Inclusive method―A method of dealing with the controls operating at a third party, which are integral to the system or control component which is subject to the assurance engagement, whereby the third party’s relevant control objectives and related …

Indirect controls―Controls which do not directly address the risks of a control objective not being achieved, but have an impact on the effectiveness of direct controls in detecting, preventing or correcting a failure to achieve a control objective on a …

Intended users―The individual(s) or organisation(s), or group(s) thereof that the assurance practitioner expects will use the assurance report. In some cases, there may be intended users other than those to whom the assurance report is …

Internal audit function―A function of an entity that performs assurance and consulting activities designed to evaluate and improve the effectiveness of the entity’s governance, risk management and internal control …

Internal auditors―Those individuals who perform the activities of the internal audit function. Internal auditors may belong to an internal audit department or equivalent function, out-sourcing entity or co-sourced from both internal and out-sourced …

Limited assurance engagement―An assurance engagement in which the assurance practitioner reduces engagement risk to a level that is acceptable in the circumstances of the engagement, but where that risk is greater than for a reasonable assurance …

Long-form report―Assurance report including other information and explanations that are intended to meet the information needs of users but not to affect the assurance practitioner’s conclusion. In addition to the matters required to be contained in the …

Material control―A control which is necessary to mitigate the risk of a control objective not being achieved and for which there are no or insufficient compensating controls. The relevant control objectives are those at the level to be concluded on in the …

Misstatement― In an attestation engagement, a difference between the responsible party or evaluator’s Statement [16] and the appropriate evaluation of the design of controls against the control objectives [17] , and/or the description, implementation or …

Misstatement in the description of the system―An inaccuracy, inadequacy or omission in the description, including in the identification of the boundaries and other identifying characteristics of the system, the control components described, the areas of …