Term
|
Definition
| Controls that ensure that only authorized personnel have access to the firm's assets. |
|
|
Term
|
Definition
| Professional services offered by public accounting firms to improve their client organizations' operational efficiency and effectiveness. |
|
|
Term
|
Definition
| Controls that ensure the integrity of specific systems. |
|
|
Term
|
Definition
| An external audit is an independent attestation performed by an expert-the auditor-who expresses an opinion regarding the presentation of financial statements.The audit objective is always associated with assuring the fair presentation of financial statements. |
|
|
Term
|
Definition
| Task of creating meaningful test data. |
|
|
Term
|
Definition
| The first step in the IT audit is audit planning in which the auditor gains a thorough understanding of the client's business. A major part of this phase of the audit is the analysis of audit risk. |
|
|
Term
|
Definition
| Probability that the auditor will render unqualified opinions on financial statements that are, in fact, materially misstated. |
|
|
Term
|
Definition
| Assets not unique to an organization and easily acquired in the marketplace (e.g., network management, systems operations, server maintenance, help-desk functions.) |
|
|
Term
|
Definition
| For reports, state in which all necessary calculations are provided and the message is presented clearly and unambiguously. |
|
|
Term
|
Definition
| Theft, misuse, or misappropriation of assets by altering computer-readable records and files, or by altering the logic of computer software; the illegal use of computer-readable information; or the intentional destruction of computer software or hardware. |
|
|
Term
| Computer-Aided Audit Tools and Techniques (CAATTs) |
|
Definition
| A set of computer programs used by an auditor to enhance the effectiveness of an audit while testing application controls. There are five features of CAATTs used: the test data method, base case system evaluation, racing, integrated test facility, and parallel simulation. |
|
|
Term
|
Definition
| The likelihood that the control structure is flawed because controls are either absent or inadequate to prevent or detect errors in the accounts. |
|
|
Term
|
Definition
| Theory underlying outsourcing the posits an organization should focus exclusively on its core business competencies while allowing outsourcing vendors to manage non-core areas such as IT functions efficiently. |
|
|
Term
|
Definition
| Coordinating IT unit that attempts to establish corporatewide standards among distributed IT units. |
|
|
Term
| Database Management Fraud |
|
Definition
| Altering, deleting, corrupting, destroying, or stealing an organization's data. |
|
|
Term
|
Definition
| The risk that auditors are willing to take that errors not detected or prevented by the control structure will also not be detected by the auditor. |
|
|
Term
| Disaster Recovery Plan (DRP) |
|
Definition
| Comprehensive statement of all actions to be taken before, during, and after a disaster, along with documented, tested procedures to ensure the continuity of operations. |
|
|
Term
| Distributed Data Processing (DDP) |
|
Definition
| Reorganizing the IT function into small information processing units (IPUs) that are distributed to end users and placed under their control. |
|
|
Term
|
Definition
| Listening to output transmissions over telecommunications lines. |
|
|
Term
|
Definition
| Arrangement that involves two or more user organizations that buy or lease a building and remodel it into a computer site, but without the computer and peripheral equipment. |
|
|
Term
|
Definition
| Management assertion that all assets and equities contained in the balance sheet exist and that all transactions in the income statement actually occurred. |
|
|
Term
|
Definition
| Ability of the system to continue operation when part of the system fails due to hardware failure, application program error, or operator error. |
|
|
Term
| General Computer Controls |
|
Definition
| Specific activities performed by persons or systems designed to ensure that business objectives are met. |
|
|
Term
|
Definition
| Controls that pertain to entity-wide concerns such as controls over the data center, organization databases, systems development, and program maintenance. |
|
|
Term
| Information Technology Controls |
|
Definition
| Include controls over IT governance, IT infrastructure, security, and access to operating systems and databases, application acquisition and development, and program changes. |
|
|
Term
|
Definition
| The risk associated with the unique characteristics of the business or industry of the client. |
|
|
Term
|
Definition
| Appraisal function housed within the organization. |
|
|
Term
|
Definition
| Contracting with a third-party vendor to take over the costs, risks, and responsibilities associated with maintaining an effective corporate IT function, including management of IT assets and staff and delivery of IT services such as data entry, data center operations, applications development, applications maintenance, and network management. |
|
|
Term
|
Definition
| Combination of tests of application controls and substantive tests of transaction details and account balances. |
|
|
Term
|
Definition
| Data center that reflects current economic events of the firm. |
|
|
Term
|
Definition
| Storage procedure used to safeguard the critical resources. |
|
|
Term
|
Definition
| Misuse or theft of the firm's computer resources. |
|
|
Term
| Presentation and Disclosure |
|
Definition
| Management assertion that contingencies not reported in financial accounts are properly disclosed in footnotes. |
|
|
Term
|
Definition
| A set of audit procedures developed by the auditors based on management assertions. |
|
|
Term
|
Definition
| Techniques such as creating illegal programs that can access data files to alter, delete, or insert values into accounting records; destroying or corrupting a program's logic using a computer virus; or altering program logic to cause the application to process data incorrectly. |
|
|
Term
| Recovery Operations Center (ROC) |
|
Definition
| Arrangement involving two or more user organizations that buy or lease a building and remodel it into a completely equipped computer site. |
|
|
Term
| Redundant Arrays of Independent Disk (RAID) |
|
Definition
| Use of parallel disks that contain redundant elements of data and applications. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Searching through the trash of the computer center for discarded output. |
|
|
Term
|
Definition
| Assets unique to an organization that support its strategic objectives. Specific IT assets have little value outside their current use. May be tangible (computer equipment), intellectual (computer programs), or human. |
|
|
Term
| Statement on Auditing Standard No. 70 (SAS 70) |
|
Definition
| Definitive standard by which client organizations' auditors can gain knowledge that controls at the third-party vendor are adequate to prevent or detect material errors that could impact the client's financial statements. |
|
|
Term
|
Definition
| Tests that determine whether database contents fairly reflect the organization's transactions. |
|
|
Term
|
Definition
| Tests that establish whether internal controls are functioning properly. |
|
|
Term
| Transaction Cost Economics (TCE) Thoery |
|
Definition
| Belief that organizations should retain certain specific non-core IT assets in-house; due to their esoteric nature, such assets cannot be easily replaced once they are given up in an outsourcing arrangement. Supports outsourcing of commodity assets, which are easily replaced. |
|
|
Term
| Uninterruptible Power Supplies |
|
Definition
| Technologies that prevent data loss and system corruption due to power failure. |
|
|
Term
|
Definition
| Set of data that a particular user needs to achieve his or her assigned tasks. |
|
|
Term
|
Definition
| Process of stating accounts receivable at net realizable value. |
|
|
