IT Audit, Chapter 11: "Internal Control and COSO Framework" flash cards

System of Internal Control

(11.1) A system that consists of policies and procedures designed to provide management with reasonable assurance that the company achieves its objectives and goals.

Control Environment

(11.3) A component of the COSO Internal Control framework that consists of the actions, policies, and procedures that reflect the overall attitudes of top management, directors, and owners of an entity about internal control and its importance to the entity.

Risk Assessment

(11.3) A component of the COSO Internal Control framework that involves a process for identifying and analyzing risks that may prevent the organization from achieving its objectives.

Control Activities

(11.3) A component of the COSO Internal Control framework that involves policies and procedures to help ensure that necessary actions are taken to address risks to the achievement of the entity’s objectives.

Information and Communication

(11.3) A component of the COSO Internal Control framework that initiates, records, processes, and reports the entity’s transactions, along with maintaining accountability for the related assets.

Monitoring

(11.3) A component of the COSO Internal Control framework that deals with ongoing or periodic assessments of the quality of internal control by management to determine that controls are operating as intended and that they are modified as appropriate for changes in conditions.

Specific Authorization

(11.3) A case-by-case approval of transactions not covered by companywide policies.

General Authorization

(11.3) A companywide policy for the approval of all transactions within stated limits.

Independent Check

(11.3) An internal control activity designed for the continuous interval verification of other controls.

General Control

(11.4) A control that relates to all parts of the IT function and affect many different software applications.

Application Control

(11.4) A control, typically at the business process level, that applies to processing transactions. This includes the inputting, processing, and outputting of sales or cash receipts.

Pilot Testing

(11.4) An instance where a new system is implemented in one part of an organization while other locations continue to rely on the old system.

Parallel Testing

(11.4) An instance where the old and new systems operate simultaneously in all locations.

Hardware Control

(11.4) A control built into the computer equipment by the manufacturer to detect and report equipment failure.

Input Control

(11.4) A control designed by an organization to ensure that the information to be processed by the computer is authorized, accurate, and complete.

Processing Control

(11.4) A control designed to ensure that data input into the system are accurately and completely processed.

Output Control

(11.4) A control designed to ensure that computer-generated data are valid, accurate, complete, and distributed only to authorized people.

Virtual Private Network

(11.5) An encrypted connection over the Internet from a device into a network (also referred to as a VPN).

Virtual Desktop

(11.5) A preconfigured image of operating systems and applications.

Local Area Network

(11.5) A network that connects computer equipment, data files, software, and peripheral equipment within a local area for intercompany use (also referred to as a LAN).

Wide Area Network

(11.5) A network that connects computer equipment, databases, software, and peripheral equipment that reside in many geographic locations - such as client offices located around the world (also referred to as a WAN).

Database Management System

(11.5) A hardware and software system that allows clients to establish and maintain databases shared by multiple applications.

Enterprise Resource Planning System

(11.5) A system that integrates numerous aspects of an organization’s activities into one accounting information system (also referred to as an ERP)

Firewall

(11.5) A system of hardware and software that monitors and controls the flow of e-commerce communications by channeling all network connections through a control gateway.

Encryption Technique

(11.5) A computer program that changes a standard message or data file into one that is coded and then decoded using a decryption program.

Application Service Provider

(11.5) A third-party entity that manages and supplies software applications or software-related services to customers through the Internet.

Cloud Computing Environment

(11.5) A computer resource deployment and procurement model that enables an organization to obtain IT resources and applications at an IT service center shared with the other organizations from any location via an Internet connection.