PRELIM

1. Devices that measure various personal characteristics, such as fingerprints, voice prints,
retina prints, or signature characteristics
Biometric Devices

2. Likelihood that the control structure is flawed because controls are either absent or
inadequate to prevent or detect errors in the account.
Control risk

3. The individual responsible for managing the database resource

Database Administrator

4. Techniques for physically arranging records in the database.

Data structures

5. Back-up technique used in sequential batch systems

Grandparent-parent-child

6. Language translation modules of the operating system

Interpreters

7. Risk that is associated with the unique characteristics of the business or industry of the client
Inherent risk

8. The process by which the quality of internal control design and operation can be assessed
Monitoring

9. Secret code entered by the user to gain access to the data files
Password

10. Arrangement involving two or more user organizations that buy or lease a building and
remodel it into a completely equipped computer site
Recovering operations center

11. Segregation of employee duties to minimize incompatible functions.

Segregation of duties

12. Risk that auditors are willing to take that errors detected or prevented by the control
structure will also not be detected by the auditor
Detective risk
13. Tests that determine whether database contents fairly reflect the organization's transactions.
Substantive tests

14. Special-purpose computers that manage common resources, such as programs, data, and
printers of the LAN.
Server

15. Devices, techniques, and procedures designed to identify and expose undesirable events
that elude preventive controls.
Detective controls

16. Technique that uses a computer program to transform a standard message being
transmitted into a coded form

17. The foundation of internal control

Control Environment

18. Program that attaches to another legitimate program but does not replicate itself like a virus.
Trojan Horse

19. Hardware component that asks the caller to enter a password and then breaks the
connection to form a security check.
Call-back device

20. Actions taken to reverse the effects of errors detected in the previous step.
Corrective Controls

21. The technique used to locate records to navigate through the database
Access Controls/method

22. Form of independent attestation performed by an expert who expresses an opinion about
the fairness of a company’s financial statements.
Auditing

23. Explicit or implicit statements made by management within the financial statements
pertaining to the financial health of the organization.
Management Assertions

24. Agreement between two or more organizations to aid each other with their data processing
needs in the event of a disaster.
Mutual Aid Pact
25. Technique that incorporates an extra bit into the structure of a bit string when it is created or
transmitted.
Parity Check

26. Popular technique for establishing communication sessions in WANs.

Polling

27. Software program that burrows into the computer’s memory and replicates itself into areas
of idle memory.
Worm

28. Probability that the auditor will render unqualified opinion on financial statements that are, in
fact, materially misstated
Audit Risk

29. The documents, journals, and ledgers used in transaction cycles.

Accounting Records

30. Audit goals derived from management assertions that lead to the development of audit
procedures.
Audit Objectives

31. Stage at which the auditor identifies the financially significant applications and attempts to
understand the controls over the primary transactions that are processed by these applications.
Audit Planning

32. Tasks performed by auditors to gather evidence that supports or refutes management
assertions.
Audit Procedures

33. Policies and procedures used to ensure that appropriate actions are taken to deal with the
organization’s risks.
Control Activity

34. Comprehensive statement of all actions to be taken before, during, and after a disaster,
along with documented, tested procedures that will ensure the continuity of operations.
Disaster Recovery Plan

35. A control activity involving the critical oversight of employees.

Supervision

36. Topology that eliminates the central site. All nodes in this configuration are of equal status.
Ring Topology
37. The identification, analysis, and management of risks relevant to financial reporting.
Risk Assessment

38. Accounting records that trace transactions from their source documents to the financial
statements.
Audit Trail

39. Arrangement that involves two or more user organizations that buy or lease a building and
remodel it into a computer site, but without the computer and peripheral equipment.
Empty Shell

40. Technique that involves the receiver of the message returning the message to the sender.
Echo Check

41. Policies a firm employs to safeguard the firm’s assets, ensure accurate and reliable
accounting records and information, promote efficiency, and measure compliance with
established policies.
Internal Control System

42. Technique that uses two keys: one for encoding the message and the other for decoding it.
Public-key encryption

43. Tests that establish whether internal controls are functioning properly.
Test of Control

44. Physical arrangement of the components

Network Topology

45. Language translation modules of the operation

system.
Compilers

46. Opinion of the auditor regarding the presentation of financial statements.

Audit Opinion

47. Technique in which a control message from the sender and a response from the sender are
sent at periodic synchronized intervals.
Request-response Technique

48. A network password that can be used more than one time.
Reusable Password

49. Passive techniques designed to reduce the frequency of occurrence of undesirable events.
Preventive Controls

50. Procedure to ensure that employees process only valid transactions within the scope of their
authority.
Transaction Authorization