|
ALM
Application Lifecycle Management
Application Access
Access to an application via direct connection, Web services or a terminal.
Application Controls
A type of control activity. Typically involve controls over processing of individual applications, ensure transactions are valid, properly authorized, completely and accurately processed.
ATE
Automated Test Environment
ATM
Automated Teller Machine
Automated User Enrollment
Process to move user identity information over a network from a data source to a directory where it is needed.
By-name Authorization
From an individual username, connecting authorized access to a data target.
CISSP
Certified Information Systems Security Professional
Control Activities
One of five components of internal control according to the COSO Internal Control Framework. Also known as Control procedures.
Control policies and procedures to ensure actions identified as necessary for risk assessment are carried out. They have to be both established and executed for their effectiveness to be established. Control activities are made up of two elements, policies and procedures.
Control Environment
One of five components of internal control according to the COSO Internal Control Framework
Senior management have to set the tone at the top, that positively influences the control consciousness of entity personnel. Discipline and structure are generated by the control environment and is the central building block for the other components of internal control.
COSO
Committee Of Sponsoring Organizations of the Treadway Commission
COSO Framework
Most widely used framework to assess the effectiveness of internal control.
Data Confidentiality
Access to data is limited to the those with a need to know. All others are denied access.
Data Field Access
Access to one or more selected fields in a database.
Data Governance
The process by which companies govern appropriate access to and the use and transmission of their critical data by measuring operational risk and controlling security exposures.
Data Integrity
Accuracy and reliability of published and non-published information maintenance.
Database Access
Access to one or more data entries in a database.
Directory-enabled access controls
Controls over access to digital resources that is controlled by entries in a service directory
Distributed Enrollment
Process of enrollment conducted by persons at one or more remote locations acting as agents for enrolling end users.
DNS
Domain Name System
Entity Level
One of two levels at which internal controls can operate. Controls are implemented at the entity level if they have a pervasive effect on the control environment. An example is the recruitment and training policies of the company.
ERM
Enterprise Risk Management
Extranet Access
Access for employees and business partners to internal Web-enabled applications.
File Access
Access to the contents of a digital file.
Financial Accounting Standards Advisory Council
Overseer of the Financial Accounting Standards Board.
Financial Reporting
Defined by the COSO Framework as:-
The preparation of reliable published financial statements, including interim and condensed financial statements and selected financial data derived from such statements, such as earnings releases, reported publicly.
Finite Access Control
Control of end-user access for one username to specific resources.
General Controls
A type of control activity. Typically involve controls over data center operations, system software acquisition, system maintenance and access security.
Group-membership Access
Assignment to a group sharing similar access rights.
IAPP
International Association of Privacy Professionals+D137
Information and Communication
One of five components of internal control according to the COSO Internal Control Framework
Systems surrounding the control activities. The accounting system counts as information and communication. Information needed to manage, control and conduct operations are captured by the entity.
Information Processing
In the context of Control Activities and Sec 404, performed to check accuracy, completeness and authorization of transactions. Broadly break down into two groups:- Application controls and general controls.
Information Systems Audit and Control Association
Publisher with Information Technology Governance Institute of the IT Control Objectives for Sarbanes-Oxley.
Information Technology Governance Institute
Publisher with Information Systems Audit and Control Association of the IT Control Objectives for Sarbanes-Oxley.
Internal Control - Integrated Framework
Formal name of the COSO Framework
Internal Control Deficiency
Occurs when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis.
ISACA
Information Systems Audit and Control Association
ITA
Information Technology Architecure
ITGI
Information Technology Governance Institute
Material Weakness
A significant deficiency that, by itself, or in combination with other significant deficiencies, results in more than a remote likelihood that a material misstatement of the annual or interim financial statements will not be prevented or detected.
Monitoring
One of five components of internal control according to the COSO Internal Control Framework
The means through which the control process is monitored and improved via modification.
Network Access
Access to network connected resources.
Nonrepudiation
Reducing an end-users ability to deny he was the one who authorized an action or sent a message.
Operations
Element in primary activities dealing with transforming inputs into the final product. Matching, assembly, packaging, testing and facility activities are all covered. Second stage in the value chain of primary activities. Lies between inbound logistics and outbound logistics.
Outbound Logistics
Element in primary activities dealing with collected, storing and physically distributing the product to buyers. Including finished goods, warehousing, materials handling, delivery, order processing and scheduling. Third stage in the Value Chain of primary activities between operations and Marketing and sales.
Password Reset
Replacing an existing password with a new one. The old password is cancelled. Task performed by the end user, help desk or an administrator
Password Synchronisation
Moving passwords and sometimes usernames from one repository to another using automated processes.
Physical Controls
A type of control activity. They involve the physical security of assets. They ensure adequate safeguards over access to assets and records.
Policy
1) Establishes what should be done. Part of the Control activities.
Privacy Protection
Creating and maintaining digital and/or physical barriers around an individual's personal information to prevent unauthorized access.
Reduced sign-on
Using the same username/password combination to access every resource over multiple logon events.
Risk Assessment
One of five components of internal control according to the COSO Internal Control Framework
Risks faced by the company have to be recognized. Objectives have to be set, integrated into the value-chain. To achieve the objectives, risks have to be identified, analyzed and develop methods to manage them.
Role Definition
Access authorization based on the job or work performed. Typically applied to a single person or a group sharing the same work.
Role-based access control
Controlling access bas only on the role definitios
SEC
Securities and Exchange Commission.
Section 104
Section of the Sarbanes-Oxley Act requiring the PCAOB to inspect registered public accounting firms on a regular basis
Section 302
Section of the Sarbanes-Oxley Act of 2002 requiring a certification to accompany each quarterly and annual report filed with the SEC.
Section 404
Section of the Sarbanes-Oxley Act of 2002 mandating CEOs and CFOs of public companies to evaluate and report on the effectiveness of an entity's internal control over financial reporting.
Segregation of Duties
A type of control activity. Different people are assigned responsibilities for authorizing transactions, recording transactions and maintaining custody of assets. The purpose is to inhibit the perpetration and concealment errors or irregularities, by reducing the opportunity to do so in the course of people's everyday work.
Self-Enrollment
End-user is permitted to enter his own identity information using an online process
Service
Business process activities dealing with providing service to enhance or maintain the value of the product, once obtained by the buyer. Installation, repair and supplying parts are all covered. Considered to be a primary activity in the value chain analysis. Lies last after market and sales.
Service Directories
Directories used to provide identity information and authorization data to a gatekeeper device or application.
Single sign-on
Using the same username/password combination to access every resource from a single logon event.
SMTP
Simple Mail Transfer Protocol
SOX
Shorthand for Sarbanes-Oxley.
SPI
Synthetic Portfolio Insurance
Support Activities
Part of business process activities support the primary activities in the value chain. Providing purchased inputs, human resources, technology and entity wide functions. Under value chain analysis support activities include firm infrastructure, human resource management, technology development and procurement.
Synthetic Collateralised Debt Obligations
Repackaged portfolios of credit derivatives.
Information, data or a device to which an end-user or other device requires access
Technology Development
Support activity in value chain analysis. Included are basic research, product design and servicing procedures. The aim is to improve products, services and processes.
Web Access Control
Internal controls limiting Web server and Web application access.
WKSI
Well-Known Seasoned Issuers
Workflow
Transferring and tracking of a work product as it passes from one person to to another for approvals or additional content, and each transfer is recorded.
|