Definitions
Activity Under Review
The subject of an internal audit engagement. Examples include an area, entity, operation, function, process, or system.
Assurance Services
Services through which internal auditors perform objective assessments to provide assurance.
Advisory Memo
This type of memo is issued when an audit engagement identifies a control weakness or gap that lies outside the direct responsibility of the audited unit. Because the issue falls under the purview of another unit or department, this separate memo is issued to the responsible party of that area, who is responsible for corrective action(s).
Conflict of Interest
A situation, activity, or relationship that may influence, or appear to influence, an internal auditor’s ability to make objective professional judgments or perform responsibilities objectively.
Issue
In an engagement, the determination that a gap exists between the evaluation criteria and the condition of the activity under review. Other interchangeable terms, such as “observations” and “finding,” may be used.
Independence
The freedom from conditions that may impair the ability of the internal audit function to carry out internal audit responsibilities in an unbiased manner.
Objectivity
An unbiased mental attitude that allows internal auditors to make professional judgments, fulfill their responsibilities, and achieve the Purpose of Internal Auditing without compromise.
Professional Skepticism
Questioning and critically assessing the reliability of information.
Risk
Risks can originate from internal vulnerabilities or external threats, or a combination of a vulnerability affected by a threat. Risk is a combination of the likelihood of a vulnerability or threat occurring and if so, the magnitude of the negative impact on the organization (people, goals, opportunities, reputation, etc.).
- Risk Likelihood - The likelihood that a specific risk will occur or reoccur.
- Risk Mitigation - Actions that reduce the likelihood an event will occur or the impact of a risk occurrence.
Root Cause
Core issue or underlying reason for the difference between the criteria and the condition of an activity under review.
Workpapers
Documentation of the internal audit work done when planning and performing engagements. The documentation provides the supporting information for engagement findings and conclusions.
*This information was taken from the IIA Global Internal Audit Standards.
Types of Audits
Compliance Audit
Determine the adequacy of a unit’s policies, procedures and process to ensure compliance with external requirements, including laws, rules and regulations.
Financial Audit
Attest to the accuracy of financial information, including assets, liabilities, revenue or other financial representations.
Information Systems Audit
Address the control environment associated with information processing systems. These types of audits typically evaluate system input, output and processing controls, backup and recovery plans, system access and security and computer facilities. These audit also typically include pre- and post- implementation reviews. General Control reviews of centralized computing functions are also performed regularly.
Investigative Audit
Focus on alleged civil or criminal violations of state or federal laws or violations of University policy. These may result in disciplinary action as deemed necessary by management.
Operational Audit
Examine the use of a unit resources to evaluate whether those resources are being used in the most efficient and effective manner.
* This section was adapted, with permission, from the University of Illinois Audit Guide.
