Glossary of Terms

Audit Terms


Abuse is behavior that is deficient or improper when compared with behavior that a prudent person would consider reasonable and necessary business practice given the facts and circumstances, but excludes fraud and noncompliance with provisions of laws, regulations, contracts, and grant agreements. Abuse also includes misuse of authority or position for personal financial interests or those of an immediate or close family member or business associate.


Agreed-upon Procedures:

An engagement during which procedures to address the needs of a specific situation are agreed upon. It is a type of attestation engagement.



In an attestation engagement, an auditor issues a written conclusion about the reliability of a written assertion that is the responsibility of another. An attestation can result in an examination, a review, or an agreed-upon procedures report on a subject matter that is the responsibility of another party.



An official inspection of an organization’s accounts, typically by an independent body.



The entity being audited.


Audit Objectives:

The intended accomplishment of the audit. Objectives identify audit subject matter and performance aspects to be included. They are questions that the auditors seek to answer.


Audit Risk:

The possibility that the auditors’ findings, conclusions, recommendations, or assurance may be improper or incomplete, as a result of factors such as insufficient and/or inappropriate evidence, an inadequate audit process, intentional omissions or misleading information due to misrepresentation or fraud.


Conflict of Interest:

Any relationship that is or appears to be not in the best interest of the entity being audited. A conflict of interest prejudices an individual’s ability to perform his or her duties and responsibilities objectively.



The audit phase during which evidence is gathered to support conclusions that address the audit objectives.



An issue identified in the audit that needs corrective action. Findings may include weaknesses or deficiencies in internal control, fraud, illegal acts, violations of provisions of contracts or grant agreements, or abuse found during the course of the audit. Findings may also be referred to as “issues” in audit reports.



Fraud involves obtaining something of value through willful misrepresentation. Whether an act is, in fact, fraud is determined through the judicial or other adjudicative system and is beyond auditors’ professional responsibility.


GAGAS (or commonly referred to as GAS):

Generally Accepted Government Auditing Standards, the framework set by the United States Accountability Office, an independent agency of the United States Congress. These are the standards for conducting high quality government audits and attestation engagements. GAGAS contains requirements for ethics, independence, competence, judgment, quality control, the performance of fieldwork, and reporting.


Internal Controls:

Policies, procedures and practices established to safeguard an organization’s assets, check the accuracy and reliability of its accounting data, promote operational efficiency, and encourage adherence to prescribed managerial policies. There are three types of internal controls:


  • Preventive, designed to discourage errors or irregularities from occurring;
  • Detective, designed to find errors or irregularities after they have occurred; and
  • Corrective, designed to fix errors or irregularities after they are detected.


Management Representation Letter:

A letter obtained by the auditor from management acknowledging their responsibility for the information provided during the audit and asserting that the information they provided to the auditor is accurate and complete. Written information in the letter confirms verbal representations given to the auditor, documents the continuing appropriateness of such representations, and reduces the possibility of misunderstanding.



Information, that is important for the fair presentation of a subject matter or assertion about a subject matter.


Mitigating Controls:

A type of control used to discover and prevent mistakes that could result in uncorrected errors or fraud due to control deficiencies.


Non-Audit Services:

Other services such as consulting, investigative, and oversight-related, services that do not involve a GAGAS audit. Examples may include tasks requested by City management, such as providing benchmarking studies or technical advice.


Peer Review:

A peer review is a review of the audit organization performed by independent external auditors. The peer review determines whether the audit organization’s internal quality control system is adequate and whether policies and procedures are complied with to provide assurance of conformance with GAGAS. GAGAS requires an external peer review at least once every three years.


Performance Audit:

A systematic examination; an independent, objective review of an organization’s operations, systems, or processes and records, designed to add value by improving the organization’s efficiency and effectiveness; a nonpartisan assessment of the performance or cost of government policies, programs, or operations.


Professional Judgment:

The application of the collective knowledge, skills, and experiences of the auditing team involved with the audit assignment.



A proposed corrective action to a finding identified in an audit or issue identified in an investigation. Specific, practical, cost effective and measurable recommendations aim to improve government operations and programs.



The boundary of the audit that is directly tied to the audit objectives. The scope defines the subject matter that the auditors will assess and report on as well as the time period under review.


Segregation of Duties:

An internal control procedure whereby no one individual is placed in a position of being able to both perpetrate and conceal errors or fraud. Segregated duties involve assignment of different people with responsibilities of authorizing transactions, recording transactions, and maintaining custody of assets.



Waste is the act of using or expending resources carelessly, extravagantly, or to no purpose. Importantly, waste can include activities that do not include abuse and does not necessarily involve a violation of law. Rather, waste relates primarily to mismanagement, inappropriate actions, and inadequate oversight.



Records of procedures applied kept by the auditor, tests performed, information obtained, and pertinent conclusions reached during the engagement.