Erstellt von JACKSON BOEVE
vor etwa 2 Jahre
|
||
Frage | Antworten |
Application controls | Specific to a subsystem or an application to ensure the transaction's validity, completeness, and accuracy. |
Code of Ethics | Formal expectations of what is considered ethical within an organization promote ethical behavior. |
Committee of Sponsoring Organizations (COSO) | Composed of several organizations (AAA, AICPA, FEI, IIA, and IMA), study the causal factors that lead to fraudulent financial reporting and develop recommendations for public companies, independent auditors, the SEC, and other regulators, and educational institutions to improve the quality of financial reporting through internal controls and corporate governance. |
control objectives for information and related technology (COBIT) | An internationally accepted set of best IT security and control practices for IT management released by the IT Governance Institute (ITGI). |
Control Risk | The threat that errors or irregularities in the underlying transactions will not be prevented, detected, and corrected by the internal control system. |
Corporate Governance | A set of processes and policies in managing an organization with sound ethics safeguards its stakeholders' interests. |
Corrective Controls | Fix problems identified, such as using backup files to recover corrupted data. |
Cost/Benefit Analysis | Important in determining whether to implement internal control. |
Detective Controls | Find problems when they arise. |
Enterprise Risk Management (ERM) | A process, affected by the entity’s board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity and manage risk to be within the risk appetite, to provide reasonable assurance regarding the achievement of objectives. |
General Controls | Pertain to enterprisewide issues such as controls over accessing the network, developing and maintaining applications, and documenting changes of programs. |
Information Technology Infrastructure Library (ITIL) | A set of concepts and practices for IT service management. |
Inherent Risk | The risk is related to the nature of the business activity itself. |
Input Controls | Ensure the authorization, entry, and verification of data entering the system. |
International Organization for Standardization (ISO) 27000 series | This series contains a range of individual standards and documents reserved explicitly by ISO for information security. |
IT application controls | Activities are specific to subsystems or applications' input, processing, and output. |
IT controls | Involve processes that provide assurance for information and help mitigate risks associated with using technology. |
IT general controls (ITGC) | Enterprise-level controls over IT. |
Output Controls | Provide output to authorized people and ensure the result is used correctly. |
Physical Controls | Mainly manual but could involve the physical use of computing technology. |
Preventive Controls | Deter problems before they arise. |
Processing Controls | Ensure that data and transactions are processed accurately. |
Public Company Accounting Oversight Board (PCAOB) | SOX established it to provide independent oversight of public accounting firms. |
Residual Risk | The product of inherent risk and control risk (i.e., Residual risk = Inherent risk × Control risk). |
Risk Assessment | It identifies and analyzes risks systematically to determine the firm’s risk response and control activities. |
Sarbanes-Oxley Act of 2002 (SOX) | Response to business scandals such as Enron, WorldCom, and Tyco International; requires public companies registered with the SEC and their auditors to assess and report on the design and effectiveness of internal control over financial reporting. |
Möchten Sie mit GoConqr kostenlos Ihre eigenen Karteikarten erstellen? Mehr erfahren.