Audit Inquiry — An audit procedure that involves asking questions of the auditee or other parties in order to obtain oral and written information. Evidence gathered through inquiry is considered indirect evidence, which is rarely considered sufficient by itself to support a finding. However, it is supportive documentation when corroborated through other means.
AuditPlanning — An overall strategy developed for conduct and scope of the audit. The nature, extent, and timing of planning vary with size and complexity of the entity, experience with the entity, and knowledge of the business. In planning the audit, the auditor considers the entity's business and its industry, its accounting policies and procedures, the methods it uses to process accounting information, the planned assessed level of control risk, and the auditor's preliminary judgment about audit materiality.
AuditRisk — A combination of the risk that material errors exist and the risk that the errors will not be discovered by audit tests. Audit risk includes uncertainties because of sampling (sampling risk) and other factors (nonsampling risk).
AuditTrail — A record of transactions in an accounting system that provides verification of the activity of the system. A complete audit trail allows auditors to trace transactions in a client’s accounting records from original source documents into subsidiary ledgers through the general ledger and into basic financial statements and billings/invoices prepared and submitted by the entity.
Audit Universe — All potential audit activities within an organization; comprises all auditable units within an organization. These units can include a range of programs, activities, functions, structures, and initiatives, which collectively contribute to the achievement of the STA’s strategic objectives.
Auditable Units — Any organizational process or activity that can be audited. Internal auditors divide an organization into manageable auditable activities (auditable units) to define the audit universe, assess risk, and prioritize the use of audit resources.
Benford'sLaw — A mathematical law that applies to any population of numbers derived from other numbers (such as the dollar amount of a sale, found by multiplying the quantity sold times the unit price). It holds, for example, that 30% of the time the first non‐zero digit of this derived number will be one, and it will be a nine only 4.6% of the time. Benford's law is used by auditors to identify unusual data patterns that may signal the presence of errors or fraud.
ChangeOrder — Document required when work is added to or deleted from the original scope of work of a contract which alters the original contract amount and/or completion date.
CodeofFederalRegulations (CFR) — The codification of the general and permanent rules published in the FederalRegister by the executive departments and agencies of the federal government. The CFR is divided into 50 titles that represent broad areas subject to the federal regulation.
ContractModification — A change to an existing contract for a change in scope or other factors which must be agreed to by all parties of the contract.
ControlEnvironment — The attitude, awareness, and actions of the board, management, owners, and others about the importance of control. This includes integrity and ethical rules, commitment to competence, board or audit committee participation, organizational structure, assignment of authority and responsibility, and human resource policies and practices.
Cost Center — A grouping of incurred costs identified with a specific final cost objective.
CostPrinciples — Federal cost principles are intended to establish a uniform approach for determining costs and promoting effective program delivery, efficiency, and better relationships between grant recipients, subrecipients, and the federal government. The principles are promulgated to determine allowable costs, enforce compliance with federal grant requirements, and ensure that the federal government bears its fair share of costs except where restricted or otherwise prohibited by law.
DetectionRisk — The risk audit procedures will lead to a conclusion that material error does not exist when, in fact, such error does exist.
DOT — A state Department of Transportation.
DirectCost — Any cost that is identified specifically with a particular final cost objective. Direct costs are not limited to items that are incorporated in the end product as material or labor. Costs identified specifically with a contract are direct costs of that contract. All costs identified specifically with other final cost objectives of the contractor are direct costs of those cost objectives. Direct costs can include labor, materials, and reimbursable expenses incurred specifically for an agreement.
EngagementLetter — A letter that represents the understanding between the client and the CPA about the engagement. The letter identifies the financial statements and/or schedules and describes the nature of procedures to be performed. It includes the objectives of the procedures, an explanation that the financial information is the responsibility of the company's management, and a description of the form of auditor’s report.
EntranceConference — A meeting between the auditor and the auditee during which the purpose and scope of the audit are discussed.
ExitConference — A meeting between the auditor and the auditee held after completion of the audit that generally focuses on preliminary audit findings, which could change based on further audit testing, supervisory review, and additional information submitted by the auditee.
FederalTravelRegulation(FTR) — As contained in 41CFR 300‐304. The FTR implements policies for travel by federal civilian employees and others authorized to travel at the federal government’s expense.
Finding — Results from deficiencies in internal controls, fraud, illegal acts, violations of contract or grant provisions, and/or abuse. In accordance with GAGAS, when documenting a finding, the auditor should include the condition, criteria, cause, effect, and a recommendation for correction. Generally, auditors include management responses to reportable findings within the final audit report.
GAAP — Generally Accepted Accounting Principles – Widely accepted set of rules, conventions, standards, and procedures for reporting financial information, as established by the Financial Accounting Standards Board (FASB).
GAAS — Generally Accepted Auditing Standards – The ten auditing standards adopted by the membership of the AICPA. Auditing standards differ from audit procedures in that "procedures" relate to acts to be performed, whereas "standards" pertain to the quality of the performance of those acts and the objectives of the procedures.
GAGAS — Generally Accepted Government Auditing Standards – Also known as the “Yellow Book,” issued by the U.S. Government Accountability Office (GAO). GAGAS prescribe general procedures and professional standards that auditors must apply when performing government audits or attestation engagements.
GeneralAdministrativeExpenses — Costs of operating a company that are incurred by, or allocated to, a business unit and are not directly linked to the company’s products or services.
Government Accountability Office — GAO — The audit, evaluation, and investigative arm of the United States Congress.
Indirect Cost — Any cost that is not directly identified with a single, final cost objective, but is identified with two or more final cost objectives or an intermediate cost objective. Recipients recover their indirect costs in their overhead rate.
IneligibleCost — A cost that does not meet the terms of the agreement as well as federal and state statutes and regulations.
InherentRisk — The risk that exists in an environment without the benefit of internal controls due to other factors such as the nature of transaction or activity. For example – complexity, frequent change, etc.
Inspection — An audit procedure that involves the auditor’s review of a document or record through physical examination to provide direct evidence of its content. This is a means of gathering direct evidence.
InternalControl — The plan of an entity and the methods and procedures adopted by management to ensure that the entity’s goals and objectives are met; that resources are used consistently with laws, regulations, and policies; that resources are safeguarded against waste, loss, and misuse; and that reliable data are obtained, maintained, and fairly disclosed in reports.
Narrative — A written description of an internal control system, procedure, or process.
Observation — An audit procedure that involves the auditor seeing or experiencing something first hand. It could include having the auditee walk through a process while the auditor observes and monitors the activities, procedures, and steps performed and observes security practices. Through the performance of this activity, the auditor is able to obtain direct evidence.
Overhead Expenses — All allowable general administrative expenses and fringe benefit costs not directly identified with a single final cost objective. Depending upon the size of the auditee, these costs may be separately identified on a schedule of overhead costs.
OverheadRate — A rate computed by adding together all of an entity’s costs that cannot be associated with a single cost objective (e.g., general and administrative costs and fringe benefits costs), then dividing by a base value (usually direct labor cost). This rate is applied to direct labor, as incurred on projects, to allow an entity to recover the appropriate share of indirect costs allowable per the terms of the specific agreement.
PeerReview — A quality control program in which the audit documentation of one STA audit group is periodically (three years for GAGAS, five years for IIA) reviewed by independent partners of other STA groups to verify that it conforms to the standards of the profession.
Permanent Files — File containing information of continuing importance to engagements covering an auditable unit.
ProjectAuthorizationandAgreement — A contractual obligation of the federal government for payment of the federal share of project costs. The agreement will include a description of the project, the federal-aid project number, the work covered, total cost and amount of federal aid funds, the federal share of funds, signatures of state and federal officials, and any other provision set out by 23 U.S.C. 106 and/or 23 CFR.
ReasonableCost — A cost is reasonable if, in its nature and amount, it does not exceed that which would be incurred by a prudent person in the conduct of competitive business.
Reconcile(reconciliation) — Efforts to prepare a schedule establishing agreement between separate sources of information, such as accounting records reconciled with the financial statements.
Reperformance — An audit procedure that involves the auditor redoing a certain activity or procedure to see if he or she arrives at the same results. The auditor’s reperformance of a particular control provides direct evidence to support whether a control is operating effectively.
ResidualRisk — The risk that exists after consideration of the controls management has implemented to mitigate or transfer risk.
ResolutionProcess — The process used to resolve findings. It may involve negotiating a corrective action, reimbursing funds, and improving procedures. Risk — The probability that an event or activity will occur that adversely impacts the achievement of an organization’s objectives.
SampleSize — The number of items selected when a sample is drawn from a population.
SamplingError — The risk that the sample results will mislead the auditor, unless the auditor examines 100% of the population. The larger the sample, the less risk of sampling error and the greater the reliability of the results.
SamplingRisk — The possibility that conclusions drawn from the sample may not represent correct conclusions for the entire population.
SegregationofDuties — Assigning to different people the responsibilities of authorizing transactions, recording transactions, and maintaining custody of assets. Segregation of duties reduces the opportunities for one person to both perpetrate and conceal errors or fraud.
SingleAudit — A rigorous, organization-wide audit or examination of an entity that expends $500,000 (currently) or more of federal assistance received for its operations. These are usually performed annually. The objective of a Single Audit is to provide assurance to the federal government as to the management and use of such funds by recipients such as states, cities, universities, and non‐profit organizations. These audits are typically performed by an independent certified public accountant (CPA) and encompass both financial and compliance components.
SourceDocumentation — Documents that support the costs recorded in an entity’s records. Source documents can include timesheets, payroll registers, invoices, receipts, rental slips, cancelled checks, etc.
Test — An audit procedure whereby the auditor reviews certain transactions and processes or attributes against established criteria. The auditor then decides whether the audited entity complied with the criteria, which are established standards, practices, laws, regulations or requirements.
Tracing — An audit procedure that involves tracking information forward from one document to another subsequently prepared document or record. This test is performed as a means to test for the completeness of the document or record.
UnallowableCost — An item of cost that is ineligible for cost reimbursement.
Verifying — The act of tracing a transaction from one document to the original support document.
Vouching — An audit procedure that involves tracking information from one document or record back into a previously prepared document or record or to some other reliable source. This procedure is performed in order to determine the validity of the information.
Walkthrough — Procedure whereby an auditor follows a transaction from origination through the company's processes, including information systems, until it is reflected in the company's financial records, using the same documents and information technology that company personnel use.