A Comprehensive Glossary of Auditing Terms
A
Analytical Review
Examination of the relationships between different sets of data; abnormal or unusual relationships and trends are investigated.
Audit Hooks
Audit routines that notify auditors of questionable transactions, often as they occur.
Auditing
Objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria.
Audit Log
A file containing transactions that have audit significance.
Automated Decision Table Programs
Software that interprets a program’s source code and generates a decision table of the program’s logic.
Automated Flowcharting Programs
Software that interprets a program’s source code and generates a flowchart of the program’s logic.
C
Compensating Controls
Control procedures that compensate for the deficiency in other controls.
Compliance Audit
Examination of organizational compliance with applicable laws, regulations, policies, and procedures.
Computer-Assisted Audit Techniques (CAATs)
Audit software that uses auditor-supplied specifications to generate a program that performs audit functions.
Concurrent Audit Techniques
Software that continuously monitors a system as it processes live data and collects, evaluates, and reports information about system reliability.
Confirmation
Written communication with independent third parties to confirm the accuracy of information, such as customer account balances.
Continuous and Intermittent Simulation (CIS)
Embedding an audit module in a DBMS that uses specified criteria to examine all transactions that update the database.
Control Risk
Risk that a material misstatement will get through the internal control structure and into the financial statements.
D
Detection Risk
Risk that auditors and their audit procedures will fail to detect a material error or misstatement.
E
Embedded Audit Model
Program code segments that perform audit functions, report test results, and store the evidence collected for auditor review.
F
Financial Audit
Examination of the reliability and integrity of financial transactions, accounting records, and financial statements.
G
Generalized Audit Software (GAS)
Audit software that uses auditor-supplied specifications to generate a program that performs audit functions.
I
Information Systems (Internal Control) Audit
Examination of the general and application controls of an IS to assess its compliance with internal control policies and procedures and its effectiveness in safeguarding assets.
Inherent Risk
Susceptibility to significant control problems in the absence of internal control.
Input Controls Matrix
A matrix that shows control procedures applied to each input record field; used to document the review of source data controls.
Integrated Test Facility (ITF)
Inserting a dummy entity in a company’s system; processing test transactions to update it will not affect actual records.
Internal Auditing
Assurance and consulting activity designed to add value, improve organizational effectiveness and efficiency, and accomplish organization objectives.
Internal Control Audit
Examination of the general and application controls of an IS to assess its compliance with internal control policies and procedures and its effectiveness in safeguarding assets.
Investigative Audit
An examination of incidents of possible fraud, misappropriation of assets, waste and abuse, or improper governmental activities.
M
Mapping Programs
Software that identifies unexecuted program code.
Materiality
Amount of an error, fraud, or omission that would affect the decision of a prudent user of financial information.
O
Operational Audit
Examination of the economical and efficient use of resources and the accomplishment of established goals and objectives.
P
Parallel Simulation
Using auditor-written software to process data and comparing the output with the company’s output; discrepancies are investigated to see if unauthorized program changes were made.
Program Tracking
Sequentially printing all executed program steps, intermingled with output, so a program’s execution sequence can be observed.
R
Reasonable Assurance
Obtaining complete assurance that information is correct is prohibitively expensive, so auditors accept a reasonable degree of risk that the audit conclusion is incorrect.
Reperformance
Performing calculations again to verify quantitative information.
Reprocessing
Using source code to reprocess data and comparing the output with the company’s output; discrepancies are investigated to see if unauthorized program changes were made.
S
Scanning Routine
Software that searches a program for the occurrence of specified items.
Snapshot Technique
Marking transactions with a special code, recording them and their master file records before and after processing, and storing the data to later verify that all processing steps were properly executed.
Source Code Comparison Program
Software that compares the current version of a program with its source code; differences should have been properly authorized and correctly incorporated.
Systems Control Audit Review File (SCARF)
Using embedded audit modules to continuously monitor transactions, collect data on transactions with special audit significance, and store the data to later identify and investigate questionable transactions.
Systems Review
An internal control evaluation step that determines if necessary control procedures are actually in place.
T
Test Data Generator
Software that, based on program specifications, generates a set of data used to test program logic.
Test of Controls
Tests to determine whether existing controls work as intended.
V
Vouching
Comparing accounting journal and ledger entries with documentary evidence to verify that a transaction is valid, accurate, properly authorized, and correctly recorded.