|
Application Access
Access to an application via direct connection, Web services or a terminal.
Automated User Enrollment
Process to move user identity information over a network from a data source to a directory where it is needed.
By-name Authorization
From an individual username, connecting authorized access to a data target.
CEO
Chief Executive Officer
CFO
Chief Financial Officer
Control Activities
One of five components of internal control according to the COSO Internal Control Framework. Also known as Control procedures.
Control policies and procedures to ensure actions identified as necessary for risk assessment are carried out. They have to be both established and executed for their effectiveness to be established. Control activities are made up of two elements, policies and procedures.
Control Environment
One of five components of internal control according to the COSO Internal Control Framework
Senior management have to set the tone at the top, that positively influences the control consciousness of entity personnel. Discipline and structure are generated by the control environment and is the central building block for the other components of internal control.
COSO
Committee Of Sponsoring Organizations of the Treadway Commission
COSO Framework
Most widely used framework to assess the effectiveness of internal control.
Cox, Christopher
Chairman of the Securities and Exchange Commission. Confirmed in 2005.
Data Confidentiality
Access to data is limited to the those with a need to know. All others are denied access.
Data Field Access
Access to one or more selected fields in a database.
Data Integrity
Accuracy and reliability of published and non-published information maintenance.
Database Access
Access to one or more data entries in a database.
Directory-enabled access controls
Controls over access to digital resources that is controlled by entries in a service directory
Distributed Enrollment
Process of enrollment conducted by persons at one or more remote locations acting as agents for enrolling end users.
ECMA
Enterprise Content Management Association
Entity Level
One of two levels at which internal controls can operate. Controls are implemented at the entity level if they have a pervasive effect on the control environment. An example is the recruitment and training policies of the company.
ERM
Enterprise Risk Management
Extranet Access
Access for employees and business partners to internal Web-enabled applications.
File Access
Access to the contents of a digital file.
Financial Reporting
Defined by the COSO Framework as:-
The preparation of reliable published financial statements, including interim and condensed financial statements and selected financial data derived from such statements, such as earnings releases, reported publicly.
Finite Access Control
Control of end-user access for one username to specific resources.
ISACA
Information Systems Audit and Control Association
ISDA
International Swaps and Derivatives Association
Network Access
Access to network connected resources.
Password Reset
Replacing an existing password with a new one. The old password is cancelled. Task performed by the end user, help desk or an administrator
Password Synchronisation
Moving passwords and sometimes usernames from one repository to another using automated processes.
Physical Controls
A type of control activity. They involve the physical security of assets. They ensure adequate safeguards over access to assets and records.
Policy
1) Establishes what should be done. Part of the Control activities.
Privacy Protection
Creating and maintaining digital and/or physical barriers around an individual's personal information to prevent unauthorized access.
Risk Assessment
One of five components of internal control according to the COSO Internal Control Framework
Risks faced by the company have to be recognized. Objectives have to be set, integrated into the value-chain. To achieve the objectives, risks have to be identified, analyzed and develop methods to manage them.
Section 404
Section of the Sarbanes-Oxley Act of 2002 mandating CEOs and CFOs of public companies to evaluate and report on the effectiveness of an entity's internal control over financial reporting.
Self-Enrollment
End-user is permitted to enter his own identity information using an online process
Significant Deficiency
An internal control deficiency that adversely affects the entity's ability to initiate, record, process, or report external financial data reliably in accordance with generally accepted accounting principles (GAAP). A significant deficiency could be a single deficiency or a combination of deficiencies, that results in more than a remote likelihood that a misstatement of the annual or interim financial statements that is more than inconsequential in amount will not be prevented or detected.
SOX
Shorthand for Sarbanes-Oxley.
Technology Development
Support activity in value chain analysis. Included are basic research, product design and servicing procedures. The aim is to improve products, services and processes.
Web Access Control
Internal controls limiting Web server and Web application access.
|