We try to be as plainspoken as possible. But sometimes it works best to use words and phrases that are specific to the internal audit profession. Here’s a list of those terms and what they mean:

Assurance services 

Assurance services give the Institute confidence that its processes are working effectively to control risk. To that end, the Audit Division works with adminstrative leadership on campus and at Lincoln Laboratory to evaluate their academic, research, and administrative processes and identify opportunities for improvement. 


Our charter is a formal document that defines the Audit Division’s purpose, authority, and responsibility. It establishes our position within the organization; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities.


Controls are activities put in place to safeguard MIT’s assets, provide reliable financial information, promote efficient and effective operations, avoid fraud, and ensure policy compliance.

Control processes

Control processes make up a control framework, which is designed and operated to ensure that risks are contained within the level that the Institute is willing to accept.


An engagement is an Audit Division project (audit or advisory) that includes multiple tasks or activities designed to accomplish a specific set of related objectives.


Fraud is any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by individuals and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or professional advantage.


Governance is the combination of processes and structures implemented by MIT to inform, manage, and monitor the activities of the Institute so that it can achieve its objectives.


Risk is the possibility of an event occurring that will harm MIT’s ability to achieve its objectives. The Audit Division evaluates risks across five categories: safety, operational, behavioral, financial, and compliance. MIT’s reputation is a consequence of these risks. Risk is measured in terms of impact and likelihood.