Like this study set? Create a free account to save it.

Sign up for an account

Already have a Quizlet account? .

Create an account


Any potential adverse occurrence or unwanted event that could be injurious to either the AIS or the organization.


The potential dollar loss should a particular threat become a reality.


The probability that the threat will become a reality.

Internal Control

"The process implemented by the board of directors, management, and those under their direction to try to accomplish the following objectives: Safeguard assets, maintain records, provide accurate information, prepare statements in accordance with GAAP, operate efficiently, adhere to prescribed managerial policies, and comply with laws & regulations."

Preventive Controls

Controls that deter problems before they arise.

Detective Controls

Controls that discover problems as soon as they arise.

Corrective Controls

Controls that remedy control problems that have been discovered.

General Controls

Help make sure an organization's control environment is stable and well-managed.

Application Controls

"Prevent, detect, and correct transaction errors and fraud."

Foreign Corrupt Practices Act

An act passed to prevent the bribery of foreign officials in order to obtain business.

Sarbanes-Oxley Act (SOX)

"Applies to publicly held companies and their auditors and was intended to prevent financial statement fraud, make financial reports more transparent, provide protection to investors, strengthen the internal controls at public companies, and punish executives who perpetrate fraud."

Boundary System

Helps employees act ethically by setting limits beyond which an employee must not pass.

Diagnostic Control System

Measures company progress by comparing actual performance to planned performance.

Interactive Control System

Helps top-level managers with high-level activities that demand frequent and regular attention.

COBIT Framework (Control Objectives for Information and Related Technology)

A framework of generally applicable information systems security and control practices for IT control.

COSO (Committee of Sponsoring Organizations)

"A private-sector group consisting of the American Accounting Association, the AICPA, the Institute of Internal Auditors, the Institute of Management Accountants, and the Financial Executives Institute."

Internal Control Integrated Framework

Defines internal controls and provides guidance for evaluating and enhancing internal control systems.

Enterprise Risk Management Integrated Framework (ERM)

Expands on the elements of the internal control integrated framework and provides an all-encompassing focus on the broader subject of enterprise risk management.

Strategic Objectives

High-level goals that are aligned with and support the company's mission.

Operations Objectives

Deal with the effectiveness and efficiency of company operations.

Reporting Objectives

"Help ensure the accuracy, completeness, and reliability of internal and external company reports, of both a financial and nonfinancial nature."

Compliance Objectives

Help the company comply with all applicable laws and regulations.

Internal Environment

"The most important component of the ERM and internal control frameworks - it influences how organizations establish strategies and objectives, structure business activities, and identify and respond to risk."

Risk Appetite

The amount of risk a company is willing to accept in order to achieve its goals and objectives.

Policy and Procedures Manual

"Explains proper business practices, describes the knowledge and experience needed by key personnel, spells out management policy for handling specific transactions, and documents the systems and procedures employed to process those transactions."

Background Check

"Includes verifying educational and work experience, talking to references, checking for a criminal record, and checking credit records."


An incident or occurrence emanating from internal or external sources that affects implementation of strategy or achievement of objectives.

Inherent Risk

The risk that exists before management takes any steps to control the likelihood or impact of risk.

Residual Risk

"The risk that remains after management implements internal controls, or some other response to risk."

Expected Loss

Expected loss = Impact x Likelihood

Control Activities

"Policies, procedures, and rules that provide reasonable assurance that management's control objectives are met and the risk responses are carried out."


Empowerment to perform policies established by management.

Digital Signature

"A means of signing a document with a piece of data that cannot (or, rather, can only with difficulty) be forged."

General Authorization

Authorization to handle routine transactions without special approval.

Specific Authorization

Authorization that requires special review and approval.


Fraud where two or more people override the preventive aspect of the internal control system.

Systems Administrators

Responsible for ensuring that the different parts of an information system operate smoothly and efficiently.

Network Managers

Ensure that all applicable devices are linked to the organization's internal and external networks and that the networks operate continuously and properly.

Security Management

Ensures that all aspects of the system are secure and protected from all internal and external threats.

Systems Analysts

Help users determine their information needs and then design an information system to meet those needs.


Take the design provided by systems analysts and create an information system by writing the computer programs.

Computer Operators

Run the software on the company's computers.

Information System Library

"Corporate databases, files, and programs in a separate storage area."

Data Control Group

"Ensures that source data have been properly approved, monitors the flow of work through the computer, reconciles input and output, maintains a record of input errors to ensure their correction and resubmission, and distributes systems throughout."

Strategic Master Plan

"Shows the projects that must be completed to achieve long-range company goals and addresses the company's hardware, software, personnel, and infrastructure requirements."

Project Development Plan

"Shows how a project will be compoleted, including the modules or tasks to be performed and who will perform them, the dates they should be completed, and project costs. "

Project Milestones

Significant points when progess is reviewed and actual and estimated completion times are compared.

Data Processing Schedule

Format for data processing tasks.

Steering Committee

Guides and oversees systems development and acquisition.


Output per unit of time.


Percentage of time the system is being productively used.

Response Time

How long it takes the system to respond.

Post-implementation review

Determines if the anticipated benefits were achieved.

Systems Integrator

A vendor who uses common standards and manages a cooperative systems development effort involving its own development personnel and those of the client and other vendors.

Change Management

"The process of making sure changes to not negatively affect systems reliability security, confidentiality, integrity, and availability."

Analytical Review

An examination of the relationships between different sets of data.

Audit Trail

When individual company transactions can be traced through the system from where they originate to where they end up on the financial statements.

Company Security Officer (CSO)

In charge of AIS security and should be independent of the information system function and report to the chief operating officer or the CEO.

Chief Compliance Officer (CCO)

Officer in charge of ensuring that a company meets SOX and other compliance.

Forensic Accountants

Specialize in fraud detection and investigation.

Computer Forensic Specialists

"Discover, safeguard, and document computer evidence such that its authenticity, accuracy, and integrity will not succumb to legal challenges."

Neural Networks

Programs that mimic the brain and have learning capabilities.

Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions and try again


Reload the page to try again!


Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

Voice Recording