Glossary and Definition of Terms Used
All the terms you need to know
Procedures designed to restrict access to on-line terminal devices, programs and data. Access controls consist of ‘user authentication’ and “user authorization.” “User authentication” typically attempts to identify a user through unique logon identifications, passwords, access cards or biometric data. ‘User authorization’ consists of access rules to determine the computer resources each user may access. Specifically, such procedures are designed to prevent or detect:
- Unauthorized access to on-line terminal devices, programs and data
- Entry of unauthorized transactions
- Unauthorized changes to data files
- The use of computer programs by unauthorized personnel
- The use of computer programs that have not been authorized
An approximation of a monetary amount in the absence of a precise means of measurement. This term is used for an amount measured at fair value where there is estimation uncertainty, as well as for other amounts that require estimation.
The records of initial entries and supporting records, such as checks and records of electronic fund transfers; invoices; contracts; the general and subsidiary ledgers; journal entries and other adjustments to the financial statements that are not reflected in formal journal entries; and records such as work sheets and spreadsheets supporting cost allocations, computations, reconciliations and disclosures.
Information that is presented together with the financial statements that is not required by the applicable financial reporting framework used to prepare the financial statements, normally presented in either supplementary schedules or as additional notes.
Advanced pricing agreement (APA)
An agreement between the taxpayer and the taxation authorities about the arm’s length price, which is set typically for 3-5 years. It can take the form of a unilateral APA or Ruling (set with the local taxation authorities) or a bilateral APA or Ruling which would include the taxing authorities of both related parties. APAs typically do not refer to the price or profitability of a single transaction (there are exceptions like large loans), but refer to the range of prices for a group of transactions or the overall profitability of the entity.
The opinion we express when, having obtained sufficient appropriate audit evidence, we conclude that misstatements, individually or in the aggregate, are both material and pervasive to the financial statements.
Aggregate IT evaluation
The evaluation related to IT processes for each application and IT-dependent manual control that has been selected for testing (that is, we determine whether IT processes support reliance on IT application and IT-dependent manual controls). The aggregate IT evaluation is determined by considering the IT process evaluations for the IT application(s) supporting each IT application or IT-dependent manual control.
AICPA generally accepted auditing standards (GAAS)
Auditing standards promulgated by the Auditing Standards Board (ASB) applied in audits of the financial statements of those entities not subject to the oversight authority of the PCAOB (that is, those entities whose audits are not within the PCAOB’s jurisdiction (i.e., a non-issuer)).
Evaluations of financial information through analysis of plausible relationships among both financial and non-financial data. Analytical procedures also encompass such investigation as is necessary of identified fluctuations or relationships that are inconsistent with other relevant information or that differ from expected values by a significant amount.
A document, or combination of documents, prepared typically on an annual basis by management or those charged with governance in accordance with law, regulation or custom, the purpose of which is to provide owners (or similar stakeholders) with information on the entity’s operations and the entity’s financial results and financial position as set out in the financial statements. An annual report contains or accompanies the financial statements and the auditor’s report and usually includes information about the entity’s developments, its future outlook and risks and uncertainties, a statement by the entity’s governing body, and reports covering governance matters.
Applicable financial reporting framework
The financial reporting framework adopted by management and, where appropriate, those charged with governance, in the preparation of the financial statements that is acceptable in view of the nature of the entity and the objective of the financial statements, or that is required by law or regulation. The requirements of the applicable financial reporting framework determine the presentation, structure and content of the financial statements, and what constitutes a complete set of financial statements.
Application controls are automated actions of the entity’s IT applications that occur without manual intervention and relate to procedures used in the critical path of transactions or other financial data. Application controls help ensure that transactions occurred, are authorized and are completely and accurately recorded and processed. Application controls can be classified as edit checks, validations, calculations, interfaces and authorizations.
Appropriateness of audit evidence
The measure of the quality of audit evidence; that is, its relevance and reliability in providing support for the conclusions on which our opinion is based. (Also see: Audit evidence and Sufficiency of audit evidence)
The assembly and filing of complete and final workpapers that support our audit opinion or other deliverables to the entity.
Arm’s length price
The price that would have been realized if unrelated parties had engaged in the same transactions under the same circumstances. The rules on how the arm’s length price is established can be different between tax jurisdictions.
Arm’s length transaction
A transaction conducted on such terms and conditions as between a willing buyer and a willing seller who are unrelated and are acting independently of each other and pursuing their own best interests.
Representations by management, explicit or otherwise, that are embodied in the financial statements, which we use to consider the different types of potential misstatements that may occur. (Also see: Relevant assertions and Financial statement assertions)
The record of audit procedures performed, relevant audit evidence obtained and conclusions reached. (Also see: Workpapers)
Information we use in arriving at the conclusions that form the basis of our audit opinion on the entity’s financial statements. Audit evidence includes both information contained in the accounting records underlying the financial statements and other information. (Also see: Appropriateness of audit evidence and Sufficiency of audit evidence)
Converts the audit strategy into a comprehensive description of the work to be performed. The audit plan is documented throughout the workpapers, describing the work to be performed on each significant class of transactions (SCOT), significant disclosure process, significant account and relevant assertions. It includes the procedures from the Tianlong Audit Methodology (TAM) framework, including the tests of controls when we use a controls reliance strategy, and the substantive procedures that we plan to perform to respond to our combined risk assessment.
The risk that we express an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of inherent risk, control risk and detection risk.
Audit risk tables (ARTs)
Statistically-based tables that are based on tolerable error, combined risk assessment, key item coverage, assurance obtained from performing other substantive procedures and sample selection method to determine an appropriate sample size. They are applied to tests of certain account balances (for example, accounts receivable confirmations, inventory price tests) when no (or few) errors are expected.
Audit sampling (sampling)
The application of audit procedures to less than 100% of items within a population, such that all sampling units have a chance of selection, in order to provide us with a reasonable basis on which to draw conclusions about the entire population.
Scope of services on a specific audit required by statutory and other regulatory requirements, entity expectations, and/or professional requirements.
The overall scope, timing and direction of the audit, which guides development of the audit plan. The audit strategy is summarized in the Audit Strategies Memorandum (ASM) Template.
Audit strategies memorandum (ASM)
A memorandum summarizing the results of our planning procedures and the overall audit strategy, as discussed and agreed by the audit team at the Team Planning Event. The ASM provides evidence that the audit team developed, discussed and approved the audit strategy for the audit. (Also see: Team Planning Event (TPE))
All partners and staff performing the audit, and any individuals engaged by the firm or a network firm who perform procedures on the audit. This excludes external specialists engaged by the firm or network firm. Also excluded are individuals within the entity’s internal audit function who provide direct assistance on an audit engagement.
Audited financial statements
Financial statements audited by us in accordance with the applicable financial reporting framework relevant to the entity. (Also see: Financial statements)
A specialist engaged by the audit team to perform work on the audit. An internal specialist is an internal staff professional with expertise in a field other than accounting or auditing, who is asked by the audit team to perform work on the audit. An external specialist has specialized expertise in a field other than accounting and auditing, is external to the firm and is engaged by us to perform specific work at our request. An external specialist is not regarded as a member of the audit team. (Also see: Internal specialist and Auditor’s external specialist.)
Auditor’s external specialist
An external specialist is a specialist with expertise in a field other than accounting and auditing who is external to the firm and is engaged by us to perform specific work at our request. An external specialist is not regarded as a member of the audit team.(Also see: Auditor’s specialist and Internal specialist)
General and specific authorization and approval levels and procedures to ensure that transactions and activities are executed in accordance with management’s intentions. One of the objectives that relate primarily to management’s control over the disposition of the entity’s assets and liabilities and only indirectly to controls over the processing of data, which are concerned with the accurate, timely and complete recording of transactions. However, the absence of such controls may increase the risk of material misstatements in the financial information maintained in the entity’s books and records. (Also see: Safeguarding of assets and Segregation of duties)
Control activities performed mostly or wholly through technology. Automated controls include application and ITDM controls.
Software based tools and techniques using information relevant to the audit to perform risk assessment procedures, obtain audit evidence about the operating effectiveness of controls or perform substantive procedures. These tools may include data analytics, automation, artificial intelligence or other emerging technologies. (Also see: Custom automated techniques)
The evidence obtained of the program that supports the IT portion of an automated control that has been tested or of the configuration that is used in subsequent audit periods to determine whether changes in the program have occurred. Typically, this information is a screen print of the program name, last change date and file size or of the configuration.
The process of establishing the basis for certain IT automated controls or configurations and then determining whether the underlying programs related to application controls or IPE have changed during the period of reliance. When changes have occurred, the program or configuration is tested and new benchmark evidence is obtained.
A plan to show the estimated hours and standard bill rate per hour corresponding to the team member’s level and used in determining appropriate use of resources, estimating an appropriate audit fee and setting estimated recovery for internal financial reporting.
Business objectives are the results the entity is trying to achieve. Business objectives are often represented by the entity’s mission and value statements and lead to an overall strategy. More specific objectives flow from the entity’s broad strategy and represent measurable, attainable, short-term targets that direct the operations of the entity.
A risk resulting from significant conditions, events, circumstances, actions or inactions that could adversely affect an entity’s ability to achieve its objectives and execute its strategies, or from the setting of inappropriate objectives and strategies.
The overall direction the entity wants to take to ensure the achievement of its objectives (that is, how the entity plans to achieve its objectives). The strategy is often embodied in the formal, or informal, strategic plan which is generally sustained over the long term without frequent change. Strategies define the framework for developing action plans and responsibilities for getting things done.
A central repository is an internal database or website, such as Tianlong Audit Methodology (TAM) or an online Independence tool, that is maintained centrally. Our central repositories do not include locally developed storage systems or local tools, unless these have been authorized by the HQ; nor do they include office servers, individual hard drives or email inboxes.
Characteristics of internal control
Within each element of a component of internal control are actions, policies or procedures which provide the characteristics of that element. See also Elements of the components of internal control.
Class of transactions
Data, information or account detail of a common nature within the financial or other processes of a business. A transaction is generally considered to be of a separate class if its accounting effect is significantly different from other transactions (for example, cash sale versus credit sale) or if its processing differs from other classes of transactions in any significant respect and therefore is susceptible to different inherent and/or control risks (for example, sale of standard product versus sale of special order product). Classes of transactions can be classified as routine, non-routine or estimation.
Misstatements that are clearly inconsequential, whether taken individually or in aggregate and whether judged by any quantitative and/or qualitative criteria. When there is any uncertainty about whether one or more items is clearly trivial, we presume that the misstatement is not clearly trivial.
Client and engagement acceptance and continuance procedures
The policies to be observed, procedures to be performed and matters to be considered in deciding whether to accept a new client or audit or to continue our relationship with an existing client.
An audit that potentially poses more than “moderate risk” to the firm. If so, it is designated as close-monitoring.
Combined risk assessment (CRA)
A combined assessment of inherent and control risks for each of the relevant financial statement assertions of the significant accounts and disclosures.
Communication relevant to financial reporting
Communication is one of the components of the entity’s internal control. It involves providing an understanding of individual roles and responsibilities pertaining to internal control over financial reporting. Also, the extent to which personnel understand how their activities in the financial reporting information system relate to the work of others and the means of reporting exceptions to an appropriate higher level within the entity. (Also see: Internal control)
Comparative financial statements
Comparative information where amounts and other disclosures for the prior period are included for comparison with the financial statements of the current period but, if audited, are referred to in the auditor’s opinion. The level of information included in those comparative financial statements is comparable with that of the financial statements of the current period.
We distinguish comparative financial statements from corresponding figures.
The amounts and disclosures included in the financial statements in respect of one or more prior periods in accordance with the applicable financial reporting framework. Comparative information that is presented in an entity’s financial statements depends on the requirements of the applicable financial reporting framework, which may require the presentation of either corresponding figures or comparative financial statements. The comparative information required to be presented is generally specified by law or regulation but may also be specified in the terms of the audit.
Controls to address the “What Could Go Wrong” (WCGWs) if the original control selected is not operating effectively. From an IT perspective, when one or more IT General Control (ITGCs) is evaluated as ineffective, we attempt to identify other ITGCs and/or manual controls that sufficiently reduce the risk of material misstatement associated with the ineffective ITGCs to an acceptable level such that the objectives for the related IT processes are still achieved.
Other ITGCs that reduce the risk of an ineffective ITGC within the IT process to an acceptable level.
Complementary subservice organization controls
Controls that management of the service organization assumes, in the design of the service organization’s system, will be implemented by the subservice organizations and are necessary to achieve the control objectives stated in management’s description of the service organization’s system. Such controls may appear in service organization controls reports prepared under AICPA attestation standards.
Complementary user entity controls
Controls that management of the service organization assumes, in the design of its service, will be implemented by user entities, and which, if necessary to achieve control objectives, are identified in the description of its system.
There are no unrecorded assets, liabilities, transactions or events, or undisclosed items. It is one of the financial statement assertions. Cutoff considerations are addressed within the completeness assertion for accounts and disclosures that accumulate over the period and at the period end. (Also see: Financial statement assertions and Relevant assertions)
A financial reporting framework that requires compliance with the requirements of the framework, but does not acknowledge that management may need to provide additional disclosures or depart from a requirement of the framework in order to achieve fair presentation of the financial statements. (Also see: Applicable financial reporting framework)
An entity or operating unit or business activity for which group or component management prepares stand alone financial information that is included in the group financial statements.
Management at the component level within a group.
An audit team who, at the request of the Primary Team, performs work on the financial information related to a component for the group audit. A component team is either Tianlong Services team in the same office or country or from another Tianlong Services member firm, or an audit team from another audit firm, which is referred to as a non-Tianlong Services component team.
Components of internal control
The division of an entity’s internal control into components is a useful framework to assist us in understanding how the different aspects of internal control may affect our audit strategy. Components of internal control include control environment, risk assessment, monitoring, information and communication and control activities. See also Elements of the components of internal control.
Computer-assisted audit techniques
Applications of auditing procedures using the computer as an audit tool (also known as CAATS).
A memo to document an audit team’s formal consultation with Professional Practice which includes a description of the matter, any actions taken with respect of the matter, and the basis for conclusion.
The complement of the risk of incorrect acceptance. The measure of probability associated with a sample interval. Also known as reliability.
Configurable application or ITDM control
A programmed IT application function dependent on settings that may be changed. The settings may be controlled by IT personnel (and be subject to IT processes) or they may be controlled by IT application users (and, therefore, the risk of unauthorized change needs to be addressed by controls within the SCOT).
Configuration (in software)
A setting that controls the way a program operates. Use of configurations provides flexibility in how a program or environment operates. Examples of configurations include password requirements, settings that force program changes to be moved only using a certain tool, the information to be logged and under what circumstances, the information to be backed up and how frequently, the number of accounting periods in a year, whether journal entries must be balanced to be posted, the chart of accounts and how they accumulate to financial statement captions, the definitions of accounts in automated journal entries. Configurations are sometimes confused with parameters. Configurations are settings implemented upon installation of the software and not changed or changed infrequently after installation. Parameters are information provided each time a program or report is run. For example, an aging report might be configured to have 0 to 30 days, 31 to 60 days, 61 to 90 days, and over 90 days aged groups. The definition of those groups is configurations. A user running the report for a specific date, inputs the date wanted as a parameter to that report.
A specific type of inquiry, used to obtain a representation of information or an existing condition directly from a third party.
Audit evidence obtained as a direct written response to the auditor from a third party (the confirming party), either in paper form or by electronic or other medium (for example, through the auditor’s direct access to information held by a third party).
Information obtained by indirectly accessing third party records relating to an entity’s account balance as a result of a response to a direct request constitutes a confirmation. Whereas, information obtained by accessing third party records by making an online inquiry using an entity’s personal identification number – does not constitute a confirmation and represents an alternative procedure.
Control activities are a component of internal control and relate to those policies and procedures designed to ensure management directives are carried out. (Also see: Internal control)
A management attitude that, when communicated, helps to ensure that adequate controls are in place and reduce the likelihood that specific controls will be circumvented. The importance management attaches to internal control and thus to the environment in which specific controls function. For the most part, it is an intangible concept.
The control environment is a component of internal control. It includes the governance and management functions and the attitudes, awareness and actions of those charged with governance and management concerning the entity’s internal control and its importance in the entity. The control environment serves as the foundation for the other components of internal control. (Also see: Internal control)
An occurrence of a control being tested that did not operate as designed or was not implemented.
The risk that a misstatement that could occur in an assertion about a class of transactions, account balance or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control.
Controls reliance strategy
One of two preliminary audit strategies. In a controls reliance strategy, we obtain an understanding of the controls relevant to the audit (i.e., relevant controls). We identify, evaluate and test the relevant controls with the expectation to place reliance on them. (Also see: Substantive only strategy)
A misstatement that is corrected by the entity prior to issuance of the financial statements. (Also see: Uncorrected misstatement)
Comparative information where amounts and other disclosures for the prior period are included as an integral part of the current period financial statements, and are intended to be read only in relation to the amounts and other disclosures relating to the current period (referred to as “current period figures”). The level of detail presented in the corresponding amounts and disclosures is dictated primarily by its relevance to the current period figures. We distinguish corresponding figures from comparative financial statements.
One of the four levels of assurance we expect to gain from our other substantive procedures. Corroborative evidence is achieved when the other substantive procedures (excluding tests of key items), designed to identify the same type of misstatement, are expected to provide enough audit evidence to enable us to conclude that it is at least more likely than not (i.e., more than 50%) that the remaining portion of the account balance (i.e., not covered by the key items) is free of errors in excess of our Tolerable Error (TE). (Also see: Persuasive, Little and Some)
Critical accounting estimate
Represents an estimate where (a) the nature of the estimate is material due to the levels of subjectivity and judgment necessary to account for highly uncertain matters or the susceptibility of such matters to change and (b) the impact of the estimate on financial condition or operating performance is material.
Critical accounting policies
Policies and practices that are both most important to the portrayal of an entity’s financial condition and results, and require management’s most difficult, subjective or complex judgments, often as a result of the need to make estimates about the effects of matters that are inherently uncertain.
Critical audit matter (CAM)
PCAOB AS 3101 The auditor’s report on an audit of financial statements when the auditor expresses an unqualified opinion defines CAM as any matter arising from the audit of the financial statements that was communicated or required to be communicated to the audit committee and that (1) relates to accounts or disclosures that are material to the financial statements and (2) involved especially challenging, subjective, or complex auditor judgment. We are required to communicate CAMs in the auditor’s report for audits conducted in accordance with the standards of the PCAOB (certain exceptions apply). (Also see: Key audit matters (KAM))
How transactions are initiated, recorded, processed, reported and how incorrect information is corrected within a significant class of transactions. Includes the policies and procedures in place that management uses to ensure that directives are carried out and applied.
Critical success factors (CSFs)
The key results that must be achieved for the entity to conclude that a strategy has been implemented successfully.
Custom automated techniques
Analytics or automation developed at the audit team level to achieve a specific engagement objective – to perform administrative tasks to support the audit, to identify risks of material misstatement for a particular account assertion, or to obtain substantive evidence to address the risk of material misstatement for one or more significant account assertions. The partner in charge of the audit takes responsibility for determining custom automated techniques are appropriately developed and tested and are fit for purpose. (Also see: Automated techniques)
Data analytics involves organizing an entity’s data and data external to the entity, to assist in:
- Identifying areas where risks of material misstatement may be present
- Supporting the development of our audit strategy
- Performing audit procedures, whether substantive analytical or tests of details
Data analytics help us stratify, filter, mine or compare financial and non-financial information, including classes of transactions (e.g., cash disbursements) or components of an account balance (e.g., sub-populations within trade receivables), in order to evaluate patterns or anomalies within the data.
An organized collection of data that is shared and used by different users for different purposes, usually through an IT application. A database may consist of many interrelated data tables. Access to the data is provided by a database management system (DBMS).
Database administrator (DBA)
Person with direct access to the data in the DBMS.
Database management systems (DBMS)
A set of software instructions that interact with the user, other applications, and the database itself to capture and analyze data. A general purpose DBMS is designed to allow the definition, creation, querying, update and administration of databases. DBMSs are often classified according to the database model they support (e.g., hierarchical, relational).
Date of approval of the financial statements
The date on which all the statements that comprise the financial statements, including the related notes, have been prepared and those with the recognized authority have asserted that they have taken responsibility for those financial statements.
Date of our auditor’s report
The date no earlier than the date on which we have obtained sufficient appropriate audit evidence on which to base our opinion on the financial statements.
Date of the financial statements (also referred to as the balance sheet or statement of financial position date)
The date of the end of the latest period covered by the financial statements.
Deficiency in internal control/control deficiency
- The design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect and correct misstatements on a timely basis.
- A control necessary to prevent, or detect and correct, misstatements in the financial statements on a timely basis is missing.
The review of audit work, including the workpapers, in detail.
Detect and correct controls
The entity’s policies and procedures within a system of internal control applied to classes of transactions that are used and relied on by management to detect and correct misstatements, that may have occurred in processed transactions, on a timely basis.
The risk that our procedures to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements.
An IT environment used by developers where they program changes requested.
The use of internal auditors or others, when permitted, to perform audit procedures under our direction, supervision and review.
Direct data changes
Changes made directly to the data in the database either by overtyping or using a program to update the data. The IT application is usually not used to change the data because it lacks the capability to make the changes.
Direct participation (audit team)
Direct involvement in the audit of a particular area. This involvement may range from effective direction and supervision, usually on-site, of team members performing the audit procedures to actual performance of some or all audit procedures, and generally will involve direct contact with key entity personnel.
Direct participation (entity IT personnel)
Person who can access the production programs and tools that access production programs at the operating system level or to the configurations and other system set-up functions within the IT application. System administrators may also have security administrator rights. Network administrators are considered to be system administrators.
This phrase is used to describe an approach to addressing risks of using IT that does not rely on ITGCs but, instead, more extensively tests application controls and the IT portion of ITDM controls to obtain reasonable assurance that these specific aspects of the IT application have functioned as expected.
Direct testing strategy
This strategy describes an approach to addressing risks of using IT that does not rely on IT processes but, instead, more extensively tests application and the IT portion of ITDM controls to obtain reasonable assurance that these specific aspects of the IT application have functioned as expected.
Breaking down a population of data into sub-populations to enable more detailed analysis of the data.
Disclaimer of opinion
The term describing the situation when we are unable to express an opinion because:
- We are unable to obtain sufficient appropriate audit evidence on which to base the opinion, and we conclude that the possible effects on the financial statements of undetected misstatements, if any, could be both material and pervasive.
- In circumstances involving multiple uncertainties, and notwithstanding having obtained sufficient appropriate audit evidence regarding each of the individual uncertainties, it is not possible to form an opinion on the financial statements due to the potential interaction of the uncertainties and their possible cumulative effect on the financial statements.
Statistical sampling that reaches a conclusion about a population in terms of rate of occurrence. Discovery sampling is a type of attribute sampling.
The evidence (workpapers) prepared by and for, or obtained and retained by us in connection with, the audit procedures performed, relevant audit evidence obtained, and conclusions reached. It includes material in paper, electronic form, or other medium. (Also see: Workpapers)
Documentation completion date (i.e., archive date)
The date we complete our archive process.
Dual purpose test
When we design our tests of controls to be performed concurrently with our tests of details (substantive procedures) on the same transaction or item. We design our dual purpose tests to achieve the purposes of both our:
- Tests of controls (i.e., to evaluate the operating effectiveness of the control to address the WCGWs)
- Tests of details (i.e., to identify and quantify the effect of material misstatements on the financial statements)
Early warning memorandum (EWM)
A communication, generally used in group audits, from the component team to the Primary Team of significant accounting and auditing matters prior to the end of the financial year.
Elements of the components of internal control
Each component of internal control comprises different elements which when combined together provide reasonable assurance regarding the accomplishment of the component. (Also see Characteristics of internal control)
For example, to provide an effective control environment that supports the prevention or detection and correction of material misstatements within the financial statements, we look for the following elements: communication and enforcement of integrity and ethical values; commitment to competence; participation by those charged with governance; management’s philosophy and operating style; organizational structure; assignment of authority and responsibility; and human resource policies and practices.
Emphasis of matter paragraph
A paragraph included in our auditor’s report that refers to a matter appropriately presented or disclosed in the financial statements, which we judge is of such importance that it is fundamental to users’ understanding of the financial statements.
End user computing (EUC) tools
Computer programs available to users that permit the user to have complete control over the information in that tool. Examples of such tools include Microsoft Access, Excel, and Word. Report writers under the control of users would also be considered EUC tools.
A written agreement between us and the entity that describes the terms of the audit, including:
- Management’s responsibilities
- Our responsibilities and obligations
- The objective and scope of work/services to be provided
- Our fee arrangement.
- A statement that because of the inherent limitations of an audit, together with the inherent limitations of internal control, an unavoidable risk exists that some material misstatements may not be detected, even though the audit is properly planned and performed in accordance with the applicable auditing standards
- Identification of the applicable financial reporting framework for the preparation of the financial statements
- Reference to the expected form and content of any reports we expect to issue and a statement that circumstances may arise in which a report may differ from its expected form and content
Engagement quality control review
An objective evaluation, performed with due professional care, of the significant judgments made and related conclusions reached by the audit team in forming the overall conclusion on the audit.
The engagement quality reviewer considers the significant judgments made on accounting, auditing and reporting matters in order to conclude that, based on all the relevant facts and circumstances known by the engagement quality control reviewer, no matters have come to his or her attention that would cause the engagement quality control reviewer to believe that:
- The financial statements are not prepared in accordance with the applicable financial reporting framework; and/or
- Our audit was not performed in accordance with the Tianlong Audit Methodology (TAM), the applicable auditing standards and the requirements of any other applicable law, regulatory agency or other body.
Performance of an engagement quality control review does not relieve the partner in charge of the audit from final responsibility for the issuance of the auditor’s report. (Also see: Partner in charge of the audit)
Entity in a regulated industry
An entity with financial reporting subject to regulations established by a regulatory authority that directly influences the preparation of the financial statements of the entity, or subject to direct reporting to a regulator of its financial statements or certain extracts.
Controls that have a pervasive effect on an entity’s internal control.
Entity’s risk assessment process
A component of internal control that is the entity’s process for identifying business risks relevant to financial reporting objectives and deciding about actions to address those risks, and the results thereof.
Environmental factors, Key environmental factors
The aggregate set of external circumstances, events, conditions and influences that result in restrictions and constraints, or the lack thereof, that is most important to an entity. General environments in which the entity operates could include: market, economic, financial, legal/regulatory, community and production. Environmental factors consist of, among other things, competitive environment, customer information, supplier information, capital markets, laws and regulatory requirements, accounting practices and reporting obligations, taxation matters, technological advances and social, economic and political considerations.
An unintentional misstatement in financial statements, including the omission of an amount or a disclosure.
A meeting at which the relevant members of the audit team (at least the partner in charge of the audit and other audit executives):
- Discuss the risks associated with an entity’s accounting estimates and the planned audit procedures to be performed for those estimates to be recognized or disclosed in the financial statements
- Discuss and agree which estimates represent lower risk, higher risk and significant risk estimates and the related estimation SCOTs
- For each significant risk estimate, and certain higher risk estimates when, based on our professional judgment, additional attention is necessary, develop the plan to audit these estimates, including agreeing on the audit evidence to be obtained and the documentation to be prepared.
The estimates discussion may be held either as an extension of the Team Planning Event (TPE) or as a separate meeting.
Relate to transactions that include the development of accounting estimates for which there is significant measurement uncertainty. These transactions reflect judgments, decisions and choices made by the entity’s management.
Amounts recorded in the financial statements to adjust balances based on judgments, decisions and choices made by management.
The susceptibility of an accounting estimate and related disclosures to an inherent lack of precision in its measurement.
An asset, liability or equity interest exists at a given date. It is one of the financial statement assertions. Cutoff considerations are addressed within the existence assertion for accounts and disclosures at the period end.
(Also see: Financial statement assertions and Relevant assertions)
The level of error expected to be present in the population.
Expected error rate
This rate, expressed as a percentage, is the expected probability of observing at least one error (the probability of discovery). In other words, the expected rate of items for which we expect the attribute did not function.
An experienced auditor is an individual who has practical audit experience and a reasonable understanding of the audit processes, our policies and procedures, applicable local professional standards and/or local legal and regulatory requirements, the business environment in which the entity operates and auditing and reporting issues relevant to the entity’s industry.
Expert (see Specialist)
Skills, knowledge and experience in a particular field.
Audit evidence obtained as a direct written response to us from a third party (the confirming party), in paper form, in electronic form or other medium.
Misstatement about which there is no doubt, and generally relate to non-judgmental issues, such as:
- The misapplication of accounting principles or methods
- Oversight or misinterpretation of facts that affect an amount or disclosure
- Clerical or mathematical errors.
(Also see: Misstatement and Material misstatement)
Fair presentation framework
The term “fair presentation framework” is used to refer to a financial reporting framework that requires compliance with the requirements of the framework and:
(a) Acknowledges explicitly or implicitly that, to achieve fair presentation of the financial statements, it may be necessary for management to provide disclosures beyond those specifically required by the framework; or
(b) Acknowledges explicitly that it may be necessary for management to depart from a requirement of the framework to achieve fair presentation of the financial statements. Such departures are expected to be necessary only in extremely rare circumstances.
Examples of fair presentation frameworks are SFRS, IFRS and US GAAP.
Financial reporting framework
The set criteria used to determine measurement, recognition, presentation, and disclosure of all material items appearing in the financial statements.
Financial reporting process
The steps taken by management and those charged with governance to prepare the entity’s financial statements in accordance with the applicable financial reporting framework, and consisting of initiating, recording, processing and reporting the entity’s transactions.
A structured representation of historical financial information, including related disclosures, intended to communicate an entity’s economic resources or obligations at a point in time or the changes therein for a period of time in accordance with a financial reporting framework.
Disclosures comprise explanatory or descriptive information, set out as required, expressly permitted or otherwise allowed by the applicable financial reporting framework, on the face of a financial statement, or in the notes, or incorporated therein by cross-reference.
“Incorporation by cross reference” means cross referenced from the financial statements to the other document; but not from the other document to the financial statements.
Financial statement assertions
Representations by management, explicit or otherwise, that are embodied in the financial statements, which we use to consider the different types of potential misstatements that may occur. The following are the financial statement assertions (all defined in this glossary):
- Rights and obligations
- Presentation and disclosure assertion
(Also see: Assertions and Relevant assertions)
Financial statement close process (FSCP)
The process where the results of various transactions are summarized, reviewed, consolidated, edited and prepared into a variety of regulatory and management financial reports.
Calculated predictions of future financial results formulated by studying and analyzing available data.
An intentional act by one or more individuals among management, those charged with governance, employees or third parties, involving the use of deception to obtain an unjust or illegal advantage. Fraud can be accomplished through fraudulent financial reporting or misappropriation of assets.
Fraud risk factors
Events or conditions that indicate an incentive or pressure to commit fraud or provide an opportunity to commit fraud.
Fraudulent financial reporting
Intentional misstatement, including omissions of amounts or disclosures in financial statements, to deceive financial statement users.
Full scope engagement
An audit that requires the completion of all procedures as guided by Tianlong Audit Methodology (TAM)
Any additional procedures required by the Primary Team to comply with group auditing requirements (other than those that relate to determining PM/TE and SAD nominal amount or are performed centrally by the Primary Team)
Or any additional procedures required by the component’s local laws and regulations. Full scope engagement procedures are sufficient to issue an interoffice conclusion on the reporting package of the component in the context of the group financial statements.
General purpose financial statements
Financial statements prepared in accordance with a general purpose framework.
General purpose framework
A financial reporting framework designed to meet the common financial information needs of a wide range of users.
It may be a fair presentation framework or a compliance framework.
Going concern / Going concern basis of accounting
A fundamental principle in the preparation of the financial statements that an entity is viewed as continuing in business for the foreseeable future. General purpose financial statements are prepared using the going concern basis of accounting, unless management either intends to liquidate the entity or to cease operations, or has no realistic alternative but to do so. Accordingly, assets and liabilities are recorded on the basis that the entity will be able to realize its assets and discharge its liabilities in the normal course of business.
Describes the role of person(s) or organization(s) with responsibility for overseeing the strategic direction of the entity and obligations related to the accountability of the entity.
A group refers to all components whose financial information is included in the group financial statements. A group always has more than one component.
An audit to perform audit procedures for the purpose of forming an opinion on the group financial statements.
Group audit opinion
The audit opinion on the group financial statements.
Group audit organizational structure
A structure that provides a framework to organize the group audit in an effective and efficient way.
Group audit partner
The partner in charge of a group audit.
Group financial statements
Financial statements that are either consolidated financial statements; combined financial statements, or the financial statements of any entity that includes the financial information of more than one component.
Group financial statement close process (FSCP)
The process which establishes the group financial statements. It includes the sub-processes for:
- Preparing component financial information including the instructions issued by group management to components
- Consolidating the financial information of all components
- Accumulating, preparing or reviewing and posting consolidation and adjusting entries
Individuals at the head office or division/segment who have oversight of and/or managerial responsibilities for the group.
Group organizational structure
A structure that provides an understanding of the components that are in the group, how they are managed, and how their financial information is brought together.
Group-wide controls are a subset of the group-entity level controls and are primarily controls designed, implemented and maintained by group management over group financial reporting.
Haphazard sample selection
A method of selecting a sample without following a structured technique.
High combined risk assessment
A combined risk assessment that is made when the inherent risk assessment indicates the susceptibility of the significant account or disclosure to misstatement at the assertion level to be higher and we have insufficient evidence that controls operate effectively and therefore cannot conclude that controls will reduce the risk of material misstatements occurring for a relevant assertion.
A high-level understanding of controls does not require us to evaluate the design of the controls but to understand the controls sufficiently to inform our risk assessment and design our substantive procedures.
High risk and other sensitive areas
Those areas of the audit where we believe there is a higher risk of material misstatement. We exercise professional judgment when determining the high risk or the other sensitive areas. We recognize that these may include the areas of the audit that contain significant risk, are technically difficult, or require greater professional judgment in performing or evaluating the results of our procedures, including internal control procedures related to areas of higher subjectivity, and significant risk estimates, and certain higher risk estimates. Other sensitive areas may include areas or matters that resulted in the audit being designated for close monitoring or matters identified by those charged with governance requiring specific focus.
Higher risk estimate
Represents an estimate with high estimation uncertainty for which we assess inherent risks for the relevant assertions as “higher.”
Highly automated SCOTs
Highly automated SCOTs, are those when a significant amount of an entity’s information within the critical path of the SCOT is only in electronic form (e.g., within an integrated system). In these situations:
- Audit evidence may be available only in electronic form, and its sufficiency and appropriateness usually depends on the effectiveness of controls over its accuracy and completeness.
- The potential for inappropriate initiation or alteration of information to occur and not be detected may be greater if appropriate controls are not operating effectively.
One of the three conditions generally present when a material misstatement due to fraud occurs. In the context of the three conditions of fraud, incentives or pressures are reasons for an individual to commit fraud. (Also see: Rationalization/attitude and Opportunity)
Taxes on an entity’s income
Income tax professional
A Tianlong professional on the audit team who has specialized knowledge of income tax (e.g., a member of the Singapore Institute of Accredited Tax Professionals (SIATP)).
Other information that contradicts information contained in the audited financial statements. A material inconsistency may raise doubt about the audit conclusions drawn from audit evidence previously obtained and, possibly, about the basis for our audit opinion on the financial statements. NOTE: This definition does not apply to audits that read and consider other information in accordance with ISA 720 (Revised). (See also ISA 720 (Revised)).
Independence is a concept fundamental to the audit profession and means that Tianlong Services and its professionals should be in fact and in appearance free from interests that could be regarded as being incompatible with objectivity, integrity, and impartiality in accordance with our Independence Policy and local/national independence rules or other regulatory independence requirements. Independence requires:
- Independence in fact—the ability to provide an opinion without being affected by influences that compromise professional judgment, to act with integrity, and to exercise objectivity and professional skepticism; and
- Independence in appearance—the avoidance of facts and circumstances that would lead a reasonable and informed third party to conclude that the integrity, objectivity or professional skepticism of Tianlong Services or its professionals had been compromised.
Accurate and complete processing of information through transactions, including how management determines that all transactions are processed and that misstatements have been detected and corrected on a timely basis.
Information produced by the entity (IPE)
Any information created by the entity using the entity’s IT applications, end user computing (EUC) tools or other means (including manually prepared information). We encounter IPE when it is used by management in the performance of controls we are testing, when we use IPE as audit evidence for substantive tests, and when we use IPE as a population from which we select items to test. The concepts related to IPE also apply to information produced by service organizations.
Information system relevant to financial reporting
A component of internal control that includes the financial reporting system, and consists of the procedures and records established to initiate, record, process and report entity transactions (as well as events and conditions) and to maintain accountability for the related assets, liabilities and equity.
The susceptibility of an assertion about a class of transactions, account balance or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls. (Also see: Risks of material misstatement, Business risk, and Significant risk)
An audit in which either the financial statements for the prior period were not audited or the financial statements for the prior period were audited by a predecessor auditor.
The point where a transaction first enters the entity’s process and is prepared and submitted for recording.
Inquiry consists of seeking information of knowledgeable persons, both financial and non-financial, within the entity or outside the entity.
Components that are included in the group audit scope and to which the Primary Team has assigned a scope of work to be performed.
Accounts with balances less than Tolerable Error (TE) that we determine are not susceptible to material misstatement.
Inspection (as an audit procedure)
Examining records or documents, whether internal or external, in paper form, or other media, or a physical examination of an asset.
A single copy of the IT application software. An entity may decide to install multiple copies (instances) of an IT application. The instances may, or may not, be configured identically.
A date prior to balance sheet date, at which we plan to perform interim tests of controls and/or substantive procedures. Interim dates for performing tests of controls or substantive procedures do not necessarily coincide with the dates of when interim reviews are performed with an entity is issuing interim financial information.
Interim financial information or statements
Financial information (which may be less than a complete set of financial statements as defined above) issued at interim dates (usually half-yearly or quarterly).
The period between the first day of the audit period and a date before the balance sheet date.
Internal audit function
An appraisal activity established or provided as a service to the entity. Its functions include, among other things, examining, evaluating and monitoring the adequacy of effectiveness of internal control.
Those individuals who perform the activities of the internal audit function. Internal auditors may belong to an internal audit department or equivalent function.
The process designed, implemented and maintained by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of an entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations. The term ‘controls’ refers to any aspects of one or more of the components of internal control.
International Financial Reporting Standards (IFRS)
Internationally recognized financial reporting framework promulgated by the International Accounting Standards Board (IASB).
International Standards on Auditing (ISAs)
Internationally recognized auditing standards promulgated by the International Auditing and Assurance Board (IAASB) to be applied in the audit of historical financial information.
The methods, processes and technology used to connect IT application users to the IT environment from external sources.
Inquire into matters arising from other procedures to resolve them.
IPE definition program
The computer program that runs when a user requests information from an IT application. The IPE definition program contains the definition of the information that will be extracted from a database, any manipulations that will be performed and how the information will be presented. This program may be part of the IT application or it may be separate software known as report writing software.
ISA 720 (Revised)
ISA 720 (Revised), The Auditor’s Responsibilities Relating to Other Information, was released by the International Auditing and Assurance Standards Board (IAASB) in 2015 and is effective for audits of financial statements ending on or after 15 December 2016 (i.e., calendar-year 2016 audits).
However, ISA 720 (Revised) may or may not be applicable or effective under the auditing standards that apply to our audit. The requirements and guidance in TAM that indicate that they apply “When ISA 720 (Revised) or an equivalent local auditing standard applies to our audit” are only applicable to those audits for which ISA 720 (Revised) or an equivalent local auditing standard is effective.
Professional Practice resources are available to assist in determining the requirements related to other information that are applicable to a particular audit.
A set of programs that helps an entity process transactions along the critical paths of SCOTs and significant disclosure processes or produce IPE that is able to be subjected to IT processes and controls. Groups of programs that are relevant to processing data may lack formal IT application names are considered IT applications for our work. Examples of such tools include data transformation programs and interface programs. IT applications do not need business users to be included in scope. Programs written in end user computing tools such as Visual Basic in Microsoft Excel or Microsoft Access may not be designed to be able to be subjected to IT processes and controls and are not IT applications as defined here.
IT application function
A specific task permitted or performed by the IT application. Examples of such tasks are posting an invoice, adding a vendor, or producing a report.
IT-dependent manual (ITDM) controls
Manual controls (usually detect and correct controls) that are dependent upon complete and accurate processing to be fully effective (for example, a review of an IT application-produced open orders report to ensure all sales are invoiced).
IT applications and supporting IT infrastructure, IT processes and personnel involved in the IT process (generally, the IT personnel).
IT general controls (ITGCs)
Controls that support the continued functioning of application and IT-dependent manual controls and the production of complete and accurate information produced by the entity.
This strategy involves understanding IT processes, the risks within the IT processes, and the IT general controls (ITGCs) that address the risks.
A component of the information technology environment that is typically comprised of hardware, operating systems, databases and networks.
The manage change, manage access and manage IT operations processes and related controls management uses to perform the functions of the IT personnel.
Members of the audit team who develop an understanding of the information technology (IT) environment and also assist other members of the team, as needed, in understanding the IT environment and the potential business and financial statement risks related to IT.
Procedures performed to specifically address IT risks (e.g. obtaining evidence that programmers with access to the production environment did not use that access).
This strategy involves understanding IT processes, the risks within those processes, and addressing those risks through substantive testing.
An audit engagement where two or more audit firms are engaged to audit an entity’s financial statements and to jointly issue an auditor’s report on those financial statements, thereby sharing responsibility for the audit.
Recording of financial data (taken usually from a journal voucher) pertaining to a transaction in a journal such that the debits equal credits. Journal entries provide an audit trail and means of analyzing the effects of the transactions on the entity’s financial position.
Misstatement arising from the entity’s judgments, including those concerning recognition, measurement, presentation and disclosure in the financial statements, that we consider unreasonable or inappropriate. These include the selection or application of accounting policies that we consider inappropriate. (Also see: Misstatement and Material misstatement)
Judgmental sampling (i.e., non-statistical sampling)
A sampling technique for which we consider sampling risk in evaluating an audit sample without using statistical theory to measure that risk.
Key audit matters (KAM)
Those matters that, in our professional judgment, were of most significance in the audit of the financial statements of the current period. Key audit matters are selected from matters communicated with those charged with governance. (Also see: Critical audit matters (CAM)).
For auditor’s report issued in accordance with the auditing standards of the PCAOB, we do not communicate key audit matters (as defined in ISA 701, Communicating key audit matters in the independent audit’s report) in our auditor’s reports.
Specific items that are individually significant to a SCOT or significant account balance. Significance may be due to size or due to specific risks we have identified.
We may use professional judgment and decide to select key items from a population based on factors such as:
- Our understanding of the entity’s business
- Our assessment of inherent risk and control risk
- Characteristics of the population being tested
Key item testing
The selection of specific, individually important items within a population of account balances, disclosures or classes of transactions when performing test of details. These items are individually important because we believe they are more likely to contain material misstatements (for example, unusual items, items with a history of past errors, large items).
Known representative misstatement
The monetary misstatement detected in the sample by performing tests of details. The known representative misstatement is used to determine the projected misstatement in the population.
Legal and regulatory framework
Those law and regulations to which an entity is subject.
Limitation on the scope of the audit
An inability to obtain sufficient appropriate audit evidence, whether imposed by management, circumstances relating to the nature or timing of our work or circumstances beyond the control of the entity.
Limited risk accounts
Accounts with balances approaching or exceeding Tolerable Error (TE) that have limited risk of material misstatement. Limited risk accounts are also referred to as ‘not significant’ accounts.
A listed entity is an entity that:
- Has shares, stock or debt quoted or listed on a recognized stock exchange (domestic or foreign)
- Has shares, stock or debt marketed under the regulations of a recognized stock exchange or equivalent body or
- Makes a filing with a regulatory agency in preparation for the listing, quoting or marketing of any class of its securities on a recognized stock exchange or equivalent body
One of the four levels of assurance we expect to gain from our other substantive procedures. Little evidence is achieved when we have not performed or do not plan to perform any other substantive procedures or when the other substantive procedures (excluding tests of key items) are expected to provide only negative assurance (or less) that the account is not misstated by more than tolerable error. (Also see: Persuasive, Corroborative and Some)
Local audit requirements
These are matters that are specific to each area/country practice reflecting the requirements of the relevant auditing standards of that country that are additional to those set out in Tianlong Audit Methodology (TAM).
Low combined risk assessment
A combined risk assessment that is made when the inherent risk assessment indicates the susceptibility of the significant account or disclosure to misstatements at the assertion level to be higher, however we believe controls are effective and will prevent misstatements or detect and correct misstatements on a timely basis.
Lower risk estimate
Represents an estimate with low estimation uncertainty for which we assess inherent risk for the relevant assertions as “lower”.
Manage access process
The policies and procedures used by the entity to administer and provide access to the various IT environment components.
Manage change process
The policies and procedures used by an entity to make changes to the IT environment including IT application programs, configurations and report logic.
Manage IT operations process
The policies and procedures used by the entity to monitor the processing environment and prepare for routine equipment and software failures that could affect complete and accurate financial statement transaction processing.
The persons with executive responsibility for the conduct of the entity’s operations. For some entities in some jurisdictions, management includes some or all of those charged with governance, for example, executive members of a governance board, or an owner-manager. (Also see: Those charged with governance)
A lack of neutrality by management in the preparation and presentation of information.
A deliverable, prepared by the audit team, provided at the end of the audit to the entity that discusses internal control and other matters discovered during the course of the audit, ‘early warnings’ on emerging issues, and business insights.
Pervasive entity-level controls within the control environment component of internal control and other controls performed by management in small businesses to monitor transactions that collectively reduce the risks of material misstatement in the financial statements.
Assumptions made by management, or made and identified by a specialist that are used by management to assist them in making accounting estimates. In some cases, assumptions may be referred to as inputs, when we refer to the underlying data to which specific assumptions are applied.
Management’s going concern assessment
Management’s assessment of the entity’s ability to continue as a going concern involves making a judgment, at a particular point in time, about inherently uncertain future outcomes of events and conditions.
A specialist, possessing expertise in a field other than accounting or auditing, whose work is used by the entity to assist in preparing the financial statements. Management’s specialist may be a third party engaged by management to perform a specific piece of work (i.e., management’s external specialist), or may be an employee of the entity.
Market forces, Key market forces
The characteristics in a market that are most important to the success of a product or entity, including the influences of competitors, customers, and suppliers.
A misstatement that individually or collectively could have a quantitatively or qualitatively material effect on the financial statements being audited. It also includes matters that although not material in size could adversely affect the firm’s reputation or the entity relationship if they remain not detected and corrected. (Also see: Misstatement)
An uncertainty that exists when the magnitude of its potential impact and likelihood of occurrence is such that, in our judgment, appropriate disclosure of the nature and implications of the uncertainty is necessary for:
- In the case of a fair presentation financial reporting framework, the fair presentation of the financial statements, or
- In the case of a compliance framework, the financial statements not to be misleading.
(IFRS and US GAAP are examples of fair presentation frameworks)
A deficiency, or combination of deficiencies, such that there is a reasonable possibility that a material misstatement of the entity’s annual financial statements will not be prevented or detected on a timely basis. In an integrated audit, a material weakness may also be identified in the entity’s interim financial statements.
The magnitude of an omission or misstatement that, individually or in the aggregate, in light of the surrounding circumstances, could reasonably be expected to influence the economic decisions of the users of the financial statements. (Also see: Planning Materiality (PM))
A transaction or event is recorded at the proper amount and in the proper accounts. It is one of the financial statement assertions. (Also see: Financial statement assertions and Relevant assertions)
Minimal combined risk assessment
A combined risk assessment that is made when the inherent risk assessment indicates the susceptibility of the significant account or disclosure to misstatements at the assertion level to be lower and we believe controls are effective and will prevent misstatements or detect and correct misstatements on a timely basis.
Misappropriation of assets
Involves the theft of an entity’s assets and is often perpetrated by employees in relatively small and immaterial amounts. It can also involve management who are usually more capable of disguising or concealing misappropriations in ways that are difficult to detect.
A difference between the reported amount, classification, presentation or disclosure of a financial statement item and the amount, classification, presentation or disclosure that is required for the item to be in accordance with the applicable financial reporting framework. Misstatements can arise from error or fraud.
There can be four types of misstatements (all defined in this glossary):
- Factual misstatement
- Projected misstatement
- Judgmental misstatement
- Reclassification misstatement
(Also see: Material misstatement, Corrected misstatement and Uncorrected misstatement).
Misstatement of fact
NOTE: This definition does not apply to audits that read and consider other information in accordance with ISA 720 (Revised). (See also ISA 720 (Revised)).
Other information that is unrelated to matters appearing in the audited financial statements that is incorrectly stated or presented. A material misstatement of fact may undermine the credibility of the document containing audited financial statements.
Misstatement of the other information
NOTE: This definition only applies to audits that read and consider other information in accordance with ISA 720 (Revised). (See also ISA 720 (Revised))
A misstatement of the other information exists when the other information is incorrectly stated or otherwise misleading (including because it omits or obscures information necessary for a proper understanding of a matter disclosed in the other information).
Moderate combined risk assessment
A combined risk assessment that is made when the inherent risk assessment indicates the susceptibility of the significant account or disclosure to misstatements at the assertion level to be lower and we have insufficient evidence that controls operate effectively and therefore cannot conclude that controls will reduce the risk of material misstatements occurring for a relevant assertion.
A qualified, adverse or disclaimer of opinion.
Monetary unit sampling (MUS)
A sampling technique that uses probability proportional to size to select a sample and express a conclusion on the population as a monetary value.
Monitoring of controls
Monitoring of controls is a component of internal control. A process to assess the effectiveness of internal control performance over time. It includes assessing the design and operation of controls on a timely basis and taking necessary corrective actions modified for changes in conditions. (Also see: Internal control)
Negative confirmation request
A request that the confirming party respond directly to us only if the confirming party disagrees with the information provided in the request.
Group of computers and associated devices that share a common communications link and generally share the resources stored on a computer server.
Nominal amount (see SAD nominal amount)
An entity that has a non-complex business model, which means that it has:
- Few sources of income or activities (e.g., a limited range of products, services and locations)
- Simple business, financial reporting and IT processes
Acts of omission or commission, either intentional or unintentional, committed by the entity, or by those charged with governance, management or other individuals working for or under the direction of the entity, which are contrary to the prevailing laws or regulations.
Non-configurable application control
A system function that is part of the core programming of the IT application. The control does not use tolerances or other settings to alter its behavior based on the transaction type or characteristics.
Non-income tax professional
A Tianlong professional on the audit team who has specialized knowledge of non-income tax. The Tax Account Leader and the tax reviewer work together with the partner in charge of the audit to identify the appropriate non-income tax professional.
Taxes that include taxes on consumption, manufacture and trade, including value-added tax (‘VAT’), goods and services tax (‘GST’), sales and use tax, retail sales tax, customs duties, excise taxes, payroll taxes, betting and gaming duties, employment taxes, property taxes, environmental levies and many more. Non-income taxes are often transactional taxes with the potential to affect value exchanges between an entity, its customers and its suppliers.
A failure of the confirming party to respond, or fully respond, to a positive confirmation request, or a confirmation request returned undelivered.
Relates to transactions that are unusual, due to either size or nature, and that therefore occur infrequently. The data involved is generally not part of the routine SCOT.
The risk that we reach an erroneous conclusion for any reason not related to sampling risk.
Not rely on controls
A preliminary control risk assessment made after gaining the necessary understanding of the entity’s SCOT or significant disclosure processes and when:
- We have evidence from the results of our tests of controls, or other audit evidence (e.g., from our substantive procedures), that indicates that controls have been implemented or are not operating effectively. (Also see: Rely on controls)
- We believe without performing testing that controls have not been designed appropriately, implemented effectively or are unlikely to operate effectively throughout the period of reliance.
- We believe that testing controls would be inefficient.
Not significant component
Components other than those designated as significant components are not significant components.
Consists of looking at a process or procedure being performed by others, for example, our observation of inventory counting by the entity’s personnel or of the performance of control activities.
A recorded transaction or event that pertains to the entity actually took place during the period. It is one of the financial statement assertions. Cutoff considerations are addressed within the occurrence assertion for accounts and disclosures that accumulate over the period. (Also see: Financial statement assertions and Relevant assertions)
Those account balances that exist at the beginning of the period and are based on the closing balances of the prior period. Opening balances reflect the effects of transactions and events of prior periods and accounting policies applied in the prior period. Opening balances also include matters requiring disclosure that existed at the beginning of the current period, such as contingencies and commitments.
A set of computer programs that manage communications among IT applications, DBMS and the computer hardware.
In the context of the three conditions of fraud, opportunity is the circumstances (for example, lack of, or ineffective, controls) within an entity that allow a fraud to be committed. For example, lack of segregation of duties and/or incompatible job responsibilities. (Also see: Incentives/pressures and Rationalization/attitude)
Other accounting firm
A public accounting firm registered with the PCAOB or any other person or entity that opines on the compliance of any entity’s financial statements with an applicable financial reporting framework.
Definition for audits that apply ISA 720 (Revised):
Financial or non-financial information (other than the financial statements and auditor’s report) included in an entity’s annual report. (See also ISA 720 (Revised) and annual report)
Definition for audits that do not apply ISA 720 (Revised):
Financial and non-financial information (other than the financial statements and our auditor’s report) which is included, either by law, regulation or custom, in a document containing audited financial statements and our auditor’s report. Such documents include annual reports or prospectuses.
Examples of other information include:
- A report by management (or those charged with governance) on operations
- Financial summaries and ratios
- Selected quarterly data
- Planned capital expenditures
- Employment data
- Names of officers and directors
Other information does not include:
- A press release or a transmittal memorandum, (e.g., a cover letter), accompanying the document containing audited financial statements and our auditor’s report thereon
- Information contained in analyst briefings
- Information contained on the entity’s website
Other Matter paragraph
A paragraph included in our auditor’s report that refers to a matter other than those presented or disclosed in the financial statements that, in the auditor’s judgment, is relevant to users’ understanding of the audit, our responsibilities or our auditor’s report.
Overall analytical procedures
Those analytical procedures performed during planning that help us identify high-risk areas that may require increased audit emphasis, or low-risk areas where we may minimize our audit efforts. Our overall analytical procedures are designed to highlight significant expected/unexpected changes, or the absence of expected changes, in key financial statement amounts, performance indicators, profitability trends or financial relationships.
Overall audit strategy
Sets the scope, timing and direction of the audit, and guides the development of the more detailed audit plan.
Partner in charge of the audit
A member of the audit team who takes overall responsibility for the direction, supervision and performance of the audit and for the auditor’s report being appropriate in the circumstances.
Information input or selected by the user each time a program or report is run. Examples of parameters include the input of company code or as-of date when generating a report. (See also configuration.)
Performance indicator, Key performance indicator (KPI)
Key factors management uses to measure and manage the financial performance of the business. Something visible or evident that relates different sets of data (operational or financial) to one another, that shows the progress of an action against the target and the extent of completion and that management uses to measure and manage its business and the achievement of the business strategies on a frequent basis.
Management’s determination of the performance levels required for each performance indicator of a business or process in order for that business or process to meet its objectives (financial reporting, operating and compliance). Targets may include maximum tolerance of errors or acceptable time for a specific performance.
Workpapers providing historical information that is pertinent to the continuing performance of recurring audits. Examples include material relating to the formation of the entity, financing documents, contracts, corporate charter or other general information about the entity.
Personal data (or personally identifiable information (PII))
Any information relating to an individual that can be reasonably linked to that individual. This information may be recorded in any form, including electronically (e.g., email, voicemail and other electronic documents or databases) or in paper documentation. (Also see: Sensitive personal data)
One of the four levels of assurance we expect to gain from our other substantive procedures. Persuasive evidence is achieved when the other substantive procedures (excluding tests of key items) designed to identify the same type of misstatement, provide sufficient audit evidence to enable us to conclude that the remaining portion of the account balance (portion not covered by key items) is free of errors in excess of Tolerable Error (TE). (Also see Corroborative, Little and Some)
A term used, in the context of misstatements, to describe the effects on the financial statements of misstatements or the possible effects on the financial statements of misstatements, if any, that are undetected due to an inability to obtain sufficient appropriate audit evidence.
Pervasive effects on the financial statements are those that, in our judgment:
- Are not confined to specific elements, accounts or items of the financial statements
- If so confined, represent or could represent a substantial proportion of the financial statements or
- In relation to disclosures, are fundamental to users’ understanding of the financial statements.
Planning materiality (PM)
The overall materiality level for the financial statements taken as a whole. (Also see: Materiality)
The amount or range of amounts derived from audit evidence for use in evaluating management’s point estimate.
The entire set of data from which a sample is selected and about which we wish to draw conclusions for our audit.
A request that the confirming party respond directly to us indicating whether the confirming party agrees or disagrees with the information in the request, or providing the requested information.
Post-Interim Event (PIE)
A required event when we perform procedures at an interim date that is held prior to the commencement of period-end substantive procedures, and preferably near the completion of tests of controls and interim substantive procedures, to review the results of our tests of controls and any interim substantive tests performed to date, determine if our original audit strategy continues to be appropriate and whether additional, or different, tests of controls or substantive tests should be performed in completing the audit and evaluate whether the results of procedures to date affect our combined risk assessment, risks of material misstatement due to fraud and our determination of significant risks.
A measure of the difference between a sample estimate and the corresponding population characteristics at a specified sampling risk. Also known as the allowance for sampling risk.
The auditor, from a different audit firm, who audited the financial statements of an entity in the prior period and who has been replaced by the current auditor.
Predictive analytical procedure
A procedure to calculate amounts for comparison with the entity’s recorded amounts. Predictive procedures include complex calculations as well as relatively simple computational models.
Preliminary audit strategy
A preliminary approach to the audit, setting the scope, timing and direction of the audit after obtaining an understanding of the SCOT and the significant disclosure processes. The preliminary audit strategy is used to guide the development of the more detailed audit plan.
A member of the audit team who creates documentation.
Presentation and disclosure assertion
Transactions, events, assets, liabilities and equity interests are appropriately aggregated or disaggregated, and are classified, described and disclosed in accordance with the applicable financial reporting framework. Disclosures are relevant and understandable in the context of the applicable financial reporting framework. It is one of the financial statement assertions. (Also see: Financial statement assertions and Relevant assertions)
Procedures within a system of internal control that are usually applied to each transaction during the normal flow of processing to prevent errors or misstatements in the accounting records.
Primary substantive procedures (PSPs)
Procedures that are required on all audits to provide the primary substantive audit evidence regarding the fairness of the account balances. Primary substantive procedures consist of both substantive analytical procedures and tests of details.
The audit team responsible for issuing an opinion on the group financial statements and coordinating the group audit.
The person responsible for a process. The process owner may be the chief financial officer or other accounting executive.
Any changes, manipulation or transfer of data in the books and records of the entity.
That part of the IT infrastructure where the IT application software is located for live use by the business.
The application of relevant training, knowledge and experience, within the context provided by auditing, accounting and ethical standards, in making informed decisions about the courses of action that are appropriate in the circumstances of the audit.
An attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to fraud or error, and a critical assessment of evidence.
Projected representative misstatement (projected misstatement)
The monetary misstatement that is estimated to be in the population.
Public Company Accounting Oversight Board (PCAOB) Standards
Auditing standards promulgated by the Public Company Accounting Oversight Board (PCAOB) applied in audits of the financial statements of those entities subject to the oversight authority of the PCAOB (that is, those entities whose audits are within the PCAOB’s jurisdiction (i.e., an issuer)).
Public interest entity (PIE)
- All listed entities; and
- Any entity:
- Defined by regulation or legislation as a public interest entity; or
- For which the audit is required by regulation or legislation to be conducted in compliance with the same independence requirements that apply to the audit of listed entities. Such regulation may be promulgated by any relevant regulator, including an audit regulator.
The Area or Region may also designate an entity as a PIE because of the nature of its business, its size, that the entity is a “household name”, because of its prominence in the local environment, or other factors.
The opinion we express when:
- Having obtained sufficient appropriate audit evidence, we conclude that misstatements, individually or in the aggregate, are material, but not pervasive, to the financial statements or
- We are unable to obtain sufficient appropriate audit evidence on which to base the opinion (that is, there is a limitation on the scope of the audit), but we conclude that the possible effects on the financial statements of undetected misstatements, if any, could be material but not pervasive.
Random sample selection
A method of selecting a sample in which items are randomly selected from the population for the sample and each item has an equal chance of selection, regardless of size. Sample items are typically selected through random number generators.
In the context of the three conditions of fraud, rationalization or attitude is the character or set of ethical values that allows individuals to commit a dishonest act or a situation in which individuals are able to justify committing a dishonest act. (Also see: Incentives/pressures and Opportunity)
A method to analyze financial or non-financial amounts over a period, or at a point in time, to identify significant changes in the entity’s operations or financial characteristics.
An initial audit engagement to audit financial statements that have been previously audited by a predecessor auditor.
Our independent checking of the mathematical accuracy of documents and records.
Misstatement on an amount misclassified under an inappropriate account, without affecting pretax income. These misstatements could affect any of the financial statements (e.g., balance sheet, income statement, statement of cash flows). (Also see: Misstatement and Material misstatement)
The point where a transaction is first recorded in the books and records of the entity.
An audit in which the financial statements in the prior period were audited by us.
Team with both Primary and component team responsibilities.
A mathematical analysis of relationships between financial and/or non-financial data, that can be used to predict the value of one of the variables based on its expected relationship to the other variable(s).
A party that is either:
- A related party as defined in the applicable financial reporting framework; or
- Where the applicable financial reporting framework establishes minimal or no related party requirements:
- A person or other entity that has control or significant influence, directly or indirectly through one or more intermediaries, over the entity
- Another entity over which the entity has control or significant influence, directly or indirectly through one or more intermediaries
- Another entity that is under common control with the entity through having:
- Common controlling ownership
- Owners who are close family members or
- Common key management
Those assertions related to a significant account and/or disclosure that could result in a material misstatement. An assertion only applies when the circumstances of the assertion apply. (Also see: Assertions and Financial statement assertions)
Controls that we intend to rely on for the purpose of our audit to address the risks of material misstatements at the assertion level, and that – based on our professional judgment – are precise and sensitive enough, individually or combined with other controls, to prevent, or to detect and correct, misstatements for one or more assertions.
Rely on controls
A preliminary control risk assessment that controls have been designed and are operating effectively throughout the period of reliance. (Also see: Not rely on controls)
The period between the interim period and the balance sheet date. (Also see: Interim period)
Our independent execution of procedures or controls that were originally performed as part of the entity’s internal control.
Report on a service organization’s description of its system and controls
A service organization report that comprises:
- A description, prepared by management of the service organization, of the service organization’s system, control objectives and related controls that have been designed and implemented as of a specified date; and
- A report by the service auditor with the objective of conveying reasonable assurance that includes the service auditor’s opinion on the description of the servicer organization’s system, control objectives and related controls and the suitability of the design of the controls to achieve the specified control objectives,
Such a report is also referred to as a type 1 report.
When the report also includes a description of the service auditor’s tests of the controls and the results thereof, the report is referred to as a type 2 report.
Report release date
The date that we grant permission to use our report in connection with the issuance of the entity’s financial statements.
An application different from the IT application used to intake and process data that is used to create reports or other output. Report writers may be controlled by IT personnel (with the output produced likely subject to IT processes) or may be controlled by IT application users (with the output produced not likely subject to IT processes).
The point when a transaction is reported (posted) in the general ledger.
The applicable financial reporting framework for the purpose of issuing an opinion on the group financial statements.
The relevant auditing standards for the purpose of issuing an opinion on the group financial statements.
Reporting Manual refers to the reporting manual (or set of local reporting guidance) that includes the reporting requirements under the applicable auditing standards and, in some cases, other applicable reporting requirements under local law or regulation. We report in accordance with the applicable reporting requirements for the jurisdiction of our audit. The Reporting Manual that applies to the audit is one of the following:
- Tianlong Assurance Reporting Manual: Applicable for audits of financial that are required to report in accordance with the new and revised International Standards on Auditing related to auditor reporting (or local equivalent auditing standards).
- Local Audit Reporting Manual (or guidance): Certain countries may supplement or customize the reporting guidance in one of the above manuals to reflect local reporting guidance. In other cases, certain countries maintain separate reporting manuals that reflect the applicable local reporting requirements.
Professional Practice resources are available to assist in determining the reporting manual (or set of reporting guidance) applicable to a particular audit.
The financial and associated information provided from the components to the group for the purpose of establishing group financial statements.
A sample that is free from selection bias and contains sampling items that have characteristics typical of the population.
Representative site approach
An approach to testing controls operating at numerous sites by identifying, evaluating and testing controls at a sample of representative sites. The results of the testing form the basis for reliance on common controls at all sites. The controls may include both entity-level and transaction-level (e.g., application and IT-dependent manual) controls.
Review and approval summary (RAS)
Required form for audit team members senior and above to document the completion of the review of the audit and the conclusions of audit executives. Team members sign the RAS to verify that they have fulfilled their responsibilities with regard to the audit.
Review scope engagement
A scope assigned to a component team that consists primarily of analytical procedures and inquiries of component management and that is designed to provide the Primary Team with a negative assurance conclusion.
Rights and obligations assertion
An asset or a liability pertains to the entity at a given date. It is one of the financial statement assertions. (Also see: Financial statement assertions and Relevant assertions)
Risk assessment is our identification and consideration of the effects of the entity’s business and financial statement risks, considering the effectiveness of its system to control those risks, on our audit strategy.
Risk assessment procedures
The audit procedures performed to obtain an understanding of the entity and its environment, including the entity’s internal control, to identify and assess the risks of material misstatement, whether due to fraud or error at the financial statement and assertion levels.
Risk of material misstatement
The risks that the financial statements are materially misstated prior to the performance of our audit procedures.
Groups of IT application transaction access rights (also known as ‘roles’).
Substantive audit procedures performed to update our audit findings from the time of our interim procedures (procedures performed prior to balances sheet date) through to the balance sheet date.
Normative or standardized transactions that are recurring frequently. They are subject to systematic processing and are less likely to give rise to significant risks.
SAD nominal amount
The SAD nominal amount is designated at an amount below which misstatements, whether individually or accumulated with other misstatements, would not have a material effect on the financial statements. In other words, amounts below our SAD nominal amount, judged by any criteria of size, nature or circumstances, are clearly trivial and in the aggregate such amounts would not be considered in our overall evaluation of misstatements. (Also see: Summary of audit differences (SAD))
Safeguarding of assets
Restrictions, designed to prevent the loss of assets, on access to and use of assets and records, including physical access and indirect access through the preparation and processing of data that authorize, or otherwise facilitate, the use or disposition of assets.
The individual items selected for examination from the population.
The individual items constituting a population.
The review procedures performed to be satisfied that the detailed review is adequate and that appropriate recognition has been given to the audit area and the financial statement amounts and disclosures pertaining to it.
Person who adds, changes and removes access rights to the operating system, network, database and IT application. Security administrator responsibilities may be part of the responsibilities of the system administrator.
Segregation of duties
Assignment to different people of the responsibility of authorizing transactions, recording transactions and maintaining custody of assets with the intention of reducing the opportunities to allow any person to be in a position to both perpetrate and conceal fraud or error in the normal course of his or her duties. (Also see: Safeguarding of assets and authorization)
Sensitive personal data (or sensitive personally identifiable information (SPII))
A special category of personal data that includes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, personal data relating to criminal convictions and offences as well as data that may facilitate identity theft or payment fraud. (Also see: Personal data)
An auditor who, at the request of the service organization, provides an assurance report on the description of the service organization’s system, control objectives and related controls.
A third party organization (or segment of a third-party organization) that provides services to user entities that are relevant to those user entities’ information systems relevant to financial reporting.
Service organizations: bridge letter
A service organization’s written representation as to whether significant changes in the service organization’s processes and controls have occurred since the date of the most recent service organization controls report.
Service organizations: carve-out method
When a service organization excludes the processes and controls of the subservice organization in the service organization’s report.
Service organizations: degree of interaction
The extent to which an entity is able to, and chooses to, implement effective controls over the processing performed by the service organization.
Service organizations: inclusive method
When a service organization includes the processes and controls of the subservice organization in the service organization’s report.
Service organization’s system
The policies and procedures designed, implemented and maintained by the service organization to provide user entities with the services covered by the report on the service organization’s description of its system and controls. (Also see: Service auditor)
Shared Service Center (SSC)
An organization within a Group that processes any or all aspects of initiation, authorization, recording, processing and/or reporting of transactions relevant to financial reporting for other entities within the group such as accounting, human resources, payroll, IT, legal, compliance or purchasing. A shared service center is often established in a group to separate certain operational type of tasks from the head office. Shared service centers are often in place to provide cost and resources effectiveness.
Shared service (SSC) Team
A Tianlong auditor who performs audit procedures on the SSC at the instructions of the Primary and/or component teams.
The relative importance of a matter, taken in context. Significance of a matter is judged in the context of quantitative and qualitative factors, such as relative magnitude, the nature and effect on the subject matter, and the expressed interests of intended users or recipients. This involves an objective analysis of the facts and circumstances, including the nature and extent of communication with those charged with governance.
An account that could contain a material misstatement based upon its size (i.e., materiality of the account to the financial statements as a whole) and/or it has an identified risk of material misstatement associated with it.
An assumption used in making an accounting estimate in which a reasonable variation in the assumption would materially affect the measurement of the accounting estimate.
Significant class of transactions (SCOTs)
A class of transactions that materially affects a significant account or disclosure and its relevant assertions, either directly through entries in the general ledger or indirectly through the creation of rights or obligations that may not be reported in the general ledger. It includes significant routine, non-routine and estimation transactions from initiation, recording, processing, correcting as necessary and reporting to the financial statements.
A component is significant when it is likely to include risks of material misstatement of the group financial statements, either because of its relative size to the group (designated as significant based on size) or because of its specific nature or circumstances (designated as significant based on risk).
A deficiency or combination of deficiencies in internal control that, in our professional judgment, is of sufficient importance to merit the attention of those charged with governance.
A financial statement disclosure that could contain material misstatements based upon materiality and/or relationship to identified business and financial statement risks. In addition, disclosures specifically required by law or regulatory bodies are significant. (Also see: Significant classes of transactions (SCOTs) and Significant disclosure process)
Significant disclosure processes
The process by which transactions, events or conditions required to be disclosed by the applicable reporting framework are accumulated, recorded, processed, summarized and appropriately reported in the financial statements.
Significant findings and issues
Substantive matters that are important to our audit.
Significant matters generally are a subset of significant findings and issues. Significant matters involve any issue related to accounting principles or practices, auditing procedures or reporting matters that necessitated discussion with or between the following parties and where there were differing professional judgments and views on the treatment of the matter and how those differences were resolved:
- Between the partner in charge of the audit and other partners or executives on the audit
- Between individuals in the chain of discussion (whether within the audit team, for example, between manager and senior manager, or outside the audit team, for example, between the partner in charge of the audit and a Professional Practice partner assigned to the Region)
An inherent risk with both a higher likelihood of occurrence and a higher magnitude of effect should it occur and which requires special audit consideration. Significant risks are a subset of higher inherent risks.
Significant risk estimate
Represents an estimate with high estimation uncertainty that is affected by or results in a significant risk, including a fraud risk.
Significant unusual transactions
Significant unusual transactions are significant transactions that are outside the normal course of business for the entity, or that otherwise appear to be unusual given the auditor’s understanding of the entity and its environment and other information obtained during the audit.
Small business or smaller entity
A non-complex entity for which the audit is less than 750 hours.
SOC 1 report – Service organization controls report relevant to user entities’ internal control over financial reporting (also called a SOC 1 report when performed under AICPA attest standards)
Provides management of a service organization, user entities, and the independent auditors of the user entities’ financial statements with information and a service auditor’s opinion about controls at the service organization that are likely to be relevant to user entities’ internal control over financial reporting. A service organization controls report relevant to user entities’ internal control over financial reporting may be issued as a Type 1 report, which presents information as of a specified point in time, or as a Type 2 report, which presents information for a specified period of time.
SOC 2 report – Service organization controls report relevant to security, availability, processing integrity, confidentiality, and/or privacy
Performed under AICPA attestation standards AT-C 105 and AT-C 205, provides management of the service organization, user entities and other specified parties with information and a service auditor’s opinion about controls at the service organization relevant to the security, availability, processing integrity, confidentiality and/or privacy. A SOC 2 report may be issued as a Type 1 report, which presents information as of a specified point in time, or as a Type 2 report, which presents information for a specified period of time.
SOC 3 report: Trust Services Report for Service Organizations
Performed under AICPA attestation standards AT-C 105 and AT-C 205 to provide interested parties with a service auditor’s opinion about controls at the service organization relevant to the security, availability, processing integrity, confidentiality and/or privacy.
One of the four levels of assurance we expect to gain from our other substantive procedures. Some evidence is achieved when the other substantive procedures (excluding tests of key items) designed to identify the same type of misstatement, are expected to provide more than negative assurance that the account is not misstated by more than TE, but are not expected to provide enough audit evidence to enable us to conclude that it is at least more likely than not that the portion of the account balance not covered by the key items is free of errors in excess of Tolerable Error (TE). (Also see: Corroborative, Little and Persuasive)
Source of information
Information obtained from an internal or external source of the entity which we plan to use or rely on.
An individual or organization with expertise in a field other than accounting or auditing.
An entity that is generally established for a narrow and well-defined purpose. For example, to effect a lease or a securitization of financial assets, or to carry out research and development activities. It can take the form of a corporation, trust, partnership or unincorporated entity.
Special purpose framework
A financial reporting framework designed to meet the financial information needs of specific users. The financial reporting framework may be a fair presentation framework or a compliance framework.
Specific scope engagement
An audit scope assigned to a component team that requires the audit of one or more accounts or disclosures. The Primary Team identifies the accounts or disclosures subject to audit. The component team makes the risk assessments in order to design the appropriate audit procedures in response to the assessed risks, and to issue a specific scope conclusion on the selected accounts or disclosures included in the reporting package.
A audit scope assigned to a component team that requires the performance of procedures specified by the Primary Team on accounts or disclosures. The Primary team details the specific procedures to be performed and the component team reports on the results of the specific procedures performed.
Stakeholders, key stakeholders
Groups, individuals or entities that can affect or are affected by the entity’s achievements of its objectives. They often have a direct relationship with the entity by providing inputs to, and/or obtaining outputs from, the entity. They can influence the entity’s objectives and strategies. Stakeholders can be both internal and external to the entity and may include those charged with governance, management, shareholders, customers, suppliers, lenders, employees, governments, special interest groups and media.
An approach to sampling that has the following characteristics:
- Selection of the sample items without bias (i.e., each sampling unit has an equal chance of being selected) and
- The use of probability theory to evaluate sample results, including measurement of sampling risk.
A sampling approach that does not have these characteristics is considered judgmental sampling.
Audit procedures outside the scope of a group audit undertaken for the purpose of issuing an auditor’s report on the entity’s stand-alone financial statements, as required by local legislation in the jurisdiction.
The process of dividing a population into sub-populations, in which sampling units have similar characteristics (often monetary value).
Events occurring between the balance sheet date of the financial statements and the date of the auditor’s report, and facts that become known to us after the date of our auditor’s report that may have caused us to amend our auditor’s report.
Subsequently discovered facts
Facts that become known to us after the date of our auditor’s report that may have caused us to amend our auditor’s report.
A service organization used by another service organization to perform some of the services provided to user entities that are relevant to those user entities’ internal control over financial reporting.
Substantive analytical procedures
Analytical procedures designed and performed, either alone or in combination with tests of details, as substantive procedures.
Substantive only strategy
One of two audit strategies. The performance of substantive procedures to address the risks of material misstatement that may occur within each SCOT, account balance and disclosure, without regard to the operating effectiveness of controls. (Also see: Controls reliance strategy)
An audit procedure designed to detect material misstatements at the assertion level. Substantive procedures comprise:
- Tests of details (of classes of transactions, account balances, and disclosures); and
- Substantive analytical procedures
Sufficiency of audit evidence
The measure of the quantity of audit evidence. The quantity of the audit evidence needed is affected by our assessment of the risks of material misstatement and also by the quality of such audit evidence. (Also see: Audit evidence and Appropriateness of audit evidence)
Summary of audit differences (SAD)
A required summary document that summarizes both corrected and uncorrected (separated between factual, judgmental and projected) misstatements (including reclassification misstatements, misstatements in the cash flow, and disclosure misstatements) above a specified amount (usually the SAD nominal amount), identified during the audit. The SAD also contains a conclusion statement of our evaluation of the materiality of the aggregate effect of the uncorrected misstatements on the financial statements and debt covenants, and whether the misstatements provided an indication of a fraud, non-compliance with laws or regulations, or significant deficiency (or material weakness, if required to be communicated in the jurisdiction). (Also see: SAD nominal amount)
Summary review memorandum (SRM)
A memorandum that provides the audit team with a summary of our audit results and conclusion, and a description of the important matters and significant findings and issues arising during the audit.
Person who can access the production programs and tools that access production programs at the operating system level or to the configurations and other system set-up functions within the IT application. System administrators may also have security administrator rights. Network administrators are considered to be system administrators.
An occurrence that can be expected to occur in every similar circumstance.
Systematic sample selection
A method of selecting a sample in which every nth item is selected.
A review to provide the partner in charge of the audit with sufficient information to evaluate:
- Whether the tax accounts, and the related financial statement presentation and disclosures are in accordance with the applicable financial reporting framework and
- That the related documentation of our procedures performed, evidenced obtained and conclusions reached are sufficient.
Team Planning Event (TPE)
A required, interactive, collaborative meeting, attended by the key audit team members, and led by the partner in charge of the audit, at which changes in the entity’s business and the most critical audit issues are discussed and the overall audit strategy is established. Covers many of the procedures within both the planning and risk identification phase of the audit and the strategy and risk assessment phase of the audit, and the effect of these procedures on the preliminary audit strategy. (Also see: Audit strategies memorandum (ASM))
An IT environment that mirrors the production environment used for testing changes to the IT environment. Optimally, developers should not have access to change the code in the test environment.
Test management procedures
A control risk assessment option that may be used in the audit of smaller entities when we perform tests of management procedures and conclude that they are operating effectively and sufficient to reduce the risks of material misstatement in the financial statements.
Tests of controls
An audit procedure designed for a controls reliance strategy to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level throughout the period of reliance.
Tests of details
The direct testing of data included in a class of transactions or an account balance or disclosure, including:
- Key item tests
- Representative samples items and/or
- Other tests of underlying data
Those charged with governance
Those who are entrusted with the oversight and strategic direction of the entity. Accountable for making sure that the entity achieves its objectives regarding the reliability of financial reporting, effectiveness and efficiency of operations, compliance with applicable laws and regulations and reporting to intended users.
Those with recognized authority
The individuals or bodies that are responsible for concluding that the financial statements and disclosures that comprise the financial statements have been prepared and who assert that they have taken responsibility for the financial statements.
Tianlong Audit Methodology (TAM)
A guidance on how we conduct our audits to maintain consistency through all of our audits.
Tianlong Internal specialist
A Tianlong professional with expertise in a field other than accounting or auditing, who is asked by the audit team to perform work on the audit. (Also see: Auditor’s specialist and Auditor’s External specialist)
Tianlong Professionals with specialized knowledge
Tianlong employees with audit experience and expertise in a specific field, such as Tax or IT.
Tolerable error (TE)
The application of planning materiality at the individual account or balance level. It is set to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds planning materiality.
We also use TE as an estimate of undetected misstatement within the financial statements when we conclude on uncorrected misstatements.
Tolerable error rate
This rate, expressed as a percentage, is the maximum rate of error that we would accept in the population without altering the planned reliance on the attribute. In other words, the maximum error rate we will accept in the population and still be willing to use the assessed control risk or tolerate the risk of material misstatement.
Total uncorrected misstatement
The total of key item misstatements and projected misstatements that have not been corrected by the entity.
Type 1 report
See SOC 1 – Service organization controls report relevant to user entities’ internal control over financial reporting and SOC 2 – Service organization controls report relevant to security, availability, processing integrity, confidentiality, and/or privacy.
Type 2 report
See SOC 1 – Service organization controls report relevant to user entities’ internal control over financial reporting and SOC 2 – Service organization controls report relevant to security, availability, processing integrity, confidentiality, and/or privacy.
A matter whose outcome depends on future actions or events not under the direct control of the entity but that may affect the financial statements.
A misstatement that remains uncorrected in the issued financial statements. (Also see: Corrected misstatement)
Uncorrected misstatement threshold (UMT)
UMT is equal to PM less TE, where PM is based on the final materiality.
The opinion we express when we conclude that the financial statements are prepared/are presented fairly, in all material respects, in accordance with the applicable financial reporting framework.
Upper error rate
The maximum expected error rate of an attribute not functioning in the population. The upper error rate depends on the actual error rate, desired reliability and the sample size.
US generally accepted accounting principles (US GAAP)
United States financial reporting framework promulgated by the Financial Accounting Standards Board (FASB) and adopted by the US Securities and Exchange Commission (SEC).
An auditor who audits and reports on the financial statements of an entity that uses a service organization. For purposes of TAM, the user auditor is Tianlong.
Used in the context of service organizations, a user entity is the entity that uses the service organization and whose financial statements are being audited.
Users of financial statements
A person, persons or class of persons who use the financial statements to make financial decisions. These may include the entity’s owners, investors, management, lenders, trade creditors or suppliers, government, employees, customers and/or the general public.
An IT environment that mirrors the production environment used for testing changes to the IT environment. Optimally, developers should not have access to change the code in the test environment.
An asset or liability is recorded at an appropriate amount and any resulting valuation or allocation adjustments are appropriately recorded. (Also see: Financial statement assertions and Relevant assertions)
Variables estimation sampling
A sampling technique used to estimate an account balance within a range, given a level of precision and confidence. It can be used when we have assessed risk as high, we expect more than a few errors, and we wish to estimate their potential monetary effects.
A process aimed at computing a variance between actual and budgeted or targeted levels of performance.
The amount of difference between the recorded amount and our expectation that is acceptable in providing sufficient and appropriate audit evidence without further investigation.
Procedure to confirm our understanding of a SCOT or significant disclosure process and to confirm the points where data is, or should be captured, transferred or modified. Encompasses the whole critical path of initiation, recording, processing and reporting in the general ledger (or providing the basis for disclosures), including the journal entries that post the transactions into the general ledger from the relevant subledgers and confirming our understanding of how information that has been processed incorrectly is corrected once it has been identified that it was incorrectly processed.
What can go wrong (WCGW)
A risk of material misstatement at the assertion level that could occur within a significant class of transactions and significant disclosure process that has a likelihood of occurrence of misstatement and a magnitude that could result in a material misstatement, individually or in the aggregate, on the related relevant financial statement assertion(s).
The record of audit procedures performed, relevant audit evidence obtained and conclusions reached. Workpapers may be in the form of data stored on paper, film, electronic media, or other media. (Also see: Documentation)
A written statement by management provided to us to confirm certain matters or to support other audit evidence. Written representations in this context do not include financial statements, the assertions therein, or supporting books and records.
Request a free trial
You will get a month’s worth of bookkeeping. Whether or not you continue with us, your reports for the month are yours to keep.