Glossary IPPF Flashcards
(37 cards)
The internal audit activity adds value to the organization (and its stakeholders) when it provides objective and relevant assurance, and contributes to the effectiveness and efficiency of governance, risk management, and control processes.
Add Value
Present if management has planned and organized (designed) in a manner that provides reasonable assurance that the organization’s risks have been managed effectively and that the organization’s goals and objectives will be achieved efficiently and economically.
Adequate Control
An objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization. Examples may include financial, performance, compliance, system security, and due diligence engagements.
Assurance Services
The highest level governing body charged with the responsibility to direct and/or oversee the organization’s activities and hold senior management accountable.
Board
A formal document that defines the internal audit activity’s purpose, authority, and responsibility. It establishes the internal audit activity’s position within the organization; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities.
Charter
Describes the role of a person in a senior position responsible for effectively managing the internal audit activity in accordance with the internal audit charter and the mandatory elements of the International Professional Practices Framework.
Chief Audit Executive
Principles relevant to the profession and practice of internal auditing, and Rules of Conduct that describe behavior expected of internal auditors. It applies to both parties and entities that provide internal audit services. Its purpose is to promote an ethical culture in the global profession of internal auditing.
Code of Ethics
Adherence to policies, plans, procedures, laws, regulations, contracts, or other requirements.
Compliance
Advisory and related client service activities, the nature and scope of which are agreed with the client, are intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility. Examples include counsel, advice, facilitation, and training.
Consulting Services
Any relationship that is, or appears to be, not in the best interest of the organization. It would prejudice an individual’s ability to perform his or her duties and responsibilities objectively.
Conflict of Interest
Any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved.
Control
The attitude and actions of the board and management regarding the importance of control within the organization. It provides the discipline and structure for the achievement of the primary objectives of the system of internal control. It includes the following elements:
- Integrity and ethical values.
- Management’s philosophy and operating style.
- Organizational structure.
- Assignment of authority and responsibility.
- Human resource policies and practices.
- Competence of personnel.
Control Environment
The policies, procedures (both manual and automated), and activities that are part of a control framework, designed and operated to ensure that risks are contained within the level that an organization is willing to accept.
Control Processes
The foundation for the International Professional Practices Framework and support internal audit effectiveness.
Core Principles for the Professional Practice of Internal Auditing
A specific internal audit assignment, task, or review activity, such as an internal audit, control self-assessment review, fraud examination, or consultancy. It may include multiple tasks or activities designed to accomplish a specific set of related objectives.
Engagement
Broad statements developed by internal auditors that define intended engagement accomplishments.
Engagement Objectives
The rating, conclusion, and/or other description of results of an individual internal audit engagement, relating to those aspects within the objectives and scope of the engagement.
Engagement Opinion
A document that lists the procedures to be followed during an engagement, designed to achieve the engagement plan.
Engagement Work Program
A person or firm outside of the organization that has special knowledge, skill, and experience in a particular discipline.
External Service Provider
Any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. It is perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage.
Fraud
The combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives.
Governance
Impairment to organizational independence and individual objectivity may include personal conflict of interest, scope limitations, restrictions on access to records, personnel, and properties, and resource limitations (funding).
Impairment
The freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner.
Independence
Consists of the leadership, organizational structures, and processes that ensure that the enterprise’s information technology supports the organization’s strategies and objectives.
Information Technology Governance
