Glossary of Terms Flashcards Preview

CISM > Glossary of Terms > Flashcards

Flashcards in Glossary of Terms Deck (182)
Loading flashcards...
91

Audit Evidence

The information used to support the audit opinion

92

Audit Expert Systems

Expert or decision support systems that can be used to assist IS auditors in the decision‐making process by automating the knowledge of experts in the field

Scope Note: This technique includes automated risk analysis, systems software and control objectives software packages.

93

Audit Objective

The specific goal(s) of an audit
Scope Note: These often center on substantiating the existence of internal controls to minimize business risk.

94

Audit Plan

1. A plan containing the nature, timing and extent of audit procedures to be performed by engagement team members in order to obtain sufficient appropriate audit evidence to form an opinion.

Scope Note: Includes the areas to be audited, the type of work planned, the high‐level objectives and scope of the work, and topics such as budget, resource allocation, schedule dates, type of report and its intended audience and other general aspects of the work.

2. A high‐level description of the audit work to be performed in a certain period of time

95

Audit Programme

A step‐by‐step set of audit procedures and instructions that should be performed to complete an
audit

96

Audit Responsibility

The roles, scope and objectives documented in the service level agreement (SLA) between
management and audit

97

Audit Risk

The risk of reaching an incorrect conclusion based upon audit findings.

Scope Note: The three components of audit risk are:
‐ Control risk
‐ Detection risk
‐ Inherent risk

98

Audit Sampling

The application of audit procedures to less than 100 percent of the items within a population to
obtain audit evidence about a particular characteristic of the population

99

Audit Subject Matter Risk

Risk relevant to the area under review:
‐ Business risk (customer capability to pay, credit worthiness, market factors, etc.)
‐ Contract risk (liability, price, type, penalties, etc.)
‐ Country risk (political, environment, security, etc.)
‐ Project risk (resources, skill set, methodology, product stability, etc.)
‐ Technology risk (solution, architecture, hardware and software infrastructure network, delivery channels, etc.)

Scope Note: See inherent risk

100

Audit Trail

A visible trail of evidence enabling one to trace information contained in statements or reports back
to the original input source

101

Audit Universe

An inventory of audit areas that is compiled and maintained to identify areas for audit during the audit planning process.

Scope Note: Traditionally, the list includes all financial and key operational systems as well as other units that would be audited as part of the overall cycle of planned work. The audit universe serves as the source from which the annual audit schedule is prepared. The universe will be periodically revised to reflect changes in the overall risk profile.

102

Auditability

The level to which transactions can be traced and audited through a system

103

Auditable Unit

Subjects, units or systems that are capable of being defined and evaluated.

Scope Note: Auditable units may include:
‐Policies, procedures and practices
‐Cost centers, profit centers and investment centers
‐General ledger account balances
‐Information systems (manual and computerized)
‐Major contracts and programs
‐Organizational units, such as product or service lines
‐Functions, such as information technology (IT), purchasing, marketing, production, finance, accounting and human
resources (HR)
‐Transaction systems for activities, such as sales, collection, purchasing, disbursement, inventory and cost accounting,
production, treasury, payroll, and capital assets
‐Financial statements
‐Laws and regulations

104

Auditor's Opinion

A formal statement expressed by the IS audit or assurance professional that describes the scope of the audit, the procedures used to produce the report and whether or not the findings support that the audit criteria have been met.

Scope Note: The types of opinions are:
‐ Unqualified opinion: Notes no exceptions or none of the exceptions noted aggregate to a significant deficiency
‐ Qualified opinion: Notes exceptions aggregated to a significant deficiency (but not a material weakness)
‐ Adverse opinion: Notes one or more significant deficiencies aggregating to a material weakness

105

Authentication

1. The act of verifying identity (i.e., user, system)

Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data

2. The act of verifying the identity of a user and the user’s eligibility to access computerized information

Scope Note: Assurance: Authentication is designed to protect against fraudulent logon activity. It can also refer to the verification of the correctness of a piece of data.

106

Authenticity

Undisputed Authourship

107

Automated application
controls

Controls that have been programmed and embedded within an application

108

Availability

Ensuring timely and reliable access to and use of information

109

Awareness

Being acquainted with, mindful of, conscious of and well informed on a specific subject, which
implies knowing and understanding a subject and acting accordingly

110

Back Door

A means of regaining access to a compromised system by installing software or configuring existing
software to enable remote access under attacker‐defined conditions

111

Back Bone

The main communication channel of a digital network. The part of the network that handles the majority of the traffic.

112

Back Up

Files, equipment, data and procedures available for use in the event of a failure or loss, if the originals are destroyed or out of service.

113

Backup centre

An Alternative facility to continue IS/IT operations when the primary data processing centre is unavailable.

114

Badge

A card (or other devices) that is presented or displayed to obtain access to an otherwise restricted facility as a symbol of authority.

115

Balanced Score Card (BSC)

A coherent set of performance measures organised into four categories.

116

Balanced Score Card (BSC) Categories

4x Categories:
financial measures
customer business processes
internal business processes
learning perspectives
growth perspectives

117

Bandwidth

The range between the highest and lowest transmittable frequencies. measured in bytes per second or Hertz (cycles) per second.

118

Bar Code

A printed machine-readable code that consists of parallel bars of varied width and spacing.

119

Base 58 encoding

Base58 Encoding is a binary‐to ‐text encoding process that converts long bit sequences into alphanumeric text

120

Base 64 encoding

Base64 Encoding is a binary
‐to ‐text encoding process that converts long bit sequences into alphanumeric text