Internal Audit Glossary: 16 Important Auditing Terms

  • August 29, 2018
  • Quantivate

New to internal audits or about to start another audit cycle?

Brush up on your internal audit terminology with this glossary of key terms you need to know:

Internal Audit Terminology

Application Controls:

Controls that relate to data and transactions within an application system to validate completeness and accuracy (See also: Application System, Controls)

Application System:

Integrated computer programs designed for a specific purpose

Audit Plan:

A description and schedule of audits to be performed over a certain period of time (typically three years); includes areas to be audited, type and scope of work, and high-level objectives

Audit Program:

Policies and procedures that govern the audit process

Charter:

A document approved by the board of directors that defines responsibility, authority, and accountability for IT and audit functionsĀ 

Controls:

Methods that preserve the integrity of important information, meet operational or financial targets, and/or communicate management policies (See also: Key Control, Secondary Control, Tertiary Control)

Governance:

Processes and structures implemented to communicate, manage, and monitor organizational activities

Impact:

The influence and effect of a riskĀ 

Internal Audit:

The process of providing independent assurance that an organizationā€™s risk management, governance, and internal control processes are operating effectively (See also: Controls, Governance, Risk)

Key Control:

A primary control that is essential for a business process; typically takes place during the process it applies to

Likelihood:

The probability of a risk occurring (See also: Risk)

Mitigation Actions:

The necessary steps, or action items, to reduce the likelihood and/or impact of a potential risk (See also: Impact, Likelihood, Risk)

Risk:

A potential event or action that would have an adverse effect on the organization

Secondary Control:

An important control that typically takes place after the process it applies to (i.e., reporting or ongoing monitoring)

Tertiary Control:

A non-essential control that can still be applied effectively to a business process

Workpapers:

Documents that summarize and record all the activities and evidence obtained during an audit or investigation


Could your internal audit process use a productivity boost?

Learn more about how Quantivateā€™s Internal Audit Software can help standardize and streamline the entire audit lifecycle.