Official IIA Glossary Spanish

November 1, 2020 For assistance, questions, or comments, please contact
Official IIA Glossary glossaryterms@theiia.org
Term ESP translation Definition Source Notes

Controls that operate for the entire activity (area, process,
or program). Examples are review of cost center reports,
inventory counts, and the soft controls that influence the Sawyer’s Internal Auditing, 7th
activity-level controls Controles a nivel de actividad
mini-control environment within the activity, which may or Edition
may not be consistent with that of the organization as a
whole.
Value is provided by improving opportunities to achieve
Internal Auditing: Assurance &
organizational objectives, identifying operational
add value Añadir valor Advisory Services, 4th Edition
improvement, and/or reducing risk exposure thorough both
(Textbook)
assurance and consulting services.
Present if management has planned and organized

(designed) in a manner that provides reasonable assurance
International Professional
adequate control Control adecuado that the organization's risks have been managed effectively
Practices Framework (IPPF)
and that the organization's goals and objectives will be
achieved efficiently and economically.
Service activities provided by the internal audit function, the

nature and scope of which are agreed with the recipients of
the services, are intended to add value and improve an
Sawyer’s Internal Auditing, 7th
advisory services Servicios de consultoría organization’s governance, risk management, and control
Edition
processes without he internal auditor assuming
management responsibility. Examples include counsel,
advice, facilitation, and training.
The activities of comparing client information with
expectations for that information obtained from an Sawyer’s Internal Auditing, 7th
analytical procedures procedimiento analítico
independent source, identifying variances, and investigating Edition
the cause of significant variances.
Fully automated (i.e., performed automatically by the
systems) IT controls designed to ensure effective business Sawyer’s Internal Auditing, 7th
application controls Control de aplicación
process enablement and the complete and accurate Edition
processing of data, from input through output.
Sets of programs that are designed for end users such as
payroll, accounts payable, and, in some cases, large
application systems Sistema informático Advisory Services, 4th Edition
applications such as enterprise resource planning (ERP)
(Textbook)
systems that provide many business functions.
Any piece or collection of evidence gained during an
engagement that provides relevant and reliable support for
appropriate evidence Evidencia adecuada Advisory Services, 4th Edition
the judgments and conclusions reached during the
(Textbook)
engagement.
Acts involving the theft or misuse of an organization’s assets Internal Auditing: Assurance &
asset misappropriation Apropiación indebida de activos (for example, skimming revenues, stealing inventory, or Advisory Services, 4th Edition
payroll fraud). (Textbook)
A technique of coordinating multiple assurance activities Internal Auditing: Assurance &
Actividades de aseguramiento en
assurance layering designed to mitigate a known risk to a needed or desired Advisory Services, 4th Edition
cascada
level within an established risk tolerance. (Textbook)
A visual depiction of the different assurance activities and

assurance functions within an organization. Such a depiction Internal Auditing: Assurance &
mapa de aseguramiento de
assurance map can help identify gaps or overlaps in assurance activities and Advisory Services, 4th Edition
auditoría
help assess that risk is managed consistent with the board’s (Textbook)
and management’s expectations.
An objective examination of evidence for the purpose of

providing an independent assessment on governance, risk
assurance services Servicios de aseguramiento management, and control processes for the organization.
Examples may include financial, performance, compliance,
system security, and due diligence engagements.
A statistical sampling approach, based on binomial
distribution theory, that enables the user to reach a
attribute sampling Muestreo de atributos Advisory Services, 4th Edition
conclusion about a population in terms of a rate of
(Textbook)
occurrence.
A committee of the board charged with recommending to Sawyer’s Internal Auditing, 7th
audit committee Comité de auditoría
the board the approval of auditors and financial reports. Edition
A specific internal audit assignment, task, or review activity,
such as an internal audit, control self- assessment review,
audit engagement / International Professional
Trabajo de auditoría fraud examination, or consultancy. An engagement may
engagement Practices Framework (IPPF)
include multiple tasks or activities designed to accomplish a
specific set of related objectives.
Also "Hallazgo de Auditoría".

According with Marco
Internacional para la práctica
profesional de Auditoría
Internal Auditing: Assurance & Interna (Spanish) - Enero 2017,
Any identified and validated gap between the current and
audit observation Observación de Auditoría Advisory Services, 4th Edition Guía de Implementación 2420
desired state arising from an assurance engagement.
(Textbook) (…) "La claridad se ve
favorecida cuando los
auditores comunican
observaciones y hallazgos
importantes (...)"
Also Riesgo de fracaso de la
Internal Auditing: Assurance & auditoría. According with Guía
The risk of reaching invalid audit conclusions and/or
audit risk Riesgo de auditoría Advisory Services, 4th Edition de Implementación Marco
providing faulty advice based on the audit work conducted.
(Textbook) 2016, Consejo para la Práctica
2120-2
The application of an audit procedure to less than 100 Internal Auditing: Assurance &
audit sampling Muestreo de auditoría percent of the items in a population for the purpose of Advisory Services, 4th Edition
drawing an inference about the entire population. (Textbook)
A compilation of the subsidiaries, business units,
departments, groups, processes, or other established
audit universe Universo de auditoría Advisory Services, 4th Edition
subdivisions of an organization that exist to manage one or
(Textbook)
more business risks.
The subsidiary, business unit, department, group, or other Internal Auditing: Assurance &
auditee / audit client / audit
Auditado/Cliente auditado established subdivision of an organization that is the subject Advisory Services, 4th Edition
customer
of an assurance engagement. (Textbook)
A term used to refer to the large amount of constantly
streaming digital information, massive increase in the Internal Auditing: Assurance &
big data "non-translatable" capacity to store large amounts of data, and the amount of Advisory Services, 4th Edition
data processing power required to manage, interpret, and (Textbook)
analyze the large volumes of digital information.
Confirmation that asks the third party to fill in a blank with
blank confirmations Confirmación en blanco the information requested. This provides stronger evidence
Edition
than other confirmations.
The highest level governing body (e.g., a board of directors,
a supervisory board, or a board of governors or trustees)
charged with the responsibility to direct and/or oversee the
organization’s activities and hold senior management
accountable. Although governance arrangements vary
among jurisdictions and sectors, typically the board includes
Consejo o Consejo de International Professional
board members who are not part of management. If a board does
Administración Practices Framework (IPPF)
not exist, the word “board” in the Standards refers to a
group or person charged with governance of the
organization. Furthermore, “board” in the Standards may
refer to a committee or another body to which the
governing body has delegated certain functions (e.g., an
audit committee).
To begin by looking at all processes directly at the activity Internal Auditing: Assurance &
bottom-up approach Enfoque de abajo a arriba level, and then aggregating the identified processes across Advisory Services, 4th Edition Also Enfoque ascendente
the organization. (Textbook)
A policy whereby organizations allow associates to access Internal Auditing: Assurance &
Also Bring Your Own Device
bring your own device (BYOD) Trae tu propio dispositivo (BYOD) business email, calendars, and other data on their personal Advisory Services, 4th Edition
(BYOD)
laptops, smartphones, tablets, or other devices. (Textbook)
Savviness and experience with regard to business
management in general, and more specifically, with the way Sawyer’s Internal Auditing, 7th
business acumen visión para los negocios
the organization and, in particular, specific business units Edition
operate.
The set of connected activities linked with each other for the
business process Proceso de negocio Advisory Services, 4th Edition
purpose of achieving one or more business objectives.
(Textbook)
The act of transferring some of an organization’s business
business process outsourcing Subcontratación de procesos processes to an outside provider to achieve cost reductions,
Advisory Services, 4th Edition
(BPO) empresariales operating effectiveness, or operating efficiency while
(Textbook)
improving service quality.
A tool used to measure today’s capability and define the
Modelo de Madurez de Sawyer’s Internal Auditing, 7th
capability maturity model characteristics of higher levels of capability. Largely used in
Capacidades Edition
business to assess and develop operations and services.
The reason for the difference between the expected and
cause Causa Advisory Services, 4th Edition
actual conditions (why the difference exists).
(Textbook)
Chief audit executive describes the role of a person in a
senior position responsible for effectively managing the
internal audit activity in accordance with the internal audit
charter and the mandatory elements of the International
Director general de auditoría International Professional
chief audit executive (CAE) Professional Practices Framework. The chief audit executive
(CAE) Practices Framework (IPPF)
or others reporting to the chief audit executive will have
appropriate professional certifications and qualifications.
The specific job title and/or responsibilities of the chief audit
executive may vary across organizations.
A statistical sampling approach based on normal distribution Internal Auditing: Assurance &
classical variables sampling Muestreo de variables clásicas theory that is used to reach conclusions regarding monetary Advisory Services, 4th Edition
amounts. (Textbook)
The use of various computer resources — both hardware
and software — that are delivered through a network like
the Internet. The cloud can be configured with various
options of services along with configurations for the
cloud computing Computación en la nube Advisory Services, 4th Edition
network. It allows for a great deal of flexibility in network,
(Textbook)
software, and hardware utilization. Cloud computing also
provides options for remote storage of data and use of
remote applications.
Marco COBIT (Objetivos de An IT governance framework and supporting toolset that
COBIT Control para la Información y la allows managers to bridge the gap between control
Edition
Tecnología Relacionada) requirements, technical issues, and business risks.
The Code of Ethics of The Institute of Internal Auditors (IIA)
are principles relevant to the profession and practice of Note: capitalized when
internal auditing, and Rules of Conduct that describe referring to it by its formal
behavior expected of internal auditors. The Code of Ethics International Professional name The IIA's Code of Ethics.
Code of Ethics Código de ética
applies to both parties and entities that provide internal Practices Framework (IPPF) Otherwise, when referred to
audit services. The purpose of the Code of Ethics is to generically, a code of ethics is
promote an ethical culture in the global profession of lowercase.
internal auditing.
Aligning various assurance activities within an organization
to ensure assurance gaps do not exist and assurance Internal Auditing: Assurance &
combined assurance Aseguramiento Cominado activities minimize duplication and overlap but still manage Advisory Services, 4th Edition
risk consistent with the board’s and management’s (Textbook)
expectations.
An activity that, if key controls do not fully operate
effectively, may help to reduce the related risk. Such
controls also can back up or duplicate multiple controls and
compensating control Controles compensatorios Advisory Services, 4th Edition
may operate across multiple processes and risks. A
(Textbook)
compensating control will not, by itself, reduce risk to an
acceptable level.
Adherence to policies, plans, procedures, laws, regulations, International Professional
compliance cumplimiento
contracts, or other requirements. Practices Framework (IPPF)
Automated audit techniques, such as generalized audit
Métodos de auditoría asistidos software, utility software, test data, application software
computer-assisted audit por ordenador (CAAT) - Note: In tracing and mapping, and audit expert systems, that help
techniques (CAATs) last files proofreader chenaged the internal auditor directly test controls built into
(Textbook)
Método back to técina! computerized information systems and data contained in
computer files.
The factual evidence that the internal auditor found in the Sawyer’s Internal Auditing, 7th
condition Condición
course of the examination (what does exist). Edition
Document sent to independent third parties asking them to
Confirmaciones / Confirmaciones Sawyer’s Internal Auditing, 7th
confirmations verify the accuracy of client information in the course of
externas Edition
audit testing.
Any relationship that is, or appears to be, not in the best
interest of the organization. A conflict of interest would International Professional
conflict of interest Conflicto de intereses
prejudice an individual's ability to perform his or her duties Practices Framework (IPPF)
and responsibilities objectively.
Advisory and related client service activities, the nature and
scope of which are agreed with the client, are intended to
add value and improve an organization's governance, risk International Professional
consulting services Servicios de consultoría
management, and control processes without the internal Practices Framework (IPPF)
auditor assuming management responsibility. Examples
include counsel, advice, facilitation, and training.
Using computerized techniques to perpetually audit the
continuous auditing Auditoría Continua Advisory Services, 4th Edition
processing of business transactions.
(Textbook)
The automated review of business processes and controls by Internal Auditing: Assurance &
continuous monitoring Monitorización continua associates in the business unit. It helps an organization Advisory Services, 4th Edition
detect errors, fraud, abuse, and system inefficiencies. (Textbook)
Any action taken by management, the board, and other

parties to manage risk and increase the likelihood that
established objectives and goals will be achieved. International Professional
control control
Management plans, organizes, and directs the performance Practices Framework (IPPF)
of sufficient actions to provide reasonable assurance that
objectives and goals will be achieved.
Policies and procedures put in place to ensure that risk International Professional
control activities Actividades de control
management actions are effectively carried out. Practices Framework (IPPF)
The attitude and actions of the board and management
regarding the importance of control within the organization.
The control environment provides the discipline and
structure for the achievement of the primary objectives of
the system of internal control. The control environment International Professional
control environment Entorno de control
includes the following elements: Integrity and ethical values, Practices Framework (IPPF)
Organizational structure, Management's philosophy and
operating style, Assignment of authority and responsibility,
Human resource policies and practices, and competence of
personnel.
The policies, procedures (both manual and automated), and

activities that are part of a control framework, designed and International Professional
control processes Procesos de control
operated to ensure that risks are contained within the level Practices Framework (IPPF)
that an organization is willing to accept.
The potential that controls will fail to reduce controllable
control risk Riesgos de control Advisory Services, 4th Edition
risk to an acceptable level.
(Textbook)
The portion of inherent risk that management can reduce
controllable risk Riesgo controlable Advisory Services, 4th Edition
through day-to-day operations and management activities.
(Textbook)
Present if management has planned and organized
(designed) the controls or the system of internal controls in Internal Auditing: Assurance &
controls are adequately Los Controles están
a manner that provides reasonable assurance that the Advisory Services, 4th Edition
designed adecuadamente diseñados
organization’s entity-level and process-level risks can be (Textbook)
managed to an acceptable level.
Present if management has executed (operated) the controls

or the system of internal controls in a manner that provides
controls are operating Los Controles funcionan con reasonable assurance that the organization’s entity-level
effectively eficacia and process-level risks have been managed effectively and
(Textbook)
that the organization’s goals and objectives will be achieved
efficiently and economically.
The Core Principles for the Professional Practice of Internal
Core Principles for the Principios Fundamentales para la Auditing are the foundation for the International Internal Auditing: Assurance &
Professional Practice of Práctica Profesional de la Professional Practices Framework (International Professional Advisory Services, 4th Edition
Internal Auditing Auditoría Interna Practices Framework (IPPF)) and support internal audit (Textbook)
effectiveness.
The exercise of ethical and effective leadership by the board
corporate governance Gobierno corporativo toward the achievement of ethical culture, good
Edition
performance, effective control, and legitimacy.
The term commonly associated with the movement to
corporate social responsibility Responsabilidad social corporativa define and articulate the responsibility of private enterprise
Edition
for nonfinancial performance.
Acts in which individuals wrongfully use their influence in a
business transaction to procure some benefit for themselves Internal Auditing: Assurance &
corruption Corrupción or another person, contrary to their duty to their employer Advisory Services, 4th Edition
or the rights of another (for example, kickbacks, self-dealing, (Textbook)
or conflicts of interest).
The Committee of Sponsoring Organizations of the
Treadway Commission is a joint initiative of five private
sector organizations dedicated to providing thought Sawyer’s Internal Auditing, 7th
COSO "non-translatable"
leadership through the development of frameworks and Edition
guidance on enterprise risk management, internal control,
and fraud deterrence.
abastecimiento mixto (co-
Activity of contracting with a third party to collaborate in Sawyer’s Internal Auditing, 7th
cosourcing sourcing) / suministro mixto (co-
the provision of assurance and consulting services Edition
sourcing)
The standards, measures, or expectations used in making an Internal Auditing: Assurance &
criteria criterios evaluation and/or verification of an observation (what Advisory Services, 4th Edition
should exist). (Textbook)
The subsidiary, business unit, department, group, individual, Internal Auditing: Assurance &
customer Cliente or other established subdivision of an organization that is Advisory Services, 4th Edition
the subject of a consulting engagement. (Textbook)
A process of inspecting, cleaning, transforming, and
modeling data with the goal of highlighting useful
data analytics Analítica de Datos Advisory Services, 4th Edition Also "Análisis de Datos"
information, suggesting conclusions, and supporting
(Textbook)
decision-making.
Making complex data more understandable through visual Internal Auditing: Assurance &
data visualization Visualización de datos depiction in terms of statistical graphics, plots, information Advisory Services, 4th Edition
graphics, tables, and charts. (Textbook)
A large repository of data typically contained in many linked Internal Auditing: Assurance &
database Base de datos files and stored in a manner that allows it to be easily Advisory Services, 4th Edition
accessed, retrieved, and manipulated. (Textbook)
The reporting of past events to characterize what has Internal Auditing: Assurance &
descriptive analytics Analítica Descriptiva happened. It condenses large chunks of data into smaller, Advisory Services, 4th Edition Also "Análisis Descriptivo"
more meaningful bits of information. (Textbook)
A detailed risk assessment of the activities within the audit
scope, including identification of the controls and other risk Sawyer’s Internal Auditing, 7th
design evaluation Evaluación del diseño
management techniques over the major risks, and Edition
evaluation of the design of these controls and techniques.
An activity that is designed to discover undesirable events
that have already occurred. A detective control must occur Internal Auditing: Assurance &
detective control Control de detección on a timely basis (before the undesirable event has had a Advisory Services, 4th Edition
negative impact on the organization) to be considered (Textbook)
effective.
Objectives that require enhancement or transformation to Sawyer’s Internal Auditing, 7th
developmental objectives Objetivos de desarrollo
something new with a start and end date. Edition
A process that provides insight into why certain trends or

specific incidents occurred and helps analysts gain a better
diagnostic analytics Análisis de Diagnóstico Advisory Services, 4th Edition
understanding of business performance, market dynamics,
(Textbook)
and how different inputs affect the outcome.
A control that causes or encourages a desirable event to
occur. Examples are guidelines, training programs, and Sawyer’s Internal Auditing, 7th
directive control Control de directivas
incentive compensation plans. Also included in this category Edition
are soft controls like tone at the top.
The risk or exposure the organization and/or others
effect Efecto encounter because the condition is not consistent with the
Edition
criteria (the consequence of the difference).
A specific internal audit assignment or project that includes
multiple task or activities designed to accomplish a specific
engagement trabajo Advisory Services, 4th Edition
set of objectives. Also see Assurance Services and Consulting
(Textbook)
Services.
Broad statements developed by internal auditors that define International Professional
engagement objectives Objetivos del trabajo
intended engagement accomplishments. Practices Framework (IPPF)
The rating, conclusion, and/or other description of results of
engagement opinion Opinión sobre el trabajo an individual internal audit engagement, relating to those
aspects within the objectives and scope of the engagement.
engagement work program / A document that lists the procedures to be followed during International Professional
Programa de trabajo
work program an engagement, designed to achieve the engagement plan. Practices Framework (IPPF)
Enterprise risk management is a process, effected by an
entity’s board of directors, management and other
personnel, applied in strategy setting and across the
enterprise risk management Gestión de riesgo empresarial Sawyer’s Internal Auditing, 7th
enterprise, designed to identify potential events that may
(ERM) (ERM) Edition
affect the entity, and manage risk to be within its risk
appetite, to provide reasonable assurance regarding the
achievement of entity objectives.
A control that operates across an entire entity and, as such,
entity-level control Control a nivel de entidad Advisory Services, 4th Edition
is not bound by, or associated with, individual processes.
(Textbook)
external auditor Auditor externo See Independent Outside Auditor. Advisory Services, 4th Edition
(Textbook)
A person or firm outside of the organization that has special International Professional
external service provider Proveedor de servicios externo
knowledge, skill, and experience in a particular discipline. Practices Framework (IPPF)
A body of guiding principles that form a template against

which organizations can evaluate a multitude of business
practices. These principles are comprised of various Internal Auditing: Assurance &
framework Marco concepts, values, assumptions, and practices intended to Advisory Services, 4th Edition
provide a yardstick against which an organization can assess (Textbook)
or evaluate a particular structure, process, or environment
or a group of practices or procedures.
Any illegal act characterized by deceit, concealment, or

violation of trust. These acts are not dependent upon the
threat of violence or physical force. Frauds are perpetrated International Professional
fraud fraude
by parties and organizations to obtain money, property, or Practices Framework (IPPF)
services; to avoid payment or loss of services; or to secure
personal or business advantage.
Acts that involve falsification of an organization’s financial Internal Auditing: Assurance &
fraudulent financial reporting Informes financieros fraudulentos statements (for example, overstating revenues, or Advisory Services, 4th Edition
understating liabilities and expenses). (Textbook)
Controls that operate across all IT systems and are in place
general information Controles Generales de to ensure the integrity, reliability, and accuracy of the
technology controls Tecnología de Información application systems. Also represents a specific example of an
(Textbook)
“entity-level control."
The combination of processes and structures implemented
by the board to inform, direct, manage, and monitor the International Professional
governance gobierno
activities of the organization toward the achievement of its Practices Framework (IPPF)
objectives.
A non-statistical sample selection technique used to select a
sample without intentional bias to include or exclude a
haphazard sampling Muestreo aleatorio Advisory Services, 4th Edition
sample item that is expected to be representative of the
(Textbook)
population.
The tangible elements of governance controls, such as
hard controls Control duro policies and procedures, accounting reconciliations, and
Edition
management signoffs.
Activities that violate laws and regulations of particular
illegal acts Actos ilegales Advisory Services, 4th Edition
jurisdictions where a company is operating.
(Textbook)
Impairment to organizational independence and individual
objectivity may include personal conflict of interest, scope International Professional
impairment menoscabo
limitations, restrictions on access to records, personnel, and Practices Framework (IPPF)
properties, and resource limitations (funding).
The introduction of threats that may result in a substantial

impairment to independence Menoscabo a la Independencia u limitation, or the appearance of a substantial limitation, to
or objectivity Objetividad the internal auditor’s ability to perform an engagement
(Textbook)
without bias or interference.
Improving the quality or efficiency of the existing

incremental objective Objetivo incremental operational outcome by enhancing one or more of the
Edition
components (people, process, technology, or deliverable).
The freedom from conditions that threaten the ability of the
independence independencia internal audit activity to carry out internal audit
responsibilities in an unbiased manner.
A registered public accounting firm, hired by the
organization’s board or executive management, to perform
a financial statement audit providing assurance for which Internal Auditing: Assurance &
independent outside auditor Auditor externo independiente the firm issues a written attestation report that expresses an Advisory Services, 4th Edition
opinion about whether the financial statements are fairly (Textbook)
presented in accordance with applicable Generally Accepted
Accounting Principles.
Controls that apply to all systems components, processes,

and data present in an organization or systems
information technology controles de tecnología de la environment. The objectives of these controls are to ensure Sawyer’s Internal Auditing, 7th
general controls información the appropriate development and implementation of Edition
applications, we well as the integrity of program and data
files and of computer operations.
The leadership, structure, and oversight processes that Internal Auditing: Assurance &
information technology gobierno de la tecnología de la
ensure the organization’s IT supports the objectives and Advisory Services, 4th Edition
governance información
strategies of the organization. (Textbook)
The department or area in an organization (people,
information technology Área de Tecnología de processes, and equipment) that performs the function of
operations Información running the computer systems and various devices that
(Textbook)
support the business objectives and activities.
The confines that relate to the limits of human judgment,
resource constraints and the need to consider the cost of Internal Auditing: Assurance &
inherent limitations of
limitaciones inherentes controls in relation to expected benefits, the reality that Advisory Services, 4th Edition
internal control
breakdowns can occur, and the possibility of collusion or (Textbook)
management override.
The combination of internal and external risk factors in their Internal Auditing: Assurance &
inherent risk riesgo inherente pure, uncontrolled state, or, the gross risk that exists, Advisory Services, 4th Edition
assuming there are no internal controls in place. (Textbook)
An end product or result from the internal audit function’s
assurance and consulting work designed to provide valued
input or information to an auditee or customer. Examples
insight Resultado Advisory Services, 4th Edition Also Percepción
include identifying entity-level root causes of control
(Textbook)
deficiencies, emerging risks, and suggestions to improve the
organization’s governance process.
A department, division, team of consultants, or other

practitioner(s) that provides independent, objective
assurance and consulting services designed to add value and
Also referred to as: internal
improve an organization's operations. The internal audit International Professional
internal audit activity actividad de auditoría interna audit function and/or internal
activity helps an organization accomplish its objectives by Practices Framework (IPPF)
audit department.
bringing a systematic, disciplined approach to evaluate and
improve the effectiveness of governance, risk management
and control processes.
The internal audit charter is a formal document that defines

the internal audit activity’s purpose, authority, and
responsibility. The internal audit charter establishes the
internal audit charter estatuto de auditoría interna internal audit activity’s position within the organization;
authorizes access to records, personnel, and physical
properties relevant to the performance of engagements;
and defines the scope of internal audit activities.
A process, effected by an entity’s board of directors,

management, and other personnel, designed to provide
reasonable assurance regarding the achievement of
internal control control interno Advisory Services, 4th Edition
objectives in the following categories:
(Textbook)
· Effectiveness and efficiency of operations.
· Compliance with applicable laws and regulations.
A network of national standards institutes of 162 countries
International Organization for Organización Internacional para Sawyer’s Internal Auditing, 7th
that issues globally accepted standards for industries,
Standardization (ISO) la Estandarización (ISO) Edition
processes, and other activities.
The conceptual framework that organizes the authoritative
International Professional Marco Internacional para la guidance promulgated by The IIA. Authoritative Guidance is International Professional
Practices Framework (IPPF) Práctica Profesional comprised of two categories - (1) mandatory and (2) strongly Practices Framework (IPPF)
recommended.
intrusion detection systems Sistema de detección de intrusos Network security appliances that monitor network or Sawyer’s Internal Auditing, 7th
(IDS) (IDS) system activities and report the activities to management. Edition
Network security appliances that monitor network or
intrusion prevention systems Sistema de prevención de Sawyer’s Internal Auditing, 7th
system activities and prevent malicious activities from
(IPS) intrusos (IPS) Edition
happening on the network.
Professional organization that provides practical guidance,
ISACA "non-translatable" benchmarks, and other effective tools for all enterprises that
Edition
use information systems.
A non-random sample selected using the auditor’s judgment Sawyer’s Internal Auditing, 7th
judgmental sample Muestreo de juicio o discrecional
in some way. Edition
Controls that must operate effectively to reduce a significant Sawyer’s Internal Auditing, 7th
key controls Control clave
risk to an acceptable level. Edition
A metric or other form of measuring whether a process or
key performance indicator indicadores clave de desempeño Advisory Services, 4th Edition
individual tasks are operating within prescribed tolerances.
(Textbook)
Tools used in computer systems for identification, Sawyer’s Internal Auditing, 7th
logical access Acceso lógico
authentication, authorization, and accountability. Edition
What the audit customer, alone or in collaboration with
others, intends to do to address the cause, correct the Sawyer’s Internal Auditing, 7th
management action plan Plan de acción de la Dirección
condition, and — if appropriate — recover from the Edition
condition.
Actions carried out by management to assure the
accomplishment of their objectives, including the setting up Sawyer’s Internal Auditing, 7th
management control controles de gestión
of oversight for an objective and the alignment of people, Edition
processes, and technology to accomplish that objective.
Processing history controls, often referred to as an audit

trail, that enable management to identify the transactions Sawyer’s Internal Auditing, 7th
management trail Pista de gestión / Ruta de gestión
and events they record by tracking transactions from their Edition
source to their output and by tracing backward.
An individual observation, or a group of observations, is
considered “material” if the control in question has a Internal Auditing: Assurance &
material observation Observación material reasonable possibility of failing and the impact of its failure Advisory Services, 4th Edition
is not only significant, but also exceeds management’s (Textbook)
materiality threshold.
A process that assesses the presence and functioning of
monitoring Monitorización Advisory Services, 4th Edition
governance, risk management, and control over time.
(Textbook)
Free-form compositions used to describe processes. They
have no inherent discipline like risk/control matrices and
narrative Narrativo flowcharts, but they are useful for things that require an
Edition
explanation too lengthy to fit within the confines of the
disciplined tools.
Confirmations that ask for a response only if the information Sawyer’s Internal Auditing, 7th
negative confirmations Confirmaciones negativas
is not accurate. Edition
A configuration that enables computers and devices to Internal Auditing: Assurance &
network Red communicate and be linked together to efficiently process Advisory Services, 4th Edition
data and share information. (Textbook)
A device or set of devices designed to permit or deny
network transmissions based upon a set of rules. It is Sawyer’s Internal Auditing, 7th
network firewall cortafuegos de red
frequently used to protect networks from unauthorized Edition
access while permitting legitimate communications to pass.
The risk that occurs when an internal auditor fails to

perform his or her work correctly (for example, performing
nonsampling risk Riesgo de fallo de auditoría Advisory Services, 4th Edition
inappropriate auditing procedures, misapplying an
(Textbook)
appropriate procedure, or misinterpreting sampling results).
What an entity desires to achieve. When referring to what

an organization wants to achieve, these are called business
objectives, and may be classified as strategic, operations,
objectives Objetivos Advisory Services, 4th Edition
reporting, and compliance.
(Textbook)
When referring to what an audit wants to achieve, these are
called audit objectives or engagement objectives.
An unbiased mental attitude that allows internal auditors to

perform engagements in such a manner that they believe in
objectivity objetividad their work product and that no quality compromises are
made. Objectivity requires that internal auditors do not
subordinate their judgment on audit matters to others.
A finding, determination, or judgment derived from the Internal Auditing: Assurance &
observación / observación de
observation internal auditor’s test results from an assurance or Advisory Services, 4th Edition
auditoría
consulting engagement. (Textbook)
An audit test that involves simply watching something being Sawyer’s Internal Auditing, 7th
observation (as an audit test) Observación
done. Edition
Software programs that run the computer and perform basic
tasks, such as recognizing input from the keyboard, sending Internal Auditing: Assurance &
operating system sistema operativo (OS) output to the printer, keeping track of files and directories Advisory Services, 4th Edition
on the hard drive, and controlling various computer (Textbook)
peripheral devices.
The auditor’s evaluations of the effects of the observations
and recommendations on the activities reviewed; also called
opinion Opinión a micro opinion or conclusion. The opinion usually puts the
Edition
observations and recommendations in perspective based on
their overall implications.
The possibility that an event will occur and positively affect
opportunity oportunidad Advisory Services, 4th Edition
the achievement of objectives.
(Textbook)
The chief audit executive’s line of reporting within the
organization that allows the internal audit function to fulfill
organizational independence Independencia Organizativa Advisory Services, 4th Edition
its responsibilities free from interference. Also see
(Textbook)
Independence.
Other entities within the organization whose principal
Otros proveedores de Sawyer’s Internal Auditing, 7th
other assurance providers mission is to test compliance or assess business activities to
aseguramiento Edition
confirm that risks are effectively evaluated and managed.
externalización /subcontratación - Activity of contracting with an independent third party to Sawyer’s Internal Auditing, 7th
outsourcing
sometimes terceros was accepted provide assurance services. Edition
The rating, conclusion, and/or other description of results

provided by the chief audit executive addressing, at a broad
level, governance, risk management, and/or control
overall opinion opinión general processes of the organization. An overall opinion is the
professional judgment of the chief audit executive based on
the results of a number of individual engagements and other
activities for a specific time interval.
Confirmations that ask for a response regarding whether the Sawyer’s Internal Auditing, 7th
positive confirmations Confirmaciones positivas
information is accurate or not. Edition
Type of analytics that allows users to extract information
from large volumes of existing data, apply certain
predictive analytics Analítica Predictiva Advisory Services, 4th Edition Also "Análisis Predictivo"
assumptions, and draw correlations to predict future
(Textbook)
outcomes and trends.
An activity that is designed to deter unintended events from
preventive control control preventivo Advisory Services, 4th Edition
occurring.
(Textbook)
An activity designed to reduce risk associated with a critical
primary control Control primario Advisory Services, 4th Edition
business objective.
(Textbook)
A fundamental proposition that serves as the foundation for
principle Principio Advisory Services, 4th Edition
a system of belief or a chain of reasoning.
(Textbook)
A modified form of attribute sampling that is used to reach a Internal Auditing: Assurance &
probability-proportional-to- muestreo de probabilidad
conclusion regarding monetary amounts rather than rates of Advisory Services, 4th Edition
size (PPS) sampling proporcional al tamaño
occurrence. (Textbook)
A tool that shows the process flow visually, which highlights
Mapa de procesos (diagrama de the control points and therefore helps internal auditors to Sawyer’s Internal Auditing, 7th
process map (flowchart)
flujo) identify missing controls and assess whether existing Edition
controls are adequate.
Controls that provide an automated means to ensure Sawyer’s Internal Auditing, 7th
processing controls controles de proceso
processing is complete, accurate, and authorized. Edition
An activity that operates within a specific process for the
process-level control Control a nivel de proceso Advisory Services, 4th Edition
purpose of achieving process-level objectives.
(Textbook)
The state of mind in which internal auditors take nothing for Internal Auditing: Assurance &
professional skepticism escepticismo profesional granted; they continuously question what they hear and see Advisory Services, 4th Edition
and critically assess audit evidence. (Textbook)
A sample in which every item in the population has an equal Sawyer’s Internal Auditing, 7th
random sample Muestra aleatoria
chance of being selected. Edition
A sampling technique in which each item in the defined
random sampling Muestreo aleatorio Advisory Services, 4th Edition
population has an equal opportunity of being selected.
(Textbook)
Also "Clasificación (rating)",
"Calificación" according with
A component of an audit opinion or conclusion. Such a Marco Inernacional para la
rating Valoración rating typically reflects the auditor’s conclusion about Práctica Profesional de la
Edition
residual risk. Auditoría Interna in Spanish.
"Evaluación" also has the same
meaning.
Calculating financial or nonfinancial ratios. For example, the
auditor could calculate the percent of products produced Sawyer’s Internal Auditing, 7th
ratio analysis análisis de ratios
that were returned as defective, or the percent of sick days Edition
taken to the number of sick days allowed.
A level of assurance that is supported by generally accepted

auditing procedures and judgments. Reasonable assurance Internal Auditing: Assurance &
reasonable assurance seguridad razonable can apply to judgments surrounding the effectiveness of Advisory Services, 4th Edition
internal controls, the mitigation of risks, the achievement of (Textbook)
objectives, or other engagement-related conclusions.
The act of comparing information to the internal auditor’s

reasonableness tests Pruebas de razonabilidad general knowledge of the organization or industry, rather
Edition
than another specific piece of information.
The auditor’s call for action to correct or improve
operations. A recommendation may suggest approaches to
correcting or enhancing performance as a guide for Sawyer’s Internal Auditing, 7th
recommendation Recomendación
management in achieving desired results. The Edition
recommendation answers the question, “What is to be
done?”
Statistical technique used to establish the relationship of a
dependent variable to one or more independent variables.
For example, an internal auditor might estimate payroll Sawyer’s Internal Auditing, 7th
regression analysis análisis de regresión
expense based on the number of employees, average rate of Edition
pay, and the number of hours worked, and then compare
the result to the recorded payroll expense.
The portion of inherent risk that remains after management Internal Auditing: Assurance &
residual risk riesgo residual executes its risk responses (sometimes referred to as net Advisory Services, 4th Edition
risk). (Textbook)
The possibility of an event occurring that will have an impact Internal Auditing: Assurance &
risk riesgo on the achievement of objectives. Risk is measured in terms Advisory Services, 4th Edition
of impact and likelihood. (Textbook)
risk appetite aceptación del riesgo The level of risk that an organization is willing to accept.
The identification and analysis (typically in terms of impact
and likelihood) of relevant risks to the achievement of an
risk assessment valoración de riesgo Advisory Services, 4th Edition
organization’s objectives, forming a basis for determining
(Textbook)
how the risks should be managed.
risk capacity Capacidad de riesgo The maximum risk a firm may bear and remain solvent.
Edition
A process to identify, assess, manage, and control potential
risk management gestión de riesgo events or situations to provide reasonable assurance
regarding the achievement of the organization's objectives.
An action, or set of actions, taken by management to reduce Internal Auditing: Assurance &
risk mitigation Mitigación de riesgo the impact and/or likelihood of a risk to a lower, more Advisory Services, 4th Edition
acceptable level. (Textbook)
The acceptable variation relative to performance to the
risk tolerance Tolerancia al riesgo Advisory Services, 4th Edition
achievement of objectives
(Textbook)
An action, or set of actions, taken by management to
achieve a desired risk management strategy. Risk responses
can be categorized as risk avoidance, reduction, sharing, or Internal Auditing: Assurance &
risk treatment/risk response tolerancia al riesgo acceptance. Exploiting opportunities that, in turn, enable Advisory Services, 4th Edition Better "Respuesta al Riesgo"
the achievement of objectives, is also a risk response. ISO (Textbook)
31000 refers to this step in risk management as risk
treatment.
An audit tool that facilitates risk-based auditing. It usually
consists of a series of columns, including columns for
risk/control matrix Matriz de riesgos y controles business objectives, risks to the objectives, controls or risk
Edition
management techniques, and other columns that aid in the
analysis.
The risk that the internal auditor’s conclusion based on
sample testing may be different than the conclusion reached
sampling risk Riesgo de muestreo Advisory Services, 4th Edition
if the audit procedure was applied to all items in the
(Textbook)
population.
An activity designed to either reduce risk associated with Internal Auditing: Assurance &
secondary control Control secundario business objectives that are not critical to the organization’s Advisory Services, 4th Edition
survival or success or serve as a backup to a key control. (Textbook)
The relative importance of a matter within the context in

which it is being considered, including quantitative and
qualitative factors, such as magnitude, nature, effect, International Professional
significance Significatividad o Materialidad
relevance, and impact. Professional judgment assists Practices Framework (IPPF)
internal auditors when evaluating the significance of matters
within the context of the relevant objectives.
An individual observation, or a group of observations, is
considered “significant” if the control activity in question
significant observation Observación significativa Advisory Services, 4th Edition Also "Hallazgo significativo"
has a reasonable possibility of failing and the impact of its
(Textbook)
failure is significant.
smart mobile devices Dispositivos móviles inteligentes Intelligent mobile devices like smart phones and tablets.
Edition
Web-based and mobile technologies used to turn Sawyer’s Internal Auditing, 7th
social media Medios de comunicación sociales
communication into interactive dialogue. Edition
The social network sites that are commonly used. Examples Sawyer’s Internal Auditing, 7th
social networks redes sociales
include Facebook, Google+, and Twitter. Edition
The intangible, inherently subjective elements of
soft controls Controles blandos governance control like tone at the top, integrity and ethical
Edition
values, and management philosophy and operating style.
A professional pronouncement promulgated by the
International Internal Audit Standards Board that delineates
standard normas the requirements for performing a broad range of internal
audit activities, and for evaluating internal audit
performance.
A sampling technique that allows the auditor to define with
precision how representative the sample will be. After
statistical sampling muestreo estadístico applying the technique and testing the sample, the auditor
Edition
can state the conclusion in terms of being “%” confident that
the error rate in the population is less than or equal to “%.”
What an entity desires to achieve through the value creation Internal Auditing: Assurance &
strategic objectives Objetivos estratégicos choices management makes on behalf of the organization’s Advisory Services, 4th Edition
stakeholders. (Textbook)
Refers to how management plans to achieve the
strategy estrategia Advisory Services, 4th Edition
organization’s objectives.
(Textbook)
A collection of evidence gained during an engagement that, Internal Auditing: Assurance &
sufficient evidence Evidencia suficiente in its totality, is enough to support the judgments and Advisory Services, 4th Edition
conclusions made in the engagement. (Textbook)
Comprises the five components of internal control—the
control environment, risk assessment, control activities,
information and communication, and monitoring—that are
system of internal controls Sistema de Control Interno Advisory Services, 4th Edition
in place to manage risks related to the financial reporting,
(Textbook)
compliance, and operational objectives of an organization.
Also see Internal Control.
A person or firm, outside the organization, who provides
third-party service provider Proveedor de servicios externo Advisory Services, 4th Edition
assurance and/or consulting services to an organization.
(Textbook)
A model of assurance that helps organizations identify
structures and processes that best assist the achievement of
objectives and facilitate strong governance and risk
management. The model applies to all organizations and is
optimized by:
· Adopting a principles-based approach and adapting the
model to suit organizational objectives and circumstances.
Also "Modelo de las Tres
Three Lines Model Modelo de las Tres Líneas · Focusing on the contribution risk management makes The IIA
Líneas de Defensa"
to achieving objectives and creating value, as well as to
matters of “defense” and protecting value.
· Clearly understanding the roles and responsibilities
represented in the model and the relationships among them.
· Implementing measures to ensure activities and
objectives are aligned with the prioritized interests of
stakeholders.

The boundaries of acceptable outcomes related to achieving
tolerance Tolerancia Advisory Services, 4th Edition
business objectives.
(Textbook)
The entity-wide attitude of integrity and control Internal Auditing: Assurance &
pautas de la alta administración;
tone at the top consciousness, as exhibited by the most senior executives of Advisory Services, 4th Edition
sintonizar con la alta dirección
an organization. Also see Control Environment. (Textbook)
To begin at the entity level, with the organization’s Internal Auditing: Assurance &
top-down approach Enfoque de arriba abajo objectives, and then identify the key processes critical to the Advisory Services, 4th Edition Also "Enfoque Descendente"
success of each of the organization’s objectives. (Textbook)
Taking information from one document, record, or asset
forward to a document or record that was prepared later.
tracing Registro For example, if auditors count inventory, they would trace Also "Trazabilidad"
Edition
their count forward to the client’s inventory records to
verify the completeness of the records.
Controls that operate within a transaction-processing
transaction-level control Controles a nivel de transacción system. Examples are authorizations, segregation of duties,
Edition
and exception reports.
An objective that requires significantly altering operational
components of people, processes, and/or technology to Sawyer’s Internal Auditing, 7th
transformational objective Objetivo transformacional
accomplish a new, higher objective or value-adding Edition
opportunity.
Communicating in a manner that a prudent individual would Internal Auditing: Assurance &
transparency transparencia consider to be fair and sufficiently clear and comprehensive Advisory Services, 4th Edition
to meet the needs of the recipient(s) of such communication. (Textbook)
Comparing information from one period with the same Sawyer’s Internal Auditing, 7th
trend analysis análisis de tendencias
information from the prior period. Edition
A governance framework and supporting publications
Val IT "non-translatable" addressing the governance of IT-enabled business
Edition
investments.
When a physical IT component is partitioned into multiple
virtualization Virtualización "virtual" components; for example, when a physical server is
Edition
logically partitioned into two virtual servers.
The act of taking information from one document or record
backward to an asset, document, or record that was
prepared earlier. For example, auditors might vouch Sawyer’s Internal Auditing, 7th
vouching verificación de comprobantes
information on a computer report to the source documents Edition
from which the information was input to the system to
verify the validity of the information.
The technique whereby content is blocked or allowed based
on analysis of its content, rather than its source or other Sawyer’s Internal Auditing, 7th
web content filtering Filtrado de contenido web
criteria. It is most widely used on the Internet to filter email Edition
and web access.

Official IIA Glossary Spanish

Uploaded by

Copyright:

Available Formats

Official IIA Glossary Spanish

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Official IIA Glossary Spanish

Uploaded by

Copyright:

Available Formats

November 1, 2020 For assistance, questions, or comments, please contact

Official IIA Glossary glossaryterms@theiia.org

Term ESP translation Definition Source Notes

Present if management has planned and organized

Service activities provided by the internal audit function, the

A visual depiction of the different assurance activities and

An objective examination of evidence for the purpose of

Also "Hallazgo de Auditoría".

Any action taken by management, the board, and other

The policies, procedures (both manual and automated), and

Present if management has executed (operated) the controls

A process that provides insight into why certain trends or

A body of guiding principles that form a template against

Any illegal act characterized by deceit, concealment, or

The introduction of threats that may result in a substantial

Improving the quality or efficiency of the existing

Controls that apply to all systems components, processes,

A department, division, team of consultants, or other

The internal audit charter is a formal document that defines

A process, effected by an entity’s board of directors,

Processing history controls, often referred to as an audit

The risk that occurs when an internal auditor fails to

What an entity desires to achieve. When referring to what

An unbiased mental attitude that allows internal auditors to

The rating, conclusion, and/or other description of results

A level of assurance that is supported by generally accepted

The act of comparing information to the internal auditor’s

The relative importance of a matter within the context in

Internal Auditing: Assurance &

You might also like