CONCEPTS AND VOCAB Flashcards
Hard skills that an auditor should possess
include being technically competent and having the skills and knowledge necessary to perform the auditor’s work.
soft skills that an auditor needs
attention to detail, excellent interpersonal skills, and honest and ethical
Detection risk
The risk that occurs if an auditor does not design tests in such a way as to detect a material risk.
control risk
risk caused by a failure of internal controls; it can result in a material error
Discovery sampling
a form of attribute sampling, is used to discover fraud or irregularities
Variable sampling
used primarily for substantive testing
on hold
tests designed to obtain evidence to ensure the completeness, accuracy and validity of the data
Substantive testing
Substantive testing is an auditing technique that checks for any errors or material misstatements in a company’s accounts, financial statements or supporting documents.
Attribute/ Frequency
a statistical process used in audit procedures that aims to analyze the characteristics of a given population. Attribute sampling is used to determine the rate of occurrence. This practice is often used to test whether or not a company’s internal controls are being correctly followed. primarily for compliance testing during an audit.
Discovery sampling
a form of attribute sampling. is used to discover fraud or irregularities. Variable sampling is used primarily for substantive testing
Variable Sampling
is the process used to predict the value of a specific variable within a population. It is also known as dollar estimation. For example, a limited sample size can be used to compute the average accounts receivable balance, as well as a statistical derivation of the plus or minus range of the total receivables value that is under review.
control risk is caused by
a failure of internal controls; it can result in a material error.
Inherent risk
Inherent risk is the risk that can occur because of the lack of compensating controls. inherent risks can create a material risk
Detection risk
risk that occurs if an auditor does not design tests in such a way as to detect a material risk Table 2-4
Nonstatistical sampling
also known as judgmental sampling, uses auditor judgment to select the sample size and determine which items to select
Statistical sampling
sampling is based on probability
Stop-and-go sampling
used when an auditor believes that only a few errors will be found in a population
An adverse opinion includes:
multiple significant deficiencies that add up to a material and pervasive weakness.
Corrective controls
reduce the impact of threats and minimize the impact of problems
Preventive controls
can prevent problems before they occur.
Detective controls
sense and detect problems as they occur.
Mitigating controls
used to discover and prevent mistakes.
capability maturity model (CMM) How many levels of Maturity
specifies five levels of control for software maturity levels.
ISO 17799 What is
is a comprehensive set of controls designed to gauge best practices in information security. Table 3-10
