Subscribe for NewsLetters
Email: *
First Name: *
Last Name:
Enter Captcha:*
Wk Audit Net 468x60 Ad 1
Workiva Auditors Playbook 468x60 1

AuditNet® Audit-library::Auditnet glossary-of-audit-terms

the act of giving the idea or impression of being or doing something.
Application Acquisition Review
an evaluation of an application system considered for acquisition, which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete, accurate and reliable manner; the application will function as intended; the application will function in compliance with any applicable statutory provisions; the system is acquired in compliance with the established system acquisition process.
Application Controls
these relate to the transactions and standing data appertaining to each computer-based application system and are therefore specific to each such application. The objectives of application controls, which may be manual or programmed, are to ensure the completeness and accuracy of the records and the validity of the entries made therein resulting from both manual and programmed processing. Examples of application controls include data input validation, agreement of batch totals, encryption of data transmitted, etc.
Application Development Review
an evaluation of an application system under development, which considers matters such as; appropriate controls are designed into the system; the application will process information in a complete, accurate and reliable manner; the application will function as intended; the application will function in compliance with any applicable statutory provisions; the system is developed in compliance with the established systems development process.
Application Implementation Review
an evaluation of any part of an implementation project (e.g. project management, test plans, user acceptance testing procedures, etc.).
Application Software Tracing and Mapping
specialized tools that can be used to analyze the flow of data through the processing logic of the application software and document the logic, paths, control conditions, and processing sequences. Both the command language or job control statements and programming language can be analyzed. This technique includes program/system: mapping, tracing, snapshots, parallel simulations, and code comparisons.
Applications System
an integrated set of computer programs designed to serve a particular function that has specific input, processing and output activities (e.g., general ledger, manufacturing resource planning, human resource management).
Application Upgrade Review
an evaluation of any part of an upgrade project (e.g. project management, test plans, user acceptance testing procedures, etc.).
way of thinking, behaving, feeling, etc.
Audit Accountability
performance measurement of service delivery including cost, timeliness and quality against agreed service levels.
Audit Authority
a statement of the position within the organization, including lines of reporting and the rights of access.
Audit Evidence
the Information Systems Auditor (IS Auditor) gathers information in the course of performing an IS audit. The information used by the IS Auditor to meet audit objectives is referred to as audit evidence (evidence).
Audit Expert Systems
expert or decision support systems that can be used to assist IS Auditors in the decision-making process by automating the knowledge of experts in the field. This technique includes automated risk analysis, system software, and control objectives software packages.
Audit Program
a series of steps to achieve an audit objective.
Audit Responsibility
the roles, scope and objectives documented in the service level agreement between management and audit.
Audit Sampling
the application of audit procedures to less than 100% of the items within a population to obtain audit evidence about a particular characteristic of the population.
CAATs -(Computer Assisted Audit Techniques)
any automated audit techniques, such as generalized audit software, utility software, test data, application software tracing and mapping, and audit expert systems.
the Committee on the Financial Aspects of Corporate Governance, set up in May 1991 by the UK Financial Reporting Council, the London Stock Exchange and the UK accountancy profession, was chaired by Sir. Adrian Cadbury and produced a report on the subject commonly known, in the UK, as the Cadbury Report.
Control Objectives for Information and related Technology, the international set of IT control objectives published by ISACF, © 1998, 1996.
Criteria Of Control, published by the Canadian Institute of Chartered Accountants in 1995.
Computer Assisted Audit Techniques see CAATs
Corporate Governance
the system by which organizations are directed and controlled. Boards of directors are responsible for the governance of their organization. (Source: The Cadbury Report)
the Committee of Sponsoring Organizations of the Treadway Commission produced the "Internal Control - Integrated Framework" report in 1992, commonly known as the COSO Report.
Detailed IS Controls
controls over the acquisition, implementation, delivery and support of IS systems and services. Examples include controls over the implementation of software packages, system security parameters, disaster recovery planning, data input validation, exception report production, locking of user accounts after invalid attempts to access them, etc. Application controls are a subset of detailed IS controls. Data input validation for example, is both a detailed IS control and an application control. Installing and accrediting systems (AI5) is a detailed IS control, but not an application control.
Due Care
diligence which a person would exercise under a given set of circumstances.
Due Professional Care
diligence which a person, who possesses a special skill, would exercise under a given set of circumstances.
Embedded Audit Module
integral part of an application system that is designed to identify and report specific transactions or other information based on pre-determined criteria. Identification of reportable items occurs as part of real-time processing. Reporting may be real-time on-line, or may use store and forward methods. Also known as Integrated Test Facility or Continuous Auditing Module.
control deviations (compliance testing) or misstatements (substantive procedures).
General Controls
controls, other than application controls, which relate to the environment within which computer-based application systems are developed, maintained and operated, and which are therefore applicable to all the applications. The objectives of general controls are to ensure the proper development and implementation of applications, and the integrity of program and data files and of computer operations. Like application controls, general controls may be either manual or programmed. Examples of general controls include the development and implementation of an IS strategy and an IS security policy, the organization of IS staff to separate conflicting duties and planning for disaster prevention and recovery.
Generalized Audit Software
a computer program or series of programs designed to perform certain automated functions. These functions include reading computer files, selecting data, manipulating data, sorting data, summarizing data, performing calculations, selecting samples, and printing reports or letters in a format specified by the IS Auditor. This technique includes software acquired or written for audit purposes and software embedded in production systems.
self-governance, freedom from conflict of interest and undue influence. The IS Auditor should be free to make his/her own decisions, not influenced by the organization being audited and its people (managers and employers).
Independent Appearance
the outward impression of being self-governing and free from conflict of interest and undue influence.
Independent Attitude
impartial point of view which allows the auditor to act objectively and with fairness.
Internal Control
"The policies, procedures, practices and organizational structures, designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected." (Source: COBIT Framework).
intentional violations of established management policy or deliberate misstatements or omissions of information concerning the area under audit or the organization as a whole.
an expression of the relative significance or importance of a particular matter in the context of the organization as a whole.
the ability to exercise judgment, express opinions and present recommendations with impartiality.
a formal agreement with a third party to perform an IS function for an organization.
Pervasive IS Controls
those general controls which are designed to manage and monitor the IS environment and which therefore affect all IS-related activities. Examples include controls over IS processes defined in COBIT's Planning and Organization domain and Monitoring domain, e.g. "PO1 - Define a strategic plan", "M1 - Monitor the processes," etc. Pervasive IS controls are a subset of general controls, being those general controls which focus on the management and monitoring of IS.
the entire set of data from which a sample is selected and about which the IS Auditor wishes to draw conclusions.
Professional Competence
proven level of ability, often linked to qualifications issued by relevant professional bodies and compliance with their codes of practice and standards.
Project Team
group of people responsible for a project, whose terms of reference may include the development, acquisition, implementation or upgrade of an application system. The team members may include line management, operational line staff, external contractors and IS Auditors.
Reasonable Assurance
a level of comfort short of a guarantee but considered adequate given the costs of the control and the likely benefits achieved.
Relevant Audit Evidence
audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.
Reliable Audit Evidence
audit evidence is reliable if, in the IS Auditor's opinion, it is valid, factual, objective and supportable.
Sampling Risk
the probability that the IS Auditor has reached an incorrect conclusion because an audit sample rather than the whole population was tested. While sampling risk can be reduced to an acceptably low level by using an appropriate sample size and selection method, it can never be eliminated.
Service Level Agreement (SLA)
defined minimum performance measures at or above which the service delivered is considered acceptable.
Service Provider
the organization providing the outsourced service.
Service User
the organization using the outsourced service.
Sufficient Audit Evidence
audit evidence is sufficient if it is adequate, convincing and would lead another IS Auditor to form the same conclusions.
Systems Acquisition Process
the procedures established to purchase application software, including evaluation of the supplier's financial stability, track record, resources and references from existing customers.
Systems Development Process
an approach used to plan, design, develop, test and implement an application system or a major modification to an application system.
Test Data
simulated transactions that can be used to test processing logic, computations and controls actually programmed in computer applications. Individual programs or an entire system can be tested. This technique includes Integrated Test Facilities (ITFs) and Base Case System Evaluations (BCSEs).
Useful Audit Evidence
audit evidence is useful if it assists the IS Auditors in meeting their audit objectives.
Utility Software
computer programs provided by a computer hardware manufacturer or software vendor and used in running the system. This technique can be used to examine processing activity, test programs and system activities and operational procedures, evaluate data file activity, and analyze job accounting data.