Access controls—Procedures designed to restrict access to on-line terminal devices, programs and data.

User authentication - typically attempts to identify a user through unique logon identifications, passwords, access cards or

biometric data

User authorization - consists of access rules to determine the computer resources each user may access

Accounting estimate—An approximation of a monetary amount in the absence of a precise means of measurement.

Accounting records—The records of initial accounting entries and supporting records, such as checks and records of electronic fund

transfers; invoices; contracts; the general and subsidiary ledgers, journal entries and other adjustments to the financial statements that

are not reflected in formal journal entries; and records such as work sheets and spreadsheets supporting cost allocations, computations,

reconciliations and disclosures.

Agreed-upon procedures engagement—An engagement in which an auditor is engaged to carry out those procedures of an audit

nature to which the auditor and the entity and any appropriate third parties have agreed and to report on factual findings.

Analytical procedures — Evaluations of financial information through analysis of plausible relationships among both financial and

non-financial data.

Annual report—A document issued by an entity, ordinarily on an annual basis, which includes its financial statements together with

the auditor’s report thereon.

Anomaly— A misstatement or deviation that is demonstrably not representative of misstatements or deviations in a population.

Applicable financial reporting framework—The financial reporting framework adopted by management and, where appropriate,

those charged with governance in the preparation of the financial statements that is acceptable in view of the nature of the entity and

the objective of the financial statements, or that is required by law or regulation.

fair presentation framework - is used to refer to a financial reportingframework that requires compliance with the

requirements of the framework and:

(a) Acknowledges explicitly or implicitly that, to achieve fair presentation of the financial statements, it may be necessary for

management to provide disclosures beyond those specifically required by the framework; or

b) Acknowledges explicitly that it may be necessary for management to depart from a requirement of the framework to

achieve fair presentation of the financial statements. Such departures are expected to be necessary only in extremely rare

circumstances.

compliance framework - is used to refer to a financial reporting framework

that requires compliance with the requirements of the framework, but does not contain

the acknowledgements in (a) or (b) above.

Application controls in information technology— Manual or automated procedures that typically operate at a business process

level.
Applied criteria - The criteria applied by management in the preparation of the summary financial statements.

Appropriateness - The measure of the quality of audit evidence; that is, its relevance and its reliability in providing support for the

conclusions on which the auditor’s opinion is based.

Arm’s length transaction—A transaction conducted on such terms and conditions as between a willing buyer and a willing seller

who are unrelated and are acting independently of each other and pursuing their own best interests.

Assertions—Representations by management, explicit or otherwise, that are embodied in the financial statements, as used by the

auditor to consider the different types of potential misstatements that may occur.

Assess—Analyze identified risks of material misstatement to conclude on their significance.

Assurance engagement—An engagement in which a practitioner expresses a conclusion designed to enhance the degree of

confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject

matter against criteria.

Reasonable assurance engagement—The objective of a reasonable assurance engagement is a reduction in assurance

engagement risk to an acceptably low level in the circumstances of the engagement 4 as the basis for a positive form of

expression of the practitioner’s conclusion.

Limited assurance engagement—The objective of a limited assurance engagement is a reduction in assurance engagement

risk to a level that is acceptable in the circumstances of the engagement, but where that risk is greater than for a reasonable

assurance engagement, as the basis for a negative form of expression of the practitioner’s conclusion.

Assurance engagement risk— The risk that the practitioner expresses an inappropriate conclusion when the subject matter

information is materially misstated.

Audit documentation—The record of audit procedures performed, relevant audit evidence obtained, and conclusions the auditor

reached

Audit evidence—Information used by the auditor in arriving at the conclusions on which the auditor’s opinion is based.

Audit file— One or more folders or other storage media, in physical or electronic form, containing the records that comprise the audit

documentation for a specific engagement

Audit risk—The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated.

Audit sampling - The application of audit procedures to less than 100% of items within a population of audit relevance such that all

sampling units have a chance of selection in order to provide the auditor with a reasonable basis on which to draw conclusions about

the entire population.

Audited financial statements - Financial statements audited by the auditor in accordance with ISAs, and from which the summary

financial statements are derived.

Auditor- is used to refer to the person or persons conducting the audit, usually the engagement partner or other members of the

engagement team, or, as applicable, the firm.

Auditor’s expert—An individual or organization possessing expertise in a field other than accounting or auditing, whose work in that

field is used by the auditor to assist the auditor in obtaining sufficient appropriate audit evidence.

Auditor’s point estimate or auditor’s range—The amount, or range of amounts, respectively, derived from audit evidence for use in

evaluating management’s point estimate.

Business risk—A risk resulting from significant conditions, events, circumstances, actions or inactions that could adversely affect an

entity’s ability to achieve its objectives and execute its strategies, or from the setting of inappropriate objectives and strategies.

Comparative financial statements—Comparative information where amounts and other disclosures for the prior period are included

for comparison with the financial statements of the current period but, if audited, are referred to in the auditor’s opinion.

Comparative information—The amounts and disclosures included in the financial statements in respect of one or more prior periods

in accordance with the applicable financial reporting framework.

Compilation engagement—An engagement in which accounting expertise, as opposed to auditing expertise, is used to collect,

classify and summarize financial information.

Complementary user entity controls—Controls that the service organization assumes, in the design of its service, will be

implemented by user entities, and which, if necessary to achieve control objectives, are identified in the description of its system.

Component—An entity or business activity for which group or component management prepares financial information that should be

included in the group financial statements.

Component auditor—An auditor who, at the request of the group engagement team, performs work on financial information related

to a component for the group audit.

Component management—Management responsible for the preparation of the financial information of a component.

Component materiality—The materiality for a component determined by the group engagement team.

Computer-assisted audit techniques—Applications of auditing procedures using the computer as an audit tool (also known as

CAATs).

Control activities —Those policies and procedures that help ensure that management directives are carried out.

Control environment—Includes the governance and management functions and the attitudes, awareness and actions of those charged

with governance and management concerning the entity’s internal control and its importance in the entity

Corresponding figures—Comparative information where amounts and other disclosures for the prior period are included as an

integral part of the current period financial statements, and are intended to be read only in relation to the amounts and other

disclosures relating to the current period (referred to as “current period figures”).

Criteria—The benchmarks used to evaluate or measure the subject matter including, where relevant, benchmarks for presentation and

disclosure.

(a) Relevance: relevant criteria contribute to conclusions that assist decisionmaking by the intended users.

(b) Completeness: criteria are sufficiently complete when relevant factors that could affect the conclusions in the context of

the engagement circumstances are not omitted.

(c) Reliability: reliable criteria allow reasonably consistent evaluation or measurement of the subject matter including, where

relevant, presentation and disclosure, when used in similar circumstances by similarly qualified practitioners.

(d) Neutrality: neutral criteria contribute to conclusions that are free from bias.

(e) Understandability: understandable criteria contribute to conclusions that are clear, comprehensive, and not subject to

significantly different interpretations.

Date of approval of the financial statements—The date on which all the statements that comprise the financial statements, including

the related notes, have been prepared and those with the recognized authority have asserted that they have taken responsibility for

those financial statements.

Date of report—The date selected by the practitioner to date the report.

Date of the auditor’s report—The date the auditor dates the report on the financial statements in accordance with ISA 700.

Date of the financial statements—The date of the end of the latest period covered by the financial statements.

Date the financial statements are issued—The date that the auditor’s report and audited financial statements are made available to

third parties.

Deficiency in internal control—This exists when:

(a) A control is designed, implemented or operated in such a way that it is unable to prevent, or detect and correct,

misstatements in the financial statements on a timely basis; or

(b) A control necessary to prevent, or detect and correct, misstatements in the financial statements on a timely basis is

missing.

Detection risk—The risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a

misstatement that exists and that could be material, either individually or when aggregated with other misstatements.

Element of a financial statement - An element, account or item of a financial statement.

Emphasis of Matter paragraph—A paragraph included in the auditor’s report that refers to a matter appropriately presented or

disclosed in the financial statements that, in the auditor’s judgment, is of such importance that it is fundamental to users’

understanding of the financial statements.

Engagement documentation—The record of work performed, results obtained, and conclusions the practitioner reached (terms such

as “working papers” or “workpapers” are sometimes used).

Engagement letter—Written terms of an engagement in the form of a letter.

Engagement partner—The partner or other person in the firm who is responsible for the engagement and its performance, and for the

report that is issued on behalf of the firm, and who, where required, has the appropriate authority from a professional, legal or

regulatory body.

Engagement quality control review—A process designed to provide an objective evaluation, on or before the date of the report, of

the significant judgments the engagement team made and the conclusions it reached in formulating the report.

Engagement quality control reviewer—A partner, other person in the firm, suitably qualified external person, or a team made up of

such individuals, none of whom is part of the engagement team, with sufficient and appropriate experience and authority to

objectively evaluate the significant judgments the engagement team made and the conclusions it reached in formulating the report.

Engagement team—All partners and staff performing the engagement, and any individuals engaged by the firm or a network firm

who perform procedures on the engagement.

Entity’s risk assessment process—A component of internal control that is the entity’s process for identifying business risks relevant

to financial reporting objectives and deciding about actions to address those risks, and the results thereof.

Environmental matters—

(a) Initiatives to prevent, abate, or remedy damage to the environment, or to deal with conservation of renewable and non

renewable resources (such initiatives may be required by environmental laws and regulations or by contract, or they

may be undertaken voluntarily);

(b) Consequences of violating environmental laws and regulations;

(c) Consequences of environmental damage done to others or to natural resources; and

(d) Consequences of vicarious liability imposed by law (for example, liability for damages caused by previous owners).

Environmental performance report—A report, separate from the financial statements, in which an entity provides third parties with

qualitative information on the entity’s commitments towards the environmental aspects of the business, its policies and targets in that

field, its achievement in managing the relationship between its business processes and environmental risk, and quantitative

information on its environmental performance.

Environmental risk—In certain circumstances, factors relevant to the assessment of inherent risk for the development of the overall

audit plan may include the risk of material misstatement of the financial statements due to environmental matters.

Error—An unintentional misstatement in financial statements, including the omission of an amount or a disclosure.

Estimation uncertainty—The susceptibility of an accounting estimate and related disclosures to an inherent lack of precision in its

measurement.

Evaluate—Identify and analyze the relevant issues, including performing further procedures as necessary, to come to a specific

conclusion on a matter.
Exception—A response that indicates a difference between information requested to be confirmed, or contained in the entity’s

records, and information provided by the confirming party.

Experienced auditor—An individual (whether internal or external to the firm) who has practical audit experience, and a reasonable

understanding of:

(a) Audit processes;

(b) ISAs and applicable legal and regulatory requirements;

(c) The business environment in which the entity operates; and

(d) Auditing and financial reporting issues relevant to the entity’s industry.

Expertise—Skills, knowledge and experience in a particular field.

External confirmation—Audit evidence obtained as a direct written response to the auditor from a third party (the confirming party),

in paper form, or by electronic or other medium.

Financial statements—A structured representation of historical financial information, including related notes, intended to

communicate an entity’s economic resources or obligations at a point in time or the changes therein for a period of time in accordance

with a financial reporting framework.

Firm—A sole practitioner, partnership or corporation or other entity of professional accountants.

Forecast—Prospective financial information prepared on the basis of assumptions as to future events which management expects to

take place and the actions management expects to take as of the date the information is prepared (best-estimate assumptions).

Fraud—An intentional act by one or more individuals among management, those charged with governance, employees, or third

parties, involving the use of deception to obtain an unjust or illegal advantage.

Fraud risk factors—Events or conditions that indicate an incentive or pressure to commit fraud or provide an opportunity to commit

fraud.

Fraudulent financial reporting—Involves intentional misstatements, including omissions of amounts or disclosures in financial

statements, to deceive financial statement users.

General IT controls—Policies and procedures that relate to many applications and support the effective functioning of application

controls by helping to ensure the continued proper operation of information systems

General purpose financial statements—Financial statements prepared in accordance with a general purpose framework.

General purpose framework—A financial reporting framework designed to meet the common financial information needs of a wide

range of users.

Governance—Describes the role of person(s) or organization(s) with responsibility for overseeing the strategic direction of the entity

and obligations related to the accountability of the entity.

Group—All the components whose financial information is included in the group financial statements. A group always has more than

one component.

Group audit—The audit of group financial statements.

Group audit opinion—The audit opinion on the group financial statements.

Group engagement partner—The partner or other person in the firm who is responsible for the group audit engagement and its

performance, and for the auditor’s report on the group financial statements that is issued on behalf of the firm.

Group engagement team—Partners, including the group engagement partner, and staff who establish the overall group audit

strategy, communicate with component auditors, audit evidence as the basis for forming an opinion on the group financial statements.

Group financial statements—Financial statements that include the financial information of more than one component. The term

“group financial statements” also refers to combined financial statements aggregating the financial information prepared by

components that have no parent but are under common control.

Group management—Management responsible for the preparation of the group financial statements.

Group-wide controls—Controls designed, implemented and maintained by group management over group financial reporting.

Historical financial information—Information expressed in financial terms in relation to a particular entity, derived primarily from

that entity’s accounting system, about economic events occurring in past time periods or about economic conditions or

circumstances at points in time in the past.

Inconsistency—Other information that contradicts information contained in the audited financial statements

Independence—Comprises:

(a) Independence of mind—the state of mind that permits the provision of an

opinion without being affected by influences that compromise professional

judgment, allowing an individual to act with integrity, and exercise objectivity

and professional skepticism.

(b) Independence in appearance—the avoidance of facts and circumstances that are

so significant a reasonable and informed third party, having knowledge of all

relevant information, including any safeguards applied, would reasonably

conclude a firm’s, or a member of the assurance team’s, integrity, objectivity or

professional skepticism had been compromised.

Information system relevant to financial reporting—A component of internal control that includes the financial reporting system,

and consists of the procedures and records established to initiate, record, process and report entity transactions (as well as events and

conditions) and to maintain accountability for the related assets, liabilities and equity.
Initial audit engagement—An engagement in which either:

(a) The financial statements for the prior period were not audited; or

(b) The financial statements for the prior period were audited by a predecessor auditor.

Inquiry—Inquiry consists of seeking information of knowledgeable persons, both financial and non-financial, within the entity or

outside the entity.

Inspection—Examining records or documents, whether internal or external, in paper form, electronic form, or other media, or a

physical examination of an asset.

Inspection - In relation to completed engagements, procedures designed to provide evidence of compliance by engagement teams

with the firm’s quality control policies and procedures.

Intended users—The person, persons or class of persons for whom the practitioner prepares the assurance report. The responsible

party can be one of the intended users, but not the only one.

Interim financial information or statements—Financial information (which may be less than a complete set of financial statements

as defined above) issued at interim dates (usually half-yearly or quarterly) in respect of a financial period.

Internal audit function—An appraisal activity established or provided as a service to the entity.

Internal auditors—Those individuals who perform the activities of the internal audit function. Internal auditors may belong to an

internal audit department or equivalent function.

Internal control—The process designed, implemented and maintained by those charged with governance, management and other

personnel to provide reasonable assurance about the achievement of an entity’s objectives with regard to reliability of financial

reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations.

International Financial Reporting Standards—The International Financial Reporting Standards issued by the International

Accounting Standards Board.

Investigate—Inquire into matters arising from other procedures to resolve them.

IT environment—The policies and procedures that the entity implements and the IT

infrastructure (hardware, operating systems, etc.) and application software that it uses to

support business operations and achieve business strategies.

Listed entity—An entity whose shares, stock or debt are quoted or listed on a recognized stock exchange, or are marketed under the

regulations of a recognized stock exchange or other equivalent body.

Management—The person(s) with executive responsibility for the conduct of the entity’s operations. For some entities in some

jurisdictions, management includes some or all of those charged with governance, for example, executive members of a governance

board, or an owner-manager.

Management bias—A lack of neutrality by management in the preparation of information.

Management’s expert—An individual or organization possessing expertise in a field other than accounting or auditing, whose work

in that field is used by the entity to assist the entity in preparing the financial statements.

Management’s point estimate—The amount selected by management for recognition or disclosure in the financial statements as an

accounting estimate.

Misappropriation of assets—Involves the theft of an entity’s assets and is often perpetrated by employees in relatively small and

immaterial amounts.

Misstatement—A difference between the amount, classification, presentation, or disclosure of a reported financial statement item and

the amount, classification, presentation, or disclosure that is required for the item to be in accordance with the applicable financial

reporting framework.

Misstatement of fact—Other information that is unrelated to matters appearing in the audited financial statements that is incorrectly

stated or presented. A material misstatement of fact may undermine the credibility of the document containing audited financial

statements.

Modified opinion—A qualified opinion, an adverse opinion or a disclaimer of opinion.

Monitoring —A process comprising an ongoing consideration and evaluation of the firm’s system of quality control, including a

periodic inspection of a selection of completed engagements, designed to provide the firm with nreasonable assurance that its system

of quality control is operating effectively.

Monitoring of controls—A process to assess the effectiveness of internal control performance over time.

Negative confirmation request—A request that the confirming party respond directly to the auditor only if the confirming party

disagrees with the information provided in the request.

Network—A larger structure:

(a) That is aimed at cooperation, and

(b) That is clearly aimed at profit or cost-sharing or shares common ownership, control or management, common quality

control policies and procedures, common business strategy, the use of a common brand name, or a significant part

of professional resources.

Network firm—A firm or entity that belongs to a network.

Non-compliance —Acts of omission or commission by the entity, either intentional or unintentional, which are contrary to the

prevailing laws or regulations.

Non-response—A failure of the confirming party to respond, or fully respond, to a positive confirmation request, or a confirmation

request returned undelivered.

Non-sampling risk—The risk that the auditor reaches an erroneous conclusion for any reason not related to sampling risk.
Observation—Consists of looking at a process or procedure being performed by others, for example, the auditor’s observation of

inventory counting by the entity’s personnel, or of the performance of control activities.

Opening balances—Those account balances that exist at the beginning of the period.

Other information—Financial and non-financial information (other than the financial statements and the auditor’s report thereon)

which is included, either by law, regulation, or custom, in a document containing audited financial statements and the auditor’s report

thereon.

Other Matter paragraph—A paragraph included in the auditor’s report that refers to a matter other than those presented or disclosed

in the financial statements that, in the auditor’s judgment, is relevant to users’ understanding of the audit, the auditor’s responsibilities

or the auditor’s report.

Outcome of an accounting estimate—The actual monetary amount which results from the resolution of the underlying

transaction(s), event(s) or condition(s) addressed by the accounting estimate.

Overall audit strategy—Sets the scope, timing and direction of the audit, and guides the development of the more detailed audit plan.

Partner—Any individual with authority to bind the firm with respect to the performance of a professional services engagement.

Performance materiality—The amount or amounts set by the auditor at less than materiality for the financial statements as a whole

to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds

materiality for the financial statements as a whole.

Personnel—Partners and staff.

Pervasive—A term used, in the context of misstatements, to describe the effects on the financial statements of misstatements or the

possible effects on the financial statements of misstatements, if any, that are undetected due to an inability to obtain sufficient

appropriate audit evidence.

Population—The entire set of data from which a sample is selected and about which the auditor wishes to draw conclusions.

Positive confirmation request—A request that the confirming party respond directly to the auditor indicating whether the confirming

party agrees or disagrees with the information in the request, or providing the requested information.

Practitioner —A professional accountant in public practice.

Preconditions for an audit—The use by management of an acceptable financial reporting framework in the preparation of the

financial statements and the agreement of management and, where appropriate, those charged with governance to the premise on

which an audit is conducted.

Predecessor auditor—The auditor from a different audit firm, who audited the financial statements of an entity in the prior period

and who has been replaced by the current auditor.

Premise, relating to the responsibilities of management and, where appropriate, those charged with governance, on which an

audit is conducted—That management and, where appropriate, those charged with governance have acknowledged and understand

that they have the following responsibilities that are fundamental to the conduct of an audit in accordance with ISAs.

Professional accountant—An individual who is a member of an IFAC member body.

Professional accountant in public practice—A professional accountant, irrespective of functional classification (for example, audit,

tax or consulting) in a firm that provides professional services.

Professional judgment—The application of relevant training, knowledge and experience, within the context provided by auditing,

accounting and ethical standards, in making informed decisions about the courses of action that are appropriate in the circumstances of

the audit engagement.

Professional skepticism—An attitude that includes a questioning mind, being alert to conditions which may indicate possible

misstatement due to error or fraud, and a critical assessment of evidence.

Professional standards—International Standards on Auditing (ISAs) and relevant ethical requirements

Professional standards —IAASB Engagement Standards, as defined in the IAASB’s Preface to the International Standards on

Quality Control, Auditing, Review, Other Assurance and Related Services, and relevant ethical requirements.

Projection—Prospective financial information prepared on the basis of:

(a) Hypothetical assumptions about future events and management actions which are

not necessarily expected to take place, such as when some entities are in a startup

phase or are considering a major change in the nature of operations; or

(b) A mixture of best-estimate and hypothetical assumptions.

Prospective financial information—Financial information based on assumptions about events that may occur in the future and

possible actions by an entity.

Public sector—National governments, regional (for example, state, provincial, territorial) governments, local (for example, city,

town) governments and related governmental entities (for example, agencies, boards, commissions and enterprises).

Reasonable assurance—A high, but not absolute, level of assurance.

Recalculation—Consists of checking the mathematical accuracy of documents or records.

Related party—A party that is either:

(a) A related party as defined in the applicable financial reporting framework; or

(b) Where the applicable financial reporting framework establishes minimal or no

related party requirements:

(i) A person or other entity that has control or significant influence, directly or indirectly through one or more

intermediaries, over the reporting entity;

 (ii) Another entity over which the reporting entity has control or significant influence, directly or indirectly through

one or more intermediaries; or

(iii) Another entity that is under common control with the reporting entitythrough having:

a. Common controlling ownership;

b. Owners who are close family members; or

c. Common key management.

However, entities that are under common control by a state (that is, a national, regional or local government) are not considered

related unless they engage in significant transactions or share resources to a significant extent with one another.

Related services—Comprise agreed-upon procedures and compilations.

Relevant ethical requirements—Ethical requirements to which the engagement team and engagement quality control reviewer are

subject, which ordinarily comprise Parts A and B of the International Ethics Standards Board for Accountants’ Code of Ethics for

Professional Accountants (IESBA Code) together with national requirements that are more restrictive.

Reperformance—The auditor’s independent execution of procedures or controls that were originally performed as part of the entity’s

internal controls.

Report on the description and design of controls at a service organization —A report that comprises:

(a) A description, prepared by management of the service organization, of the service organization’s system, control

objectives and related controls that have been designed and implemented as at a specified date; and

(b) A report by the service auditor with the objective of conveying reasonable assurance that includes the service auditor’s

opinion on the description of the service organization’s system, control objectives and related controls and the suitability of

the design of the controls to achieve the specified control objectives.

Report on the description, design, and operating effectiveness of controls at a service organization - A report that comprises:

(a) A description, prepared by management of the service organization, of the service organization’s system, control

objectives and related controls, their design and implementation as at a specified date or throughout a specified period and, in

some cases, their operating effectiveness throughout a specified period; and

(b) A report by the service auditor with the objective of conveying reasonable assurance that includes:

(i) The service auditor’s opinion on the description of the service organization’s system, control objectives and

related controls, the suitability of the design of the controls to achieve the specified control objectives, and the

operating effectiveness of the controls; and

(ii) A description of the service auditor’s tests of the controls and the results thereof.
Responsible party—The person (or persons) who:

(a) In a direct reporting engagement, is responsible for the subject matter; or

(b) In an assertion-based engagement, is responsible for the subject matter information (the assertion), and may be

responsible for the subject matter.

The responsible party may or may not be the party who engages the practitioner (the

engaging party).

Review - Appraising the quality of the work performed and conclusions reached by others.

Review engagement—The objective of a review engagement is to enable an auditor to state whether, on the basis of procedures

which do not provide all the evidence that would be required in an audit, anything has come to the auditor’s attention that causes the

auditor to believe that the financial statements are not prepared, in all material respects, in accordance with an applicable financial

reporting framework.

Review procedures—The procedures deemed necessary to meet the objective of a review engagement, primarily inquiries of entity

personnel and analytical procedures applied to financial data.

Risk assessment procedures—The audit procedures performed to obtain an understanding of the entity and its environment,

including the entity’s internal control, to identify and assess the risks of material misstatement, whether due to fraud or error, at the

financial statement and assertion levels.

Risk of material misstatement—The risk that the financial statements are materially misstated prior to audit. This consists of two

components, described as follows at the assertion level:

(a) Inherent risk—The susceptibility of an assertion about a class of transaction, account balance or disclosure to a

misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of

any related controls.

(b) Control risk—The risk that a misstatement that could occur in an assertion about a class of transaction, account balance

or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be

prevented, or detected and corrected, on a timely basis by the entity’s internal control.

Sampling risk—The risk that the auditor’s conclusion based on a sample may be different from the conclusion if the entire population

were subjected to the same audit procedure.

Sampling unit—The individual items constituting a population.

Scope of a review—The review procedures deemed necessary in the circumstances to achieve the objective of the review.

Service auditor—An auditor who, at the request of the service organization, provides an assurance report on the controls of a service

organization.
Service organization—A third-party organization (or segment of a third-party organization) that provides services to user entities that

are part of those entities’ information systems relevant to financial reporting.

Service organization’s system—The policies and procedures designed, implemented and maintained by the service organization to

provide user entities with the services covered by the service auditor’s report.

Significance—The relative importance of a matter, taken in context.

Significant component—A component identified by the group engagement team (i) that is of individual financial significance to the

group, or (ii) that, due to its specific nature or circumstances, is likely to include significant risks of material misstatement of the

group financial statements.

Significant deficiency in internal control—A deficiency or combination of deficiencies in internal control that, in the auditor’s

professional judgment, is of sufficient importance to merit the attention of those charged with governance.

Significant risk—An identified and assessed risk of material misstatement that, in the auditor’s judgment, requires special audit

consideration.

Smaller entity—An entity which typically possesses qualitative characteristics such as:

(a) Concentration of ownership and management in a small number of individuals (often a single individual – either a natural

person or another enterprise that owns the entity provided the owner exhibits the relevant qualitative characteristics); and

(b) One or more of the following:

(i) Straightforward or uncomplicated transactions;

(ii) Simple record-keeping;

(iii) Few lines of business and few products within business lines;

(iv) Few internal controls;

(v) Few levels of management with responsibility for a broad range of controls; or

(vi) Few personnel, many having a wide range of duties.

These qualitative characteristics are not exhaustive, they are not exclusive to smaller entities, and smaller entities do not necessarily

display all of these characteristics.

Special purpose financial statements—Financial statements prepared in accordance with a special purpose framework.

Special purpose framework—A financial reporting framework designed to meet the financial information needs of specific users.

Staff—Professionals, other than partners, including any experts the firm employs.

Statistical sampling—An approach to sampling that has the following characteristics:

(a) Random selection of the sample items; and

(b) The use of probability theory to evaluate sample results, including measurement of sampling risk.
A sampling approach that does not have characteristics (a) and (b) is considered non statistical sampling.
Stratification—The process of dividing a population into sub-populations, each of which is a group of sampling units which have

similar characteristics (often monetary value).

Subject matter information—The outcome of the evaluation or measurement of a subject matter.

Subsequent events—Events occurring between the date of the financial statements and the date of the auditor’s report, and facts that

become known to the auditor after the date of the auditor’s report.

Subservice organization—A service organization used by another service organization to perform some of the services provided to

user entities that are part of those user entities’ information systems relevant to financial reporting.

Substantive procedure—An audit procedure designed to detect material misstatements at the assertion level. Substantive procedures

comprise:

(a) Tests of details (of classes of transactions, account balances, and disclosures); and

(b) Substantive analytical procedures.

Sufficiency - The measure of the quantity of audit evidence.

Suitably qualified external person—An individual outside the firm with the competence and capabilities to act as an engagement

partner, for example a partner of another firm, or an employee (with appropriate experience) of either a professional accountancy body

whose members may perform audits and reviews of historical financial information, or other assurance or related services

engagements, or of an organization that provides relevant quality control services.

Summary financial statements - Historical financial information that is derived from financial statements but that contains less detail

than the financial statements, while still providing a structured representation consistent with that Provided by the financial statements

of the entity’s economic resources or obligations at a point in time or the changes therein for a period of time.

Supplementary information—Information that is presented together with the financial statements that is not required by the

applicable financial reporting framework used to prepare the financial statements, normally presented in either supplementary

schedules or as additional notes.

Test—The application of procedures to some or all items in a population.

Tests of controls—An audit procedure designed to evaluate the operating effectiveness of controls in preventing, or detecting and

correcting, material misstatements at theassertion level.

Those charged with governance—The person(s) or organization(s) (for example, a corporate trustee) with responsibility for

overseeing the strategic direction of the entity and obligations related to the accountability of the entity.

Tolerable misstatement—A monetary amount set by the auditor in respect of which the auditor seeks to obtain an appropriate level

of assurance that the monetary amount set by the auditor is not exceeded by the actual misstatement in the population.
Tolerable rate of deviation—A rate of deviation from prescribed internal control procedures set by the auditor in respect of which

the auditor seeks to obtain an appropriate level of assurance that the rate of deviation set by the auditor is not exceeded by the actual

rate of deviation in the population.

Uncertainty—A matter whose outcome depends on future actions or events not under the direct control of the entity but that may

affect the financial statements.

Uncorrected misstatements—Misstatements that the auditor has accumulated during the audit and that have not been corrected.

Unmodified opinion—The opinion expressed by the auditor when the auditor concludes that the financial statements are prepared, in

all material respects, in accordance with the applicable financial reporting framework.

User auditor—An auditor who audits and reports on the financial statements of a user entity.

User entity—An entity that uses a service organization and whose financial statements are being audited.

Walk-through test—Involves tracing a few transactions through the financial reporting system.

Written representation—A written statement by management provided to the auditor to confirm certain matters or to support other

audit evidence.