JKU GmbH


Your success is our benchmark

Deutsch

English
Layout_grüne Wiese

Glossary

MA

Management Auditing is the most modern approach of the IA-types FI, CO, OP und MA. It deals with the processes in Governance und aims at the objective effectiveness and consistency to the regarding operating processes. Strategy, Leadership, Budgeting are the core processes within the frameworks of Governance, Risk Management und Internal Control. A few enterprises include the appraisal of manager, too.

Mission

is a clear order addressed to a person, a group, an action, a project or a programme to accomplish with respect to specific conditions and use of all degrees of freedom.

OA

Operational Auditing is one of the four types of IA and slightly a new approach. It deals with all functions and processes outside accounting and finance with the objective of efficiency and correctness. It embraces for example the processes in marketing and sales, production with research and development, sourcing and logistics, real estate and asset management, IT with programming, systems development and production.

OECD-Principles

initiative from 1999 to strengthen corporate governance worldwide, revised 2004.

Organisational Development

embraces on the one hand a bundle of change measures with which managers can operate when a controlled change of structures and processes should take place. On the other hand it defines a specific research branch in social sciences which cares for this specific issue.

Quantity pattern

is the key for most of the audit processes either planning, either reporting. Taking the quantity pattern on can adjust whether the audit findings based on a sample are significant. All possibilities to quantify items are to summarize under the quantity pattern, i.e. turnover, costs, results, investment budget, and ratios from accounting or number of orders, figures of customer satisfaction, suppliers’ quality figures which are generated by the auditee himself or analysis’s of the competitions markets, personnel figures which are get from third parties.

Outsourcing

means the handing over of specific operational activities to third party. Outsourcing of the IA is then possible in principle if it is not hindered or forbidden by legal laws or procedures. For financial institutions there are some specific issues in Germany. Looking in the standards of the IIA some requirements should be observed for overtaking the IA function. The criteria for the selection of third party should be met.

Patch

a piece of a specific material to mend or to cover a hole (norm); here this term is used to describe direct changes of the source code in IT-programming without any test or change procedures in beforehand. Compared to a release the disadvantage of patches is missing documentation and testing. As there are installed in the operating system immediately processing is at high risk. Therefore the use of patches should be limited to cases of emergency.

Peer Review

special type of quality assessment review (QAR)

Programme

summarization of detailed actions, projects, and methods to accomplish with adherence to limited resources.

Procedure

is a detailed written advice addressed to a person or group inside an enterprise to carry out particular actions or to refrain from it within a process.

Process

part of a system which controls its target, deals with particular pre-defined components of the system and uses a set of decision rules and feedback mechanism to adjust itself to various stages of environment and phenomena.

QAR

Quality Assessment Review is a quality evaluation for IA, should be made every 5 years according to the IIA, starting point was 2002.

Red Flags

term from compliance (CO). Red flags are warning advices which indicate possible fraud. Indicators are high risk businesses, vacancies in accounting, weak response to ICS issues, tolerating mixed zones of private and company assets etc.

Risk

is the consequence of future driven decisions under uncertainty in a company which objective is to create added values for its stakeholders, an risk is also the possibility that an event causes negative effects for accomplishing.

Risk Management

The summarization of information and measures how a company registers events, assesses them for the results, and plans counter veiling actions substituted by a EWS, i.e. avoiding, rolling over, insurance, and bearing the rest of the risk.

Role concept

in differentiation to the concept of role in social science the role concept in IT defines different access possibilities for enterprise data for each user according to his function instead of individual regulations by person.

Top of page