Business risk – A risk resulting from significant conditions, events, circumstances, actions or inactions that could adversely affect an entity’s ability to achieve its objectives and execute its strategies, or from the setting of inappropriate objectives …

Controls – Policies or procedures that an entity establishes to achieve the control objectives of management or those charged with governance.  In this context: (Ref: Para. A2–A5) Policies are statements of what should, or should not, be done within the …

General information technology (IT) controls – Controls over the entity’s IT processes that support the continued proper operation of the IT environment, including the continued effective functioning of information processing controls and the integrity of …

Information processing controls – Controls relating to the processing of information in IT applications or manual information processes in the entity’s information system that directly address risks to the integrity of information (i.e., the completeness, …

Inherent risk factors – Characteristics of events or conditions that affect susceptibility to misstatement, whether due to fraud or error, of an assertion about a class of transactions, account balance or disclosure, before consideration of controls. Such …

IT environment – The IT applications and supporting IT infrastructure, as well as the IT processes and personnel involved in those processes, that an entity uses to support business operations and achieve business strategies. For the purposes of this ASA: …

Historical financial information ―Information expressed in financial terms in relation to a particular entity, derived primarily from that entity’s accounting system, about economic events occurring in past time periods or about economic conditions or …

Internal audit function ―A function of an entity that performs assurance and consulting activities designed to evaluate and improve the effectiveness of the entity’s governance, risk management and internal control …

Intended users ―The individual(s) or organisation(s), or group(s) thereof that the assurance practitioner expects will use the assurance report. In some cases, there may be intended users other than those to whom the assurance report is addressed. (Ref: …

Lead assurance practitioner ―The individual appointed by the firm, who is responsible for the engagement and its performance, and for the assurance report that is issued on behalf of the firm, and who, where required, has the appropriate authority from a …