Term
|
Definition
| A systematic process of (1) objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria; and (2) communicating the results to interested parties. |
|
|
Term
|
Definition
| A review of the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information. |
|
|
Term
| Information Systems Audit |
|
Definition
| Reviews the general and application controls of an A+IS to assess its compliance with internal control policies and procedures and its effectiveness in safeguarding assets. |
|
|
Term
| Information Systems Audit |
|
Definition
| Reviews the general and application controls of an AIS to assess its compliance with internal control polices and procedures and its effectiveness in safeguarding assets. |
|
|
Term
|
Definition
| A review of how well management is utilizing company resources and how well company operations and programs follow established objectives. |
|
|
Term
|
Definition
| The susceptibility of a set of accounts or transactions to significant control problems in the absence of internal control. |
|
|
Term
|
Definition
| The risk that a significant control problem will be prevented or detected by the internal control system. |
|
|
Term
|
Definition
| The risk that the auditors and their audit procedures will not detect a material misstatement. |
|
|
Term
|
Definition
| The concept that an auditor should focus on detecting and reporting only those errors, deficiencies, and omissions that could possibly have significant impact on decisions. |
|
|
Term
|
Definition
| The concept that an auditor cannot seek complete assurance that an item is correct, since to do so would be prohibitively expensive. Instead, the auditor accepts a reasonable degree of risk that the audit conclusion is incorrect. |
|
|
Term
|
Definition
| A step in internal control evaluation in which it is determined if the necessary control procedures have been prescribed. |
|
|
Term
|
Definition
| A test whose objective it is to determine if control procedures are being followed correctly. |
|
|
Term
|
Definition
| Control procedures that will compensate for the deficiency in other controls. |
|
|
Term
|
Definition
| An approach auditors use to detect unauthorized program changes. The auditor verifies the integrity of an application program and then saves it for future use. At subsequent intervals, and on a surprise basis, the auditor uses the previously verified version of the program to reprocess transaction data. The output of the two runs is compared and discrepancies are investigated. |
|
|
Term
|
Definition
| An approach auditors use to detect unauthorized program changes and data processing accuracy. The auditor writes his or her own version of a program and then preprocesses data. The output of the auditor's program and the client's program are compared to verify that they are the same. |
|
|
Term
| Test Data Generator Program |
|
Definition
| A program that takes the specifications describing the logic characteristics of the program to be tested and automatically generates a set of test data that can be used to check the logic of the program. |
|
|
Term
| Concurrent Audit Techniques |
|
Definition
| A software routine that continuously monitors an information system as it processes live data in order to collect, evaluate, and report to the auditor information about the system's reliability. |
|
|
Term
|
Definition
| Special portions of application programs that track items of interest to auditors, such as unauthorized attempts to access the data files. |
|
|
Term
|
Definition
| A testing technique in which a dummy company or division is introduced into the company's computer system. Test transactions may then be conducted on these fictitious records without affecting the real records. Test transactions may be processed along with real transactions, and the employees of the computer facility need not be aware that testing is being done. |
|
|
Term
|
Definition
| An audit technique that records the content of both a transaction record and a related master file record before and after each processing step. |
|
|
Term
| System Control Audit Review File (SCARF) |
|
Definition
| A concurrent audit technique that embeds audit modules into application software to continuously monitor all transaction activity and collect data on transactions having special audit significance. |
|
|
Term
|
Definition
| A log of all transactions that have audit significance. |
|
|
Term
|
Definition
| A concurrent audit technique that embeds audit routines into application software to flag certain kinds of transactions that might indicated an error or fraud. |
|
|
Term
|
Definition
| a variation of the embedded audit module in which the auditor is notified of each transaction as it occurs by means of a message printed on the auditor's terminal. |
|
|
Term
| Continuous and Intermittent Simulation (CIS) |
|
Definition
| A concurrent audit technique that embeds an audit module into a database management system, rather than the application software. |
|
|
Term
| Automated Flowcharting Programs |
|
Definition
| A program that interprets the source code of a program and generates a flowchart of the logic used by the program. |
|
|
Term
| Automated Decision Table Programs |
|
Definition
| Programs that generate a decision table representing the program's logic. |
|
|
Term
|
Definition
| Software routines that search a program for the occurrence of a particular name or other combination of characters. |
|
|
Term
|
Definition
| Programs activated during regular processing that provide information as to which portions of the application program were not executed. |
|
|
Term
|
Definition
| A technique used to obtain detailed knowledge of the logic of an application program as well as to test the program's compliance with its control specifications. |
|
|
Term
|
Definition
| A matrix that shows the control procedures applied to each field of an input record. |
|
|
Term
| Generalized Audit Software |
|
Definition
| A software package that can be used to perform audit tests on the data files of a company. |
|
|
