Definition of Key Terms Used in Procurement Audit and Risk Management

procurement Audit and risk management

Definition of Key Terms Used in Procurement Audit and Risk Management

Assurance engagement is an engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria.’

Audit evidence- Facts gathered during the audit procedures that provide a reasonable basis for forming an opinion regarding the procurement records under audit.

Audit planning covers the development of an overall plan for the expected coverage and conduct of the audit.

Audit programme consists of a series of verification procedures to be applied to the procurement records and accounts of a given procurement entity for the purpose of obtaining sufficient evidence to enable the auditor to express an informed opinion on such statements

Audit report- An auditor’s report provides an opinion of the validity and reliability of a company or organisation’s procurement records to provide assurance that they are correct.




Auditee The procurement entity (organization), procurement staffs and other individuals involved in procurement transactions that are audited.

Auditing As defined in ISO 19011:2011 it is a “systematic, independent and documented process for obtaining audit evidence (records, statements of fact or other information which are relevant and verifiable) and evaluating it objectively to determine the extent to which the audit criteria (set of policies, procedures or requirements) are fulfilled.”

Auditor- An auditor is a person or a firm appointed by a company to execute procurement audit. To act as an auditor, a person should be certified by the regulatory authority of procurement and auditing or possess certain specified qualifications.




Documentation means the materials (working papers) prepared by and for, or obtained and retained by the auditor in connection with the performance of the audit.

Error –Unintentional misstatements or omissions in procurement records. Errors may involve mistakes in gathering or processing procurement data, incorrect estimates from oversight or

For example, confirming recorded receivables cannot reveal unrecorded receivables. Non sampling risk can be reduced to a negligible level through adequate planning and supervision.

Internal control – is a process for assuring achievement of an organization’s objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies.

Introductory paragraph The first paragraph of the auditor’s standard report, which identifies the procurement records audited, states the procurement records are the responsibility of management and that the auditor’s responsibility is to express an opinion on the procurement records based on the audit.

It can also be defined as an independent examination of the procurement records and procedures of a procuring entity to ascertain or verify whether they give true and fair view and report the findings regarding procurement operations. True means information is factual and conforms to reality and conforms to required standards and law while Fair means information is free from discrimination and bias and is compliance with expected standards and rules.




Material (materiality) Information important enough to change an investor’s decision. Insignificant information has no effect on decisions, so there is no need to report it. Materiality includes the absolute value and relationship of an amount to other information.

Misinterpretation of facts, and mistakes in application of principles relating to amount, classification, presentation or disclosure.

Misstatement Stated wrongly or falsely. Untrue procurement record information Non sampling risk is audit risk not due to sampling. An auditor may apply a procedure to all transactions or balances and fail to detect a material misstatement. Non sampling risk includes he possibility of selecting audit procedures that are not appropriate to achieve a specific objective.

Objectivity The internal auditors’ objectivity depends on the organizational status of the internal audit function, whether the internal auditor has direct access and reports regularly to the board, the audit committee, or owner- manager, and who oversees internal auditor employment decisions.

Opinion paragraph The paragraph in the audit report that expresses the auditor’s conclusions

Peer review A practice monitoring program in which the audit documentation of one CPA firm is periodically reviewed by independent partners of other firms to determine that it conforms to the standards of the profession.

Procurement management Audit is a comprehensive, systematic, independent and periodic examination of company purchasing environment, objectives and tactics, to identify problems and opportunities and facilitate the development of appropriate actions

Voucher A document in support of expenditure. The signature of an appropriate official on the voucher is authorization for the treasurer to issue a check.




Working papers (written audit documentation) Records kept by the auditor of procedures applied, tests performed, information obtained, and pertinent conclusions in the engagement

Consequence Outcome of event affecting objectives

Control- Measure that is modifying risk

Residual Risk-Risk remaining after risk treatment

Risk analysis is the process of identifying all the potential things that can go wrong with an activity, and then estimating the probability of each happening. Risk  Description– Structured statement of risk usually containing four elements: sources, events, causes and consequence

Risk identification is a process for identifying and recording potential project risks that can affect the project delivery.

Risk MatrixTool for ranking and displaying risks by defining ranges for consequence and likelihood

Risk Owner Person or entity with the accountability and authority to manage risk




Risk Register Documented record of information about identified risk

Risk SourceElement which alone or in combination has the intrinsic potential to give rise to risk

Risk -the probability of an unwanted outcome happening.

Supply chain risk management (SCRM) is “the implementation of strategies to manage both every day and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity”. In other words, SCRM is to collaboratively with partners in a supply chain or on your own, apply risk management process tools to deal with risks and uncertainties caused by, or impacting on, logistics related activities or resources in the supply chain.

Vulnerability assessment is the process designed to identify, quantify and prioritize areas in which systems, organization or supply chain is particular open to risk or attack.



Leave a Reply

Your email address will not be published. Required fields are marked *