Chapter 1 Terms Flashcards
Administrative Audit
An audit oriented to assess issues related to the efficiency of operational productivity within an organization
Attribute Sampling
Generally applied in Compliance Testing situations and deals with the presence or absence of the attribute and provides conclusions that are expressed in rates of incidence
Audit Charter
An overarching document that covers the entire scope of audit activities in an entity
Audit Documentation
The necessary evidence supporting the conclusions reached and should be clear, complete, easily retrievable and sufficiently comprehensible
Audit Methodology
A set of documented audit procedures designed to achieve planned audit objectives
Audit Program
A step-by-step set of audit procedures and instructions that should be performed to complete an audit
Audit Report
The end product of the IS audit work, which are used by the IS auditor to report findings and recommendations to management
Audit Risk
The risk that information may contain a material error that may go undetected during the course of the audit
Audit Universe
Ideally lists all of the processes that may be considered for audit
COBIT 5
Provides a comprehensive framework that assists enterprises in achieving their objectives for the governance and management of enterprise IT
Compliance Audit
An audit that includes specific tests of controls to demonstrate adherence to specific regulatory or industry standards
Compliance Testing
Evidence gathering for the purpose of testing an organization’s compliance with control procedures
Confidence Coefficient
A percentage expression of the probability that the characteristics of the sample are a true representation of the population
Continuous Auditing
A method to automatically perform control and risk assessments on a more frequent basis that changes the audit paradigm from periodic reviews of a sample of transactions to ongoing audit testing of 100% of transactions and becomes an integral part of modern auditing at many levels
Control Objectives
Statements of the desired result or purpose to be achieved by implementing control activities (procedures)
Control Risk
The risk that a material error exists that would not be prevented or detected on a timely basis by the system of internal controls
Control Self-Assessment (CSA)
An assessment of controls made by the staff and management of the unit or units involved
CSA Approach
Emphasizes management and accountability over developing and monitoring internal controls of an organization’s sensitive and critical business processes
Detection Risk
The risk that material errors or misstatements that have occurred will not be detected by the IS auditor
Difference Estimation
A statistical model used to estimate the total difference between audited values and book values based on differences obtained from sample observations
Discovery Sampling
A sampling model that can be used when the expected occurrence rate is extremely low
Engagement Letter
Focused on a particular audit exercise that is sought to be initiated in an organization with a specific objective in mind
Evidence
Any information used by the IS auditor to determine whether the entity or data being audited follows the established criteria or objectives and supports audit conclusions
Executive Summary
An easy-to-read, concise report that presents findings to management in an understandable manner
Expected Error Rate
An estimate stated as a percent of the errors that may exist
Financial Audit
An audit to assess the accuracy of financial reporting
Forensic Audit
An audit specialized in discovering, disclosing and following up on fraud and crimes
Generalized Audit Software (GAS)
Standard software that has the capability to directly read and access data from the various database platforms, flat-file systems and ASCII formats
Inherent Risk
The risk level or exposure of the process/entity to be audited without taking into account the controls that management has implemented
Integrated Audit
An audit that combines financial and operational audit steps
Integrated Auditing
The process whereby appropriate audit disciplines are combined to assess key internal controls over an operation, process or entity
Internal Control(s)
Composed of policies, procedures, practices and organizational structures that are implemented to reduce risk to the organization
IS Audit
The formal examination, interview and/or testing of information systems to determine whether:
(1) Information systems are in compliance with applicable laws, regulations, contracts and/or industry guidelines
(2) IS data and information have appropriate levels of confidentiality, integrity and availability
(3) IS operations are being accomplished efficiently and effectiveness targets are being met
IS Control Objectives
Provide a complete set of high-level requirements to be considered by management for effective control of each IT process
Level of Risk
Equal to one minus the Confidence Coefficient
Long-Term Planning
Audit plans that will take into account risk- related issues regarding changes in the organization’s IT strategic direction that will affect the organization’s IT environment
Operational Audit
An audit designed to evaluate the internal control structure in a given process or area
Overall Audit Risk
The probably that information or financial reports may contain material errors and that the auditor may not detect an error that has occurred
Population Standard Deviation
Measures the relationship to the normal distribution
Precision
Represents the acceptable range difference between the sample and the actual population
Risk
The combination of the probability of an event and its consequence
AND
Adverse impact(s) that could occur to organizational operations, organizational assets, individuals, other organizations due to the potential for unauthorized access, use, disclosure, disruption, modification, or destruction of information and/or information systems
Risk Acceptance
Knowingly and objectively not taking action, providing the risk clearly satisfies the organization’s policy and criteria
Risk Analysis
Part of audit planning and helps identify risk and vulnerabilities so the IS auditor can determine the controls needed to mitigate risk
Risk Assessment
An iterative life cycle that begins with identifying business objectives, information assets, and the underlying systems or information resources that generate, store, use or manipulate assets critical to achieving these objectives
Risk Avoidance
Avoiding risk by not allowing actions that would cause the risk to occur
Risk Mitigation
Applying appropriate controls to reduce the risk
Risk Transfer/Sharing
Transferring the associated risk to other parties
Sample
The subset of population members used to perform testing
Sample Mean
The sum of all sample values, divided by the size of the sample. Measures the average value of the sample
Sample Standard Deviation
Computes the variance of the sample values from the mean of the sample
Short-Term Planning
Audit issues that will be covered during the year
Specialized Audit
An audit that reviews areas such as services being performed by third parties
Stop-or-go Sampling
A sampling model that helps prevent excessive sampling of an attribute by allowing an audit test to be stopped at the earliest possible moment
Stratified Mean per Unit
A statistical model in which the population is divided into groups and samples are drawn from the various groups
Substantive Testing
Evidence is gathered to evaluate the integrity of individual transactions, data or other information
Tolerable Error Rate
The maximum misstatement or number of errors that can exist without an account being materially misstated
Traditional Approach
Any approach in which the primary responsibility for analyzing and reporting on internal control and risk is assigned to auditors, and to a lesser extent, controller departments and outside consultants
Unstratified Mean per Unit
A statistical model in which a sample mean is calculated and projected as an estimated total
Utility Software
A subset of software that provides evidence to auditors about system control effectiveness
Variable Sampling
Generally applied in Substantive Testing situations and deals with population characteristics that vary (such as monetary values and weights) and provides conclusions related to deviations from the norm
