Internal Auditing Engagement Process

Flashcards reviewing key vocabulary and concepts related to the internal auditing engagement process, including planning, performance, and communication activities.

Assurance Services

An objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization.

Consulting Services

Advisory and related [customer] service activities, the nature and scope of which are agreed with the [customer], are intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility

Performance-Focused Engagements

Focus directly on operational, reporting, and/or compliance performance.

Control-Focused Engagements

Focus on the design adequacy and operating effectiveness of controls implemented to provide reasonable assurance that performance objectives are met.

Auditee objectives

What the auditee is striving to achieve

Auditee assertions

After-the-fact statement of what was achieved

Inherent risk

The combination of internal and external risk factors in their pure and uncontrolled state

Key Control

An activity designed to reduce risk associated with a critical business objective

Engagement work program

A document that lists the procedures to be followed during an engagement, designed to achieve the engagement plan

Observations

A finding, determination, or judgement derived from the internal auditor’s test results

Criteria

The standards, measures, or expectations used in making an evaluation that is “What Should Be“

Condition

Factual evidence the IA found “What is the current state” sequences

Causes

Underlying reasons for the gap between the expected and actual condition

Consequences

Real or potential adverse effects of the gap between the existing conditions and the criteria

Corrective Actions

IA recommendations on the practical means off addressing the existing conditions to meet the criteria

Negative assurance (or limited assurance)

Used mainly when nothing has come to the attention of the auditors that indicates that the auditee’s controls are designed inadequately or operating ineffectively

Positive assurance (or reasonable assurance)

Used mainly when the auditors conclude that, in their opinion, the auditee’s controls are designed adequately and operating effectively

Monitoring progress

The follow up process established by the CAE to ensure that management actions have been effectively implemented or that senior management has accepted the risk of not taking action