|
ABA
American Bar Association
ABCDS
A credit default swap based on an Asset-Backed Security itself based on relatively risky home equity loans (U.S.) In effect a type of insurance against default on the underlying ABS.
ABCP
Taiwan: Asset-Backed Commercial Paper
Activity Level
One of two levels at which internal controls can operate. The control is applied at the point of an activity. An example is a bank reconciliation to control cash movements.
ALM
Application Lifecycle Management
Application Access
Access to an application via direct connection, Web services or a terminal.
Application Controls
A type of control activity. Typically involve controls over processing of individual applications, ensure transactions are valid, properly authorized, completely and accurately processed.
Arbitrage
Simultaneous sale and purchase of identical or equivalent financial instruments or commodity futures to benefit from a discrepancy in their prices.
Assignment
Receipt of an exercise notice by an option writer (seller) that obligates him to sell (in the case of a call) or purchase (in the case of a put) the underlying security at the specified strike price.
Automated User Enrollment
Process to move user identity information over a network from a data source to a directory where it is needed.
BaFin
Germany: financial regulator
Bear
Person who believes prices will move lower
Bear Market
Market in which prices are moving lower.
Beta
Hedge Funds: market exposure
Bull
Person who believes prices will move higher
Bull Market
Market in which prices are moving higher.
By-name Authorization
From an individual username, connecting authorized access to a data target.
CEO
Chief Executive Officer
CFO
Chief Financial Officer
CII
Council of Institutional Investors
CIO
Chief Investment Officer
Circular A-123
US Federal Government version of the Sarbanes-Oxley Act. From Oct 2006, agencies will have to provide annual reports on internal controls. Agency's controls will have to be documented and tested.
CISSP
Certified Information Systems Security Professional
Closing Purchase
Transaction entered into to reduce or eliminate a short position in a given series of options.
Control Activities
One of five components of internal control according to the COSO Internal Control Framework. Also known as Control procedures.
Control policies and procedures to ensure actions identified as necessary for risk assessment are carried out. They have to be both established and executed for their effectiveness to be established. Control activities are made up of two elements, policies and procedures.
Control Environment
One of five components of internal control according to the COSO Internal Control Framework
Senior management have to set the tone at the top, that positively influences the control consciousness of entity personnel. Discipline and structure are generated by the control environment and is the central building block for the other components of internal control.
COSO
Committee Of Sponsoring Organizations of the Treadway Commission
COSO Framework
Most widely used framework to assess the effectiveness of internal control.
Covered Call Option Writing
Trading strategy involving simultaneously selling call options and owning an equivalent position in the underlying security. The reverse is to sells a put option and shorting the underlying security.
CPCAF
The Center for Public Company Audit Firms
CPPI
Constant Proportion Portfolio Insurance
CPS
Crown Prosecution Service
Data Confidentiality
Access to data is limited to the those with a need to know. All others are denied access.
Data Field Access
Access to one or more selected fields in a database.
Data Governance
The process by which companies govern appropriate access to and the use and transmission of their critical data by measuring operational risk and controlling security exposures.
Data Integrity
Accuracy and reliability of published and non-published information maintenance.
Database Access
Access to one or more data entries in a database.
Deferred Prosecution
U.S. legal deal where in response for public acknowledgement and/or payment of a fine/restitution and/or co-operate in ongoing investigations, corporations can escape prosecution. Should the corporation comply with the conditions in the agreement for a specified period, the indictment is dismissed.
Delivery
Tender and receipt of an actual commodity or financial instrument, or cash in settlement of a futures contract.
Derivative Security
Financial security whose value is determined in part from an another security's (the underlying security) value and characteristic.
Directory-enabled access controls
Controls over access to digital resources that is controlled by entries in a service directory
Disclaimed Opinion
Report by an auditor that it is unable to express an opinion regarding a company's internal control over financial reporting.
An example is from Deloitte And Touche at Cray "Because of the limitation on the scope of our audit described in the second paragraph of this report, the scope of our work was not sufficient to enable us to express, and we do not express an opinion o management's assessment referred to above."
Distributed Enrollment
Process of enrollment conducted by persons at one or more remote locations acting as agents for enrolling end users.
Donaldson, William
Former chairman of the Securities and Exchange Commission
DTI
Department of Trade and Industry
Dynamo
A public Constant Proportion Portfolio Insurance product BNP
EAI
Enhanced Analytics Initiative
Enhanced Analytics Initiative
Group set up to promote better sell-side research about extra-financial issues such as overall strategy, corporate governance, human capital management and environmental management. Members are large European institutional investors such as pension funds.
Entity Level
One of two levels at which internal controls can operate. Controls are implemented at the entity level if they have a pervasive effect on the control environment. An example is the recruitment and training policies of the company.
EPA
Environmental Protection Agency
ERM
Enterprise Risk Management
Extranet Access
Access for employees and business partners to internal Web-enabled applications.
FFS
South Korea: Financial Supervisory Service
File Access
Access to the contents of a digital file.
Financial Accounting Standards Advisory Council
Overseer of the Financial Accounting Standards Board.
Financial Reporting
Defined by the COSO Framework as:-
Financial Supervisory Commission
Taiwan: financial regulator
Finite Access Control
Control of end-user access for one username to specific resources.
Gen2
RFID standard setting interoperability and bandwidth technologies
General Controls
A type of control activity. Typically involve controls over data center operations, system software acquisition, system maintenance and access security.
HMRC
Her Majestys Revenues and Customs
IAPP
International Association of Privacy Professionals
IISP
Institute of Information Security Professionals
Information and Communication
One of five components of internal control according to the COSO Internal Control Framework
Systems surrounding the control activities. The accounting system counts as information and communication. Information needed to manage, control and conduct operations are captured by the entity.
Information Processing
In the context of Control Activities and Sec 404, performed to check accuracy, completeness and authorization of transactions. Broadly break down into two groups:- Application controls and general controls.
Information Systems Audit and Control Association
Publisher with Information Technology Governance Institute of the IT Control Objectives for Sarbanes-Oxley.
Information Technology Governance Institute
Publisher with Information Systems Audit and Control Association of the IT Control Objectives for Sarbanes-Oxley.
Integrity and Ethics
Reside under the Control Environment. The senior management need to set the tone for the company. Whilst they might be considered "soft" and "intangible" concepts, they affect the design, administration and monitoring of other internal controls. According to COSO, the actions of management is more important than having them written down.
Negative examples of integrity and ethics are the infamous Enron and WorldCom scandals.
A positive example is BP which sets a high bar for ethical behaviour by employees. To back this policy up they make mention of it and its effectiveness in financial reports.
Internal Control - Integrated Framework
Formal name of the COSO Framework
Internal Control Deficiency
Occurs when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis.
ISACA
Information Systems Audit and Control Association
ISDA
International Swaps and Derivatives Association
ITGI
Information Technology Governance Institute
KKR
Kohlberg Kravis Roberts
Material Weakness
A significant deficiency that, by itself, or in combination with other significant deficiencies, results in more than a remote likelihood that a material misstatement of the annual or interim financial statements will not be prevented or detected.
MD&A
Management's Disclosure and Analysis
Mezzanine
When applied to finance refers to moderate risk or mid level.
Monitoring
One of five components of internal control according to the COSO Internal Control Framework
The means through which the control process is monitored and improved via modification.
NBA
Network Behavior Analysis
Network Access
Access to network connected resources.
Nonrepudiation
Reducing an end-users ability to deny he was the one who authorized an action or sent a message.
NSA
National Security Agency
NTS
South Korea: National Tax Service
NYSE
New York Stock Exchange
Objectives
The COSO Framework defines three broad categories:- compliance with laws and regulations, financial reporting and operations. In relation to Sarbanes-Oxley the important one is financial reporting.
Physical Controls
A type of control activity. They involve the physical security of assets. They ensure adequate safeguards over access to assets and records.
Policy
1) Establishes what should be done. Part of the Control activities.
Private Equity Intelligence
Research group specialising in the private equity arena.
Private Securities Litigation Reform Act of 1996
US legislation allowing companies avoid liability of inaccurate forward-looking statements as long as the statement is identified as forward-looking and are accompanied by "meaningful cautionary statements".
PSLRA
Private Securities Litigation Reform Act of 1996
Public Company Accounting Oversight Board
Organization set up under Sarbanes-Oxley Act 2002 to regulate auditing of public companies and auditors.
Reduced sign-on
Using the same username/password combination to access every resource over multiple logon events.
Regulation FD
Regulation Fair Disclosure
Rule enforced by the SEC requiring U.S. to make available to the public that they make to securities analysts. If the disclosure is intentional the release has to be simultaneous. Unintentional disclosure has to be made available to the public within 24 hours.
RFID
Radio Frequency Identification
Risk Assessment
One of five components of internal control according to the COSO Internal Control Framework
Risks faced by the company have to be recognized. Objectives have to be set, integrated into the value-chain. To achieve the objectives, risks have to be identified, analyzed and develop methods to manage them.
Role Definition
Access authorization based on the job or work performed. Typically applied to a single person or a group sharing the same work.
Role-based access control
Controlling access bas only on the role definitios
SCSE
Society of Corporate Compliance and Ethics
SEC
Securities and Exchange Commission.
Section 104
Section of the Sarbanes-Oxley Act requiring the PCAOB to inspect registered public accounting firms on a regular basis
Section 302
Section of the Sarbanes-Oxley Act of 2002 requiring a certification to accompany each quarterly and annual report filed with the SEC.
Section 404
Section of the Sarbanes-Oxley Act of 2002 mandating CEOs and CFOs of public companies to evaluate and report on the effectiveness of an entity's internal control over financial reporting.
Segregation of Duties
A type of control activity. Different people are assigned responsibilities for authorizing transactions, recording transactions and maintaining custody of assets. The purpose is to inhibit the perpetration and concealment errors or irregularities, by reducing the opportunity to do so in the course of people's everyday work.
Self-Enrollment
End-user is permitted to enter his own identity information using an online process
Significant Deficiency
An internal control deficiency that adversely affects the entity's ability to initiate, record, process, or report external financial data reliably in accordance with generally accepted accounting principles (GAAP). A significant deficiency could be a single deficiency or a combination of deficiencies, that results in more than a remote likelihood that a misstatement of the annual or interim financial statements that is more than inconsequential in amount will not be prevented or detected.
Single sign-on
Using the same username/password combination to access every resource from a single logon event.
SOX
Shorthand for Sarbanes-Oxley.
SPI
Synthetic Portfolio Insurance
Statement No. 123R
FASB Statement of Financial Accounting Standards No. 123, Share-Based Payment. Requires companies to recognize compensation paid in the form of employee stock options as a cost in their financial statements.
Structured Notes
Derivatives-linked bonds designed to deliver high returns over a fixed period.
Synthetic Collateralised Debt Obligations
Repackaged portfolios of credit derivatives.
TOCOM
Tokyo Commodity Exchange
Web Access Control
Internal controls limiting Web server and Web application access.
|