Glossary (main audit and control terms).

• Audit: constant process of systematic, critical, independent and documented evaluation,

to obtain audit evidence and evaluate it objectively in order to determine if the audit criteria
are met, if they are effectively implemented and if they are appropriate.
•Auditor: qualified person with the necessary competence to carry out an audit.
•Auditee: organization, process, area, agency or project to which the audit is performed.
• Audit criteria: set of policies, standards, guidelines, guidelines, regulations, manuals,
laws, procedures or requirements that will be a reference to compare the audit evidence.
• Audit object: refers to the audit to be performed; that is, if it is to a process, procedure,
area or dependency, project, contract, activity, task, among others.
• Audit plan: is the list of audits proposed for a given period.
• Schedule of activities: it is the programming of the approved audits, which are expected
to be carried out on scheduled dates, distributed in the two semesters of the year.
• Audit program: detailed description of the activities agreed to carry out the audit,
contains objectives, scope, resources, among other procedures that guide the development
of the audit.
• Audit objective: purpose for which it is determined to perform an audit.
•Audit scope: limits and extent of the audit according to the audit object to be covered.
• Audit evidence: these are the records, statements of fact or any information relevant and
pertinent to the audit criteria and that are verifiable.
• Audit Findings: Results of the evaluation of the evidence collected from the audits
against the criteria. Findings may indicate opportunities for improvement.
• Internal control system: internal control is understood as the system made up of the
organization scheme and the set of plans, methods, principles, standards, procedures and
verification and evaluation mechanisms adopted by an entity, in order to ensure that all the
activities, operations and actions, as well as the administration of information and
resources, are carried out in accordance with the constitutional and legal norms in force
within the policies outlined by the management and in accordance with the goals or
objectives set.
•NIAS: International Standards for the professional practice of Internal Auditing.
• NAGAS: Generally Accepted Auditing Standards.
• COSO MODEL (Committee of Sponsoring Organizations of the Treadway):
“voluntary commission made up of representatives of five private sector organizations in
the United States to provide intellectual leadership on three interrelated issues: business risk
management (ERM), internal control and fraud deterrence. It studies the factors that can
give rise to fraudulent financial information, and prepares texts and recommendations for
all types of organizations and regulatory entities such as the SEC (Federal Agency for the
Supervision of Financial Markets) and others ”.
• Risk assessment: involves the identification and analysis of risks relevant to the
achievement of objectives and the basis for determining the way in which such risks should
be managed.
• Control activities: These are those carried out by the Management and other personnel of
the Organization to fulfill assigned activities on a daily basis.
• Information and communication: Consequently, the pertinent information must be
identified, captured, processed and communicated to the personnel in the form and within
the indicated time, in such a way that it allows them to fulfill their responsibilities.
• Supervision and monitoring of the control system: In general, control systems are
designed to operate in certain circumstances, however, it is necessary to take into account
the risks and limitations inherent to control; however, conditions evolve due to both
external and internal factors, thereby causing the controls to lose their efficiency.
• MECI: The Standard Model of Internal Control provides State entities with a structure
for controlling strategy, management and evaluation, the purpose of which is to guide them
towards the fulfillment of their institutional objectives and their contribution to the essential
purposes of the Condition.
• Internal control: The process designed, implemented and maintained by those
responsible for the governance of the entity, the management and other personnel, in order
to provide reasonable assurance about the achievement of the entity's objectives related to
the reliability of the information. financial