|
ABA
American Bar Association
Circular A-123
US Federal Government version of the Sarbanes-Oxley Act. From Oct 2006, agencies will have to provide annual reports on internal controls. Agency's controls will have to be documented and tested.
CODIS
Combined DNA Index System
Control Activities
One of five components of internal control according to the COSO Internal Control Framework. Also known as Control procedures.
Control policies and procedures to ensure actions identified as necessary for risk assessment are carried out. They have to be both established and executed for their effectiveness to be established. Control activities are made up of two elements, policies and procedures.
Control Environment
One of five components of internal control according to the COSO Internal Control Framework
Senior management have to set the tone at the top, that positively influences the control consciousness of entity personnel. Discipline and structure are generated by the control environment and is the central building block for the other components of internal control.
COSO
Committee Of Sponsoring Organizations of the Treadway Commission
COSO Framework
Most widely used framework to assess the effectiveness of internal control.
Cox, Christopher
Chairman of the Securities and Exchange Commission. Confirmed in 2005.
CPCAF
The Center for Public Company Audit Firms
DHS
Department of Homeland Security
Donaldson, William
Former chairman of the Securities and Exchange Commission
ERM
Enterprise Risk Management
File Access
Access to the contents of a digital file.
Financial Accounting Standards Advisory Council
Overseer of the Financial Accounting Standards Board.
Financial Reporting
Defined by the COSO Framework as:-
The preparation of reliable published financial statements, including interim and condensed financial statements and selected financial data derived from such statements, such as earnings releases, reported publicly.
GAAP
Generally Accepted Accounting Principles.
GAO
Government Accountability Office
General Controls
A type of control activity. Typically involve controls over data center operations, system software acquisition, system maintenance and access security.
Group-membership Access
Assignment to a group sharing similar access rights.
IISP
Institute of Information Security Professionals
Information and Communication
One of five components of internal control according to the COSO Internal Control Framework
Information Systems Audit and Control Association
Publisher with Information Technology Governance Institute of the IT Control Objectives for Sarbanes-Oxley.
Information Technology Governance Institute
Publisher with Information Systems Audit and Control Association of the IT Control Objectives for Sarbanes-Oxley.
Integrity and Ethics
Reside under the Control Environment. The senior management need to set the tone for the company. Whilst they might be considered "soft" and "intangible" concepts, they affect the design, administration and monitoring of other internal controls. According to COSO, the actions of management is more important than having them written down.
Negative examples of integrity and ethics are the infamous Enron and WorldCom scandals.
A positive example is BP which sets a high bar for ethical behaviour by employees. To back this policy up they make mention of it and its effectiveness in financial reports.
Internal Control - Integrated Framework
Formal name of the COSO Framework
ISACA
Information Systems Audit and Control Association
Network Access
Access to network connected resources.
NIAP
National Information Assurance Partnership
NIST
National Institute of Standards and Technology
NNSP
National Nuclear Security Administration
Nonrepudiation
Reducing an end-users ability to deny he was the one who authorized an action or sent a message.
NSA
National Security Agency
Objectives
The COSO Framework defines three broad categories:- compliance with laws and regulations, financial reporting and operations. In relation to Sarbanes-Oxley the important one is financial reporting.
OEA
Office Of Economic Analysis
Office Of Economic Analysis
Department of the SEC.
OMB
Office of Management and Budget.
Operations
Element in primary activities dealing with transforming inputs into the final product. Matching, assembly, packaging, testing and facility activities are all covered. Second stage in the value chain of primary activities. Lies between inbound logistics and outbound logistics.
Outbound Logistics
Element in primary activities dealing with collected, storing and physically distributing the product to buyers. Including finished goods, warehousing, materials handling, delivery, order processing and scheduling. Third stage in the Value Chain of primary activities between operations and Marketing and sales.
PCAOB
Public Company Accounting Oversight Board
Physical Controls
A type of control activity. They involve the physical security of assets. They ensure adequate safeguards over access to assets and records.
Primary Activities
Business process activities in physical creation of a company's product, sale, transfer and after-sales service to the customer. Part of the value-chain analysis. Important in the analysis of activity level controls.
Privacy Protection
Creating and maintaining digital and/or physical barriers around an individual's personal information to prevent unauthorized access.
Private Securities Litigation Reform Act of 1996
US legislation allowing companies avoid liability of inaccurate forward-looking statements as long as the statement is identified as forward-looking and are accompanied by "meaningful cautionary statements".
Procedure
1) Actions of people to implement the stated policies.
Procurement
Support activity in value chain analysis. Mainly the purchase of inputs throughout the value chain. Encompasses elements throughout the primary and support activities.
Public Company Accounting Oversight Board
Organization set up under Sarbanes-Oxley Act 2002 to regulate auditing of public companies and auditors.
Reduced sign-on
Using the same username/password combination to access every resource over multiple logon events.
Regulation FD
Regulation Fair Disclosure
Rule enforced by the SEC requiring U.S. to make available to the public that they make to securities analysts. If the disclosure is intentional the release has to be simultaneous. Unintentional disclosure has to be made available to the public within 24 hours.
RFID
Radio Frequency Identification
Risk Assessment
One of five components of internal control according to the COSO Internal Control Framework
Risks faced by the company have to be recognized. Objectives have to be set, integrated into the value-chain. To achieve the objectives, risks have to be identified, analyzed and develop methods to manage them.
Role Definition
Access authorization based on the job or work performed. Typically applied to a single person or a group sharing the same work.
Role-based access control
Controlling access bas only on the role definitios
Rule 13a-15 (e)
SEC rule which defines Disclosure Controls and Procedures.
Rule 13a-15 (f)
SEC rule which defines Internal Control over Financial Reporting
SCSE
Society of Corporate Compliance and Ethics
SEC
Securities and Exchange Commission.
Section 104
Section of the Sarbanes-Oxley Act requiring the PCAOB to inspect registered public accounting firms on a regular basis
Section 302
Section of the Sarbanes-Oxley Act of 2002 requiring a certification to accompany each quarterly and annual report filed with the SEC.
Section 404
Section of the Sarbanes-Oxley Act of 2002 mandating CEOs and CFOs of public companies to evaluate and report on the effectiveness of an entity's internal control over financial reporting.
SOX
Shorthand for Sarbanes-Oxley.
Statement No. 123R
FASB Statement of Financial Accounting Standards No. 123, Share-Based Payment. Requires companies to recognize compensation paid in the form of employee stock options as a cost in their financial statements.
Support Activities
Part of business process activities support the primary activities in the value chain. Providing purchased inputs, human resources, technology and entity wide functions. Under value chain analysis support activities include firm infrastructure, human resource management, technology development and procurement.
WKSI
Well-Known Seasoned Issuers
|