369 paragraphs found
Fraud risk factors―Events or conditions that indicate an incentive or pressure to commit fraud or provide an opportunity to commit …
Implementation―The process of putting controls into effect by deployment or roll-out of controls to enable their operation as designed. …
Inclusive method―A method of dealing with the controls operating at a third party, which are integral to the system or control component which is subject to the assurance engagement, whereby the third party’s relevant control objectives and related …
Indirect controls―Controls which do not directly address the risks of a control objective not being achieved, but have an impact on the effectiveness of direct controls in detecting, preventing or correcting a failure to achieve a control objective on a …
Intended users―The individual(s) or organisation(s), or group(s) thereof that the assurance practitioner expects will use the assurance report. In some cases, there may be intended users other than those to whom the assurance report is …
Internal audit function―A function of an entity that performs assurance and consulting activities designed to evaluate and improve the effectiveness of the entity’s governance, risk management and internal control …
Internal auditors―Those individuals who perform the activities of the internal audit function. Internal auditors may belong to an internal audit department or equivalent function, out-sourcing entity or co-sourced from both internal and out-sourced …
Limited assurance engagement―An assurance engagement in which the assurance practitioner reduces engagement risk to a level that is acceptable in the circumstances of the engagement, but where that risk is greater than for a reasonable assurance …
Long-form report―Assurance report including other information and explanations that are intended to meet the information needs of users but not to affect the assurance practitioner’s conclusion. In addition to the matters required to be contained in the …
Material control―A control which is necessary to mitigate the risk of a control objective not being achieved and for which there are no or insufficient compensating controls. The relevant control objectives are those at the level to be concluded on in the …