Internal Audit Glossary: 16 Important Auditing Terms

New to internal audits or about to start another audit cycle?

Brush up on your internal audit terminology with this glossary of key terms you need to know:

Internal Audit Terminology

Application Controls:

Controls that relate to data and transactions within an application system to validate completeness and accuracy (See also: Application System, Controls)

Application System:

Integrated computer programs designed for a specific purpose

Audit Plan:

A description and schedule of audits to be performed over a certain period of time (typically three years); includes areas to be audited, type and scope of work, and high-level objectives

Audit Program:

Policies and procedures that govern the audit process

Charter:

A document approved by the board of directors that defines responsibility, authority, and accountability for IT and audit functions 

Controls:

Methods that preserve the integrity of important information, meet operational or financial targets, and/or communicate management policies (See also: Key Control, Secondary Control, Tertiary Control)

Governance:

Processes and structures implemented to communicate, manage, and monitor organizational activities

Impact:

The influence and effect of a risk 

Internal Audit:

The process of providing independent assurance that an organization’s risk management, governance, and internal control processes are operating effectively (See also: Controls, Governance, Risk)

Key Control:

A primary control that is essential for a business process; typically takes place during the process it applies to

Likelihood:

The probability of a risk occurring (See also: Risk)

Mitigation Actions:

The necessary steps, or action items, to reduce the likelihood and/or impact of a potential risk (See also: Impact, Likelihood, Risk)

Risk:

A potential event or action that would have an adverse effect on the organization

Secondary Control:

An important control that typically takes place after the process it applies to (i.e., reporting or ongoing monitoring)

Tertiary Control:

A non-essential control that can still be applied effectively to a business process

Workpapers:

Documents that summarize and record all the activities and evidence obtained during an audit or investigation

Could your internal audit process use a productivity boost?

Learn more about how Quantivate’s Internal Audit Software can help standardize and streamline the entire audit lifecycle.