How can we help?

You can also find more resources in our Help Center.

62 terms

414 Ch 6

STUDY
PLAY
Threat
Any potential adverse occurrence or unwanted event that could be injurious to either the AIS or the organization.
Exposure/Impact
The potential dollar loss should a particular threat become a reality.
Likelihood
The probability that the threat will become a reality.
Internal Control
"The process implemented by the board of directors, management, and those under their direction to try to accomplish the following objectives: Safeguard assets, maintain records, provide accurate information, prepare statements in accordance with GAAP, operate efficiently, adhere to prescribed managerial policies, and comply with laws & regulations."
Preventive Controls
Controls that deter problems before they arise.
Detective Controls
Controls that discover problems as soon as they arise.
Corrective Controls
Controls that remedy control problems that have been discovered.
General Controls
Help make sure an organization's control environment is stable and well-managed.
Application Controls
"Prevent, detect, and correct transaction errors and fraud."
Foreign Corrupt Practices Act
An act passed to prevent the bribery of foreign officials in order to obtain business.
Sarbanes-Oxley Act (SOX)
"Applies to publicly held companies and their auditors and was intended to prevent financial statement fraud, make financial reports more transparent, provide protection to investors, strengthen the internal controls at public companies, and punish executives who perpetrate fraud."
Boundary System
Helps employees act ethically by setting limits beyond which an employee must not pass.
Diagnostic Control System
Measures company progress by comparing actual performance to planned performance.
Interactive Control System
Helps top-level managers with high-level activities that demand frequent and regular attention.
COBIT Framework (Control Objectives for Information and Related Technology)
A framework of generally applicable information systems security and control practices for IT control.
COSO (Committee of Sponsoring Organizations)
"A private-sector group consisting of the American Accounting Association, the AICPA, the Institute of Internal Auditors, the Institute of Management Accountants, and the Financial Executives Institute."
Internal Control Integrated Framework
Defines internal controls and provides guidance for evaluating and enhancing internal control systems.
Enterprise Risk Management Integrated Framework (ERM)
Expands on the elements of the internal control integrated framework and provides an all-encompassing focus on the broader subject of enterprise risk management.
Strategic Objectives
High-level goals that are aligned with and support the company's mission.
Operations Objectives
Deal with the effectiveness and efficiency of company operations.
Reporting Objectives
"Help ensure the accuracy, completeness, and reliability of internal and external company reports, of both a financial and nonfinancial nature."
Compliance Objectives
Help the company comply with all applicable laws and regulations.
Internal Environment
"The most important component of the ERM and internal control frameworks - it influences how organizations establish strategies and objectives, structure business activities, and identify and respond to risk."
Risk Appetite
The amount of risk a company is willing to accept in order to achieve its goals and objectives.
Policy and Procedures Manual
"Explains proper business practices, describes the knowledge and experience needed by key personnel, spells out management policy for handling specific transactions, and documents the systems and procedures employed to process those transactions."
Background Check
"Includes verifying educational and work experience, talking to references, checking for a criminal record, and checking credit records."
Event
An incident or occurrence emanating from internal or external sources that affects implementation of strategy or achievement of objectives.
Inherent Risk
The risk that exists before management takes any steps to control the likelihood or impact of risk.
Residual Risk
"The risk that remains after management implements internal controls, or some other response to risk."
Expected Loss
Expected loss = Impact x Likelihood
Control Activities
"Policies, procedures, and rules that provide reasonable assurance that management's control objectives are met and the risk responses are carried out."
Authorization
Empowerment to perform policies established by management.
Digital Signature
"A means of signing a document with a piece of data that cannot (or, rather, can only with difficulty) be forged."
General Authorization
Authorization to handle routine transactions without special approval.
Specific Authorization
Authorization that requires special review and approval.
Collusion
Fraud where two or more people override the preventive aspect of the internal control system.
Systems Administrators
Responsible for ensuring that the different parts of an information system operate smoothly and efficiently.
Network Managers
Ensure that all applicable devices are linked to the organization's internal and external networks and that the networks operate continuously and properly.
Security Management
Ensures that all aspects of the system are secure and protected from all internal and external threats.
Systems Analysts
Help users determine their information needs and then design an information system to meet those needs.
Programmers
Take the design provided by systems analysts and create an information system by writing the computer programs.
Computer Operators
Run the software on the company's computers.
Information System Library
"Corporate databases, files, and programs in a separate storage area."
Data Control Group
"Ensures that source data have been properly approved, monitors the flow of work through the computer, reconciles input and output, maintains a record of input errors to ensure their correction and resubmission, and distributes systems throughout."
Strategic Master Plan
"Shows the projects that must be completed to achieve long-range company goals and addresses the company's hardware, software, personnel, and infrastructure requirements."
Project Development Plan
"Shows how a project will be compoleted, including the modules or tasks to be performed and who will perform them, the dates they should be completed, and project costs. "
Project Milestones
Significant points when progess is reviewed and actual and estimated completion times are compared.
Data Processing Schedule
Format for data processing tasks.
Steering Committee
Guides and oversees systems development and acquisition.
Throughput
Output per unit of time.
Utilization
Percentage of time the system is being productively used.
Response Time
How long it takes the system to respond.
Post-implementation review
Determines if the anticipated benefits were achieved.
Systems Integrator
A vendor who uses common standards and manages a cooperative systems development effort involving its own development personnel and those of the client and other vendors.
Change Management
"The process of making sure changes to not negatively affect systems reliability security, confidentiality, integrity, and availability."
Analytical Review
An examination of the relationships between different sets of data.
Audit Trail
When individual company transactions can be traced through the system from where they originate to where they end up on the financial statements.
Company Security Officer (CSO)
In charge of AIS security and should be independent of the information system function and report to the chief operating officer or the CEO.
Chief Compliance Officer (CCO)
Officer in charge of ensuring that a company meets SOX and other compliance.
Forensic Accountants
Specialize in fraud detection and investigation.
Computer Forensic Specialists
"Discover, safeguard, and document computer evidence such that its authenticity, accuracy, and integrity will not succumb to legal challenges."
Neural Networks
Programs that mimic the brain and have learning capabilities.