Assessment Flashcards
Testing that obtains audit evidence on the completeness, accuracy, or existence of activities or transactions during the audit period
Substantive Testing
Testing that gathers evidence for the purpose of testing an enterprises compliance with control procedures. This differs from substantive testing in which evidence is gathered to evaluate the integrity of individual transactions, data or other information.
Compliance/Control Testing
Testing that evaluates the relationship of two sets of data and discerns inconsistencies in the relationship.
Analytical Testing
The risk that a review will not detect or notice a material issue
Detection Risk
The risk that a material error could occur, if there are no related internal controls to prevent or detect the error.
Inherent Risk
The risk that a material error exists that would not be prevented or detected on a timely basis by the system of internal controls.
Control Risk
Tools used for accessing data in an electronic form from diverse software environments, record formats etc.
Computer-Assisted Auditing Tools (CAATs)
Sampling method used when an IS auditor is trying to determine whether a type of event has occurred. Best suited to assess the risk of fraud and to identify whether a single occurrence has taken place.
Discovery Sampling
Sampling method that helps limit the size of a sample and allows the test to be stopped at the earliest possible moment.
Stop-or-go Sampling
Sampling method used to test compliance of transactions to controls.
Attribute Sampling
Sampling method used in substantive testing situations and deals with population characteristics that vary, such as monetary values and weights.
Variable Sampling
Internal controls that are intended to reduce the risk of an existing or potential control weakness that may arise when duties cannot be appropriately segregated.
Compensating Controls
Test technique that identifies specific program logic that has not been tested and analyzes programs during execution to indicate whether program statements have been executed.
Mapping
Test technique that records the flow of designated transactions through logic paths within programs.
Snapshot
Test technique that shows the trail of instructions executed during an application.
Trace & Tagging
Test technique that represents the activity of recording specific tasks for future review
Logging
Testing used to test for the introduction of new errors in the system after changes have been applied.
Regression Testing
Testing used to test the functionality of the system against detailed requirements to ensure that software construction is traceable to customer requirements
Validation Testing
Testing used to see whether the system can operate in the target environment without adverse impacts on the existing systems.
Sociability Testing
Testing that evaluates the performance of the software under normal and peak conditions.
Load Testing
Testing that determines the capacity of the software to cope with an abnormal number of users or simultaneous operations.
Stress Testing
Testing that evaluates the ability of a system to recover after a failure.
Recovery Testing
Testing that evaluates the impact of incremental volume of records (not users) on a system.
Volume Testing
After the full backup, only the files that have changed are backed up, thus minimizing media storage.
Incremental Backup
A number of internet-connected devices, each of which is running one or more bots used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allows the attacker to access the device and its connection.
Botnet
Programs designed to destroy or modify data at a specific event or time in the future.
Logic Bombs
An attack, normally via email, pretending to be an authorized person or organization requesting information.
Phishing
A program that picks up information from PC drives by making copies of their contents.
Spyware