DM1: Planning Audits Flashcards
prevents, detects, and/or contains an incidents or enables recovery from risk event
Effective Control
Policies, procedures, practices, and organizational structures implemented to reduce risk
Controls
Who is responsible for establishing controls?
Senior Management
What are the two key aspects of a control?
1) what should be achieved 2) what should be avoided
type of control that detects problems before the arise; monitor operation and inputs; predicts potential problems
Preventative control
type of control that detects and report occurrences of errors or events
Detective Control
type of control that minimizes impact of threats; remedy problems discovered; identify cause of problem; modify processes
Corrective Control
activity that contributes to mitigation of potential risks and the fulfillment of control objectives
Control measures
statements of the desired result or purpose to be achieved by implementing control activities
Control objectives
3 ways to evaluate control environments
Reviewing evidence of well controlled/effective operations, assessing strengths/weaknesses of controls, and determine if controls meet control objectives
strong controls that support weak controls; original controls may be cost-prohibitive or not feasible
Compensating control
two controls that address the same risk where both would be strong enough on its own; provides redundancy in case one fails
Overlapping controls
policies and procedures that focus on effective functioning of all areas across an organization
General controls
risk that a material error exists that would not be prevented or detected by system or internal controls
Control risk
risk that material errors that have occurred that will not be detected by an IS auditor
Detection risk