Term
|
Definition
The process of collecting & evaluating evidence to determine whether information systems and IT environments
o Adequately safeguard assets
o Maintain data and system integrity
o Provide relevant and reliable information
o Achieve organizational goals effectively
o Consume resources efficiently
o Have in effect internal controls that provide reasonable assurance that operational and control objectives will be met |
|
|
Term
|
Definition
| The risk that the auditor gives a clean opinion on the adequacy of controls when there is actually a material weakness in controls or draws the wrong conclusion based on the audit evidence. |
|
|
Term
|
Definition
| the risk that the information gathered from the company is false or misleading |
|
|
Term
|
Definition
| Risk that exists because of the environment that without controls is more likely to have material misstatements, errors, or frauds than others |
|
|
Term
|
Definition
| The risk that a control is not functioning properly |
|
|
Term
|
Definition
| A statement of desired result or purpose to be achieved by implementing control procedures in a particular IT activity |
|
|
Term
| Internal Control (word for word) |
|
Definition
| The policies, procedures, practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected. |
|
|
Term
|
Definition
| Controls that cover the entire data processing or IT environment and impact all systems. They are pervasive, in line with the control culture, and sensitive to management. |
|
|
Term
|
Definition
| Specific to individual applications in the system. Primarily applied to input, processing, and output. |
|
|
Term
|
Definition
o Provide technical assistance to financial, compliance, and performance audits
o Perform separate IT audits
o Perform integrated IT audits
o Performa technical and IT operational audits
o Help meet the mission of the audit function |
|
|
Term
|
Definition
o General Control Examinations
o Application Systems Audits
o System Underdevelopment Audits
o Technical or Special Topic Audits |
|
|
Term
| ISACA IT Auditing Standards S2 |
|
Definition
o Professional independence: in appearance and fact
o Organizational Independence : The IS audit function should be independent of the area or activity being reviewed to permit objective completion of the audit assignment. |
|
|
Term
|
Definition
Standards used to determine whether something meets expectations. They serve as a basis upon which one measure or compares against something. Keep in mind how it is evidenced
o Generally accepted
o Recognized
o Understandable
o Defendable
o Authoritative |
|
|
Term
| Impact of Technology on Internal Controls |
|
Definition
Does not change high level control objectives however it leads to a new mix of internal controls due to:
o High importance of tech and new risks with it call for new IC
o Changes in risk and exposures
o Changes in implementation of controls
o New ways to monitor controls |
|
|
Term
| Impact of Technology on Auditing |
|
Definition
o Changes the audit and control environment
o Changes the risks and exposures
o Changes some audit evidence
o Impacts the analysis of evidence
o Increases the importance of control reviews for information reliability assessments during pre-audit work |
|
|
Term
| CobiT control model or CobiT Framework (what is CobiT, what is the CobiT framework? What are the three components of the CobiT framework?) |
|
Definition
Generally accepted IT control objectives and control practices for use by managers and auditors. It is a control model for business enterprise that uses technology and needs to manage the IT environment. The 3 components are
o Business requirements for information or information criteria
o IT Resources
o IT processes |
|
|
Term
| Objectives of IT Governance |
|
Definition
o IT is aligned with the business and enables the business to maximize benefit
o IT Resources are Safeguarded
o IT resources are used in a responsible and ethical manner
o IT-related risks are addressed through appropriate controls and managed to minimize risk and exposure
o IT performance is measured and evaluated for ROI |
|
|
Term
| What does management need to do to manage and control IT |
|
Definition
o Employ fundamentals of corporate & IT Governance
o Clear understanding of strategic value of technology
o Align it strategies and business strategies
o Cascade it strategies down w/in the business entity
o Implement performance measurement and IT resources management
o Develop strategic plans with corporate IT strategies in sync
o Adopt a control framework that also addresses IT controls |
|
|
Term
|
Definition
| The system process data in a reliable manner and provides reliable and relevant information |
|
|
Term
|
Definition
| reliability of the data with respect to accuracy, completeness, neutrality or consistency, validity, and verifiability |
|
|
Term
| Reasons why IT systems and processing environments need to be controlled: |
|
Definition
| Both systems and processing environments need to be controlled because they each have their own set of requirements and risks that if not addressed will not allow either to function properly |
|
|
Term
| Management and Audit’s responsibilities for control: |
|
Definition
o Management needs to design, implement, and exercise appropriate and adequate internal controls that provide reasonable assurance that business and control objectives will be met
o Auditors assess adequacy and provide an opinion on it |
|
|
Term
| • Role of the ISACA IT Auditing Standards and Guidelines and the auditor’s responsibility regarding the IT Auditing Standards and Guidelines |
|
Definition
| Inform management of what he profession expects of auditors while outlining the minimum level of expectable performance for auditors. |
|
|
Term
| Closing the loop framework |
|
Definition
A. Define Control Objectives
B. Indentify control criteria
C. Develop audit objectives
D. Define audit criteria
E. Build audit steps
F. Develop audit results |
|
|
Term
| Four fundamental types of documentation needed by an organization |
|
Definition
o Policies (rule of the road)
o Procedure (how to)
o Narrative Explanation of process system
o System of record (Recording data) |
|
|
Term
|
Definition
| Provide feedback as to whether controls are in place and in effect. |
|
|
