Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
50 Cards in this Set
- Front
- Back
|
"Attest reporting engagement"
|
"An engagement where an IS auditor is engaged to either examine management’s assertion regarding particular a subject matter or the subject matter directly. The IS auditor’s report consists of an opinion on one of the following: * The subject matter. These reports relate directly to the subject matter itself rather than an assertion. In certain situations management will not be able to make an assertion over the subject of the engagement. An example of this situation is when IT services are out-sourced to third party. Management will not ordinarily be able to make an assertion over the controls that the third-party is responsible for. Hence# an IS auditor would have to report directly on the subject matter rather than an assertion * Management’s assertion about the effectiveness of the control procedures * Examination reporting engagement where the IS auditor is engaged to issue an opinion on particular subject matter. These engagements can include reports on controls implemented by management and on their operating effectiveness"
|
|
|
"Attitude"
|
"Way of thinking# behaving# feeling# etc."
|
|
|
"Attribute sampling"
|
"An audit technique used to select items from a population for audit testing purposes based on selecting all those items that have certain attributes or characteristics (such as all items over a certain size)"
|
|
|
"Audit"
|
"The process of generating# recording and reviewing a chronological record of system events to ascertain their accuracy"
|
|
|
"Audit accountability"
|
"Performance measurement of service delivery including cost# timeliness and quality against agreed service levels"
|
|
|
"Audit authority"
|
"A statement of the position within the organization# including lines of reporting and the rights of access"
|
|
|
"Audit charter"
|
"A document which defines the IS audit function's responsibility# authority and accountability"
|
|
|
"Audit evidence"
|
"The information systems auditor (IS auditor) gathers information in the course of performing an IS audit. The information used by the IS auditor to meet audit objectives is referred to as audit evidence (evidence). Also used to describe the level of risk that an auditor is prepared to accept during an audit engagement."
|
|
|
"Audit expert systems"
|
"Expert or decision support systems that can be used to assist IS auditors in the decision-making process by automating the knowledge of experts in the field. This technique includes automated risk analysis# systems software and control objectives software packages."
|
|
|
"Audit objective"
|
"The specific goal(s) of an audit. These often center on substantiating the existence of internal controls to minimize business risk."
|
|
|
"Audit plan"
|
"A high level description of the audit work to be performed in a certain period of time (ordinarily a year). It includes the areas to be audited# the type of work planned# the high level objectives and scope of the work# and topics such as budget# resource allocation# schedule dates# type of report and its intended audience and other general aspects of the work."
|
|
|
"Audit program"
|
"A series of steps to complete an audit objective"
|
|
|
"Audit responsibility"
|
"The roles# scope and objectives documented in the service level agreement between management and audit"
|
|
|
"Audit risk"
|
"The risk of giving an incorrect audit opinion"
|
|
|
"Audit sampling"
|
"The application of audit procedures to less than 100 percent of the items within a population to obtain audit evidence about a particular characteristic of the population"
|
|
|
"Audit trail"
|
"A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source"
|
|
|
"auditability"
|
"The level to which transactions can be traced and audited through a system"
|
|
|
"Authentication"
|
"The act of verifying the identity of a system entity (e.g.# a user# a system# a network node) and the entity’s eligibility to access computerized information. Designed to protect against fraudulent logon activity. Authentication can also refer to the verification of the correctness of a piece of data."
|
|
|
"authorization"
|
"The process of determining what types of activities are permitted. Ordinarily# authorisation is in the context of authentication: once you have authenticated a user# he/she may be authorised to perform different types of access or activity"
|
|
|
"Automated teller machine (ATM)"
|
"A 24-hour# stand-alone mini-bank# located outside branch bank offices or in public places like shopping malls. Through ATMs# clients can make deposits# withdrawals# account inquiries and transfers. Typically# the ATM network is comprised of two spheres: a proprietary sphere# in which the bank manages the transactions of its clients# and the public or shared domain# in which a client of one financial institution can use another’s ATMs."
|
|
|
"Availability"
|
"Availability relates to information being available when required by the business process now and in the future. It also concerns the safeguarding of necessary resources and associated capabilities."
|
|
|
"Backup"
|
"Files# equipment# data and procedures available for use in the event of a failure or loss# if the originals are destroyed or out of service"
|
|
|
"Bandwidth"
|
"The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second)."
|
|
|
"Bar case"
|
"A standardized body of data created for testing purposes. Users normally establish the data. Base case validates production application systems and tests the ongoing accurate operation of the system."
|
|
|
"Bar code"
|
"A printed machine-readable code that consists of parallel bars of varied width and spacing"
|
|
|
"Base case"
|
"A standardized body of data created for testing purposes. Users normally establish the data. Base cases validate production application systems and test the ongoing accurate operation of the system."
|
|
|
"Baseband"
|
"A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilize a transceiver. In baseband the entire bandwidth of the transmission medium (e.g.# coaxial cable) is utilized for a single channel."
|
|
|
"Batch control"
|
"Correctness checks built into data processing systems and applied to batches of input data# particularly in the data preparation stage. There are two main forms of batch controls: 1) sequence control# which involves numbering the records in a batch consecutively so that the presence of each record can be confirmed# and 2) control total# which is a total of the values in selected fields within the transactions."
|
|
|
"Batch processing"
|
"The processing of a group of transactions at the same time. Transactions are collected and processed against the master files at a specified time."
|
|
|
"Baud rate"
|
"The rate of transmission for telecommunication data. It is expressed in bits per second (bps)."
|
|
|
"Benchmark"
|
"A test that has been designed to evaluate the performance of a system. In a benchmark test# a system is subjected to a known workload and the performance of the system against this workload is measured. Typically# the purpose is to compare the measured performance with that of other systems that have been subject to the same benchmark test."
|
|
|
"Binary code"
|
"A code whose representation is limited to 0 and 1"
|
|
|
"Biometric locks"
|
"Door and entry locks that are activated by such biometric features as voice# eye retina# fingerprint or signature"
|
|
|
"Biometrics"
|
"A security technique that verifies an individual’s identity by analyzing a unique physical attribute# such as a handprint"
|
|
|
"Black box testing"
|
"A testing approach which focuses on the functionality of the application or product and does not require knowledge of the code intervals."
|
|
|
"Blackbox testing"
|
"A testing approach which focuses on the functionality of the application or product and does not require knowledge of the code intervals"
|
|
|
"Border router"
|
"See external router."
|
|
|
"Bridge"
|
"A device that connects two similar networks together"
|
|
|
"Broadband"
|
"In broadband# multiple channels are formed by dividing the transmission medium into discrete frequency segments. It generally requires the use of a modem."
|
|
|
"Brouters"
|
"Devices that perform the functions of both bridges and routers# are called brouters. Naturally# they operate at both the data link and the network layers. A brouter connects same data link type LAN segments as well as different data link ones# which is a significant advantage. Like a bridge it forwards packets based on the data link layer address to a different network of the same type. Also# whenever required# it processes and forwards messages to a different data link type network based on the network protocol address. When connecting same data link type networks# they are as fast as bridges besides being able to connect different data link type networks."
|
|
|
"browser"
|
"A computer program that enables the user to retrieve information that has been made publicly available on the Internet; also# that permits multimedia (graphics) applications on the World Wide Web"
|
|
|
"Brute force"
|
"The name given to a class of algorithms that repeatedly try all possible combinations until a solution is found"
|
|
|
"BSP (business service provider)"
|
"An ASP that also provides outsourcing of business processes such as payment processing# sales order processing and application development"
|
|
|
"budget"
|
"Estimated cost and revenue amounts for a given range of periods and set of books. There can be multiple budget versions for the same set of books."
|
|
|
"budget formula"
|
"A mathematical expression used to calculate budget amounts based on actual results# other budget amounts and statistics. With budget formulas# budgets using complex equations# calculations and allocations can be automatically created."
|
|
|
"budget hierarchy"
|
"A group of budgets linked together at different levels such that the budgeting authority of a lower-level budget is controlled by an upper-level budget."
|
|
|
"budget organization"
|
"An entity (department# cost center# division or other group) responsible for entering and maintaining budget data."
|
|
|
"Buffer"
|
"Memory reserved to temporarily hold data. Buffers are used to offset differences between the operating speeds of different devices# such as a printer and a computer. In a program# buffers are reserved areas of RAM that hold data while they are being processed."
|
|
|
"Bulk data transfer"
|
"A data recovery strategy that includes a recovery from complete backups that are physically shipped off site once a week. Specifically# logs are batched electronically several times daily# and then loaded into a tape library located at the same facility as the planned recovery."
|
|
|
"Bus"
|
"Common path or channel between hardware devices. It can be between components internal to a computer or between external computers in a communications network."
|
