Словарь терминов в соответствии с Международными стандартами по аудиту
International Standards on Auditing – Glossary of Terms
Ниже представлены термины Международных стандартов по аудиту на английском языке. Соответствующие термины и их определения являются наиболее признанными и разработанными в мире на сегодняшний день, в области международной финансовой отчетности, международном аудите, финансах. Материал основан на Международных Стандартах Аудита (МСА) и представлен Сергеем Модеровым (пожалуйста, звоните +7 921 9450055).
Below you may see the glossary of International Standards on Auditing. Those terms are considered to be the most well-known and appreciated terms in the field of international financial reporting, international auditing, finance.
Material is based on the ISA’s and presented by Sergey Moderov (please contact +7 921 9450055)
Access controls—Procedures designed to restrict access to on-line terminal devices,
programs and data. Access controls consist of “user authentication” and “user
authorization.” “User authentication” typically attempts to identify a user through
unique logon identifications, passwords, access cards or biometric data. “User
authorization” consists of access rules to determine the computer resources each user
may access. Specifically, such procedures are designed to prevent or detect:
(a) Unauthorized access to on-line terminal devices, programs and data;
(b) Entry of unauthorized transactions;
(c) Unauthorized changes to data files;
(d) The use of computer programs by unauthorized personnel; and
(e) The use of computer programs that have not been authorized.
Accounting estimate—An approximation of a monetary amount in the absence of a
precise means of measurement. This term is used for an amount measured at fair value
where there is estimation uncertainty, as well as for other amounts that require
estimation. Where ISA 540 addresses only accounting estimates involving
measurement at fair value, the term “fair value accounting estimates” is used.
Accounting records—The records of initial accounting entries and supporting records,
such as checks and records of electronic fund transfers; invoices; contracts; the general
and subsidiary ledgers, journal entries and other adjustments to the financial statements
that are not reflected in formal journal entries; and records such as work sheets and
spreadsheets supporting cost allocations, computations, reconciliations and disclosures.
Agreed-upon procedures engagement—An engagement in which an auditor is engaged
to carry out those procedures of an audit nature to which the auditor and the entity and
any appropriate third parties have agreed and to report on factual findings. The
recipients of the report form their own conclusions from the report by the auditor. The
report is restricted to those parties that have agreed to the procedures to be performed
since others, unaware of the reasons for the procedures may misinterpret the results.
Analytical procedures—Evaluations of financial information through analysis of
plausible relationships among both financial and non-financial data. Analytical
procedures also encompass such investigation as is necessary of identified fluctuations
or relationships that are inconsistent with other relevant information or that differ from
expected values by a significant amount.
Annual report—A document issued by an entity, ordinarily on an annual basis, which
includes its financial statements together with the auditor’s report thereon.
Anomaly—A misstatement or deviation that is demonstrably not representative of
misstatements or deviations in a population.
Applicable financial reporting framework—The financial reporting framework adopted by
management and, where appropriate, those charged with governance in the preparation of the
financial statements that is acceptable in view of the nature of the entity and the objective of
the financial statements, or that is required by law or regulation.
The term “fair presentation framework” is used to refer to a financial reporting
framework that requires compliance with the requirements of the framework and:
(a) Acknowledges explicitly or implicitly that, to achieve fair presentation of the
financial statements, it may be necessary for management to provide disclosures
beyond those specifically required by the framework; or
(b) Acknowledges explicitly that it may be necessary for management to depart from
a requirement of the framework to achieve fair presentation of the financial
statements. Such departures are expected to be necessary only in extremely rare
circumstances.
The term “compliance framework” is used to refer to a financial reporting framework
that requires compliance with the requirements of the framework, but does not contain
the acknowledgements in (a) or (b) above.
Application controls in information technology— Manual or automated procedures that
typically operate at a business process level. Application controls can be preventative or
detective in nature and are designed to ensure the integrity of the accounting records.
Accordingly, application controls relate to procedures used to initiate, record, process
and report transactions or other financial data.
Applied criteria (in the context of ISA 8103)—The criteria applied by management in
the preparation of the summary financial statements.
Appropriateness (of audit evidence)—The measure of the quality of audit evidence;
that is, its relevance and its reliability in providing support for the conclusions on which
the auditor’s opinion is based.
Arm’s length transaction—A transaction conducted on such terms and conditions as
between a willing buyer and a willing seller who are unrelated and are acting
independently of each other and pursuing their own best interests.
Assertions—Representations by management, explicit or otherwise, that are embodied
in the financial statements, as used by the auditor to consider the different types of
potential misstatements that may occur.
Assess—Analyze identified risks of material misstatement to conclude on their
significance. “Assess,” by convention, is used only in relation to risk. (also see
Evaluate)
Association—(see Auditor association with financial information)
Assurance—(see Reasonable assurance)
Assurance engagement—An engagement in which a practitioner expresses a conclusion
designed to enhance the degree of confidence of the intended users other than the
responsible party about the outcome of the evaluation or measurement of a subject
matter against criteria. The outcome of the evaluation or measurement of a subject
matter is the information that results from applying the criteria (also see Subject matter
information). Under the “International Framework for Assurance Engagements” there
are two types of assurance engagement a practitioner is permitted to perform: a
reasonable assurance engagement and a limited assurance engagement.
Reasonable assurance engagement—The objective of a reasonable assurance
engagement is a reduction in assurance engagement risk to an acceptably low level
in the circumstances of the engagement4 as the basis for a positive form of
expression of the practitioner’s conclusion.
Limited assurance engagement—The objective of a limited assurance engagement
is a reduction in assurance engagement risk to a level that is acceptable in the
circumstances of the engagement, but where that risk is greater than for a
reasonable assurance engagement, as the basis for a negative form of expression of
the practitioner’s conclusion.
Assurance engagement risk—The risk that the practitioner expresses an inappropriate
conclusion when the subject matter information is materially misstated.
Audit documentation—The record of audit procedures performed, relevant audit
evidence obtained, and conclusions the auditor reached (terms such as “working papers”
or “workpapers” are also sometimes used).
Audit evidence—Information used by the auditor in arriving at the conclusions on
which the auditor’s opinion is based. Audit evidence includes both information
contained in the accounting records underlying the financial statements and other
information. (See Sufficiency of audit evidence and Appropriateness of audit evidence.)
Audit file— One or more folders or other storage media, in physical or electronic form,
containing the records that comprise the audit documentation for a specific engagement.
Audit firm—(see Firm)
Audit opinion—(see Modified opinion and Unmodified opinion)
Audit risk—The risk that the auditor expresses an inappropriate audit opinion when the
financial statements are materially misstated. Audit risk is a function of the risks of
material misstatement and detection risk.
Audit sampling (sampling)—The application of audit procedures to less than 100% of
items within a population of audit relevance such that all sampling units have a chance
of selection in order to provide the auditor with a reasonable basis on which to draw
conclusions about the entire population.
Audited financial statements (in the context of ISA 810)—Financial statements5 audited
by the auditor in accordance with ISAs, and from which the summary financial
statements are derived.
Auditor—“Auditor” is used to refer to the person or persons conducting the audit,
usually the engagement partner or other members of the engagement team, or, as
applicable, the firm. Where an ISA expressly intends that a requirement or responsibility
be fulfilled by the engagement partner, the term “engagement partner” rather than
“auditor” is used. “Engagement partner” and “firm” are to be read as referring to their
public sector equivalents where relevant.
Auditor association with financial information—An auditor is associated with financial
information when the auditor attaches a report to that information or consents to the use
of the auditor’s name in a professional connection.
Auditor’s expert—An individual or organization possessing expertise in a field other than
accounting or auditing, whose work in that field is used by the auditor to assist the auditor
in obtaining sufficient appropriate audit evidence. An auditor’s expert may be either an
auditor’s internal expert (who is a partner6 or staff, including temporary staff, of the
auditor’s firm or a network firm), or an auditor’s external expert.
Auditor’s point estimate or auditor’s range—The amount, or range of amounts,
respectively, derived from audit evidence for use in evaluating management’s point estimate.
Auditor’s range—(see Auditor’s point estimate)
Business risk—A risk resulting from significant conditions, events, circumstances,
actions or inactions that could adversely affect an entity’s ability to achieve its
objectives and execute its strategies, or from the setting of inappropriate objectives and
strategies.
Comparative financial statements—Comparative information where amounts and other
disclosures for the prior period are included for comparison with the financial
statements of the current period but, if audited, are referred to in the auditor’s opinion.
The level of information included in those comparative financial statements is
comparable with that of the financial statements of the current period.
Comparative information—The amounts and disclosures included in the financial
statements in respect of one or more prior periods in accordance with the applicable
financial reporting framework.
Compilation engagement—An engagement in which accounting expertise, as opposed
to auditing expertise, is used to collect, classify and summarize financial information.
Complementary user entity controls—Controls that the service organization
assumes, in the design of its service, will be implemented by user entities, and
which, if necessary to achieve control objectives, are identified in the description of
its system.
Compliance framework—(see Applicable financial reporting framework and General
purpose framework)
Component—An entity or business activity for which group or component management
prepares financial information that should be included in the group financial statements.
Component auditor—An auditor who, at the request of the group engagement team,
performs work on financial information related to a component for the group audit.
Component management—Management responsible for the preparation of the financial
information of a component.
Component materiality—The materiality for a component determined by the group
engagement team.
Computer-assisted audit techniques—Applications of auditing procedures using the
computer as an audit tool (also known as CAATs).
Control activities—Those policies and procedures that help ensure that management
directives are carried out. Control activities are a component of internal control.
Control environment—Includes the governance and management functions and the
attitudes, awareness and actions of those charged with governance and management
concerning the entity’s internal control and its importance in the entity. The control
environment is a component of internal control.
Control risk—(see Risk of material misstatement)
Corporate governance—(see Governance)
Corresponding figures—Comparative information where amounts and other
disclosures for the prior period are included as an integral part of the current period
financial statements, and are intended to be read only in relation to the amounts and
other disclosures relating to the current period (referred to as “current period figures”).
The level of detail presented in the corresponding amounts and disclosures is dictated
primarily by its relevance to the current period figures.
Criteria—The benchmarks used to evaluate or measure the subject matter including,
where relevant, benchmarks for presentation and disclosure. Criteria can be formal or
less formal. There can be different criteria for the same subject matter. Suitable criteria
are required for reasonably consistent evaluation or measurement of a subject matter
within the context of professional judgment.
Suitable criteria—Exhibit the following characteristics:
(a) Relevance: relevant criteria contribute to conclusions that assist decisionmaking
by the intended users.
(b) Completeness: criteria are sufficiently complete when relevant factors that
could affect the conclusions in the context of the engagement circumstances
are not omitted. Complete criteria include, where relevant, benchmarks for
presentation and disclosure.
(c) Reliability: reliable criteria allow reasonably consistent evaluation or
measurement of the subject matter including, where relevant, presentation and
disclosure, when used in similar circumstances by similarly qualified
practitioners.
(d) Neutrality: neutral criteria contribute to conclusions that are free from bias.
(e) Understandability: understandable criteria contribute to conclusions that are
clear, comprehensive, and not subject to significantly different interpretations.
Date of approval of the financial statements—The date on which all the statements that
comprise the financial statements, including the related notes, have been prepared and
those with the recognized authority have asserted that they have taken responsibility for
those financial statements.
Date of report (in relation to quality control)—The date selected by the practitioner to
date the report.
Date of the auditor’s report—The date the auditor dates the report on the financial
statements in accordance with ISA 700.7
Date of the financial statements—The date of the end of the latest period covered by
the financial statements.
Date the financial statements are issued—The date that the auditor’s report and
audited financial statements are made available to third parties.
Deficiency in internal control—This exists when:
(a) A control is designed, implemented or operated in such a way that it is unable to
prevent, or detect and correct, misstatements in the financial statements on a timely
basis; or
(b) A control necessary to prevent, or detect and correct, misstatements in the financial
statements on a timely basis is missing.
Detection risk—The risk that the procedures performed by the auditor to reduce audit
risk to an acceptably low level will not detect a misstatement that exists and that could
be material, either individually or when aggregated with other misstatements.
Element—(see Element of a financial statement)
Element of a financial statement (in the context of ISA 8058)—An element, account or
item of a financial statement.
Emphasis of Matter paragraph—A paragraph included in the auditor’s report that
refers to a matter appropriately presented or disclosed in the financial statements
that, in the auditor’s judgment, is of such importance that it is fundamental to
users’ understanding of the financial statements.
Engagement documentation—The record of work performed, results obtained, and
conclusions the practitioner reached (terms such as “working papers” or “workpapers”
are sometimes used).
Engagement letter—Written terms of an engagement in the form of a letter.
Engagement partner9—The partner or other person in the firm who is responsible for
the engagement and its performance, and for the report that is issued on behalf of the
firm, and who, where required, has the appropriate authority from a professional, legal
or regulatory body.
Engagement quality control review—A process designed to provide an objective
evaluation, on or before the date of the report, of the significant judgments the
engagement team made and the conclusions it reached in formulating the report. The
engagement quality control review process is for audits of financial statements of listed
entities and those other engagements, if any, for which the firm has determined an
engagement quality control review is required.
Engagement quality control reviewer—A partner, other person in the firm, suitably
qualified external person, or a team made up of such individuals, none of whom is partof the engagement team, with sufficient and appropriate experience and authority to
objectively evaluate the significant judgments the engagement team made and the
conclusions it reached in formulating the report.
Engagement team—All partners and staff performing the engagement, and any
individuals engaged by the firm or a network firm who perform procedures on the
engagement. This excludes external experts engaged by the firm or a network firm.10
Entity’s risk assessment process—A component of internal control that is the entity’s
process for identifying business risks relevant to financial reporting objectives and
deciding about actions to address those risks, and the results thereof.
Environmental matters—
(a) Initiatives to prevent, abate, or remedy damage to the environment, or to deal
with conservation of renewable and non-renewable resources (such initiatives
may be required by environmental laws and regulations or by contract, or they
may be undertaken voluntarily);
(b) Consequences of violating environmental laws and regulations;
(c) Consequences of environmental damage done to others or to natural resources;
and
(d) Consequences of vicarious liability imposed by law (for example, liability for
damages caused by previous owners).
Environmental performance report—A report, separate from the financial statements, in
which an entity provides third parties with qualitative information on the entity’s
commitments towards the environmental aspects of the business, its policies and targets
in that field, its achievement in managing the relationship between its business processes
and environmental risk, and quantitative information on its environmental performance.
Environmental risk—In certain circumstances, factors relevant to the assessment of
inherent risk for the development of the overall audit plan may include the risk of
material misstatement of the financial statements due to environmental matters.
Error—An unintentional misstatement in financial statements, including the omission of
an amount or a disclosure.
Estimation uncertainty—The susceptibility of an accounting estimate and related
disclosures to an inherent lack of precision in its measurement.
Evaluate—Identify and analyze the relevant issues, including performing further procedures
as necessary, to come to a specific conclusion on a matter. “Evaluation,” by convention, is
used only in relation to a range of matters, including evidence, the results of procedures and
the effectiveness of management’s response to a risk. (also see Assess)
Exception—A response that indicates a difference between information requested to be
confirmed, or contained in the entity’s records, and information provided by the
confirming party.
Experienced auditor—An individual (whether internal or external to the firm) who has
practical audit experience, and a reasonable understanding of:
(a) Audit processes;
(b) ISAs and applicable legal and regulatory requirements;
(c) The business environment in which the entity operates; and
(d) Auditing and financial reporting issues relevant to the entity’s industry.
Expert—(see Auditor’s expert and Management’s expert)
Expertise—Skills, knowledge and experience in a particular field.
External confirmation—Audit evidence obtained as a direct written response to the
auditor from a third party (the confirming party), in paper form, or by electronic or other
medium.
Fair presentation framework —(see Applicable financial reporting framework and
General purpose framework)
Financial statements—A structured representation of historical financial information,
including related notes, intended to communicate an entity’s economic resources or
obligations at a point in time or the changes therein for a period of time in accordance
with a financial reporting framework. The related notes ordinarily comprise a summary
of significant accounting policies and other explanatory information. The term
“financial statements” ordinarily refers to a complete set of financial statements as
determined by the requirements of the applicable financial reporting framework, but it
can also refer to a single financial statement.
Firm—A sole practitioner, partnership or corporation or other entity of professional
accountants.
Forecast—Prospective financial information prepared on the basis of assumptions as to
future events which management expects to take place and the actions management
expects to take as of the date the information is prepared (best-estimate assumptions).
Fraud—An intentional act by one or more individuals among management, those
charged with governance, employees, or third parties, involving the use of deception to
obtain an unjust or illegal advantage.
Fraud risk factors—Events or conditions that indicate an incentive or pressure to
commit fraud or provide an opportunity to commit fraud.
Fraudulent financial reporting—Involves intentional misstatements, including omissions of
amounts or disclosures in financial statements, to deceive financial statement users.
General IT controls—Policies and procedures that relate to many applications and
support the effective functioning of application controls by helping to ensure the
continued proper operation of information systems. General IT controls commonly
include controls over data center and network operations; system software acquisition,
change and maintenance; access security; and application system acquisition,
development, and maintenance.
General purpose financial statements—Financial statements prepared in accordance
with a general purpose framework.
General purpose framework—A financial reporting framework designed to meet the
common financial information needs of a wide range of users. The financial reporting
framework may be a fair presentation framework or a compliance framework.
The term “fair presentation framework” is used to refer to a financial reporting
framework that requires compliance with the requirements of the framework and:
(a) Acknowledges explicitly or implicitly that, to achieve fair presentation of the
financial statements, it may be necessary for management to provide disclosures
beyond those specifically required by the framework; or
(b) Acknowledges explicitly that it may be necessary for management to depart from a
requirement of the framework to achieve fair presentation of the financial statements.
Such departures are expected to be necessary only in extremely rare circumstances.
The term “compliance framework” is used to refer to a financial reporting framework
that requires compliance with the requirements of the framework, but does not contain
the acknowledgements in (a) or (b) above.11
Governance—Describes the role of person(s) or organization(s) with responsibility for
overseeing the strategic direction of the entity and obligations related to the
accountability of the entity.
Group—All the components whose financial information is included in the group
financial statements. A group always has more than one component.
Group audit—The audit of group financial statements.
Group audit opinion—The audit opinion on the group financial statements.
Group engagement partner—The partner or other person in the firm who is responsible
for the group audit engagement and its performance, and for the auditor’s report on the
group financial statements that is issued on behalf of the firm. Where joint auditors
conduct the group audit, the joint engagement partners and their engagement teams
collectively constitute the group engagement partner and the group engagement team.
Group engagement team—Partners, including the group engagement partner, and staff
who establish the overall group audit strategy, communicate with component auditors, perform work on the consolidation process, and evaluate the conclusions drawn from the
audit evidence as the basis for forming an opinion on the group financial statements.
Group financial statements—Financial statements that include the financial information
of more than one component. The term “group financial statements” also refers to
combined financial statements aggregating the financial information prepared by
components that have no parent but are under common control.
Group management—Management responsible for the preparation of the group
financial statements.
Group-wide controls—Controls designed, implemented and maintained by group
management over group financial reporting.
Historical financial information—Information expressed in financial terms in relation
to a particular entity, derived primarily from that entity’s accounting system, about
economic events occurring in past time periods or about economic conditions or
circumstances at points in time in the past.
Inconsistency—Other information that contradicts information contained in the audited
financial statements. A material inconsistency may raise doubt about the audit
conclusions drawn from audit evidence previously obtained and, possibly, about the
basis for the auditor’s opinion on the financial statements.
Independence12—Comprises:
(a) Independence of mind—the state of mind that permits the provision of an
opinion without being affected by influences that compromise professional
judgment, allowing an individual to act with integrity, and exercise objectivity
and professional skepticism.
(b) Independence in appearance—the avoidance of facts and circumstances that are
so significant a reasonable and informed third party, having knowledge of all
relevant information, including any safeguards applied, would reasonably
conclude a firm’s, or a member of the assurance team’s, integrity, objectivity or
professional skepticism had been compromised.
Information system relevant to financial reporting—A component of internal control that
includes the financial reporting system, and consists of the procedures and records
established to initiate, record, process and report entity transactions (as well as events and
conditions) and to maintain accountability for the related assets, liabilities and equity.
Inherent risk—(see Risk of material misstatement)
Initial audit engagement—An engagement in which either:
(a) The financial statements for the prior period were not audited; or
(b) The financial statements for the prior period were audited by a predecessor auditor.
Inquiry—Inquiry consists of seeking information of knowledgeable persons, both
financial and non-financial, within the entity or outside the entity.
Inspection (as an audit procedure)—Examining records or documents, whether internal
or external, in paper form, electronic form, or other media, or a physical examination of an
asset.
Inspection (in relation to quality control)—In relation to completed engagements,
procedures designed to provide evidence of compliance by engagement teams with the
firm’s quality control policies and procedures.
Intended users—The person, persons or class of persons for whom the practitioner
prepares the assurance report. The responsible party can be one of the intended users,
but not the only one.
Interim financial information or statements—Financial information (which may be less
than a complete set of financial statements as defined above) issued at interim dates
(usually half-yearly or quarterly) in respect of a financial period.
Internal audit function—An appraisal activity established or provided as a service to
the entity. Its functions include, amongst other things, examining, evaluating and
monitoring the adequacy and effectiveness of internal control.
Internal auditors—Those individuals who perform the activities of the internal audit
function. Internal auditors may belong to an internal audit department or equivalent
function.
Internal control—The process designed, implemented and maintained by those
charged with governance, management and other personnel to provide reasonable
assurance about the achievement of an entity’s objectives with regard to reliability of
financial reporting, effectiveness and efficiency of operations, and compliance with
applicable laws and regulations. The term “controls” refers to any aspects of one or
more of the components of internal control.
International Financial Reporting Standards—The International Financial Reporting
Standards issued by the International Accounting Standards Board.
Investigate—Inquire into matters arising from other procedures to resolve them.
IT environment—The policies and procedures that the entity implements and the IT
infrastructure (hardware, operating systems, etc.) and application software that it uses to
support business operations and achieve business strategies.
Limited assurance engagement—(see Assurance engagement)
Listed entity—An entity whose shares, stock or debt are quoted or listed on a
recognized stock exchange, or are marketed under the regulations of a recognized stock
exchange or other equivalent body.
Management—The person(s) with executive responsibility for the conduct of the
entity’s operations. For some entities in some jurisdictions, management includes someor all of those charged with governance, for example, executive members of a
governance board, or an owner-manager.
Management bias—A lack of neutrality by management in the preparation of
information.
Management’s expert—An individual or organization possessing expertise in a field
other than accounting or auditing, whose work in that field is used by the entity to assist
the entity in preparing the financial statements.
Management’s point estimate—The amount selected by management for recognition or
disclosure in the financial statements as an accounting estimate.
Misappropriation of assets—Involves the theft of an entity’s assets and is often
perpetrated by employees in relatively small and immaterial amounts. However, it can
also involve management who are usually more capable of disguising or concealing
misappropriations in ways that are difficult to detect.
Misstatement—A difference between the amount, classification, presentation, or
disclosure of a reported financial statement item and the amount, classification,
presentation, or disclosure that is required for the item to be in accordance with the
applicable financial reporting framework. Misstatements can arise from error or fraud.
Where the auditor expresses an opinion on whether the financial statements are
presented fairly, in all material respects, or give a true and fair view, misstatements also
include those adjustments of amounts, classifications, presentation, or disclosures that,
in the auditor’s judgment, are necessary for the financial statements to be presented
fairly, in all material respects, or to give a true and fair view.
Misstatement of fact—Other information that is unrelated to matters appearing in the
audited financial statements that is incorrectly stated or presented. A material misstatement
of fact may undermine the credibility of the document containing audited financial
statements.
Modified opinion—A qualified opinion, an adverse opinion or a disclaimer of opinion.
Monitoring (in relation to quality control)—A process comprising an ongoing
consideration and evaluation of the firm’s system of quality control, including a periodic
inspection of a selection of completed engagements, designed to provide the firm with
reasonable assurance that its system of quality control is operating effectively.
Monitoring of controls—A process to assess the effectiveness of internal control
performance over time. It includes assessing the design and operation of controls on a
timely basis and taking necessary corrective actions modified for changes in conditions.
Monitoring of controls is a component of internal control.
Negative confirmation request—A request that the confirming party respond directly to
the auditor only if the confirming party disagrees with the information provided in the
request.
Network—A larger structure:
(a) That is aimed at cooperation, and
(b) That is clearly aimed at profit or cost-sharing or shares common ownership,
control or management, common quality control policies and procedures,
common business strategy, the use of a common brand name, or a significant part
of professional resources.
Network firm—A firm or entity that belongs to a network.
Non-compliance (in the context of ISA 25013)—Acts of omission or commission by the
entity, either intentional or unintentional, which are contrary to the prevailing laws or
regulations. Such acts include transactions entered into by, or in the name of, the entity,
or on its behalf, by those charged with governance, management or employees. Noncompliance
does not include personal misconduct (unrelated to the business activities of
the entity) by those charged with governance, management or employees of the entity.
Non-response—A failure of the confirming party to respond, or fully respond, to a
positive confirmation request, or a confirmation request returned undelivered.
Non-sampling risk—The risk that the auditor reaches an erroneous conclusion for any
reason not related to sampling risk.
Observation—Consists of looking at a process or procedure being performed by others,
for example, the auditor’s observation of inventory counting by the entity’s personnel,
or of the performance of control activities.
Opening balances—Those account balances that exist at the beginning of the period.
Opening balances are based upon the closing balances of the prior period and reflect the
effects of transactions and events of prior periods and accounting policies applied in the
prior period. Opening balances also include matters requiring disclosure that existed at
the beginning of the period, such as contingencies and commitments.
Other information—Financial and non-financial information (other than the financial
statements and the auditor’s report thereon) which is included, either by law, regulation,
or custom, in a document containing audited financial statements and the auditor’s
report thereon.
Other Matter paragraph—A paragraph included in the auditor’s report that refers to
a matter other than those presented or disclosed in the financial statements that, in the
auditor’s judgment, is relevant to users’ understanding of the audit, the auditor’s
responsibilities or the auditor’s report.
Outcome of an accounting estimate—The actual monetary amount which results from
the resolution of the underlying transaction(s), event(s) or condition(s) addressed by the
accounting estimate.
Overall audit strategy—Sets the scope, timing and direction of the audit, and guides the
development of the more detailed audit plan.
Partner—Any individual with authority to bind the firm with respect to the
performance of a professional services engagement.
Performance materiality—The amount or amounts set by the auditor at less than materiality
for the financial statements as a whole to reduce to an appropriately low level the probability
that the aggregate of uncorrected and undetected misstatements exceeds materiality for the
financial statements as a whole. If applicable, performance materiality also refers to the
amount or amounts set by the auditor at less than the materiality level or levels for particular
classes of transactions, account balances or disclosures.
Personnel—Partners and staff.
Pervasive—A term used, in the context of misstatements, to describe the effects on the
financial statements of misstatements or the possible effects on the financial statements
of misstatements, if any, that are undetected due to an inability to obtain sufficient
appropriate audit evidence. Pervasive effects on the financial statements are those that,
in the auditor’s judgment:
(a) Are not confined to specific elements, accounts or items of the financial
statements;
(b) If so confined, represent or could represent a substantial proportion of the
financial statements; or
(c) In relation to disclosures, are fundamental to users’ understanding of the financial
statements.
Population—The entire set of data from which a sample is selected and about which
the auditor wishes to draw conclusions.
Positive confirmation request—A request that the confirming party respond directly to
the auditor indicating whether the confirming party agrees or disagrees with the
information in the request, or providing the requested information.
Practitioner—A professional accountant in public practice.
Preconditions for an audit—The use by management of an acceptable financial
reporting framework in the preparation of the financial statements and the agreement of
management and, where appropriate, those charged with governance to the premise14 on
which an audit is conducted.
Predecessor auditor—The auditor from a different audit firm, who audited the financial
statements of an entity in the prior period and who has been replaced by the current auditor.
Premise, relating to the responsibilities of management and, where appropriate, those
charged with governance, on which an audit is conducted—That management and,
where appropriate, those charged with governance have acknowledged and understandthat they have the following responsibilities that are fundamental to the conduct of an
audit in accordance with ISAs. That is, responsibility:
(a) For the preparation of the financial statements in accordance with the applicable
financial reporting framework, including where relevant their fair presentation;
(b) For such internal control as management and, where appropriate, those charged with
governance determine is necessary to enable the preparation of financial statements
that are free from material misstatement, whether due to fraud or error; and
(c) To provide the auditor with:
(i) Access to all information of which management and, where appropriate,
those charged with governance are aware that is relevant to the
preparation of the financial statements such as records, documentation and
other matters;
(ii) Additional information that the auditor may request from management
and, where appropriate, those charged with governance for the purpose of
the audit; and
(iii) Unrestricted access to persons within the entity from whom the auditor
determines it necessary to obtain audit evidence.
In the case of a fair presentation framework, (a) above may be restated as “for the
preparation and fair presentation of the financial statements in accordance with the
financial reporting framework,” or “for the preparation of financial statements that give
a true and fair view in accordance with the financial reporting framework.”
The “premise, relating to the responsibilities of management and, where appropriate, those
charged with governance, on which an audit is conducted” may also be referred to as the
“premise.”
Professional accountant15—An individual who is a member of an IFAC member body.
Professional accountant in public practice16—A professional accountant, irrespective of
functional classification (for example, audit, tax or consulting) in a firm that provides
professional services. This term is also used to refer to a firm of professional
accountants in public practice.
Professional judgment—The application of relevant training, knowledge and
experience, within the context provided by auditing, accounting and ethical standards, in
making informed decisions about the courses of action that are appropriate in the
circumstances of the audit engagement.
Professional skepticism—An attitude that includes a questioning mind, being alert to
conditions which may indicate possible misstatement due to error or fraud, and a critical
assessment of evidence.
Professional standards—International Standards on Auditing (ISAs) and relevant
ethical requirements
Professional standards (in the context of ISQC 117)—IAASB Engagement Standards,
as defined in the IAASB’s Preface to the International Standards on Quality Control,
Auditing, Review, Other Assurance and Related Services, and relevant ethical
requirements.
Projection—Prospective financial information prepared on the basis of:
(a) Hypothetical assumptions about future events and management actions which are
not necessarily expected to take place, such as when some entities are in a startup
phase or are considering a major change in the nature of operations; or
(b) A mixture of best-estimate and hypothetical assumptions.
Prospective financial information—Financial information based on assumptions about
events that may occur in the future and possible actions by an entity. Prospective
financial information can be in the form of a forecast, a projection or a combination of
both. (see Forecast and Projection)
Public sector—National governments, regional (for example, state, provincial,
territorial) governments, local (for example, city, town) governments and related
governmental entities (for example, agencies, boards, commissions and enterprises).
Reasonable assurance (in the context of assurance engagements, including audit
engagements, and quality control)—A high, but not absolute, level of assurance.
Reasonable assurance engagement—(see Assurance engagement)
Recalculation—Consists of checking the mathematical accuracy of documents or
records.
Related party—A party that is either:
(a) A related party as defined in the applicable financial reporting framework; or
(b) Where the applicable financial reporting framework establishes minimal or no
related party requirements:
(i) A person or other entity that has control or significant influence, directly
or indirectly through one or more intermediaries, over the reporting entity;
(ii) Another entity over which the reporting entity has control or significant
influence, directly or indirectly through one or more intermediaries; or(iii) Another entity that is under common control with the reporting entity
through having:
a. Common controlling ownership;
b. Owners who are close family members; or
c. Common key management.
However, entities that are under common control by a state (that is, a
national, regional or local government) are not considered related unless
they engage in significant transactions or share resources to a significant
extent with one another.
Related services—Comprise agreed-upon procedures and compilations.
Relevant ethical requirements—Ethical requirements to which the engagement team
and engagement quality control reviewer are subject, which ordinarily comprise Parts A
and B of the International Ethics Standards Board for Accountants’ Code of Ethics for
Professional Accountants (IESBA Code) together with national requirements that are
more restrictive.
Reperformance—The auditor’s independent execution of procedures or controls that
were originally performed as part of the entity’s internal controls.
Report on the description and design of controls at a service organization (referred to
in ISA 40218 as a type 1 report)—A report that comprises:
(a) A description, prepared by management of the service organization, of the service
organization’s system, control objectives and related controls that have been
designed and implemented as at a specified date; and
(b) A report by the service auditor with the objective of conveying reasonable
assurance that includes the service auditor’s opinion on the description of the
service organization’s system, control objectives and related controls and the
suitability of the design of the controls to achieve the specified control objectives.
Report on the description, design, and operating effectiveness of controls at a service
organization (referred to in ISA 402 as a type 2 report)—A report that comprises:
(a) A description, prepared by management of the service organization, of the service
organization’s system, control objectives and related controls, their design and
implementation as at a specified date or throughout a specified period and, in some
cases, their operating effectiveness throughout a specified period; and
(b) A report by the service auditor with the objective of conveying reasonable
assurance that includes:
(i) The service auditor’s opinion on the description of the service
organization’s system, control objectives and related controls, the suitability
of the design of the controls to achieve the specified control objectives, and
the operating effectiveness of the controls; and
(ii) A description of the service auditor’s tests of the controls and the results
thereof.
Responsible party—The person (or persons) who:
(a) In a direct reporting engagement, is responsible for the subject matter; or
(b) In an assertion-based engagement, is responsible for the subject matter information
(the assertion), and may be responsible for the subject matter.
The responsible party may or may not be the party who engages the practitioner (the
engaging party).
Review (in relation to quality control)—Appraising the quality of the work performed
and conclusions reached by others.
Review engagement—The objective of a review engagement is to enable an auditor to
state whether, on the basis of procedures which do not provide all the evidence that
would be required in an audit, anything has come to the auditor’s attention that causes
the auditor to believe that the financial statements are not prepared, in all material
respects, in accordance with an applicable financial reporting framework.
Review procedures—The procedures deemed necessary to meet the objective of a
review engagement, primarily inquiries of entity personnel and analytical procedures
applied to financial data.
Risk assessment procedures—The audit procedures performed to obtain an
understanding of the entity and its environment, including the entity’s internal control,
to identify and assess the risks of material misstatement, whether due to fraud or error,
at the financial statement and assertion levels.
Risk of material misstatement—The risk that the financial statements are materially
misstated prior to audit. This consists of two components, described as follows at the
assertion level:
(a) Inherent risk—The susceptibility of an assertion about a class of transaction,
account balance or disclosure to a misstatement that could be material, either
individually or when aggregated with other misstatements, before consideration
of any related controls.
(b) Control risk—The risk that a misstatement that could occur in an assertion about a
class of transaction, account balance or disclosure and that could be material, either
individually or when aggregated with other misstatements, will not be prevented, or
detected and corrected, on a timely basis by the entity’s internal control.
Sampling—(see Audit sampling)
Sampling risk—The risk that the auditor’s conclusion based on a sample may be
different from the conclusion if the entire population were subjected to the same audit
procedure. Sampling risk can lead to two types of erroneous conclusions:
(a) In the case of a test of controls, that controls are more effective than they actually
are, or in the case of a test of details, that a material misstatement does not exist
when in fact it does. The auditor is primarily concerned with this type of erroneous
conclusion because it affects audit effectiveness and is more likely to lead to an
inappropriate audit opinion.
(b) In the case of a test of controls, that controls are less effective than they actually
are, or in the case of a test of details, that a material misstatement exists when in
fact it does not. This type of erroneous conclusion affects audit efficiency as it
would usually lead to additional work to establish that initial conclusions were
incorrect.
Sampling unit—The individual items constituting a population.
Scope of a review—The review procedures deemed necessary in the circumstances to
achieve the objective of the review.
Service auditor—An auditor who, at the request of the service organization, provides
an assurance report on the controls of a service organization.
Service organization—A third-party organization (or segment of a third-party
organization) that provides services to user entities that are part of those entities’
information systems relevant to financial reporting.
Service organization’s system—The policies and procedures designed, implemented
and maintained by the service organization to provide user entities with the services
covered by the service auditor’s report.
Significance—The relative importance of a matter, taken in context. The significance of
a matter is judged by the practitioner in the context in which it is being considered. This
might include, for example, the reasonable prospect of its changing or influencing the
decisions of intended users of the practitioner’s report; or, as another example, where
the context is a judgment about whether to report a matter to those charged with
governance, whether the matter would be regarded as important by them in relation to
their duties. Significance can be considered in the context of quantitative and qualitative
factors, such as relative magnitude, the nature and effect on the subject matter and the
expressed interests of intended users or recipients.
Significant component—A component identified by the group engagement team (i) that
is of individual financial significance to the group, or (ii) that, due to its specific nature
or circumstances, is likely to include significant risks of material misstatement of the
group financial statements.
Significant deficiency in internal control—A deficiency or combination of deficiencies
in internal control that, in the auditor’s professional judgment, is of sufficient
importance to merit the attention of those charged with governance.
Significant risk—An identified and assessed risk of material misstatement that, in the
auditor’s judgment, requires special audit consideration.
Smaller entity—An entity which typically possesses qualitative characteristics such as:
(a) Concentration of ownership and management in a small number of individuals
(often a single individual – either a natural person or another enterprise that owns
the entity provided the owner exhibits the relevant qualitative characteristics); and
(b) One or more of the following:
(i) Straightforward or uncomplicated transactions;
(ii) Simple record-keeping;
(iii) Few lines of business and few products within business lines;
(iv) Few internal controls;
(v) Few levels of management with responsibility for a broad range of
controls; or
(vi) Few personnel, many having a wide range of duties.
These qualitative characteristics are not exhaustive, they are not exclusive to
smaller entities, and smaller entities do not necessarily display all of these
characteristics.
Special purpose financial statements—Financial statements prepared in accordance
with a special purpose framework.
Special purpose framework—A financial reporting framework designed to meet the
financial information needs of specific users. The financial reporting framework may be
a fair presentation framework or a compliance framework.19
Staff—Professionals, other than partners, including any experts the firm employs.
Statistical sampling—An approach to sampling that has the following characteristics:
(a) Random selection of the sample items; and
(b) The use of probability theory to evaluate sample results, including measurement of
sampling risk.
A sampling approach that does not have characteristics (a) and (b) is considered nonstatistical
sampling.
Stratification—The process of dividing a population into sub-populations, each of which
is a group of sampling units which have similar characteristics (often monetary value).
Subject matter information—The outcome of the evaluation or measurement of a subject
matter. It is the subject matter information about which the practitioner gathers sufficient appropriate evidence to provide a reasonable basis for expressing a conclusion in an assurance report.
Subsequent events—Events occurring between the date of the financial statements and
the date of the auditor’s report, and facts that become known to the auditor after the date
of the auditor’s report.
Subservice organization—A service organization used by another service organization
to perform some of the services provided to user entities that are part of those user
entities’ information systems relevant to financial reporting.
Substantive procedure—An audit procedure designed to detect material misstatements
at the assertion level. Substantive procedures comprise:
(a) Tests of details (of classes of transactions, account balances, and disclosures); and
(b) Substantive analytical procedures.
Sufficiency (of audit evidence)—The measure of the quantity of audit evidence. The
quantity of the audit evidence needed is affected by the auditor’s assessment of the risks
of material misstatement and also by the quality of such audit evidence.
Suitable criteria—(see Criteria)
Suitably qualified external person—An individual outside the firm with the
competence and capabilities to act as an engagement partner, for example a partner of
another firm, or an employee (with appropriate experience) of either a professional
accountancy body whose members may perform audits and reviews of historical
financial information, or other assurance or related services engagements, or of an
organization that provides relevant quality control services.
Summary financial statements (in the context of ISA 810)—Historical financial
information that is derived from financial statements but that contains less detail than the
financial statements, while still providing a structured representation consistent with that
provided by the financial statements of the entity’s economic resources or obligations at a
point in time or the changes therein for a period of time.20 Different jurisdictions may use
different terminology to describe such historical financial information.
Supplementary information—Information that is presented together with the financial
statements that is not required by the applicable financial reporting framework used to
prepare the financial statements, normally presented in either supplementary schedules
or as additional notes.
Test—The application of procedures to some or all items in a population.
Tests of controls—An audit procedure designed to evaluate the operating effectiveness
of controls in preventing, or detecting and correcting, material misstatements at the
assertion level.
Those charged with governance—The person(s) or organization(s) (for example, a
corporate trustee) with responsibility for overseeing the strategic direction of the entity
and obligations related to the accountability of the entity. This includes overseeing the
financial reporting process. For some entities in some jurisdictions, those charged with
governance may include management personnel, for example, executive members of a
governance board of a private or public sector entity, or an owner-manager.21
Tolerable misstatement—A monetary amount set by the auditor in respect of which the
auditor seeks to obtain an appropriate level of assurance that the monetary amount set
by the auditor is not exceeded by the actual misstatement in the population.
Tolerable rate of deviation—A rate of deviation from prescribed internal control
procedures set by the auditor in respect of which the auditor seeks to obtain an
appropriate level of assurance that the rate of deviation set by the auditor is not
exceeded by the actual rate of deviation in the population.
Uncertainty—A matter whose outcome depends on future actions or events not under
the direct control of the entity but that may affect the financial statements.
Uncorrected misstatements—Misstatements that the auditor has accumulated during
the audit and that have not been corrected.
Unmodified opinion—The opinion expressed by the auditor when the auditor
concludes that the financial statements are prepared, in all material respects, in
accordance with the applicable financial reporting framework.22
User auditor—An auditor who audits and reports on the financial statements of a user
entity.
User entity—An entity that uses a service organization and whose financial statements
are being audited.
Walk-through test—Involves tracing a few transactions through the financial reporting
system.
Written representation—A written statement by management provided to the auditor to
confirm certain matters or to support other audit evidence. Written representations in
this context do not include financial statements, the assertions therein, or supporting
books and records.