Glossary of Terms Flashcards Preview

CISM > Glossary of Terms > Flashcards

Flashcards in Glossary of Terms Deck (182)
Loading flashcards...

Audit Evidence

The information used to support the audit opinion


Audit Expert Systems

Expert or decision support systems that can be used to assist IS auditors in the decision‐making process by automating the knowledge of experts in the field

Scope Note: This technique includes automated risk analysis, systems software and control objectives software packages.


Audit Objective

The specific goal(s) of an audit
Scope Note: These often center on substantiating the existence of internal controls to minimize business risk.


Audit Plan

1. A plan containing the nature, timing and extent of audit procedures to be performed by engagement team members in order to obtain sufficient appropriate audit evidence to form an opinion.

Scope Note: Includes the areas to be audited, the type of work planned, the high‐level objectives and scope of the work, and topics such as budget, resource allocation, schedule dates, type of report and its intended audience and other general aspects of the work.

2. A high‐level description of the audit work to be performed in a certain period of time


Audit Programme

A step‐by‐step set of audit procedures and instructions that should be performed to complete an


Audit Responsibility

The roles, scope and objectives documented in the service level agreement (SLA) between
management and audit


Audit Risk

The risk of reaching an incorrect conclusion based upon audit findings.

Scope Note: The three components of audit risk are:
‐ Control risk
‐ Detection risk
‐ Inherent risk


Audit Sampling

The application of audit procedures to less than 100 percent of the items within a population to
obtain audit evidence about a particular characteristic of the population


Audit Subject Matter Risk

Risk relevant to the area under review:
‐ Business risk (customer capability to pay, credit worthiness, market factors, etc.)
‐ Contract risk (liability, price, type, penalties, etc.)
‐ Country risk (political, environment, security, etc.)
‐ Project risk (resources, skill set, methodology, product stability, etc.)
‐ Technology risk (solution, architecture, hardware and software infrastructure network, delivery channels, etc.)

Scope Note: See inherent risk


Audit Trail

A visible trail of evidence enabling one to trace information contained in statements or reports back
to the original input source


Audit Universe

An inventory of audit areas that is compiled and maintained to identify areas for audit during the audit planning process.

Scope Note: Traditionally, the list includes all financial and key operational systems as well as other units that would be audited as part of the overall cycle of planned work. The audit universe serves as the source from which the annual audit schedule is prepared. The universe will be periodically revised to reflect changes in the overall risk profile.



The level to which transactions can be traced and audited through a system


Auditable Unit

Subjects, units or systems that are capable of being defined and evaluated.

Scope Note: Auditable units may include:
‐Policies, procedures and practices
‐Cost centers, profit centers and investment centers
‐General ledger account balances
‐Information systems (manual and computerized)
‐Major contracts and programs
‐Organizational units, such as product or service lines
‐Functions, such as information technology (IT), purchasing, marketing, production, finance, accounting and human
resources (HR)
‐Transaction systems for activities, such as sales, collection, purchasing, disbursement, inventory and cost accounting,
production, treasury, payroll, and capital assets
‐Financial statements
‐Laws and regulations


Auditor's Opinion

A formal statement expressed by the IS audit or assurance professional that describes the scope of the audit, the procedures used to produce the report and whether or not the findings support that the audit criteria have been met.

Scope Note: The types of opinions are:
‐ Unqualified opinion: Notes no exceptions or none of the exceptions noted aggregate to a significant deficiency
‐ Qualified opinion: Notes exceptions aggregated to a significant deficiency (but not a material weakness)
‐ Adverse opinion: Notes one or more significant deficiencies aggregating to a material weakness



1. The act of verifying identity (i.e., user, system)

Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data

2. The act of verifying the identity of a user and the user’s eligibility to access computerized information

Scope Note: Assurance: Authentication is designed to protect against fraudulent logon activity. It can also refer to the verification of the correctness of a piece of data.



Undisputed Authourship


Automated application

Controls that have been programmed and embedded within an application



Ensuring timely and reliable access to and use of information



Being acquainted with, mindful of, conscious of and well informed on a specific subject, which
implies knowing and understanding a subject and acting accordingly


Back Door

A means of regaining access to a compromised system by installing software or configuring existing
software to enable remote access under attacker‐defined conditions


Back Bone

The main communication channel of a digital network. The part of the network that handles the majority of the traffic.


Back Up

Files, equipment, data and procedures available for use in the event of a failure or loss, if the originals are destroyed or out of service.


Backup centre

An Alternative facility to continue IS/IT operations when the primary data processing centre is unavailable.



A card (or other devices) that is presented or displayed to obtain access to an otherwise restricted facility as a symbol of authority.


Balanced Score Card (BSC)

A coherent set of performance measures organised into four categories.


Balanced Score Card (BSC) Categories

4x Categories:
financial measures
customer business processes
internal business processes
learning perspectives
growth perspectives



The range between the highest and lowest transmittable frequencies. measured in bytes per second or Hertz (cycles) per second.


Bar Code

A printed machine-readable code that consists of parallel bars of varied width and spacing.


Base 58 encoding

Base58 Encoding is a binary‐to ‐text encoding process that converts long bit sequences into alphanumeric text


Base 64 encoding

Base64 Encoding is a binary
‐to ‐text encoding process that converts long bit sequences into alphanumeric text