IS 414 CH. 7 (VOCAB)

Question 1

Threat/event

Answer 1

Any potential adverse occurrence or unwanted event that could injure the AIS or the organization

Question 2

Exposure/impact

Answer 2

The potential dollar loss should a particular threat become a reality

Question 3

Likelihood

Answer 3

The probability that a threat will come to pass

Question 4

Internal controls

Answer 4

The processes and procedures implemented to provide reasonable assurance that control objectives are met

Question 5

Preventive controls

Answer 5

Controls that deter problems before they arise

Question 6

Detective controls

Answer 6

Controls designed to discover control problems that were not prevented

Question 7

Corrective controls

Answer 7

Controls that identify and correct problems as well as correct and recover from the resulting errors

Question 8

General controls

Answer 8

Controls designed to make sure an organization’s information system and control environment is stable and well managed

Question 9

Application controls

Answer 9

Controls that prevent, detect, and correct transaction errors and fraud in application programs

Question 10

Belief system

Answer 10

System that describes how a company creates value, helps employees understand management’s vision, communicates company core values, and inspires employees to live by those values

Question 11

Boundary system

Answer 11

System that helps employees act ethically by setting boundaries on employee behavior

Question 12

Diagnostic control system

Answer 12

System that measures, monitors, and compares actual company progress to budgets and performance goals

Question 13

Interactive control system

Answer 13

System that helps managers to focus subordinates’ attention on key strategic issues and to be more involved in their decisions

Question 14

Foreign Corrupt Practices Act (FCPA)

Answer 14

Legislation passed to prevent companies from bribing foreign officials to obtain business; also requires all publicly owned corporations maintain a system of internal accounting controls

Question 15

Sarbanes-Oxley Act (SOX)

Answer 15

Legislation intended to prevent financial statement fraud, make financial reports more transparent, provide protection to investors, strengthen internal controls at public companies, and punish executives who perpetrate fraud
(most important business orientated legislation in the last 80 years)

Question 16

Public Company Account Oversight Board (PCAOB)

Answer 16

A board created by SOX that regulates the auditing profession
Sets and enforces auditing, quality control, ethics, independence, and etc)
Consists of 5 people appointed by the Securities and Exchange Commission (SEC)

Question 17

Control Objectives for Information and Related Technology (COBIT)

Answer 17

A security and control framework that allows (1) management to benchmark the security and control practices of IT environments, (2) users of IT services to be assured that adequate security and control exists, and (3) auditors to substantiate their internal control opinions and advise on IT security and control matters

Question 18

Committee of Sponsoring Organizations (COSO)

Answer 18

A private-sector group consisting of the American Accounting Associations, the AIPCA, the Institute of Management Accountants, and the Financial Executives Institute

Question 19

Internal Control - Integrated Framework (IC)

Answer 19

A COSO framework that defines internal controls and provides guidance for evaluating and enhancing internal control systems

Question 20

Enterprise Risk Management -

Answer 20

Integrated Framework (ERM) A COSO framework that improves the risk management process by expanding (adds three additional elements) COSO’s Internal Control - Integrated

Question 21

Internal environment

Answer 21

The company culture that is the foundation for all other ERM components as it influences how organizations establish strategies and objectives; structure business activities; and identify, assess, and respond to risk

Question 22

Risk appetite

Answer 22

The amount of risk a company is willing to accept to achieve its goals and objectives. To avoid undue risk, risk appetite must be in alignment with company strategy

Question 23

Audit committee

Answer 23

The outside, independent board of director members responsible for financial reporting, regulatory compliance, internal control, and hiring and overseeing internal and external auditors

Question 24

Policy and procedures manual

Answer 24

A document that explains proper business practices, describes needed knowledge and experience, explains document procedures, explains how to handle transactions, and lists the resources provided to carry out specific duties

Question 25

Background check

Answer 25

An investigation of a prospective or current employee that involves verifying their educational and work experience, talking to references, checking for a criminal record or credit problems, and examining other publicly available information

Question 26

Strategic objectives

Answer 26

High-level goals that are aligned with and support the company’s mission and create shareholder value

Question 27

Operations objectives

Answer 27

Objectives that deal with the effectiveness and efficiency of company operations and determine how to allocate resources

Question 28

Reporting objectives

Answer 28

Objectives to help ensure the accuracy, completeness, and reliability of company reports; improve decision making; and monitor company activities and performance

Question 29

Compliance objectives

Answer 29

Objectives to help the company comply with all applicable laws and regulations

Question 30

Event

Answer 30

A positive or negative incident or occurrence from internal or external sources that affects the implementation of strategy or the achievement of objectives


Question 31

Inherent risk

Answer 31

The susceptibility of a set of accounts or transactions to significant control problems in the absence of internal controls

Question 32

Residual risk

Answer 32

The risk that remains after management implements internal controls or some other response to risk

Question 33

Expected loss

Answer 33

The mathematical product of the potential dollar loss that would occur should a threat become a reality (called impact or exposure) and the risk or probability that the threat will occur (called likelihood)

Question 34

Control activities

Answer 34

Policies, procedures, and rules that provide reasonable assurance that control objectives are met and risk responses are carried out

Question 35

Authorization

Answer 35

Establishing policies for employees to follow and then empowering them to perform certain organizational functions. Authorizations are often documented by signing, initialing, or entering an authorization code on a document or record

Question 36

Digital signature

Answer 36

A means of electronically signing a document with data that cannot be forged

Question 37

Specific authorization

Answer 37

Special approval an employee needs in order to be allowed to handle a transaction

Question 38

General authorization

Answer 38

The authorization given employees to handle routine transactions without special approval

Question 39

Segregation of accounting duties

Answer 39

Separating the accounting functions of authorization, custody, and recording to minimize an employee’s ability to commit fraud

Question 40

Collusion

Answer 40

Cooperation between two or more people in an effort to thwart internal controls

Question 41

Segregation of systems duties

Answer 41

Implementing control procedures to clearly divide authority and responsibility within the information system function

Question 42

Systems administrator

Answer 42

Person responsible for making sure a system operates smoothly and efficiently

Question 43

Network manager

Answer 43

Person responsible for ensuring that applicable devices are linked to the organizations networks and that the networks operate properly

Question 44

Security management

Answer 44

People that make sure systems are secure and protected from internal and external threats

Question 45

Change management

Answer 45

Process of making sure changes are made smoothly and efficiently and do not negatively affect systems reliability, security, confidentiality, integrity, and availability

Question 46

Users

Answer 46

People who record transactions, authorize data processing, and use system output

Question 47

Systems analysts

Answer 47

People who help users determine their information needs and design systems to meet those needs

Question 48

Programmers

Answer 48

People who take the analysts’ design and develop, code, and test computer programs

Question 49

Computer operators

Answer 49

People who operate the company’s computers

Question 50

Information system library

Answer 50

A collection of corporate databases, files, and programs stored in a separate storage area and managed by the system librarian

Question 51

Data control group

Answer 51

People who ensure that source data is properly approved, monitor the flow of work, reconcile input and output, handle input errors to ensure their correction and resubmission, and distribute systems outputPeople who ensure that source data is properly approved, monitor the flow of work, reconcile input and output, handle input errors to ensure their correction and resubmission, and distribute systems output

Question 52

Steering committee

Answer 52

An executive-level committee to plan and oversee the information systems function

Question 53

Strategic master plan

Answer 53

A multiple-year plan that lays out the projects the company must complete to achieve its long-range goals and the resources needed to achieve the plan

Question 54

Project development plan

Answer 54

A document that shows how a project will be completed

Question 55

Project milestones

Answer 55

Points where progress is reviewed and actual and estimated completion times are compared

Question 56

Data processing schedule

Answer 56

A schedule that shows when each data processing task should be performed

Question 57

Systems performance measurements

Answer 57

Ways to evaluate and assess a system

Question 58

Throughput

Answer 58

The amount of work performed by a system during a given period of time

Question 59

Utilization

Answer 59

The percentage of time a system is used

Question 60

Response time

Answer 60

How long it takes for a system to respond

Question 61

Postimplementation review

Answer 61

Review, performed after a new system has been operating for a brief period, to ensure that it meets its planned objectives

Question 62

Systems integrator

Answer 62

An outside party hired to manage a company’s systems development effort

Question 63

Analytical review

Answer 63

The examination of the relationships between difference sets of data

Question 64

Audit trail

Answer 64

A path that allows a transaction to be traced through a data processing system from point of origin to output or backward from output to point of origin

Question 65

Computer security office (CSO)

Answer 65

An employee independent of the information system function who monitors the system disseminates information about improper system uses and their consequences, and reports to top management

Question 66

Chief compliance officer (CCO)

Answer 66

An employee responsible for all the compliance tasks associated with SO and other laws and regulatory rulings

Question 67

Forensic investigators

Answer 67

Individuals who specialize in fraud, most of whom specialized training with law enforcement agencies such as the FBI or IRS or have professional certifications such as Certified Fraud Examiner (CFE)

Question 68

Computer forensics specialists

Answer 68

Computer experts who discover, extract, safeguard, and document computer evidence such that its authenticity, accuracy, and integrity will not succumb to legal challenges

Question 69

Neural networks

Answer 69

Computing systems that imitate the brain’s learning process by using a network of interconnected processors that perform multiple operations simultaneously and interact dynamically

Question 70

Fraud hotline

Answer 70

A phone number employees can call to anonymously report fraud and abuse