AIS Key Terms - Week 2.txt

Card Set Information

AIS Key Terms - Week 2.txt
2011-09-21 03:06:53
AIS Week

AIS Key Terms - Week 2
Show Answers:

  1. stewardship
    the careful and responsible oversight and use of the assets entrusted to management.
  2. code of ethics
    a standard of employee conduct paired with internal controls to prevent and detect fraud.
  3. fraud
    the theft, concealment, and conversion to personal gain of another's money, physical assets, or information.
  4. misappropriation of assets
    also referred to as defalcation or internal theft; theft of any item of value, most commonly dealing with cash or property.
  5. fraud triangle
    the three conditions that enable fraud to be perpetrated, consisting of incentive to commit fraud; opportunity to commit fraud; and the rationalization of fraudulent action.
  6. employee fraud
    fraud conducted by non-management employees; usually involves the theft of cash or assets for personal gain.
  7. kickback
    cash payment that the vendor give the employee in exchange for a sale; often thought of as a business bribe.
  8. skimming
    occurs when an organization's cash is stolen before it is entered into the accounting records.
  9. larceny
    the theft of cash after it has been recorded in accounting records.
  10. collusion
    occurs when two or more people work together to commit a fraud.
  11. customer fraud
    occurs when a customer improperly obtains cash or property from a company, or avoids a liability through deception.
  12. credit card fraud & check fraud
    involve the customer's use of stole or fraudulent credit cards and checks.
  13. refund fraud
    occurs when a customer tries to return stolen good to collect a cash refund.
  14. vendor fraud
    occurs when vendors obtain payments to which they are not entitled.
  15. vendor audits
    the examination of vendor records in support of amounts charged to the company.
  16. industrial espionage
    the theft of proprietary company information, by digging through the trash of the intended target company?
  17. software piracy
    the unlawful copying of software programs.
  18. salami technique
    altering a program to slice a small amount from several accounts and then crediting those small amounts to the perpetrator's benefit.
  19. trojan horse program
    a small, unauthorized program within a larger, legitimate program, used to manipulate the computer system to conduct a fraud.
  20. trap door alteration
    a valid programming tool that is misused to commit fraud.
  21. hacking
    the term commonly used for computer network break-ins.
  22. denial of service attack
    intended to overwhelm an intended target computer system with so much bogus network traffic that the system is unable to respond to valid network traffic.
  23. spoofing
    occurs when a person, through a computer system, pretends to be someone else.
  24. Sarbanes-Oxley Act of 2002
    intended to reform accounting, financial reporting and auditing functions of companies that are publicly traded in stock exchanges
  25. preventative controls
    designed to avoid errors, fraud, or events not authorized by management.
  26. detective controls
    controls that help employees uncover or discover errors, fraud, or unauthorized events.
  27. corrective controls
    those steps undertaken to correct an error or problem uncovered via detective controls.
  28. Committee of Sponsoring Organizations (COSO)
    committed formed in 2002 to study internal controls of fraud detection and correction in response to ongoing problems with fraudulent financial reporting.
  29. COSO report
    identified five interrelated components of internal control: the control environment; risk assessment; control activities; information and communication; and monitoring.
  30. control environment
    sets the tone of an organization and influences the control consciousness of its employees.
  31. control activities
    the policies and procedures that help ensure that management directives are carried out and that management objectives are achieved.
  32. authorization
    an approval, or endorsement from a responsible person or department in the organization that has been sanctioned by top management.
  33. general authorization
    a set of guidelines that allows transactions to be completed as long as they fall within established perimeters.
  34. specific authorization
    requires explicit authorization in order for a single transaction to be completed.
  35. segregation of duties
    the separation of related duties
  36. compensating control
    a type of control that lessens the risk of negative effects when other controls are lacking.
  37. audit trail
    verifiable information about the accuracy of accounting records.
  38. cost-benefit/reasonable assurance
    controls achieve a sensible balance of reducing risk when compared with the cost of the control.
  39. independent checks
    a method to confirm the accuracy and completeness of data in the accounting system.
  40. reconciliation
    a procedure that compares records from different sources.
  41. batch total
    a summation of key terms in a batch.
  42. Control Objectives for Information Technology (COBIT)
    extremely important guidance for those who design or audit IT systems.
  43. Trust Services Principles
    designed to be the written guidance for CPAs who provide assurance services for organizations.
  44. Foreign Corrupt Practices Act (FCPA) of 1977
    intended to prevent US corporations from bribing foreign officials while soliciting business.
  45. information criteria
    effectiveness, efficiency, confidentiality, integrity, availability, compliance and reliability.
  46. IT resources
    applications, information, infrastructure and people.
  47. application controls
    used in accounting applications to control inputs, processing, and outputs. Intended to ensure that inputs and processing are accurate and complete and that outputs are properly distributed, controlled, and disposed.
  48. validity check
    a programmed input check that can examine data in a given database and alert the user to an invalid entry.
  49. authentication of users
    a process or procedure in an IT system to ensure that the person accessing the IT system is a valid and authorized user.
  50. security token
    authentication technology that plugs into a USB port, thereby eliminating the need for a card reader.
  51. two factor authentication
    authentication based on two factors - something the user has and something the user knows (ie. password and security token).
  52. computer log
    a complete record of all dates, times, and uses for each user account.
  53. nonrepudiation
    a user cannot deny any particular act that he or she did on the IT system; achieved through authentication of users.
  54. authority table
    a list of valid, authorized users and the access level granted to each one.
  55. configuration tables
    tables that contain the appropriate set-up and security settings for hardware, software, and application programs.
  56. firewall
    hardware, software, or a combination of both that is designed to block unauthorized access on an IT network.
  57. symmetric encryption
    uses a single encryption key that must be used to encrypt data and also decode it.
  58. public key encryption
    uses both a public key and a private key. The public key is used to encrypt the data; the private key is used to decode the encrypted data.
  59. wired equivalency piracy (WEP)
    depending on the equipment used, enables 64, 128 or 256 bit symmetric encryption.
  60. wireless protected access (WPA)
    uses improved encryption and user authentication.
  61. service set identifier (SSID)
    used in wireless networks; a password that is passed between the sending and receiving nodes of a wireless network.
  62. virtual private network (VPN)
    normally used for traveling; utilizes tunnels, authentication, and encryption within the internet network to isolate internet communications so that unauthorized users cannot access or use certain data.
  63. secure sockets layer (SSL)
    a communication protocol built into web server and browser software that encrypts data transferred on that website.
  64. virus
    a self-replicating piece of program code that can attach itself to other programs and data and perform malicious actions such as deleting files or shutting down the computer.
  65. antivirus software
    continually scans a system for viruses and worms and either deletes or quarantines them.
  66. worm
    a small piece of program code that attaches to the computers unused memory space and replicates itself until the system becomes overloaded and shuts down.
  67. penetration testing
    process of legitimately attempting to hack into an IT system to find whether weaknesses can be exploited by unauthorized hackers.
  68. IT governance committee
    usually made up of top executives; charged with governing the overall development and operation of IT systems.
  69. systems development life cycle (SDLC)
    the systematic steps undertaken to plan, prioritize, authorize, oversee, test and implement large-scale changes to the IT system.
  70. business continuity planning (BCP)
    a proactive program for considering risks to the continuation of business and developing plans and procedures to reduce those risks.
  71. redundant arrays of independent disks (RAIDs)
    a form of redundant storage in which two or more disks are exact mirror images.
  72. AICPA Trust Service Principles
    security; availability; processing integrity; online privacy; and confidentiality
  73. database management system (DBMS)
    a software system that manages the interface between many users and the database.
  74. Local Area Network (LAN)
    a computer network covering a small geographic area.
  75. Wide Area Network (WAN)
    a group of LANs connected to each other to cover a wider geographic area.
  76. electronic data interchange (EDI)
    the company-to-company transfer of standard business documents in electronic form.
  77. application controls
    internal controls over the input, processing, and output of accounting applications.
  78. input controls
    intended to ensure the accuracy and completeness of data input procedures and the resulting data.
  79. processing controls
    ensure the accuracy and completeness of processing in accounting applications.
  80. output controls
    ensure the accuracy, completeness and security of outputs that result from application processing.
  81. control totals
    subtotals of selected fields for an entire batch of transactions.
  82. record counts
    a simple count of the number of records processed.
  83. batch totals
    totals of financial data, such as total gross pay or total federal tax deducted.
  84. hash totals
    totals of fields that have no apparent logical reason to be added.
  85. run-to-run control totals
    the reconciliation of control totals at various stages of processing.