Professional Documents
Culture Documents
1. Devices that measure various personal characteristics, such as fingerprints, voice prints,
retina prints, or signature characteristics
Biometric Devices
2. Likelihood that the control structure is flawed because controls are either absent or
inadequate to prevent or detect errors in the account.
Control risk
7. Risk that is associated with the unique characteristics of the business or industry of the client
Inherent risk
8. The process by which the quality of internal control design and operation can be assessed
Monitoring
9. Secret code entered by the user to gain access to the data files
Password
10. Arrangement involving two or more user organizations that buy or lease a building and
remodel it into a completely equipped computer site
Recovering operations center
12. Risk that auditors are willing to take that errors detected or prevented by the control
structure will also not be detected by the auditor
Detective risk
13. Tests that determine whether database contents fairly reflect the organization's transactions.
Substantive tests
14. Special-purpose computers that manage common resources, such as programs, data, and
printers of the LAN.
Server
15. Devices, techniques, and procedures designed to identify and expose undesirable events
that elude preventive controls.
Detective controls
16. Technique that uses a computer program to transform a standard message being
transmitted into a coded form
18. Program that attaches to another legitimate program but does not replicate itself like a virus.
Trojan Horse
19. Hardware component that asks the caller to enter a password and then breaks the
connection to form a security check.
Call-back device
20. Actions taken to reverse the effects of errors detected in the previous step.
Corrective Controls
21. The technique used to locate records to navigate through the database
Access Controls/method
22. Form of independent attestation performed by an expert who expresses an opinion about
the fairness of a company’s financial statements.
Auditing
23. Explicit or implicit statements made by management within the financial statements
pertaining to the financial health of the organization.
Management Assertions
24. Agreement between two or more organizations to aid each other with their data processing
needs in the event of a disaster.
Mutual Aid Pact
25. Technique that incorporates an extra bit into the structure of a bit string when it is created or
transmitted.
Parity Check
27. Software program that burrows into the computer’s memory and replicates itself into areas
of idle memory.
Worm
28. Probability that the auditor will render unqualified opinion on financial statements that are, in
fact, materially misstated
Audit Risk
30. Audit goals derived from management assertions that lead to the development of audit
procedures.
Audit Objectives
31. Stage at which the auditor identifies the financially significant applications and attempts to
understand the controls over the primary transactions that are processed by these applications.
Audit Planning
32. Tasks performed by auditors to gather evidence that supports or refutes management
assertions.
Audit Procedures
33. Policies and procedures used to ensure that appropriate actions are taken to deal with the
organization’s risks.
Control Activity
34. Comprehensive statement of all actions to be taken before, during, and after a disaster,
along with documented, tested procedures that will ensure the continuity of operations.
Disaster Recovery Plan
36. Topology that eliminates the central site. All nodes in this configuration are of equal status.
Ring Topology
37. The identification, analysis, and management of risks relevant to financial reporting.
Risk Assessment
38. Accounting records that trace transactions from their source documents to the financial
statements.
Audit Trail
39. Arrangement that involves two or more user organizations that buy or lease a building and
remodel it into a computer site, but without the computer and peripheral equipment.
Empty Shell
40. Technique that involves the receiver of the message returning the message to the sender.
Echo Check
41. Policies a firm employs to safeguard the firm’s assets, ensure accurate and reliable
accounting records and information, promote efficiency, and measure compliance with
established policies.
Internal Control System
42. Technique that uses two keys: one for encoding the message and the other for decoding it.
Public-key encryption
43. Tests that establish whether internal controls are functioning properly.
Test of Control
47. Technique in which a control message from the sender and a response from the sender are
sent at periodic synchronized intervals.
Request-response Technique
48. A network password that can be used more than one time.
Reusable Password
49. Passive techniques designed to reduce the frequency of occurrence of undesirable events.
Preventive Controls
50. Procedure to ensure that employees process only valid transactions within the scope of their
authority.
Transaction Authorization