Flashcards in Glossary of Terms Deck (182)
The information used to support the audit opinion
Audit Expert Systems
Expert or decision support systems that can be used to assist IS auditors in the decision‐making process by automating the knowledge of experts in the field
Scope Note: This technique includes automated risk analysis, systems software and control objectives software packages.
The specific goal(s) of an audit
Scope Note: These often center on substantiating the existence of internal controls to minimize business risk.
1. A plan containing the nature, timing and extent of audit procedures to be performed by engagement team members in order to obtain sufficient appropriate audit evidence to form an opinion.
Scope Note: Includes the areas to be audited, the type of work planned, the high‐level objectives and scope of the work, and topics such as budget, resource allocation, schedule dates, type of report and its intended audience and other general aspects of the work.
2. A high‐level description of the audit work to be performed in a certain period of time
A step‐by‐step set of audit procedures and instructions that should be performed to complete an
The roles, scope and objectives documented in the service level agreement (SLA) between
management and audit
The risk of reaching an incorrect conclusion based upon audit findings.
Scope Note: The three components of audit risk are:
‐ Control risk
‐ Detection risk
‐ Inherent risk
The application of audit procedures to less than 100 percent of the items within a population to
obtain audit evidence about a particular characteristic of the population
Audit Subject Matter Risk
Risk relevant to the area under review:
‐ Business risk (customer capability to pay, credit worthiness, market factors, etc.)
‐ Contract risk (liability, price, type, penalties, etc.)
‐ Country risk (political, environment, security, etc.)
‐ Project risk (resources, skill set, methodology, product stability, etc.)
‐ Technology risk (solution, architecture, hardware and software infrastructure network, delivery channels, etc.)
Scope Note: See inherent risk
A visible trail of evidence enabling one to trace information contained in statements or reports back
to the original input source
An inventory of audit areas that is compiled and maintained to identify areas for audit during the audit planning process.
Scope Note: Traditionally, the list includes all financial and key operational systems as well as other units that would be audited as part of the overall cycle of planned work. The audit universe serves as the source from which the annual audit schedule is prepared. The universe will be periodically revised to reflect changes in the overall risk profile.
The level to which transactions can be traced and audited through a system
Subjects, units or systems that are capable of being defined and evaluated.
Scope Note: Auditable units may include:
‐Policies, procedures and practices
‐Cost centers, profit centers and investment centers
‐General ledger account balances
‐Information systems (manual and computerized)
‐Major contracts and programs
‐Organizational units, such as product or service lines
‐Functions, such as information technology (IT), purchasing, marketing, production, finance, accounting and human
‐Transaction systems for activities, such as sales, collection, purchasing, disbursement, inventory and cost accounting,
production, treasury, payroll, and capital assets
‐Laws and regulations
A formal statement expressed by the IS audit or assurance professional that describes the scope of the audit, the procedures used to produce the report and whether or not the findings support that the audit criteria have been met.
Scope Note: The types of opinions are:
‐ Unqualified opinion: Notes no exceptions or none of the exceptions noted aggregate to a significant deficiency
‐ Qualified opinion: Notes exceptions aggregated to a significant deficiency (but not a material weakness)
‐ Adverse opinion: Notes one or more significant deficiencies aggregating to a material weakness
1. The act of verifying identity (i.e., user, system)
Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data
2. The act of verifying the identity of a user and the user’s eligibility to access computerized information
Scope Note: Assurance: Authentication is designed to protect against fraudulent logon activity. It can also refer to the verification of the correctness of a piece of data.
Controls that have been programmed and embedded within an application
Ensuring timely and reliable access to and use of information
Being acquainted with, mindful of, conscious of and well informed on a specific subject, which
implies knowing and understanding a subject and acting accordingly
A means of regaining access to a compromised system by installing software or configuring existing
software to enable remote access under attacker‐defined conditions
The main communication channel of a digital network. The part of the network that handles the majority of the traffic.
Files, equipment, data and procedures available for use in the event of a failure or loss, if the originals are destroyed or out of service.
An Alternative facility to continue IS/IT operations when the primary data processing centre is unavailable.
A card (or other devices) that is presented or displayed to obtain access to an otherwise restricted facility as a symbol of authority.
Balanced Score Card (BSC)
A coherent set of performance measures organised into four categories.
Balanced Score Card (BSC) Categories
customer business processes
internal business processes
The range between the highest and lowest transmittable frequencies. measured in bytes per second or Hertz (cycles) per second.
A printed machine-readable code that consists of parallel bars of varied width and spacing.
Base 58 encoding
Base58 Encoding is a binary‐to ‐text encoding process that converts long bit sequences into alphanumeric text