Vocab Flashcards
(41 cards)
Controls that operate for the entire activity (area, process, or program)
Activity-level controls
Reasonable assurance that the organizations risks have been managed effectively and that the organizations goals and objectives will be achieved efficiently and economically.
Adequate control
Activities provided by the IAF, nature and scope are agreed with the recipients of the service, are intended to add value and improve an organization’s GRC
Advisory services
A technique of coordinating multiple assurance activities designed to mitigate a known risk to a needed or desired level within an established risk tolerance
Assurance layering
An objective examination of evidence for the purpose of providing an independent assessment of GRC for the organization.
Assurance services
A compilation of the subsidiaries, business units, departments, groups, processes, or other established subdivision of an organization
Audit universe
Aligning various assurance activities within an organization to ensure assurance gaps do not exist
Combined assurance
An activity that, if key controls do not fully operate effectively, may help reduce the related risk.
Compensating control
Advisory and relate client service activities, nature and scope agreed with the client, intended to add value and improve organizations GRC
Consulting services
Any action taken by mgmt, board, other parties to manage risk and increase the likelihood that objectives and goals will be achieved
Control
The portion of inherent risk that mgmt can reduce through day-to-day operations and mgmt activities
Controllable risk
The excercise of ethical and effective leadership by the board toward the achievement of ethical culture, good performance, effective control and legitimacy.
Corporate governance
Activity of contracting with a third party to collaborate in the provision of assurance and consulting services
Cosourcing
An activity that is designed to discover undesireable events that have already occurred
Detective control
A control that causes or encourages a desirable event to occur.
Directive control
A process, effected by an entity’s BOD, Mgmt, and other personnel, applied in strategy setting and across the enterprise, designed to ID potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity obj.
ERM
A control that operates across an entire entity
Entity-level controls
The combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the org
Governance
The freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner
Independance
A process, effected by an entity’s BOD, Mgmt, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives.
Internal control
Actions carried out by management to assure the accomplishment of their obj
Management control
An unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they believe in their work quality and no quality compromises are made.
Objectivity
The CAE’s line of reporting within the organization that allows the IAF to fulfill its responsibilities free from interference
Organizational independence
An activity that operates within a specific process for the purpose of achieving process-level obj
Process-level control
