Glossary of Terms Flashcards Preview

CISM > Glossary of Terms > Flashcards

Flashcards in Glossary of Terms Deck (182)
Loading flashcards...

Application software
tracing and mapping

Specialized tools that can be used to analyze the flow of data through the processing logic of the application software and document the logic, paths, control conditions and processing sequences

Scope Note: Both the command language or job control statements and programming language can be analyzed. This technique includes program/system: mapping, tracing, snapshots, parallel simulations and code comparisons.


Application System

An integrated set of computer programs designed to serve a particular function that has specific input, processing and output activities

Scope Note: Examples include general ledger, manufacturing resource planning and human resource (HR) management.



Description of the fundamental underlying design of the components of the business system, or of
one element of the business system (e.g., technology), the relationships among them, and the manner in which they support enterprise objectives


Architecture Board

A group of stakeholders and experts who are accountable for guidance on enterprise‐architecture‐ related matters and decisions, and for setting architectural policies and standards.

Scope Note: COBIT 5 perspective


Arithmetic Logic Unit (ALU)

The area of the central processing unit (CPU) that performs mathematical and analytical operations


Artifical Intelligence (AI)

Advanced computer systems that can simulate human capabilities, such as analysis, based on a
predetermined set of rules.



Representing 128 characters, the American Standard Code for Information Interchange (ASCII) code
normally uses 7 bits. However, some variations of the ASCII code set allow 8 bits. This 8‐bit ASCII code allows 256 characters to be represented.



A program that takes as input a program written in assembly language and translates it into machine
code or machine language


Assembly Language

A low‐level computer programming language which uses symbolic code and produces machine



Any formal declaration or set of declarations about the subject matter made by management.

Scope Note: Assertions should usually be in writing and commonly contain a list of specific attributes about the subject matter or about a process involving the subject matter.



A broad review of the different aspects of a company or function that includes elements not covered by a structured assurance initiative.

Scope Note: May include opportunities for reducing the costs of poor quality, employee perceptions on quality
aspects, proposals to senior management on policy, goals, etc.



Something of either tangible or intangible value that is worth protecting, including people,
information, infrastructure, finances and reputation



Pursuant to an accountable relationship between two or more parties, an IT audit and assurance professional is
engaged to issue a written communication expressing a conclusion about the subject matters for which the
accountable party is responsible. Assurance refers to a number of related activities designed to provide the reader or user of the report with a level of assurance or comfort over the subject matter.

Scope Note: Assurance engagements could include support for audited financial statements, reviews of controls, compliance with required standards and practices, and compliance with agreements, licenses, legislation and regulation.


Assurance engagement

An objective examination of evidence for the purpose of providing an assessment on risk management, control or
governance processes for the enterprise.
Scope Note: Examples may include financial, performance, ccoommpplliiaannccee and system security engagements


Assurance initiative

An objective examination of evidence for the purpose of providing an assessment on risk management, control or governance processes for the enterprise.

Scope Note: Examples may include financial, performance, compliance and system security engagements.


Asymmetric key (public

A cipher technique in which different cryptographic keys are used to encrypt and decrypt a message
Scope Note: See Public key encryption.


Asynchronous Transfer
Mode (ATM)

A high‐bandwidth low‐delay switching and multiplexing technology that allows integration of real‐ time voice and video as well as data. It is a data link layer protocol.

Scope Note: ATM is a protocol‐independent transport mechanism. It allows high‐speed data transfer rates at up to 155 Mbit/s.
The acronym ATM should not be confused with the alternate usage for ATM, which refers to an automated teller machine.



Character‐at‐a‐time transmission



An actual occurrence of an adverse event


Attack Mechanism

A method used to deliver the exploit. Unless the attacker is personally performing the attack, an attack mechanism may involve a payload, or container, that delivers the exploit to the target.


Attack vector

A path or route used by the adversary to gain access to the target (asset)
Scope Note: There are two types of attack vectors: ingress and egress (also known as data exfiltration)



Reduction of signal strength during transmission


Attest reporting

An engagement in which an IS auditor is engaged to either examine management’s assertion regarding a particular subject matter or the subject matter directly

Scope Note: The IS auditor’s report consists of an opinion on one of the following: The subject matter. These reportsrelate directly to the subject matter itself rather than to an assertion.

In certain situations management will not be able
to make an assertion over the subject of the engagement. An example of this situation is when IT services are outsourced to third party.

Management will not ordinarily be able to make an assertion over the controls that the third party is responsible for. Hence, an IS auditor would have to report directly on the subject matter rather than
on an assertion.



Way of thinking, behaving, feeling, etc


Attribute Sampling

Method to select a portion of a population based on the presence or absence of a certain



Formal inspection and verification to check whether a standard or set of guidelines is being followed, records are accurate, or efficiency and effectiveness targets are being met.

Scope Note: May be carried out by internal or external groups


Audit accountability

Performance measurement of service delivery including cost, timeliness and quality against agreed
service levels


Audit Authourity

A statement of the position within the enterprise, including lines of reporting and the rights of


Audit Charter

A document approved by those charged with governance that defines the purpose, authority and responsibility of the
internal audit activity
Scope Note: The charter should:
‐ Establish the internal audit funtion’s position within the enterprise
‐ Authorise access to records, personnel and physical properties relevant to the performance of IS audit and assurance engagements.
Define the scope of audit function’s activities


Audit Engagement

A specific audit assignment or review activity, such as an audit, control self‐assessment review, fraud examination or consultancy.

Scope Note: An audit engagement may include multiple tasks or activities designed to accomplish a specific set of related objectives.