Internal Audit Glossary: 16 Important Auditing Terms

  • August 29, 2018
  • Quantivate

New to internal audits or about to start another audit cycle?

Brush up on your internal audit terminology with this glossary of key terms you need to know:

Internal Audit Terminology

Application Controls:

Controls that relate to data and transactions within an application system to validate completeness and accuracy (See also: Application System, Controls)

Application System:

Integrated computer programs designed for a specific purpose

Audit Plan:

A description and schedule of audits to be performed over a certain period of time (typically three years); includes areas to be audited, type and scope of work, and high-level objectives

Audit Program:

Policies and procedures that govern the audit process


A document approved by the board of directors that defines responsibility, authority, and accountability for IT and audit functionsĀ 


Methods that preserve the integrity of important information, meet operational or financial targets, and/or communicate management policies (See also: Key Control, Secondary Control, Tertiary Control)


Processes and structures implemented to communicate, manage, and monitor organizational activities


The influence and effect of a riskĀ 

Internal Audit:

The process of providing independent assurance that an organizationā€™s risk management, governance, and internal control processes are operating effectively (See also: Controls, Governance, Risk)

Key Control:

A primary control that is essential for a business process; typically takes place during the process it applies to


The probability of a risk occurring (See also: Risk)

Mitigation Actions:

The necessary steps, or action items, to reduce the likelihood and/or impact of a potential risk (See also: Impact, Likelihood, Risk)


A potential event or action that would have an adverse effect on the organization

Secondary Control:

An important control that typically takes place after the process it applies to (i.e., reporting or ongoing monitoring)

Tertiary Control:

A non-essential control that can still be applied effectively to a business process


Documents that summarize and record all the activities and evidence obtained during an audit or investigation

Could your internal audit process use a productivity boost?

Learn more about how Quantivateā€™s Internal Audit Software can help standardize and streamline the entire audit lifecycle.