# 1 Assurance services independent professional services that improve the quality of information or its context for decision-makers. 2 Material 3 Professional scepticism information is material if its omission or misstatement could influence decisions that the primary users of general-purpose financial reports make based on those reports. an attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement, and a critical assessment of evidence. 4 Assurance engagement an engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users, other than the responsible party, about the outcome of the evaluation or measurement of a subject matter against criteria. 5 Corporate governance the system by which business corporations are directed and controlled. The corporate governance structure specifies the distribution of rights and responsibilities among different participants in the corporation … and spells out the rules and procedures for making decisions on corporate affairs. By doing this, it also provides the structure through which the company objectives are set, and the means of attaining those objectives and monitoring performance. 6 – OECD Those charged individuals with responsibility for overseeing the strategic direction of the with governance entity and obligations related to the accountability of the entity, including (TCWG) overseeing the financial reporting process. 7 Management 8 Acceptable level 9 Safeguards 10 Public interest entity (PIE) 11 Public interest – ISA 260 individuals with executive responsibility for the conduct of the entity's operations. – ISA 260 a level at which a reasonable and informed third party would likely conclude that the professional accountant complies with the fundamental principles. actions, individually or in combination, taken by the professional accountant that effectively eliminate threats to compliance with the fundamental principles or reduce them to an acceptable level. a listed entity, an entity required by a regulator to be audited as if it were listed, or an entity of significant public interest due to size or nature of business. the values and principles relating to the public good, or what is in the best interests of society. 12 Preconditions for an audit management and, where appropriate, TCWG use an acceptable financial reporting framework to prepare the financial statements and agree to the premise on which an audit is conducted. 13 Audit documentation the record of audit procedures performed, relevant audit evidence obtained, and the auditor’s conclusions. 14 Inherent risk factors characteristics of events or conditions that affect susceptibility to misstatement, whether due to fraud or error, of an assertion about a class of transactions, account balance or disclosure, before consideration of controls. Such factors may be qualitative or quantitative. 15 Risk assessment procedures audit procedures designed and performed to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels. 16 Audit risk the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. It is a function of the risks of material misstatement and detection risk. (ISA 200) 17 Inherent risk the susceptibility of an assertion about a class of transaction, account balance or disclosure to a misstatement that could be material (either individually or when aggregated with other misstatements) before considering any related controls. 18 Relevant assertion an assertion about a class of transactions, account balance or disclosure that has an identified risk of material misstatement. 19 Significant risk an identified risk of material misstatement: • 20 Control risk For which the assessment of inherent risk is close to the upper end of the spectrum of inherent risk; or • That is to be treated as a significant risk in accordance with the requirements of other ISAs. the risk that a misstatement that could occur in an assertion (about a class of transaction, account balance or disclosure) and that could be material (either individually or in aggregate with other misstatements) will not be: • • prevented; or detected and corrected, on a timely basis, by the entity’s controls. 21 Detection risk the risk that audit procedures performed to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material (either individually or in aggregate). 22 System of internal control the system designed, implemented and maintained by TCWG, management and other personnel to provide reasonable assurance about: • • • the reliability of financial reporting; the effectiveness and efficiency of operations; and compliance with applicable laws and regulations. the policies and procedures that help ensure that management directives are carried out. 23 Control activities 24 Materiality information is material if its omission or misstatement could influence the decisions of primary users taken on the basis of the financial statements. Materiality depends on the nature and/or size of the items to which the information relates. It is entity specific. 25 Performance materiality the amounts set by the auditor at less than materiality for the financial statements as a whole to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole. 26 Error unintentional mistakes in financial statements, including the omission of an amount or disclosure. 27 Fraud an intentional act by one or more individuals that uses deception to obtain an unjust or illegal advantage. 28 Fraud risk factors events or conditions that indicate an incentive or pressure to commit fraud or provide an opportunity to commit fraud. 29 Non-compliance acts of omission or commission, intentional or unintentional, committed by the entity, TCWG, management or other individuals working under the direction of the entity, which are contrary to the prevailing laws or regulations. Non-compliance includes personal misconduct related to business activities (e.g. accepting a bribe from a supplier) but does not include personal misconduct unrelated to business activities. 30 IT environment the IT applications and supporting IT infrastructure, and the IT processes and personnel involved in those processes, that are used to support business operations and achieve business strategies. 31 General IT controls controls over the IT processes that support the continued proper operation of the IT environment, including the continued effective functioning of information processing controls and the integrity of information (i.e. the completeness, accuracy and validity of information) in the information system. 32 Information processing controls 33 Test of controls 34 Direct control 35 Indirect control controls that support direct controls. 36 Deficiency in internal control – exists when: controls relating to the processing of information in IT applications or manual information processes that directly address risks to the integrity of information (i.e. the completeness, accuracy and validity of transactions and other information). an audit procedure designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level. controls that are precise enough to address risks of material misstatement at the assertion level. • 37 Significant deficiency 38 Internal audit A control is designed, implemented or operated in such a way that it is unable to prevent, or detect and correct, misstatements in the financial statements on a timely basis; or • A control necessary to prevent or detect and correct misstatements in the financial statements on a timely basis is missing. a deficiency (or combination of deficiencies) that is of sufficient importance to merit the attention of TCWG. an independent, objective assurance and consulting activity designed to add value and improve an organisation's operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. 39 Outsourcing – Institute of Internal Auditors IIA the process of contracting out one or more elements of operations to a service provider outside of the organisation's management structure. 40 Value for money auditing the evaluation of management's achievements in terms of the economy, efficiency and effectiveness (the "3 Es") of operations. 41 Best value a duty to deliver services to clear standards – covering both cost and quality – by the most effective, economical and efficient means available. 42 Regulatory compliance adhering to the rules and regulations applicable to an activity prescribed by an external agency or authority. 43 Customer service the sum total of what an organisation does to meet customer expectations and produce customer satisfaction. 44 Customer experience what a customer feels and remembers about the customer service received. – Institute of Customer Service representations, explicit or otherwise, with respect to the recognition, measurement, presentation and disclosure of information in the financial statements which are inherent in management representing that the financial statements are prepared in accordance with the applicable financial reporting framework. 45 Assertions 46 Analytical procedures evaluations of financial information through analysis of plausible relationships between both financial and non-financial data. Analytical procedures also encompass such investigation as is necessary of identified fluctuations or relationships that are inconsistent with other relevant information or that differ from expected values by a significant amount. 47 Accounting estimate an approximation of a monetary amount in the absence of a precise means of measurement. 48 Estimation uncertainty the susceptibility of an accounting estimate and related disclosures to an inherent lack of precision in its measurement. 49 Management's expert 50 Auditor's expert An individual or organisation possessing expertise in a field other than accounting or auditing, whose work in that field is used by the entity to assist the entity in preparing the financial statements. (ISA 500 Audit Evidence) An individual or organisation with expertise in a field other than accounting or auditing, whose work is used by the auditor in obtaining sufficient appropriate audit evidence. (ISA 620 Using the Work of an Auditor’s Expert) 51 Competence possession of a level of expertise. 52 Capability the ability to exercise competence. 53 Objectivity the possible effects that bias, conflict of interest or the influence of others may have on the expert's judgment. 54 Direct assistance the use of internal auditors to perform audit procedures under the direction, supervision and review of the external auditor. 55 Service organisation a third-party organisation that provides services to user entities that are relevant to those entities' information systems relevant to financial reporting. 56 Audit sampling applying audit procedures to less than 100% of items in a population, such that all sampling units have a chance of selection, in order to draw a conclusion about the population. 57 Anomaly 58 Population 59 Sampling risk 60 Confidence level the mathematical complement of risk (e.g. 5% risk = 95% confidence). 61 Non-sampling risk arises from factors that cause the auditor to reach an erroneous conclusion for any reason not related to the size of the sample. For example, the auditor might use inappropriate procedures or misinterpret evidence and fail to recognise a deviation or misstatement. (Judgmental selection is subject to non-sampling risk.) 62 Sampling unit the individual items that constitute a population, for example, credit entries on bank statements, sales invoices, trade receivable balances or a monetary unit ($1). 63 Statistical sampling any approach to sampling that has the following characteristics: 64 Stratification 65 Tolerable misstatement (in tests of details) Tolerable rate of deviation (in tests of controls) Written representations 66 67 a misstatement or deviation that is demonstrably not representative of misstatements or deviations in a population (e.g. because it arises from an isolated event that has not reoccurred other than on specifically identifiable occasions). the entire set of data from which the auditor wishes to sample (e.g. all items in an account balance or a class of transactions). the risk that arises from the possibility that the auditor's conclusion, based on a sample, may be different from the conclusion that would be reached if the entire population were subjected to the same audit procedure. a. random selection of a sample; and b. use of probability theory to evaluate sample results, including measurement of sampling risk. the process of dividing a population into subpopulations, each of which is a group of sampling units with similar characteristics (often monetary value). the highest misstatement that could occur before the population would be considered materially misstated. the highest deviation rate (i.e. the proportion of items with deviations from controls) the auditor could accept and still conclude that the design and operation of an internal control over the population is effective. a written statement by management provided to the auditor to confirm certain matters or to support other audit evidence. Written representations in this context do not include financial statements, the assertions therein, or supporting books and records. 68 Automated tools a broad term for the tools and techniques used by auditors in performing and techniques audit procedures. (ATTs) 69 Test data data (valid and invalid) generated by the auditor and processed through the client's system to enable the auditor to assess the effectiveness of programmed controls. 70 Audit software software ("computer audit programs") specially designed for audit purposes. It is used to process and analyse the client's data independently of the client's program, to verify the system’s accuracy. 71 Data analytics the science of examining raw data to draw insights from it. 72 Asset a present economic resource controlled by the entity due to past events. 73 Intangible asset an identifiable non-monetary asset without physical substance. 74 Cost includes: • Purchase price, non-recoverable taxes (e.g. import duties), transport, handling and other costs directly attributable to the acquisition of finished goods, materials and services. • Direct production costs (including production overheads) for work-in-progress. • Other costs only to the extent incurred in bringing the inventories to their present location and condition (e.g. maturing costs for brandy, cheese, seasoned wood). the estimated selling price in the ordinary course of business, less the estimated costs of completion and the estimated costs necessary to make the sale. 75 Net realisable value 76 External confirmation audit evidence obtained as a direct written response to the auditor from a third party in paper form or by electronic or other medium. 77 Liability a present obligation arising from past events, the settlement of which is expected to result in an outflow of resources. 78 Provision a liability of uncertain timing or amount. 79 Obligating event an event that creates a legal or constructive obligation that the entity is bound to settle. 80 Contingent liability • • a possible obligation that arises from past events and whose existence will be confirmed only by the occurrence or nonoccurrence of one or more uncertain future events not wholly within management's control; or a present obligation that arises from past events which cannot be recognised because: 1. an outflow of resources is not probable; or 2. the amount cannot be measured with sufficient reliability. 81 Contingent asset a possible asset that arises from past events and whose existence will be confirmed only by the occurrence or non-occurrence of one or more uncertain future events not wholly within management's control. 82 Owner-manager a proprietor involved in the day-to-day running of a smaller entity. 83 Not-for-profit organisation (NFP) an organisation that does not distribute its surplus funds to owners or shareholders but instead uses them to help pursue its goals. 84 Misstatement (ISA 450) a difference between the amount, classification, presentation or disclosure of a reported financial statement item and what is required for that item in accordance with the applicable financial reporting framework. Misstatements can arise from error or fraud. 85 Uncorrected misstatements misstatements that the auditor has accumulated during the audit and that have not been corrected. 86 Other information financial or non-financial information (other than the financial statements and auditor's report) included in an entity's annual report. 87 Annual report a document or combination of documents prepared annually by management or TCWG to provide owners and stakeholders with information on the entity's operations, financial results and financial position. 88 Events after the reporting period 89 Subsequent events 90 Key audit matters (KAM) those events, both favourable and unfavourable, that occur between the end of the reporting period and the date on which the financial statements are authorised for issue. – IAS 10 Events after the Reporting Period events occurring between the date of the financial statements and the date of the auditor's report and facts that become known after the date of the auditor's report. – ISA 560 Subsequent Events those matters that, in the auditor's professional judgement, were of most significance in the audit of the financial statements of the current period. They are selected from matters communicated with TCWG. 91 Pervasive effects on the financial statements which, in the auditor's judgement: i.Are not confined to specific elements, accounts or items of the financial statements; ii. If so confined, represent or could represent a substantial proportion of the financial statements; or iii. In relation to disclosures, are fundamental to users' understanding of the financial statements. 92 Going concern an entity that will continue to operate for the foreseeable future and has neither the intention nor the need to liquidate or significantly reduce the scale of its operations. 93 Foreseeable future a period of at least, but not limited to, 12 months from the end of the reporting period. 94 Material uncertainty an uncertainty related to events or conditions which may cast significant doubt on the entity's ability to continue as a going concern. 95 "Close-call" scenario identified events or conditions that may cast significant doubt on an entity's ability to continue as a going concern exist, but on balance, after much analysis, it is concluded that management’s mitigating plans are just about sufficient. 96 Internal auditing an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of risk management, control, and governance processes. 97 Engagement quality review – The Institute of Internal Auditors (IIA) an objective evaluation of the significant judgments made by the engagement team and the conclusions reached thereon, performed by the engagement quality reviewer and completed on or before the date of the engagement report. 98 Engagement quality reviewer a partner, other individual in the firm, or an external individual, appointed by the firm to perform the engagement quality review. 99 Applicable financial reporting framework the financial reporting framework adopted by management in the preparation of the financial statements that is acceptable in view of the nature of the entity and the objective of the financial statements or that is required by law or regulation. 100 Reasonable assurance a high, but not absolute, level of assurance. 101 Professional judgment the application of relevant training, knowledge and experience, within the context provided by auditing, accounting and ethical standards, in making informed decisions about the courses of action that are appropriate in the circumstances of the audit engagement. 102 Accounting records - the records of initial accounting entries and supporting records (e.g. records of electronic fund transfers, invoices, contracts); - the general and subsidiary ledgers, journal entries and other adjustments to the financial statements that are not reflected in formal journal entries; and - records such as work sheets and spreadsheets supporting cost allocations, computations, reconciliations and disclosures. 103 Contingent fees fees calculated on a predetermined basis relating to the outcome of a transaction or the result of the services performed. 104 Control environment the combination of an organisation's governance and management functions and the attitudes, awareness and actions of TCWG concerning internal control. 105 Walk-through test the tracing of transactions through a financial system. 106 Substantive procedure an audit procedure designed to detect material misstatements at the assertion level. 107 Public interest the values and principles relating to the public good, or what is in the best interests of society. 108 Management bias a lack of neutrality by management in the preparation of information. 109 Controls policies or procedures to achieve the control objectives of management or those charged with governance. 110 Policies statements of what should, or should not, be done within the entity to effect control. 111 Procedures actions to implement policies. 112 Audit evidence information used by the auditor in arriving at the conclusions on which the audit opinion is based. It includes information contained in the accounting records underlying the financial statements and information from other sources. the systematic allocation of the depreciable amount of an asset over its useful life. 113 Depreciation 114 Depreciable amount the cost of an asset, or other amount substituted for cost (i.e. revalued amount), less its residual value.