Any potential adverse occurrence or unwanted event that could be injurious to either the AIS or the organization.
"The process implemented by the board of directors, management, and those under their direction to try to accomplish the following objectives: Safeguard assets, maintain records, provide accurate information, prepare statements in accordance with GAAP, operate efficiently, adhere to prescribed managerial policies, and comply with laws & regulations."
Foreign Corrupt Practices Act
An act passed to prevent the bribery of foreign officials in order to obtain business.
Sarbanes-Oxley Act (SOX)
"Applies to publicly held companies and their auditors and was intended to prevent financial statement fraud, make financial reports more transparent, provide protection to investors, strengthen the internal controls at public companies, and punish executives who perpetrate fraud."
Helps employees act ethically by setting limits beyond which an employee must not pass.
Diagnostic Control System
Measures company progress by comparing actual performance to planned performance.
Interactive Control System
Helps top-level managers with high-level activities that demand frequent and regular attention.
COBIT Framework (Control Objectives for Information and Related Technology)
A framework of generally applicable information systems security and control practices for IT control.
COSO (Committee of Sponsoring Organizations)
"A private-sector group consisting of the American Accounting Association, the AICPA, the Institute of Internal Auditors, the Institute of Management Accountants, and the Financial Executives Institute."
Internal Control Integrated Framework
Defines internal controls and provides guidance for evaluating and enhancing internal control systems.
Enterprise Risk Management Integrated Framework (ERM)
Expands on the elements of the internal control integrated framework and provides an all-encompassing focus on the broader subject of enterprise risk management.
"Help ensure the accuracy, completeness, and reliability of internal and external company reports, of both a financial and nonfinancial nature."
"The most important component of the ERM and internal control frameworks - it influences how organizations establish strategies and objectives, structure business activities, and identify and respond to risk."
The amount of risk a company is willing to accept in order to achieve its goals and objectives.
Policy and Procedures Manual
"Explains proper business practices, describes the knowledge and experience needed by key personnel, spells out management policy for handling specific transactions, and documents the systems and procedures employed to process those transactions."
"Includes verifying educational and work experience, talking to references, checking for a criminal record, and checking credit records."
An incident or occurrence emanating from internal or external sources that affects implementation of strategy or achievement of objectives.
The risk that exists before management takes any steps to control the likelihood or impact of risk.
"The risk that remains after management implements internal controls, or some other response to risk."
"Policies, procedures, and rules that provide reasonable assurance that management's control objectives are met and the risk responses are carried out."
"A means of signing a document with a piece of data that cannot (or, rather, can only with difficulty) be forged."
Fraud where two or more people override the preventive aspect of the internal control system.
Responsible for ensuring that the different parts of an information system operate smoothly and efficiently.
Ensure that all applicable devices are linked to the organization's internal and external networks and that the networks operate continuously and properly.
Ensures that all aspects of the system are secure and protected from all internal and external threats.
Help users determine their information needs and then design an information system to meet those needs.
Take the design provided by systems analysts and create an information system by writing the computer programs.
Data Control Group
"Ensures that source data have been properly approved, monitors the flow of work through the computer, reconciles input and output, maintains a record of input errors to ensure their correction and resubmission, and distributes systems throughout."
Strategic Master Plan
"Shows the projects that must be completed to achieve long-range company goals and addresses the company's hardware, software, personnel, and infrastructure requirements."
Project Development Plan
"Shows how a project will be compoleted, including the modules or tasks to be performed and who will perform them, the dates they should be completed, and project costs. "
Significant points when progess is reviewed and actual and estimated completion times are compared.
A vendor who uses common standards and manages a cooperative systems development effort involving its own development personnel and those of the client and other vendors.
"The process of making sure changes to not negatively affect systems reliability security, confidentiality, integrity, and availability."
When individual company transactions can be traced through the system from where they originate to where they end up on the financial statements.
Company Security Officer (CSO)
In charge of AIS security and should be independent of the information system function and report to the chief operating officer or the CEO.
Chief Compliance Officer (CCO)
Officer in charge of ensuring that a company meets SOX and other compliance.
Computer Forensic Specialists
"Discover, safeguard, and document computer evidence such that its authenticity, accuracy, and integrity will not succumb to legal challenges."