Glossary · General Audit
Control
A safeguard or measure — technical, administrative, or physical — put in place to reduce a specific risk, such as enforcing multi-factor authentication or reviewing access quarterly. Compliance frameworks are essentially structured sets of controls that an auditor tests for design and operating effectiveness.
This definition is part of TCSA’s plain-English compliance glossary, written and reviewed by the auditors who prepare organizations for these frameworks — 500+ audits delivered across India, USA, UK, Australia & UAE.
Related General Audit terms
Attestation
An engagement in which an independent CPA examines a subject matter — such as a set of controls — and issues an opinion on it. SOC 1, SOC 2, and SOC 3 are attestation reports: the auditor attests to management's description and the operating effectiveness of controls, rather than awarding a pass/fail certificate.
Evidence
The records an auditor collects to confirm a control was actually operating — screenshots, configuration exports, tickets, policy documents, access logs, and the like. In a Type II engagement, evidence must show the control ran consistently across the entire observation window, not just on the day of testing.
Gap Assessment
A structured comparison of an organisation's current state against the requirements of a target framework, producing a list of "gaps" to remediate before a formal audit. It is the usual first step in any certification or attestation project.
Nonconformity
A failure to meet a requirement of a standard, identified during an ISO audit. Major nonconformities must be resolved before certification can be granted, while minor ones require a corrective-action plan and are verified at the next audit.
Observation Window
The period — typically three to twelve months — over which an auditor evaluates whether controls operated effectively in a SOC 2 Type II engagement. Evidence must demonstrate the controls ran consistently throughout this window, also called the audit or review period.
Readiness Assessment
A pre-audit review that tests whether an organisation's controls and evidence would withstand a formal audit, so issues can be fixed in advance. It is broader than a gap assessment, often including a dry run of control testing.
Written By Expert Auditors
Get in touch
Book a free consultation or send us your requirements. We respond within 24 hours.
Quick Call
Pick a time slot
Send Requirements
Get a custom quote in 24 hours