Terminology

Jump to a section: A | B | C | D | E | FI | R | S

A

Audit
There are many different types of audits including internal audits, external audits, management audits, compliance audits, etc. They all involve some form of: (a) independent examination (e.g. client's records, operations, procedures, etc.), (b) evaluation (e.g. for accuracy, compliance, efficiency, etc.), and (c) reporting to stakeholders.

Audit finding or observation

Any error, exception, deviation or deficiency noted by an auditor as a result of an examination of audit evidence. Findings generally relate to (a) compliance with policies, procedures and legal requirements, (b) adequacy and effectiveness of controls, and/or (c) efficiency and effectiveness of administration processes.

Audit objective

The specific goal(s) of an audit. These often center on substantiating the existence of internal controls to minimize business risk.

Audit risk

The risk that information or financial reports may contain material errors; also used to describe the level of risk that an auditor is prepared to accept during an audit engagement.

Audit universe

The aggregate of all areas/processes that are available to be audited within the university.

Audit trail

Paper or electronic trail that gives a step by step documented history of a transaction.

B

Business risk

Potential for harm or loss in achieving business objectives or lost opportunities.

C

Compliance test

Audit tests that determine if internal controls actually exist and are operating effectively. This can include tests for compliance with laws, regulations, policies and procedures. 

Control environment

The core of any business is its people – their individual attributes, including integrity, ethical values and competence – and the environment in which they operate. The people are the engine that drives the entity and the foundation on which everything rests. The control environment provides the discipline and structure for the achievement of the primary objectives of the system of internal control. The control environment includes the following elements:

  • Integrity and ethical values (including “Tone at the Top”)
  • Management's philosophy and operating style
  • Commitment to competence
  • Organizational structure
  • Assignment of authority and responsibility
  • Human resource policies and practices
  • Competence of personnel

Control risk

The risk that a material error exists that would not be prevented or detected on a timely basis by the system of internal controls.

D

Detection risk

The risk that material errors or misstatements that have occurred will not be detected.

E

Economy

The relationship between money and the inputs. In general terms it is the acquiring of goods and services of suitable quality at the best price.

Efficiency

The relationship between the inputs and the outputs. In general terms it is the adequacy of sufficiency of resources used to achieve the desired objectives.

Effectiveness

The relationship between outputs and the intended goal. In general terms it is the accomplishment of intended objectives.

Fraud/financial impropriety

One or more intentional acts (usually the misrepresentation or concealment of financial information) designed to deceive others. It often includes the misappropriation of assets.

F

Fraud risk

The risk that activities will include deliberate circumvention of controls with the intent to conceal the perpetration of irregularities, including the unauthorized use of assets or services and abetting or helping to conceal this misuse.

I

Inherent risk

The potential of an event that can go wrong in a function or an activity that would impair the University’s ability to meet its objectives. Inherent risk includes both internal and external factors related to the nature of the function or activity, and its relationship with other functions or activities, or forces in the organization’s environment.

Institute of Internal Auditors (IIA)

IIA is an international professional association dedicated to the promotion and development of the practice of internal auditing, including standards, guidance and information on best practices. The Institute is responsible for awarding and administering the Certified Internal Auditor (CIA) and other related designations worldwide.

Internal audit

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations.

Internal control

The policies, procedures, practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented, or detected and corrected.

R

Residual risk

Residual risk is the threat that remains after all efforts to identify and eliminate risk have been made. There are four basic ways of dealing with risk: reduce it, avoid it, accept it or transfer it.

Risk

The uncertainty of an event occurring that could have an impact on the achievement of objectives. Thus, those things that get in the way of achieving the desired results and those things that occur that we don’t want to occur. Risk is measured in terms of consequences (impact) and likelihood (probability of occurrence) and the types of risks include, but are not limited to financial, people, strategic, operational, legal, and reputational.

S

Segregation of duties

An internal control activity to prevent or detect errors and irregularities that may occur if individuals have responsibility for several incompatible key activities within a single process. Where staffing levels permit, it is preferable to segregate responsibility for the three components of a transaction: initiation, processing and reconciliation/review. For example, one person should not have responsibility for approving payment of invoices and issuing cheques.

Substantive test

An audit procedure designed to test for dollar errors affecting the correctness of account balances. This can include tests of transactions (e.g. selecting a representative sample of transactions and checking for monetary errors), direct tests of account balances (e.g. a confirmation of accounts receivable balances or physical examination of inventory) and analytical review procedures (evaluations of overall reasonableness of transactions and balances).