Test 1 Vocab Flashcards
source documents
documents to capture transaction data at its source - when the transaction takes place
turnaround document
records of company data sent to an external party and then returned to the system as input
block code
blocks of numbers reserved for specific categories of data. i.e. - 1000-1999 is reserved for electronic devices
fraud
gaining an unfair advantage over another person - false statements, intent to deceive, injury or loss suffered by victim
investment fraud
misrepresenting or leaving out facts in order to promote investment that promises fantastic profits with little risk
misappropriation of assets
theft of company assets by employees
Fraud Triangle: Pressure
a person’s incentive or motivation for committing fraud
Fraud Triangle: Opportunity
the condition or situation that allows the perpetrator to COMMIT, CONCEAL, AND CONVERT
lapping
concealing the theft of cash by means of a series of delays in posting collections to AR
check kiting
creating cash using the lag between the time a check is deposited and the time it clears the bank
Fraud Triangle: Rationalization
the excuse that fraud perpetrators use to justify their illegal behavior
COBIT 5 Framework
- Meet stakeholder needs 2. Covering the enterprise end-to-end 3. Applying a single, integrated framework 4. Enabling a holistic approach 5. Separating governance from mgt
COSO’s ERM Model
- Internal Environment 2. Objective Setting 3. Event Identification 4. Risk Assessment 5. Risk Response 6. Control Activities 7. Info & Communication 8. Monitoring
risk appetite
amt of risk a company is willing to accept to achieve its goals and objectives
Possible Responses to Risk
- Reduce - IC 2. Accept 3. Share - buy insurance, outsource an activity or enter into hedging transactions 4. Avoid - Don’t get involved in those risky activities.
Excpected Loss
impact x likelihood
Specific Authorization
special approval an employee needs in order to be allowed to handle a transaction
Trust Services Framework (Systems Reliability)
- Security 2. Confidentiality 3. Privacy 4. Processing Integrity 5. Availability
Confidentiality
sensitive organizational information is protected from unauthorized disclosure
Privacy
personal information is protect from unauthorized disclosure
Availability
system and its info are available to meet operation and contractual obligations
Security Life Cylce
- Assess threats and select risk response 2. Develop and communicate policy 3. Acquire and implement solutions 4. Monitor performance
defense-in-depth
employing multiple layers of controls to avoid a single point-of-failure
Time-based Model of Security
P > D + C
Authentication
- Something they know (PIN) 2. Something they have (ID Card) 3. Something they are (BIOMETRIC, fingerprint, typing patterns)
Multimodal Authentication
More than one of the same type of authentication credentials - IE username AND password
Multifactor Authentication
Using two or more types of authentication. IE - Fingerprint and Password
Compatibility Test
Matches user’s authentication credentials against the access control matrix to determine if they should be allowed to do what they’re trying to do
border router
what connects the organization to the internet - final thing
firewall
hardware or software running on a general-purpose computer that controls inboudn and outbound communication between the system and other networks
Demilitarized Zone (DMZ)
separate network outside the organization’s internal IS that permits controlled access from the Internet
packet filtering
a process that uses packet headers to make decision
deep packet inspection
examines body and contents of packet (opening an envelope)
endpoints
devices, printers, servers, etc. that comprise an org’s network
hardening
process of modifying the default configuration of endpoints to eliminate unnecessary settings and services
Log Analysis
Detective control - examine logs to ID evidence of possible attacks
Intrusion Detection System
Detective - logs all network traffic that passed the firewall and looks for signs of intrusion
Petetration Testing
Detective Control - AUTHORIZED attempt to break into the organizations info system
Exploit
a program designed to take advantage of a known vulnerability
Virtualization
running multiple systems simultaneously on one physical computer
Application Controls for Processing Integrity
- Input Controls 2. Processing Controls 3. Output Controls
Input Controls
- Forms Design 2.Cancellation and Storage of Source Docs 3.Data Entry Controls 4.Batch Processing Entry Ctrls 5.Online Entry Ctrls
Field Check
CORRECT TYPE OF CHARACTERS
Sign Chck
Correct sign - no negatives in inventory
Limit check
compares number against a fixed value -
Range Check
Whether number falls between specified lower and upper limits (marketing promotion targets only those with income between $50k and $100k)
Size Check
Correct number of Chars, Digits
Completeness Check
all required data items have been entered
Validity Check
Compares ID code to master file to verify the account exists
Reasonableness Test
logical correctness of relationships among data items. (overtime hours should be 0 for those who have not worked 40 hrs)
Check Digit(and verification)
digit computed by using the other digits in and id number to identify errors
Prompting
system requests each input data item and waits for an acceptable response, ensures that all data is entered (online completeness check)
Closed-loop Verification
check accuracy by bringing up account name to verify the account number
transposition error
when numbers in two adjacent columns are inadvertently exchanged (64 become 46)
Cross-footing balance test
sum a row of column totals and a column of row totals to make sure they come out to the same number
Zero-Balance Test
debits and credits - payroll clearning account should have a zero balance after both sets of entries have been made.
Write-Protection Mechanisms
Processing control - protect against overwriting or erasing of data files stored on magnetic media
Concurrent update controls
prevent errors of when two or more users try to update the same record simultaneously. locks the others out until the first one is finished
Processing Controls
Data Matching File Labels Recalc of Batch Totals Cross-footing and Zero-balance Write-protection mechanism Councurrent Update Controls
Output Controls
User review of Output Reconcil. Procedures External Data Reconcil. Data Transmission Controls (Checksums and Parity Bits)
