Internal Auditing

Other Information: Useful Definitions

Control: Any action taken by management, the board and other parties to enhance risk management and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved.

Control Environment: The attitude and actions of the board and management regarding the significance of control within the organization. The control environment provides the discipline and structure for the achievement of the primary objectives of the system of internal control. The control environment includes the following elements:

• Integrity and ethical values
• Management's philosophy and operating style
• Organizational structure
• Assignment of authority and responsibility
• Human resource policies and practices
• Competence of personnel

Corporate Governance Controls: Actions performed at a very high level of the organization, such as reviews and approval processes performed by the Board of Governors, Audit Committees, Executive Committees, etc.

Monitoring Controls: Actions performed at the management level designed to provide assurance that information on the operations is appropriate and consistently prepared.

Risk: The uncertainty of an event occurring that could have an impact on the achievement of objectives. Risk is measured in terms of consequences and likelihood.

Transaction Controls: Actions performed at the transaction level. The controls apply to every transaction; for example, systems controls are transaction controls because each transaction is subject to the systems controls.