Definitions

Add Value – The internal audit activity adds value to the organization (and its stakeholders) when it provides objective and relevant assurance and contributes to the effectiveness and efficiency of governance, risk management and control processes.

Adequate Control – Present if management has planned and organized (designed) in a manner that provides reasonable assurance that the organization’s risks have been managed effectively and that the organization’s goals and objectives will be achieved efficiently and economically.

Assurance Services – An objective examination of evidence for the purpose of providing an independent assessment on governance, risk management and control processes for the organization.  Examples may include financial, performance, compliance, system security and due diligence engagements.

Charter – The internal audit charter is a formal document that defines the internal audit activity’s purpose, authority and responsibility.  The internal audit charter establishes the internal audit activity’s position within the organization; authorizes access to records, personnel and physical properties relevant to the performance of audit engagements; and defines the scope of internal audit activities.

Chief Audit Executive – describes a person in a senior position responsible for effectively managing the internal audit activity in accordance with the internal audit charter and the Definition of Internal Auditing, the IIA’s Code of Ethics and the Standards. The chief audit executive (CAE) will have appropriate professional certifications and qualifications.  The specific job title of the CAE may vary across organizations.

Code of Ethics – The Code of Ethics of The Institute of Internal Auditors (IIA) are Principles relevant to the profession and practice of internal auditing and Rules of Conduct that describe behavior expected of internal auditors.  The Code of Ethics applies to both parties and entities that provide internal audit services.  The purpose of the Code of Ethics is to promote an ethical culture in the global profession of internal auditing.

Conflict of Interest – Any relationship that is, or appears to be, not in the best interest of the organization. A conflict of interest would prejudice an individual’s ability to perform his/her duties and responsibilities objectively.

Consulting Services – Advisory and related client service activities, the nature and scope of which are agreed with the client, are intended to add value and improve an organization’s governance, risk management and control processes without the internal auditor assuming management responsibility.  Examples include counsel, advice, facilitation and training.

Control – Any action taken by management, the board and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved.

Control Environment – The attitude and actions of the board and management regarding the importance of control within the organization.  The control environment provides the discipline and structure for the achievement of the primary objectives of the system of internal control.  The control environment includes the following elements:

  • Integrity and ethical values;
  • Management’s philosophy and operating style;
  • Organizational structure;
  • Assignment of authority and responsibility;
  • Human resource policies and practices;
  • Competence of personnel

Engagement – A specific internal audit assignment, task, or review activity, such as an internal audit, control self-assessment review, fraud examination, or consultancy.  An engagement may include multiple tasks or activities designed to accomplish a specific set of related objectives.

Engagement Objectives – Broad statements developed by internal auditors that define intended engagement accomplishments.

Engagement Work Program – Also known as an Audit Program, is a document that lists the procedures to be followed during an engagement, designed to achieve the engagement objectives.

Governance – The combination of processes and structures implemented by the board to inform, direct, manage and monitor the activities of the organization toward the achievement of its objective.

Impairment – Impairment to organizational independence and individual objectivity may include personal conflicts of interest, scope limitations, restrictions on access to records, personnel & properties and resource limitations (funding).

Independence – The freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner.

Internal Audit Activity – A department, division, team of consultants, or other practitioner(s) that provide independent, objective assurance and consulting services designed to add value and improve an organization’s operations.

International Professional Practices Framework – also known as the IIA Standards is the conceptual framework that organizes the authoritative guidance promulgated by the IIA.  It is comprised of two categories 1) mandatory and 2) strongly recommended.

Objectivity – An unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they believe in their work product and that no quality compromises are made.  Objectivity requires that internal auditors do not subordinate their judgment on audit matters to others.

Overall Opinion – The rating, conclusion and/or other description of results provided by the chief audit executive addressing, at a broad level, governance, risk management and/or control processes of the organization.  An overall opinion is the professional judgment of the chief audit executive based on the results of a number of individual engagements and other activities for a specific time interval.

Risk Appetite – the level of risk that an organization is willing to accept.

Risk Management – A process to identify, assess, manage and control potential events or situations to provide reasonable assurance regarding the achievement of the organization’s objectives.

back to top