Internal Auditing - An independent,
objective assurance and consulting activity designed to add value and
improve an organization's operations. It helps an organization accomplish
its objectives by bringing a systematic, disciplined approach to evaluate
and improve the effectiveness of risk management, control, and governance
Control - Any action taken by management, the board, and other
parties to enhance risk management and increase the likelihood that established
objectives and goals will be achieved. Management plans, organizes, and
directs the performance of sufficient actions to provide reasonable assurance
Control Environment - The attitude and actions of the board and
management regarding the significance of control within the organization.
The control environment provides the discipline and structure for the
achievement of the primary objectives of the system of internal control.
The control environment includes the following elements:
- Integrity and ethical values.
- Management's philosophy and operating style.
- Organizational structure.
- Assignment of authority and responsibility.
- Human resource policies and practices.
- Competence of personnel.
Control Processes - The policies, procedures, and activities that
are part of a control framework, designed to ensure that risks are contained
within the risk tolerances established by the risk management process.
Source: The Institute
of Internal Auditors