Payments Risk Management Controls Flashcards
22%
What are biometrics?
Technological and scientific authentication methods based on biology.
What are control activities?
Policies and procedures established to manage risks and ensure predefined objectives are met, and are designed to identify operational weaknesses and help effect corrective actions.
What are control self-assessments?
Assessments performed by those closest to the enviroment being testing and used to validate the adequacy and effectiveness of the control environment.
What are controls requirements?
The process used to document and track internal processes to determine that established procedures and / or physical security policies are being followed.
What are controls?
A means of managing risk, including policies, procedures, guidelines, practices, or organizational structures, which can be of an administrative technical, management, or legal nature.
What are detective controls?
Controls designed to identify, or detect, operational weaknesses to effect corrective actions.
What are internal controls?
The policies and procedures that organizations establish to reduce risks and ensure they meet operating, reporting, and compliance objectives.
What are logical access controls?
The policies, procedures, organizational structure, and electronic access controls designed to restrict access to computer software and data files.
What are preventative controls?
Controls designed to deter, or prevent, the occurrence of an undesirable event.
What are reasons to revise business continuity plan?
Changes in business operations, audit and examination recommendations, or due to testing results.
What are risk assessments?
Assessments that should analyze threats to all significant business lines, the sufficiency of mitigating controls, and any residual risk exposures.
What is a business impact analysis (BIA)
An organization’s first step in its business continuity process that should include a workflow analysis involving an assessment and prioritization of business functions and processes that must be recovered.
What is a control environment?
An internal system designed to provide reasonable assurance that internal controls will prevent or detect materially inaccurate; incomplete or unauthorized transactions; deficiencies in the safeguarding of assets; and unreliable financial and regulatory reporting and deviations from laws, regulations, and internal policies.
What is a corrective control?
A mitigating technique designed to lessen the impact to the institution when adverse events occur.
What is a credit analysis?
The method used to calculate the creditworthiness of an individual or organization.
What is a network administrator?
An individual responsible for the installation, management, and control of a network.
What is an audit committee?
A committee, established by a board of directors, responsible for reviewing, approving, and reporting on audit strategies as well as monitoring the effectiveness of an organization’s audit function.
What is an operating system?
The system that supports and manages software applications.
What is business continuity management?
The process for management to oversee and implement resilience, continuity, and response capabilities to safeguard employees, customers, products, and services.
What is dual control?
The concept of requiring more than one person to complete a task.
What is quality control?
A process using random work samples to ensure staff are acting according to procedures and that procedures are in line with policy.
What is segregation of duties?
An internal control designed to prevent error and fraud by dispersing critical functions of a process to more than one person or department.
What is the goal of the business continuity plan (BCP)?
To minimize financial losses to the institution, serve customers, and financial markets with minimal disruptions, and mitigate the negative effects of disruptions on business operations.
What is the Mastercard Alert to Control High-Risk Merchants (MATCH) list?
It is a detailed database of Merchants that Mastercard has determined to be high-risk.
What is the purpose of risk monitoring and testing?
To ensure an organization’s business continuity planning process remains viable.
What are the five components of an internal control program?
- Control environments
- Risk assessments
- Control activities
- Information and communication
- Monitoring
What is encryption used for?
To secure communications and data storage, particularly with authentication credentials and the transmission of sensitive information.
What is a trend analysis?
A technique that uses historical results to predict future outcome.
What is predictive modeling?
A process of using known results to create, process, and validate a model that can be used to forecast future outcomes.
What are nature related control types?
Administrative, technical, and physical
What are timing related control types?
Preventative, detective, and corrective
What is the importance of having layered security?
To allow the strength of one or more controls to compensate for weakness or failure of another control.
What are administrative controls?
Defines the human factors of security at all levels of personnel, and includes, for example, training, recruitment, and separation strategies.
What are technical controls?
The use of technology as a basis to control access and usage of sensitive data throughout physical structures and over networks.
What are physical controls?
Security measures for premises used to deter or prevent unauthorized access to sensitive material.
A switch that activates an alarm is what type of control?
Detective control
Segregation of duties is what type of control?
Preventative control
Permitting access to a system on an “as needed” basis is what type of control?
Logical access control
