Normal Size Small Size show me how
Acct 465 - Chp13
|An engagement involving an objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processess for the organization.
|What an audit wants to achieve
|What is or is not included within an engagement
|A discrete and recognizable portion or component of a process
|The subsidiary, business unit, department, group, or other established subdivision of an organization that is the subject of an assurance engagement
|What the auditee is striving to achieve
|Reviewing and evaluating existing information, which may be financial or nonfinancial, to determine whether it is consistent with predetermined expectations.
|Automated audit techniques, such as generalized audit software, ..., that help the IA directly test controls built into computerized IS's and data contained in comp. files
|Computer-assisted Audit Techniques
|Controls that operate across an entire entity and, as such, are not bound by, or associated with, individual processes.
|Depicts the broad inputs, activities, workflows, and interactions with other processes and outputs.
|Expands on a process map to include computer systems and applications, document flows, detailed risks and controls, manual versus automated steps, elapsed time, and owners of key steps
|Simple process, complicated steps, process owner request, more efficient
|Reasons for narrative memoranda
|A metric or other form of measuring whether a process or individual tasks are operating within prescribed tolerances.
|Key Performance Indicator
|Any illegal act characterized by deceit, concealment, or violation of trust
|The possibility that an event will occur and adversely affect the achievement of objectives
|The identification and analysis (typically in terms of impact and likelihood) of relevant risks to the achievement of an organization's objectives, forming a basis for determining how the risk should be managed.
|The severity of outcomes caused by risk events. Can be measured in financial, reputation, legal, or other types of outcomes.
|The probability that a risk event will occur
|The amount of risk, on a broad level, an organization is willing to accept in pursuit of its business objectives.
|The acceptable levels or risk size and variation relative to the achievement of objectives, which must align with the organization's risk appetite
|An activity designed to reduce risk associated with a critical business objective
|Assessment of whether management has planned and organized (designed) the controls in a manner that provides reasonable assurance that the related risks can be managed to an acceptable level.
|A level of assurance that is supported by generally accepted auditing procedures and judgments.
|A document that lists the procedures to be followed during an engagement, designed to achieve the engagement plan.
|-Internal auditors -Other people -Travel -Technology -Other These all make up...
|Supplements the inhouse internal audit function through the use of third-party vendor services for the purposes of gaining subject matter expertise for a specific engagement or filling a gap in needed resources to complete the internal audit plan.
|Assessment of whether management has executed (operated) the controls in a manner that provides reasonable assurance that risks have been managed effectively and that the goals and objectives will be achieved efficiently and economically.
|A finding, determination, or judgment derived from the internal auditor's test results.
|-Part of annual plan -Compliance requirement -Postmortem -Significant changes
|Purpose of Engagements
|-Operations -Reporting -Compliance -Strategic
|COSO Objective Categories
|-Inputs -Processing -Outputs
|Gather Information About:
|-Simple process -Complicated steps -Process owner request -More efficient
|Reasons for Narrative Memoranda