Skip to main content

Internal Audit Division

 Internal Auditing Terms

A | B | C | D | E | F | G | H-I | J-M | N-O| P | Q | R | S | T | U-Z

The standards and the accompanying Guidelines employ terms which have been given the following meanings in the context of the Standards:


Activity Reports of the internal auditing department highlight significant audit findings and recommendations and inform senior management and the board of any significant deviations from approved audit work schedules, staffing plans, and financial budgets, and the reasons for them. (110.01.6)

Adequate Control is present if management has planned and organized (designed) in a manner which provides reasonable assurance that the organization's objectives and goals will be achieved efficiently and economically. (300.02.4)

Analytical Auditing Procedures are performed by studying and comparing relationships among both financial and non-financial information. The application of analytical auditing procedures is based on the premise that, in the absence of known conditions to the contrary, relationships among information may reasonably be expected to exist and continue. Examples of contrary conditions include unusual or nonrecurring transactions or events; accounting, organizational, operational, environmental, and technological changes; inefficiencies; ineffectiveness; errors; irregularities, or illegal acts. (420.01.1 b and c)

Appreciation means the ability to recognize the existence of problems or potential problems and to determine the further research to be undertaken or the assistance to be obtained. (250.01.4)

Audit Objectives are broad statements developed by internal auditors and define intended audit accomplishments. (410.01.1a)

Audit Procedures are the tasks the internal auditor undertakes for collecting, analyzing, interpreting, and documenting information during an audit. Audit procedures are the means to attain audit objectives. (410.01.1a)

Audit Program is a document which lists the audit procedures to be followed during an audit. The audit program also states the objectives of the audit. (410.01.6a)

Audit Report is a signed, written document which presents the purpose, scope, and results of the audit. Results of the audit may include findings, conclusions (opinions), and recommendations. (430.01, 430.04 and 430.04.5)

Audit Scope refers to the activities covered by an internal audit. Audit scope includes, where appropriate:

  • Audit objectives 
  • Nature and extent of auditing procedures performed 
  • Time period audited 
  • Related activities not audited in order to delineate the boundaries of the audit (430.04.4) 

Audit Work Schedules include (a) what activities are to be audited; (b) when they will be audited; and (c) the estimated time required, taking into account the scope of the audit work planned and the nature and extent of audit work performed by others. (520.04)

Audit Working Papers record the information obtained, the analyses made, and conclusions reached during an audit. Audit working papers support the bases for the findings and recommendations to be reported. (420.01.5 and 420.01.5c)

Auditable Activities consist of those subjects, units, or systems which are capable of being defined and evaluated. Auditable activities may include:

  • Policies, procedures, and practices 
  • Cost centers, profit centers, and investment centers 
  • General ledger account balances 
  • Information systems (manual and computerized) 
  • Major contracts and programs 
  • Organization units such as product or service lines 
  • Functions such as electronic data processing, purchasing, marketing, production, finance, accounting, and human resources 
  • Financial statements 
  • Laws and regulations (520.04.5) 

Auditee includes any individual, unit, or activity of the organization that is audited.

Authorization implies that the authorizing authority has verified and validated that the activity or transaction conforms with established policies and procedures. (300.03.2a)

Authorizing includes initiating or granting permission to perform activities or transactions. (300.03.2a)



Board includes boards of directors, audit committees of such boards, heads of agencies or legislative bodies to whom internal auditors report, boards of governors or trustees of nonprofit organizations, and any other designated governing bodies of organizations.



Cause is the reason for the difference between the expected and actual conditions (why the difference exists). (430.04.7c)

Charter of the internal auditing department is a formal written document which defines the departments purpose, authority, and responsibility. The charter should (a) establish the department's position within the organization; (b) authorize access to records, personnel, and physical properties relevant to the performance of audits; and (c) define the scope of internal auditing activities. (110.01.4)

Code of Ethics of The Institute of Internal Auditors (IIA) sets forth standards of conduct for Members of The IIA and Certified Internal Auditors to effectively discharge their responsibilities. The Code of Ethics calls for high standards of honesty, objectivity, diligence, and loyalty. (240.01)

Conclusions (Opinions) are the internal auditor's evaluations of the effects of the findings on the activities reviewed. Conclusions usually put the findings in perspective based upon their overall implications. (430.04.8)

Condition is the factual evidence which the internal auditor found in the course of the examination (what does exist). (430.04.7b)

Conflicts of Interest refer to any relationship which is or appears to be not in the best interest of the organization. A conflict of interest would prejudice an individual's ability to carry out their duties and responsibilities objectively. (280.01)

Control is any action taken by management to enhance the likelihood that established objectives and goals will be achieved. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved. Thus, control is the result of proper planning, organizing, and directing by management. (300.06)

Control Environment refers to the attitude and actions of the board and management regarding the significance of control within the organization. The control environment provides the discipline and structure for the achievement of the primary objectives of the system of internal control.

The control environment includes the following elements:

  • Integrity and ethical values 
  • Management's philosophy and operating style 
  • Organizational structure 
  • Assignment of authority and responsibility 
  • Human resource policies and practices 
  • Competence of personnel (300.07.4) 

Cost-Benefit Relationship means that the potential loss associated with any exposure or risk is weighed against the cost to control it. (300.02.5)

Criteria are the standards, measures, or expectations used in making an evaluation and/or verification (what should exist). (430.04.7a)



Detective Controls are actions taken to detect and correct undesirable events which have occurred. (300.06.1)

Directing involves, in addition to accomplishing objectives and planned activities, authorizing and monitoring performance, periodically comparing actual with planned performance, and documenting these activities to provide additional assurance that systems operate as planned. (300.03.2)

Directive Controls are actions taken to cause or encourage a desirable event to occur. (300.06.1)

Director of Internal Auditing and Director identify the top position in an internal auditing department. The term also includes such titles as General Auditor, Chief Internal Auditor, Chief Audit Executive, and Inspector General.

Due Professional Care calls for the application of the care and skill expected of a reasonably prudent and competent internal auditor in the same or similar circumstances. Due professional care is exercised when internal audits are performed in accordance with the Standards for the Professional Practice of Internal Auditing. The exercise of due professional care requires that.

  • Internal auditors be independent of the activities they audit 
  • Internal audits be performed by those persons who collectively possess the necessary knowledge, skills, and disciplines to conduct the audit properly 
  • Audit work be planned and supervised 
  • Audit reports be objective, clear, concise, constructive, and timely 
  • Internal auditors follow up on reported audit findings to ascertain that appropriate action was taken (280.01) 



Economical Performance accomplishes objectives and goals at a cost commensurate with the risk. (300.02.7)

Effect is the risk or exposure the auditee organization and/or others encounter because the condition is not the same as the criteria (the impact of the difference). (430.04.7d)

Effective Control is present when management directs systems in such a manner as to provide reasonable assurance that the organizations objectives and goals will be achieved. (300.03.1)

Efficient Performance accomplishes objectives and goals in an accurate and timely fashion with minimal use of resources. (300.02.6)

Error as it relates to internal audit reports is an unintentional misstatement or omission of significant information in a final audit report. (430.03.1b)

External Auditors refers to those audit professionals who perform independent annual audits of an organization's financial statements.

External Reviews of the internal auditing department are performed to appraise the quality of the department's operations. External reviews should be performed by qualified persons who are independent of the organizations and who do not have either a real or apparent conflict of interest. (560.04)



Findings are pertinent statements of fact. Audit findings emerge by a process of comparing what should be with what is. (430.04.6 and .7)

Flowchart is a representation, primarily through the use of symbols, of the sequence of activities in a system (process, operation, function, or activity). (420.01.5d)

Follow-up by internal auditors is defined as a process by which they determine the adequacy, effectiveness, and timeliness of actions take by management on reported audit findings. Such findings also include relevant findings made by external auditors and others. (440.01.1)

Formal Internal Reviews are periodic self-assessments of the internal auditing department to appraise the quality of the audit work performed. These reviews generally are performed by a team or an individual selected by the director of internal auditing. (560.03.1)

Fraud encompasses an array of irregularities and illegal acts characterized by intentional deception. (280.01.1)


Goals are specific objectives of specific systems and may be otherwise referred to as operating or program objectives or goals, operating standards, performance levels, targets, or expected results. (300.02.2)

Guidelines are suitable means of meeting the General and Specific Standards for the Professional Practice of Internal Auditing. (Introduction)



Illegal Acts refers to violations of laws and governmental regulations. (280.01.1)

Independence allows internal auditors to carry out their work freely and objectively. This concept requires that internal auditors be independent of the activities they audit. Independence is achieved through organizational status and objectivity. (100.01)

Information is data the internal auditor obtains during an audit to provide a sound basis for audit findings and recommendations. Information should be sufficient, competent, relevant, and useful. (420.01.2)

Internal Auditing is an independent appraisal function established within an organization to examine and evaluate its activities as a service to the organization. The objective of internal auditing is to assist members of the organization in the effective discharge of their responsibilities. To this end, internal auditing furnishes them with analyses, appraisals, recommendations, counsel, and information concerning the activities reviewed. The audit objective includes promoting effective control at reasonable cost. (Introduction)

Internal Auditing Department includes any unit or activity within an organization which performs internal auditing functions.

Internal Auditor is an individual within an organization's internal auditing department who is assigned the responsibility of performing internal auditing functions.

Internal Control is a process within an organization designed to provide reasonable assurance regarding the achievement of the following primary objectives:

  • The reliability and integrity of information 
  • Compliance with policies, plans, procedures, laws, and regulations 
  • The safeguarding of assets 
  • The economical and efficient use of resources 
  • The accomplishment of established objectives and goals for operations or programs (300.05) 

Irregularity refers to the intentional misstatement or omission of significant information in accounting records, financial statements, other reports, documents or records. Irregularities include (a) fraudulent financial reporting which renders financial statements misleading and (b) misappropriation of assets. Irregularities involve:

  • Falsification or alteration of accounting or other records and supporting documents 
  • Intentional misapplication of accounting principles 
  • Misrepresentation or intentional omission of events, transactions, or other significant information (280.01.1) 



Management includes those individuals with responsibilities for setting and/or achieving the organization's objectives.

Monitoring encompasses supervising, observing, and testing activities and appropriately reporting to responsible individuals. Monitoring provides an ongoing verification of progress toward achievement of objectives and goals. (300.03.2b)



Objectives are the broadest statements of what the organization chooses to accomplish. (300.02.1)

Objectivity is an independent mental attitude which requires internal auditors to perform audits in such a manner that they have an honest belief in their work product and that no significant quality compromises are made. Objectivity requires internal auditors not to subordinate their judgment on audit matters to that of others. (120.01 and .02)

Operations refers to the recurring activities of an organization directed toward producing a product or rendering a service. such activities may include, but are not limited to, marketing, sales, production, purchasing, human resources, finance and accounting, and governmental assistance. (350.01.1)



Preventive Controls are actions taken to deter undesirable events form occurring. (300.06.1)

Proficiency means the ability to apply knowledge to situations likely to be encountered and to deal with them without extensive recourse to technical research and assistance. (250.01.1)

Programs refers to special purpose activities of an organization. such activities include, but are not limited to, the raising of capital, sale of a facility, fund-raising campaigns, new product or service introduction campaigns, capital expenditures, and special purpose government grants. (350.01.2)

Purpose Statements in audit reports describe the audit objectives and may, where necessary, inform the reader why the audit was conducted and what it was expected to achieve. (430.04.3)



Quality Assurance is a program by which the director of internal auditing evaluates the operations of the internal auditing department. The purpose of the quality assurance program is to provide reasonable assurance that internal auditing work conforms with the Standards for the Professional Practice of Internal Auditing, the internal auditing department's charter, and other applicable standards. The quality assurance program should include the following elements:

  • Supervision 
  • Internal reviews 
  • External reviews (560.01) 



Ratio Analysis is the study of financial condition and performance through ratios derived from items in the financial statements or from other financial or non-financial information. (420.01.1h)

Reasonableness Test is a comparison of an estimated amount, calculated by the use of relevant financial and non-financial information, with a recorded amount. (420.01.1h)

Recommendations are actions the internal auditor believes necessary to correct existing conditions or improve operations. (430.05.1)

Regression Analysis is a mathematical procedure which is used to determine and measure the predictive relationship between one variable (dependent variable) and one or more other variables (independent variables). (420.01.1h)

Risk is the probability that an event or action may adversely affect the organization or activity under audit. (410.01.1b and 520.04.2)

Risk Assessment is a systematic process for assessing and integrating professional judgments about probable adverse conditions and/or events. The risk assessment process should provide a means of organizing and integrating professional judgments for development of the audit work schedule. (520.04.10)

Risk Factors are the criteria used to identify the relative significance of, and likelihood that, conditions and/or events may occur that could adversely affect the organization. (520.04.6)



Scope Limitation is a restriction placed upon the internal auditing department that precludes the department from accomplishing its objectives and plans. Among other things, a scope limitation may restrict the:

  • Scope defined in the charter 
  • Department's access to records, personnel, and physical properties relevant to the performance of audits 
  • Approved audit work schedule 
  • Performance of necessary auditing procedures 
  • Approved staffing plan and financial budget (110.01.5b) 

Senior Management refers to those individuals to whom the director of internal auditing is responsible.

Significant is the level of importance or magnitude assigned to an item, event, information, or problem by the internal auditor.

Significant Audit Findings are those conditions which, in the judgment of the director of internal auditing, could adversely affect the organization. Significant audit findings may include conditions dealing with irregularities, illegal acts, errors, inefficiency, waste, ineffectiveness, conflicts of interest, and control weaknesses. (110.01.6b)

Standards for the Professional Practice of Internal Auditing (the Standards) are the criteria by which the operations of an internal auditing department are evaluated and measured. They are intended to represent the practice of internal auditing as it should be.

Statement of Responsibilities of Internal Auditing is a document which presents in summary from the:

  • Objective and scope of internal auditing 
  • Responsibility and authority of the internal auditing department 
  • Independence of internal auditors 

Supervision is a continuing process, beginning with planning and ending with the conclusion of the audit assignment. Supervision includes:

  • Providing suitable instructions to subordinates at the outset of the audit and approving the audit program 
  • Seeing that the approved audit program is carried out unless deviations are both justified and authorized 
  • Determining that audit working papers adequately support the audit findings, conclusions, and reports 
  • Making sure that audit reports are accurate, objective, clear, concise, constructive, and timely 
  • Determining that audit objectives are being met (230.01 and .02) 

Survey is a process for gathering information, without detailed verification, on the activity being examined. The main purposes are to:

  • Understand the activity under review 
  • Identify significant areas warranting special emphasis 
  • Obtain information for use in performing the audit 
  • Determine whether further auditing is necessary (410.01.5a) 

System (process, operation, function, or activity) is an arrangement, a set, or a collection of concepts, parts, activities, and/or people that are connected or interrelated to achieve objectives and goals. (This definition applies to both manual and automated systems.) A system may also be a collection of subsystems operating together for a common objective or goal. (300.02.3)



Trend Analysis is the analysis of the changes in a given item of information over a period of time. (420.01.1h)


Understanding means the ability to apply broad knowledge to situations likely to be encountered, to recognize significant deviations, and to be able to carry out the research necessary to arrive at reasonable solutions. (250.01.3)


Issued by the Internal Auditing Standards Board, Institute of Internal Auditors.

About us

The Eastern University, Sri Lanka, was established on the 01st of October 1986 by a University Order dated 26th September 1986 issued under Section 2 of the Universities Act No: 16 of 1978.

Contact Us


Eastern University, Sri Lanka Vantharumoolai,
Tel: +94 65-2240490,2240590
Fax: +94 65-2240730