion or component of a process | Subprocess |
The subsidiary, business unit, department, group, or other established subdivision of an organization that is the subject of an assurance engagement | Auditee |
What the auditee is striving to achieve | Auditee Objectives |
Reviewing and evaluating existing information, which may be financial or nonfinancial, to determine whether it is consistent with predetermined expectations. | Analytical Procedures |
Automated audit techniques, such as generalized audit software, ..., that help the IA directly test controls built into computerized IS's and data contained in comp. files | Computer-assisted Audit Techniques |
Controls that operate across an entire entity and, as such, are not bound by, or associated with, individual processes. | Entity-level Controls |
Depicts the broad inputs, activities, workflows, and interactions with other processes and outputs. | Process Map |
Expands on a process map to include computer systems and applications, document flows, detailed risks and controls, manual versus automated steps, elapsed time, and owners of key steps | Flowchart |
Simple process, complicated steps, process owner request, more efficient | Reasons for narrative memoranda |
A metric or other form of measuring whether a process or individual tasks are operating within prescribed tolerances. | Key Performance Indicator |
Any illegal act characterized by deceit, concealment, or violation of trust | Fraud |
The possibility that an event will occur and adversely affect the achievement of objectives | Risk |
The identification and analysis (typically in terms of impact and likelihood) of relevant risks to the achievement of an organization's objectives, forming a basis for determining how the risk should be managed. | Risk Assessment |
The severity of outcomes caused by risk events. Can be measured in financial, reputation, legal, or other types of outcomes. | Impact |
The probability that a risk event will occur | Likelihood |
The amount of risk, on a broad level, an organization is willing to accept in pursuit of its business objectives. | Risk appetite |
The acceptable levels or risk size and variation relative to the achievement of objectives, which must align with the organization's risk appetite | Risk tolerance |
An activity designed to reduce risk associated with a critical business objective | Key Control |
Assessment of whether management has planned and organized (designed) the controls in a manner that provides reasonable assurance that the related risks can be managed to an acceptable level. | Design Adequacy |
A level of assurance that is supported by generally accepted auditing procedures and judgments. | Reasonable assurance |
A document that lists the procedures to be followed during an engagement, designed to achieve the engagement plan. | Work Program |
-Internal auditors -Other people -Travel -Technology -Other These all make up... | Engagement resources |
Supplements the inhouse internal audit function through the use of third-party vendor services for the purposes of gaining subject matter expertise for a specific engagement or filling a gap in needed resources to complete the internal audit plan. | Strategic Sourcing |
Assessment of whether management has executed (operated) the controls in a manner that provides reasonable assurance that risks have been managed effectively and that the goals and objectives will be achieved efficiently and economically. | Operating effectiveness |
A finding, determination, or judgment derived from the internal auditor's test results. | Observation |
-Part of annual plan -Compliance requirement -Postmortem -Significant changes | Purpose of Engagements |
-Operations -Reporting -Compliance -Strategic | COSO Objective Categories |
-Inputs -Processing -Outputs | Gather Information About: |
-Simple process -Complicated steps -Process owner request -More efficient | Reasons for Narrative Memoranda |