Chap 7 Information-Technology Risk And Controls Flashcards Preview

Internal Audit > Chap 7 Information-Technology Risk And Controls > Flashcards

Flashcards in Chap 7 Information-Technology Risk And Controls Deck (17):

Information systems (I S) auditor

An auditor who works extensively in the area of computerize information systems and has deep I T risk, control, and audit expertise



A large depository of data, typically contained in many linked files, and stored in a manner that allows the data to be easily accessed, retrieved, and manipulated


Big data

A term used to refer to the large amount of constantly streaming digital information, massive increase in the capacity to store large amounts of data, and the amount of datat processing power required to manage, interpret, and analyze the large volumes of digital information


ERP system

A modular software system that enables an organization to integrate its business process using a single operating database



The computer-to-computer exchange of business documents in electronic form between an organization and it's trading partners


I T governance

The leadership, structure, and oversight processes that ensures the organization's IT supports the objectives and strategies of the organization


IT risk management

The process conducted by management to understand and handle the IT risks and opportunities that could affect the organization's ability to achieve its objectives


IT standards

Support IT policies by more specifically defining what is required to achieve the organization's objectives


IT organization and management controls

Provide assurance that the organization is structured with clearly defined lines of reporting and responsibility and has implemented effective control processes


IT physical and environmental controls

Protect information system resources from accidental or intentional damage, misuse, or loss


Physical access controls

Provide security over tangible IT resources


Logical access controls

Provide security over software and information imbedded in the system


IT outsourcing

Transferring IT functions to an outside provider to achieve cost reductions while improving service quality and efficiency


Integrated auditing

IT risk and control assessments are assimilated into assurance engagements conducted to access process-level reporting, operations, and/or compliance risk and controls



Provides internal auditors with guidance that will help them better understand the governance, risk management, and control issues surrounding IT



Describes the relationships among financial reporting risks, key process controls, automated controls and other critical IT functionality, and key IT general controls


Bring your own device (BYOD)

A policy whereby organizations allow associates to access business email, calendars, and other data on their personal laptops, smart phones, tablets, or other devices