ITSAC - Module 5 & 6 Flashcards
(31 cards)
is an audit of an organization’s IT systems, management, operations and related processes.
Information Technology (IT) audit
may be carried out in connection with a financial regularity audit or selective audit. As the records, services and operations of many organizations are often highly computerized, there is a need to evaluate the IT controls in the course of an audit of these organizations.
IT audit
- This is an examination of the
policies and procedures of an entity or department, to see if it is in compliance with internal or regulatory standards. This audit is most commonly used in regulated industries or educational institutions.
Compliance audit
- This is an analysis of the
fairness of the information contained within an entity’s financial statement.It is conducted by a CPA firm, which is independent of the entity under review. This is the most commonly conducted type of audit.
Financial audit
- This involves a
review of the controls over software development, data processing, and access to computer systems.The intent is to spot any issues that could impair the ability of IT system to provide accurate information to users, as well as to ensure that unauthorized parties do not have access to the data.
Information systems audit
- This is a
detailed analysis of the goals, planning processes, procedures, and results of the operations of a business. The audit may be conducted internally or by an external entity. The intended result is an evaluation of the operations, likely with recommendations for improvement.
Operational audit
– fake products, job offers, romance scams
Online Scams
– hacking into accounts or systems
Illegal Access
– stealing personal info for fraud
Computer-Related Identity Theft
– cloning cards, phishing banking details
ATM/Credit Card Fraud
– sending harmful or intimidating messages online
Threats
– deleting or altering data without permission
Data Interference
– sharing intimate content without consent
Anti-Photo and Video Voyeurism
– tricking people using digital means
Computer-Related Fraud
– repeated online harassment
Unjust Vexation
is a federal law that sweeping auditing and financial regulations for public companies. Lawmakers created the legislation to help protect shareholders, employees, and the public from accounting errors and fraudulent financial practices.
Sarbanes-Oxley Act of 2002
refers to laws made by a country’s national (federal) government that apply to all states, provinces, or territories within that country. This is common in countries with a federal system, like the United States, Canada, Australia, etc.
Federal legislation
The purpose of this is to establish consistent legal standards across the entire country, especially for issues like cybersecurity, privacy, and IT infrastructure.
Federal legislation
These are laws, treaties, or frameworks agreed upon by multiple countries to address IT issues that cross borders—like data transfer, cybersecurity threats, or online piracy.
International Legislation
The purpose of this is to create consistent standards and cooperation among countries in dealing with global IT challenges.
International Legislation
These are laws enacted by a country’s state or regional government.
State Legislation
The purpose is to regulate the use, development, and security of information technology within its borders.
State Legislation
– criminalizes unauthorized access to computers.
Computer Fraud and Abuse Act (CFAA)
– protects children’s privacy under 13 online.
Children’s Online Privacy Protection Act (COPPA)
