Chap 7 Information-Technology Risk And Controls

Question 1

Information systems (I S) auditor

Answer 1

An auditor who works extensively in the area of computerize information systems and has deep I T risk, control, and audit expertise

Question 2

Database

Answer 2

A large depository of data, typically contained in many linked files, and stored in a manner that allows the data to be easily accessed, retrieved, and manipulated

Question 3

Big data

Answer 3

A term used to refer to the large amount of constantly streaming digital information, massive increase in the capacity to store large amounts of data, and the amount of datat processing power required to manage, interpret, and analyze the large volumes of digital information

Question 4

ERP system

Answer 4

A modular software system that enables an organization to integrate its business process using a single operating database

Question 5

EDI

Answer 5

The computer-to-computer exchange of business documents in electronic form between an organization and it’s trading partners

Question 6

I T governance

Answer 6

The leadership, structure, and oversight processes that ensures the organization’s IT supports the objectives and strategies of the organization

Question 7

IT risk management

Answer 7

The process conducted by management to understand and handle the IT risks and opportunities that could affect the organization’s ability to achieve its objectives

Question 8

IT standards

Answer 8

Support IT policies by more specifically defining what is required to achieve the organization’s objectives

Question 9

IT organization and management controls

Answer 9

Provide assurance that the organization is structured with clearly defined lines of reporting and responsibility and has implemented effective control processes

Question 10

IT physical and environmental controls

Answer 10

Protect information system resources from accidental or intentional damage, misuse, or loss

Question 11

Physical access controls

Answer 11

Provide security over tangible IT resources

Question 12

Logical access controls

Answer 12

Provide security over software and information imbedded in the system

Question 13

IT outsourcing

Answer 13

Transferring IT functions to an outside provider to achieve cost reductions while improving service quality and efficiency

Question 14

Integrated auditing

Answer 14

IT risk and control assessments are assimilated into assurance engagements conducted to access process-level reporting, operations, and/or compliance risk and controls

Question 15

GTAG

Answer 15

Provides internal auditors with guidance that will help them better understand the governance, risk management, and control issues surrounding IT

Question 16

GAIT

Answer 16

Describes the relationships among financial reporting risks, key process controls, automated controls and other critical IT functionality, and key IT general controls

Question 17

Bring your own device (BYOD)

Answer 17

A policy whereby organizations allow associates to access business email, calendars, and other data on their personal laptops, smart phones, tablets, or other devices