Term
| (1) certify the internal controls over financial reporting (2) state responsibility for IC design (3) provide reasonable assurance as to the reliabilty of the financial reporting process(4) disclose any recent material changes in IC. |
|
Definition
| SOX section 302 says mgmt must: |
|
|
Term
| (1) asses IC effectiveness (2) reference the external auditors attestation report on mgmt's IC assesment. (3) provide explicit conclusions on the effectiveness of FR IC (4) identify the framework mgmt used to conduct their IC assesement. |
|
Definition
| SOX section 404 says mgmt must: |
|
|
Term
| (1) issue new audiot opintion on mgmt's IC assesment (2) required to test IC (3) collect documentation on IC tests and interview mgmt on IC changes |
|
Definition
| audit implications include: |
|
|
Term
| (1) application controls (2) general controls |
|
Definition
| COSO identifies two groups of IR controls |
|
|
Term
| ensure data validity, completeness and accuracy |
|
Definition
|
|
Term
| apply to all systems and address IT governance and infrustructure, security, and application and program acquisition |
|
Definition
|
|
Term
| how IT operates within an organization and how it is concerned with (1) organizations structure (2) computer center security and controls (3) disaster recovery planning |
|
Definition
| It governance and infrastructure controls is concerned with: |
|
|
Term
| (1) second site back up (2) DR team (3) test DR plan (4) data backup and storage offsite (5) ID of critical applications |
|
Definition
|
|
Term
| (1) separate SD (authorization) from computer operations (custody, recording, processing) (2) separate SD from SM (independent verification)(3) separate SA from all other IT functions |
|
Definition
| separation of duties in organizational structure of IT |
|
|
Term
| (1) ID and password combinations, after specified number of failed attempts, the system should lock out the user |
|
Definition
| log on procedure controls: |
|
|
Term
| (1) changed periodically (2) include numbers, letters, and symbols (3) not be based on personal information |
|
Definition
|
|
Term
| if the log in is valid, the access token contains key info about the user that is matched wtih teh control list to gain access to specific resouces. |
|
Definition
| access token and control list |
|
|
Term
| document and record all activity at the system, application, and user level |
|
Definition
|
|
Term
| access control-defines a user's data domain |
|
Definition
|
|
Term
| access control-rules that define the actions a user can take |
|
Definition
| database authorization table |
|
|
Term
|
Definition
| questions that provide stronger user identification than a password can |
|
|
Term
|
Definition
| for both stored data as well as displayed datadata |
|
|
Term
|
Definition
| user physical characteristics that are digitized and stored for Identification and authorization |
|
|
Term
| (1) backup at least once a day and store at 2nd location (2) maintain transaction logs that correspond to the number of backups, changes to the database are stored inthe database change log (3) checkpoint feature reconciles the backup database copy and the database change log (4) recovery module uses the transaction log and backup files to restart the database after a failure. |
|
Definition
|
|
Term
|
Definition
| a system that enforces access control between 2 networkds, must be immune to unauthorized access from both internal and external sources |
|
|
Term
| denial of service attacks |
|
Definition
| difficult to control against, deep packet inspection searches individual packets of info in a message to id known attack signitures |
|
|
Term
|
Definition
| uses keys on both the sender's and receivers side to encrypt and then decode a message |
|
|
Term
|
Definition
| electronic authentication that cannot be forged, ensures the message was not tampered with after the signature was applied |
|
|
Term
|
Definition
| issued by a third paty to validate a senders identity |
|
|
Term
|
Definition
| restricts intrustion by calling back the user after ID has been validated |
|
|
Term
|
Definition
| corruption through noice in the communication lines |
|
|
Term
|
Definition
| receiver returns message to sender to confirm accuracy and completeness of message |
|
|
Term
|
Definition
| incorporates an extra bit into the structure of info when is created. the parity bit is based on the info in the mssage and is recalculated on the receiver's end. it is then compared to the existing parity bit in the mssae to detect transmission errors. |
|
|
Term
| read only access to info tis used to control access, transaction authorization, and audit trail |
|
Definition
| electronic data interchange controls |
|
|
Term
|
Definition
| programmed procedures that perform tests on transaction data to ensure they are free from error |
|
|
Term
|
Definition
| control digit added to a data code to check code integrity |
|
|
Term
|
Definition
| missing data triggers an error |
|
|
Term
|
Definition
|
|
Term
|
Definition
| used to identify field values that exceed an authorized limit |
|
|
Term
|
Definition
| used to identify field values that are outside an authroized range |
|
|
Term
|
Definition
| uses data from other fields to asses the reaonableness of entered data |
|
|
Term
|
Definition
| compares field values against known acceptable values |
|
|
Term
|
Definition
| programmed producures in the processing stage |
|
|
Term
|
Definition
| used to document and manage the flow of high volumes of transactions through batch processing systems |
|
|
Term
|
Definition
| total dollar value of a financial field in the batch |
|
|
Term
|
Definition
| the total of a unique non financial field in the batch |
|
|
Term
|
Definition
| the use of batch figures to monitor that batch as it moves from one prodeure to another |
|
|
Term
|
Definition
| ensure that every transaction can be traced through each stage of processing from its source to its presentation int he financial statements |
|
|
Term
|
Definition
| ensure that system output is not lost, misdirected, or corrumpted and that the privacy of output is not compromised |
|
|
Term
|
Definition
| be aware of exposures during spooling and ensure that proper access and backup procedures are in place to protect output files |
|
|
Term
|
Definition
| should be monitored so that unauthorized copies are not made or sensitive material is not disclosed |
|
|
Term
| (1) authorization (2) user specification (3) technical design (4) internal audit participation (5) program testing |
|
Definition
| system development conrls |
|
|
Term
| (1) authorization (2) technical specifications (3) testing (4) documentation updates |
|
Definition
|
|
Term
|
Definition
| application program modules are stored in source code form on magnetic disks called these |
|
|
Term
| (1) password control (2) separation of test libraries (3) mgmt reports (4) program version numbers (5) control access to common maintenance commands |
|
Definition
|
|
