his glossary clarifies the meaning of words used in literature and texts dealing with auditing. A component of the CBOK-IIA Study

Aggregate value

The value is added by improving opportunities to achieve organizational objectives, identify operational improvements and / or reduce risk exposure through assessment and consultancy services.

Assessment Services

An objective examination of evidence in order to provide an independent assessment of governance, risk management and control processes for the organization. Examples may include financial commitments, performance, compliance, systems security and due diligence.

Audit risk

The risk of reaching invalid audit conclusions and / or providing erroneous advice based on the audit work performed.


The subsidiary, business unit, department, group or other established subdivision of an organization, which is subject to a consultancy project.


A board is a governing body of an organization, such as the board of directors, supervisory board, head of agency or legislative body, board of governors or trustees of a non-profit organization, or any other designated body of the organization, including the committee Audit Committee, to whom the executive audit director can report in a functional manner.

Business Process

The set of activities connected to each other, in order to achieve one or more business objectives.

Executive Director of Auditing (DEA)

The chief audit executive is a senior position within the organization, responsible for internal audit activities. This would normally be the executive director of internal audit. If the internal audit activities are obtained from external service providers, the executive audit director is the person responsible for supervising the service contract and the general Quality Certification of these activities, reporting to senior management and the board, regarding internal audit activities, and monitoring the results of the project. The term also includes positions such as general auditor, head of internal audit, director of internal audit and inspector general.

code of ethics

The Code of Ethics of the Institute of Internal Auditors (IIA) are Principles relevant to the profession and practice of internal auditing, and Rules of Conduct that describe the behavior expected from internal auditors. The Code of Ethics applies to both parties and entities that provide internal audit services. The purpose of the Code of Ethics is to promote an ethical culture in the global internal audit profession.


Compliance with policies, plans, procedures, laws, regulations, contracts or other requirements.

Consulting services

Advisory and client-related activities, the nature and scope of which are agreed with the client, aim to add value and improve the company’s governance, risk management and control processes, without the internal auditor assuming management responsibility. Examples include counseling, facilitation and training.


Any action taken by management, the board and other parties to manage risk and increase the likelihood of established objectives being achieved. Management plans, organization and direction of the performance of actions sufficient to provide a reasonable assessment that the objectives will be achieved.


The subsidiary, business unit, department, group, person or other established subdivision of an organization that is the subject of the consultancy project.


A specific internal audit review project, task or activity, such as an internal audit, self-assessment control review, fraud investigation or consultancy. A project can include several tasks or activities, designed to achieve a specific set of related objectives.

Organization Risk Management – See Risk Management

External auditor

An accounting firm with a public record, hired by the organization’s board or executive management, to perform an audit of the financial statements, carrying out an assessment for which the company issues a written attestation report, which expresses an opinion on whether the financial statements are presented fairly, in accordance with applicable generally accepted accounting principles.

Conceptual Framework

A body of guiding principles that form a conceptual framework, against which organizations can assess various business practices. These principles are included in several concepts, values, assumptions and practices, which are intended to provide a standard of measurement for comparison, so that an organization can evaluate a particular structure, process or environment or a group of practices or procedures.


Any illegal action characterized by deceiving, covering up or violating a trust. These actions do not depend on the threat of violence or physical force. Fraud is perpetrated by parties and organizations to obtain money, property or services, to avoid payment or loss of services or to guarantee a personal or commercial advantage.


The combination of processes and structures implemented by the board to inform, direct, manage and monitor the activities of the organization, towards the achievement of its objectives.


Freedom from conditions that threaten objectivity or the appearance of objectivity. Such threats to objectivity must be managed at the individual levels of auditor, project, function and organization.

Internal Audit Activity

A department, division, team of consultants or other professionals who provide independent, objective assessment and consultancy services, designed to add value and improve an organization’s operations. The internal audit activity helps an organization to achieve its objectives, bringing a systematic and disciplined approach to assess and improve the effectiveness of governance, risk management and control processes.

Internal Audit Statute

The Internal Audit Statute is a formal document that defines the objective, authority and responsibility of the internal audit. The statute establishes the position of the internal audit activity within the organization, authorizes access to records, personnel and physical properties relevant to the development of the projects and defines the scope of the internal audit activities.

Internal control 

A process, carried out by an entity’s Board of Directors, management or other personnel, designed to provide a reasonable assessment of the achievement of objectives in the following categories: • Effectiveness and efficiency of operations. • Reliability of the financial report. • Compliance with applicable laws and regulations.

International Professional Practice Structure (IPPF)

The conceptual framework that organizes the official guidelines promulgated by the IIA. Official guidelines consist of two categories – (1) mandatory and (2) strongly recommended.


Information technology / information and communication technology.


A process that assesses the presence and functioning of governance, risk management and control over time.


An impartial mental attitude that allows internal auditors to carry out projects in order to have an honest belief in their work product, and so that no significant quality commitments are made. Objectivity requires that internal auditors do not subordinate their judgment on audit matters to others.


The possibility of an event occurring that will impact the achievement of the objectives. The risk is measured in terms of impact and probability.

Risk assessment

The identification and analysis (typically in terms of impact and probability) of risks relevant to the achievement of an organization’s objectives, forming the basis for determining how risks should be managed.

Risk assessment

The identification and analysis (typically in terms of impact and probability) of risks relevant to the achievement of an organization’s objectives, forming the basis for determining how risks should be managed.

Risk management

A process for identifying, evaluating, managing and controlling potential events or situations, to provide a reasonable assessment of the achievement of the organization’s objectives.

Service provider

A person or company, outside the organization, that provides assessment and / or consulting services to an organization.


A professional pronouncement, promulgated by the Internal Audit Standards Council, which outlines the requirements for carrying out a wide range of internal audit activities, and for assessing the performance of internal audit.


It concerns how to manage plans to achieve the organization’s objectives.

Auditing Techniques Performed with Systems Assistance (CAATs)

Any automated auditing tool, such as generalized auditing software, test data generators, computerized auditing programs, specialized auditing accessories, and computer-assisted audit techniques (CAATs).


by Abdullah Sam
I’m a teacher, researcher and writer. I write about study subjects to improve the learning of college and university students. I write top Quality study notes Mostly, Tech, Games, Education, And Solutions/Tips and Tricks. I am a person who helps students to acquire knowledge, competence or virtue.

Leave a Comment