Definition of Key Terms Used in Procurement Audit and Risk Management
Assurance engagement is an engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria.’
Audit evidence- Facts gathered during the audit procedures that provide a reasonable basis for forming an opinion regarding the procurement records under audit.
Audit planning covers the development of an overall plan for the expected coverage and conduct of the audit.
Audit programme consists of a series of verification procedures to be applied to the procurement records and accounts of a given procurement entity for the purpose of obtaining sufficient evidence to enable the auditor to express an informed opinion on such statements
Audit report- An auditor’s report provides an opinion of the validity and reliability of a company or organisation’s procurement records to provide assurance that they are correct.
Auditee– The procurement entity (organization), procurement staffs and other individuals involved in procurement transactions that are audited.
Auditing – As defined in ISO 19011:2011 it is a “systematic, independent and documented process for obtaining audit evidence (records, statements of fact or other information which are relevant and verifiable) and evaluating it objectively to determine the extent to which the audit criteria (set of policies, procedures or requirements) are fulfilled.”
Auditor- An auditor is a person or a firm appointed by a company to execute procurement audit. To act as an auditor, a person should be certified by the regulatory authority of procurement and auditing or possess certain specified qualifications.
Documentation means the materials (working papers) prepared by and for, or obtained and retained by the auditor in connection with the performance of the audit.
Error –Unintentional misstatements or omissions in procurement records. Errors may involve mistakes in gathering or processing procurement data, incorrect estimates from oversight or
For example, confirming recorded receivables cannot reveal unrecorded receivables. Non sampling risk can be reduced to a negligible level through adequate planning and supervision.
Internal control – is a process for assuring achievement of an organization’s objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies.
Introductory paragraph The first paragraph of the auditor’s standard report, which identifies the procurement records audited, states the procurement records are the responsibility of management and that the auditor’s responsibility is to express an opinion on the procurement records based on the audit.
It can also be defined as an independent examination of the procurement records and procedures of a procuring entity to ascertain or verify whether they give true and fair view and report the findings regarding procurement operations. True means information is factual and conforms to reality and conforms to required standards and law while Fair means information is free from discrimination and bias and is compliance with expected standards and rules.
Material (materiality) Information important enough to change an investor’s decision. Insignificant information has no effect on decisions, so there is no need to report it. Materiality includes the absolute value and relationship of an amount to other information.
Misinterpretation of facts, and mistakes in application of principles relating to amount, classification, presentation or disclosure.
Misstatement Stated wrongly or falsely. Untrue procurement record information Non sampling risk is audit risk not due to sampling. An auditor may apply a procedure to all transactions or balances and fail to detect a material misstatement. Non sampling risk includes he possibility of selecting audit procedures that are not appropriate to achieve a specific objective.
Objectivity The internal auditors’ objectivity depends on the organizational status of the internal audit function, whether the internal auditor has direct access and reports regularly to the board, the audit committee, or owner- manager, and who oversees internal auditor employment decisions.
Opinion paragraph The paragraph in the audit report that expresses the auditor’s conclusions
Peer review A practice monitoring program in which the audit documentation of one CPA firm is periodically reviewed by independent partners of other firms to determine that it conforms to the standards of the profession.
Procurement management Audit is a comprehensive, systematic, independent and periodic examination of company purchasing environment, objectives and tactics, to identify problems and opportunities and facilitate the development of appropriate actions
Voucher A document in support of expenditure. The signature of an appropriate official on the voucher is authorization for the treasurer to issue a check.
Working papers (written audit documentation) Records kept by the auditor of procedures applied, tests performed, information obtained, and pertinent conclusions in the engagement
Consequence– Outcome of event affecting objectives
Control- Measure that is modifying risk
Residual Risk-Risk remaining after risk treatment
Risk analysis is the process of identifying all the potential things that can go wrong with an activity, and then estimating the probability of each happening. Risk Description– Structured statement of risk usually containing four elements: sources, events, causes and consequence
Risk identification is a process for identifying and recording potential project risks that can affect the project delivery.
Risk Matrix–Tool for ranking and displaying risks by defining ranges for consequence and likelihood
Risk Owner– Person or entity with the accountability and authority to manage risk
Risk Register– Documented record of information about identified risk
Risk Source–Element which alone or in combination has the intrinsic potential to give rise to risk
Risk -the probability of an unwanted outcome happening.
Supply chain risk management (SCRM) is “the implementation of strategies to manage both every day and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity”. In other words, SCRM is to collaboratively with partners in a supply chain or on your own, apply risk management process tools to deal with risks and uncertainties caused by, or impacting on, logistics related activities or resources in the supply chain.
Vulnerability assessment is the process designed to identify, quantify and prioritize areas in which systems, organization or supply chain is particular open to risk or attack.