Internal Auditing
Assurance Services - An objective examination of evidence for the purpose of providing an independent
assessment on governance, risk management, and control processes for the organization. Examples may
include financial, performance, compliance, system security, and due diligence engagements.
Compliance - Adherence to policies, plans, procedures, laws, regulations, contracts, or other
requirements.
Consulting Services - Advisory and related client service activities, the nature and scope of which are
agreed with the client, are intended to add value and improve an organization's governance, risk
management, and control processes without the internal auditor assuming management responsibility.
Examples include counsel, advice, facilitation and training.
Control - Any action taken by management, the board, and other parties to manage risk and increase
the likelihood that established objectives and goals will be achieved.
Control Processes - The policies, procedures, (both manual and automated), and activities that are part
of a control framework, designed and operated to ensure that risks are contained within the level that
an organization is willing to accept.
Objectivity - An unbiased mental attitude that allows internal auditors to perform engagements in such
a manner that they believe in their work product and that no quality compromises are made. It requires
that internal auditors do not subordinate their judgment on audit matters to others.
Risk Management - A process to identify, assess, manage, and control potential events or situations to
provide reasonable assurance regarding the achievement of the organization's objectives.
Risk Appetite - The level of risk that an organization is willing to accept.
Independence - The freedom from conditions that threaten the ability of the internal audit activity to
carry out internal audit responsibilities in an unbiased manner.
Assurance Services - An objective examination of evidence for the purpose of providing an independent
assessment on governance, risk management, and control processes for the organization. Examples may
include financial, performance, compliance, system security, and due diligence engagements.
Compliance - Adherence to policies, plans, procedures, laws, regulations, contracts, or other
requirements.
Consulting Services - Advisory and related client service activities, the nature and scope of which are
agreed with the client, are intended to add value and improve an organization's governance, risk
management, and control processes without the internal auditor assuming management responsibility.
Examples include counsel, advice, facilitation and training.
Control - Any action taken by management, the board, and other parties to manage risk and increase
the likelihood that established objectives and goals will be achieved.
Control Processes - The policies, procedures, (both manual and automated), and activities that are part
of a control framework, designed and operated to ensure that risks are contained within the level that
an organization is willing to accept.
Objectivity - An unbiased mental attitude that allows internal auditors to perform engagements in such
a manner that they believe in their work product and that no quality compromises are made. It requires
that internal auditors do not subordinate their judgment on audit matters to others.
Risk Management - A process to identify, assess, manage, and control potential events or situations to
provide reasonable assurance regarding the achievement of the organization's objectives.
Risk Appetite - The level of risk that an organization is willing to accept.
Independence - The freedom from conditions that threaten the ability of the internal audit activity to
carry out internal audit responsibilities in an unbiased manner.
