AIS Chapter 6

The flashcards below were created by user Anonymous on FreezingBlue Flashcards.

  1. threat
    any potential adverse occurrence or unwanted event that could be injurious to either the AIS or the organization
  2. exposure / impact
    the potential dollar loss should a particular threat become a reality
  3. likelihood
    the probability that the threat will happen
  4. internal control
    the process implemented by the board of directors, management, and those under their direction to provide reasonable assurance that the control objectives are achieved
  5. preventive control
    Controls that deter problems before they arise
  6. detective control
    Controls that discover problems as soon as they arise
  7. corrective control
    controls that remedy control problems that have been discovered
  8. general control
    controls that are designed to make sure an organization's control environment is stable and well managed
  9. application control
    controls that prevent, detect, and correct transaction errors and fraud
  10. Foreign Corrupt Practices Act
    1977 act, with the primary purpose of preventing the bribery of foreign officials in order to obtain business. A significant effect of the act was to require corporations to maintain good systems of internal accounting control.
  11. Sarbanes-Oxley Act
    2002 act intended to prevent financial statement fraud, make financial reports more transparent, provide protection to investors, strengthen the internal controls at public companies, and punish executives who perpetrate fraud
  12. PCAOB
    A five-member board that controls the auditing profession
  13. belief system
    a lever of control that communicates company core values to employees and inspires them to live by them
  14. boundary system
    a lever of control that helps employees act ethically by setting limits beyond which an employee must not pass
  15. diagnostic control system
    a control lever that ensures efficient and effective achievement of important goals by measuring company progress by comparing actual performance to planned performance
  16. interactive control system
    a control lever that helps top-level managers with high-level activities that demand frequent and regular attention, such as developing company strategy, setting company objectives, understanding & assessing threats and risks, etc.
  17. COBIT
    a framework of generally applicable information systems security and control practices for IT control from the vantage points of business objectives, IT resources, and IT processes
  18. COSO
    a private-sector group consisting of the American Accounting Association, the AICPA, the Institute of Internal Auditors, the Institute of Management Accountants, and the Financial Executives Institute
  19. Internal Control-Integrated Framework
    framework which defines internal controls and provides guidance for evaluating and enhancing internal contorl systems
  20. Enterprise Risk Management-Integrated Framework
    A framework which expands on the elements of the internal control integrated framework and provides an all-encompassing focus on the broader subject of enterprise risk management
  21. Strategic objective
    high level goals that are aligned with and support the company's mission
  22. operations objective
    deal with the effectiveness and efficiency of company operations
  23. reporting objective
    help ensure the accuracy, completeness, and reliability of internal and external company reports of both a financial and nonfinancial nature
  24. compliance objective
    help the company comply with all applicable laws and regulations
  25. internal environment
    the tone or culture of a company, which helps determine how risk conscious employees are
  26. risk appetite
    the amount of risk a company is willing to accept in order to achieve its goals and objectives, in alignment with company strategy
  27. audit committee
    board composed entirely of outside, independent directs, which is responsible for overseeing the corporation's internal contro lstructure, its financial reporting process, and its compliance with related laws, regulations, and standards.
  28. policy and procedures manual
    explains proper business practices, describes the knowledge and experience needed by key personnel, spells out management policy for handling specific transactions, and documents the systems and procedures employed to process those transactions
  29. background check
    verification of educational and work experience, talking to references, checking for a criminal record, and checking credit records
  30. event
    an incident or occurrence emanating from internal or external sources that affects implementation of strategy or achievement of objectives; may have positive or negative impacts or both; represent uncertainty
  31. inherent risk
    the risk that exists before management takes any steps to control the likelihood or impact of a risk
  32. residual risk
    the risk that remains after management implements internal controls, or some other response to risk
  33. expected loss
    • the mathematical product of impact and likelihood
    • Impact Image Upload 1¬†Likelihood
  34. control activities
    the policies, procedures, and rules that provide reasonable assurance that management's control objectives are met and the risk responses are carried out
  35. authorization
    approving transactions and decisions; empowerment of employees
  36. digital signature
    a means of signing a document with a piece of data that cannot be forged
  37. specific authorization
    when an employee must get special approval before handling a transaction
  38. general authorization
    when management can authorize employees to handle routine transactions without special approval
  39. segregation of accounting duties
    separation of the authorization, recording, and custody functions
  40. collusion
    when two or more people cooperate to thwart internal controls
  41. segregation of systems duties
    separation of systems administration, network management, security management, change management, users, systems analysis, programming, computer operations, information system library, and data control
  42. systems administrator
    those responsible for ensuring that the different parts of an information system operate smoothly and efficiently
  43. network manager
    one that ensures all applicable devices are linked to the organization's internal and external networks and that the networks operate continuously and properly
  44. security management
    ensures that all aspects of the system are secure and protected from all internal and external threats
  45. systems analyst
    helps users determine their information needs and then designs an information system to fit those needs
  46. programmer
    takes the design provided by systems analysts and creates an information system by writing the computer programs
  47. computer operator
    runs the software on the company's computers, ensuring that data are input properly and correcly processed and the needed output is produced
  48. information system library
    a separate storge area that maintains custody of corporate databases, files, and programs
  49. data control group
    ensures that source data have been properly approved, monitors the flow of work through the computer, reconciles  input and output, maintains a record of input errors to ensure their correction and resubmission, and distributes systems output
  50. strategic master plan
    a multiyear plan that aligns an organization's information system with its business strategies by showing the projects that must be completed to achieve long-term company goals and addresses the company's hardware, software, personnel, and infrastructure requirements
  51. project development plan
    shows how a project will be completed, including the modules or tasks to be performed and who will perform them, the dates they should be completed, and project costs
  52. project milestone
    a significant point when progress is reviewd and actual & estimated completion times are compared
  53. performance evaluation
    a project development control that requires evaluating each module or task as it is completed
  54. data processing schedule
    organizes all data processing tasks to maximize use of scarce computer resources
  55. steering committee
    committee formed to guide and oversee systems development and acquisition
  56. system performance measurements
    measurements used to evaluate and assess a system; common measurements include throughput, utilization, and response time
  57. throughput
    output per unit of time
  58. utilization
    percentage of time the system is being productively used
  59. response time
    how long it takes the system to respond
  60. post-implementation review
    review made after a new system has been operating for a brief period; its purpose is to ensure that the new system is meeting its planned objectives, to identify the adequacy of system standards, and to review system controls
  61. systems integrator
    a vendor who uses common standards and manages a cooperative systems development effort involving its own development personnel and those of the client and other vendors
  62. change management
    the process of making sure changes do not negatively affect systems reliability, security, confidentiality, integrity, and availability
  63. analytical review
    an examination of the relationships between different sets of data
  64. audit trail
    exists when individual company transactions can be traced through the system from where they originate to where they end up on the financial statements, and vice versa
  65. computer security officer
    officer in charge of AIS security and should be independent of the information system function & report to the COO or the CEO
  66. chief compliance officer
    in charge of all compliance issues
  67. forensic accountant
    specialize in fraud detection and investigation
  68. computer forensics specialist
    specialists who discover, extract, safeguard, and document computer evidence such that its authenticity, accuracy, and integrity will not succumb to legal challenges
  69. neural network
    programs that mimic the brain and have learning capabilities
  70. fraud hot line
    anonymous whistle-blower tip line
Card Set:
AIS Chapter 6
2012-08-20 22:54:08

Accounting Info Systems Terms
Show Answers: