530 Exam 2 Material

Sign Check

A check that returns an error message if a negative number is entered

Validity Check

A check that returns an error message if the value does not match a database of acceptable values

Limit Check

A check that returns an error message if the value is above a specified limit

Alteryx

A tool used for data transformation in the ETL process

Compliance

Adherence to laws, regulations, and standards

Race Conditions

Attacks that exploit the simultaneous execution of multiple tasks

Buffer Overflows

Attacks that fill a memory buffer with more data than it can handle

Covert Channels

Attacks that hide data within unexpected portions of data packets

Cross-Site Scripting

Attacks that inject malicious scripts into trusted applications or websites

Replay

Attacks that intercept and modify data packets to misdirect the receiver

SQL Injection

Attacks that manipulate SQL code to gain unauthorized access to databases

Enumeration

Attacks that use brute-force methods to find specific information in a database

Email Schemes

Attacks where attackers access company email accounts and request cash disbursement

Social Engineering

Attacks where attackers pose as legitimate representatives to obtain sensitive information

Evil Twinning

Attacks where attackers use rogue Wi-Fi access points to gain unauthorized access

ACL

Audit Command Language, a tool used for data analytics

Black Box Approach

Auditing around the computer without understanding the internal workings of the system

White Box Approach

Auditing through the computer by understanding the internal workings of the system

CCPA

California Consumer Privacy Act, a regulation that protects consumer privacy rights

Increasingly Customizable

Can be customized to fit the specific needs of the organization

Alpha-Numeric Checks

Checks that return error messages if a letter is entered in a numeric field or vice versa

Missing Data Checks

Checks that return error messages if there are blank spaces in a field

Benchmarking

Comparing performance against industry standards or best practices

Reconciliations

Comparing the general ledger balance to the system generated details

CAATs

Computer-Assisted Audit Techniques, automated analyses performed on transactional data for auditing purposes

Data Access Control

Controlling access to sensitive data within an ERP system

Cell Phone Cybersecurity

Controls and risks related to securing cell phone devices

Application Controls

Controls included in the ERP/AIS software that help ensure transactions are recorded appropriately

User Controls

Controls that allow intermediaries and end users to control data privacy, accuracy, and storage

Automated Controls

Controls that are an automated version of manual controls

Manual Controls

Controls that are not automated and are compared to application controls

Configurable Application Controls

Controls that can be customized through software programming

Non-Configurable Application Controls

Controls that cannot be customized through software programming

Output Controls

Controls used to address how data is used and control output activities

Processing Controls

Controls used to detect problems during the processing of data

Input Controls

Controls used to minimize data entry errors and validate input data

Reduces Control Testing Frequency

Decreases the number of times controls need to be tested

Traditional Models

Different departments using different systems that do not communicate with each other

Purchased ERPs

ERPs that are bought from a vendor

Real-Time ERPs

ERPs that process data immediately as it is entered

ETL Process

Extract, Transform, Load process used to prepare data for analysis

Quicker Implementation

Faster to implement compared to developing an ERP in-house

GDPR

General Data Protection Regulation, a regulation that protects the privacy and data of EU citizens

GLBA

Gramm-Leach-Bliley Act, a regulation that requires financial institutions to protect customer information

HIPAA

Health Insurance Portability and Accountability Act, a regulation that protects patient health information

IDEA

Integrated Data Extraction and Analysis, a tool used for data analytics

ERP Systems

Integrated software packages designed to meet an organization's information needs

Lower Cost

Less expensive compared to developing an ERP in-house

Mobile Code

Malicious programs that move from computer to computer, modifying systems without consent

Comprehensive Cybersecurity Measures

Measures taken to protect against cyber risks and attacks

Reduces Manual Errors

Minimizes the likelihood of errors made by humans

OLAP

Online Analytical Processing, a technology used for data analysis and reporting

OLTP

Online Transaction Processing, a technology used for real-time transaction processing

Threat Modeling

Optimizing network security by identifying vulnerabilities and developing countermeasures

SOC 2 Reports

Optional reports available to all service providers, focused on systems significant to the company's operations

SOC 3 Reports

Optional reports focused on high-level view of systems significant to the company's operations

PCI Regulation

Payment Card Industry Data Security Standard, a regulation that secures cardholder data

Analytical Procedures

Procedures used to analyze data and identify anomalies

Batch Processing

Processing data in batches at a later time

Best Practices

Recommended methods or techniques that are considered the most effective

Cyber Regulations

Regulations related to cybersecurity and data protection

SOC 1 Reports

Reports required by SOX for public companies, focused on internal control over financial reporting

Type I Reports

Reports that assess the design and as-of a specific date

Type II Reports

Reports that assess the design and operating effectiveness over a period of time

Cyber Disclosure Requirements

Requirements for disclosing cyber risks and incidents in financial statements

Less Time to Test Controls

Requires less time to test the effectiveness of controls

Cloud Service Risks

Risks associated with using cloud services for data storage and processing

Regulation

Rules and guidelines set by governing bodies

SOX

Sarbanes-Oxley Act, a regulation that requires public companies to have internal controls over financial reporting

Output Spooling

Saving output to a magnetic disk instead of sending it directly to an output device

SOC Reports

Service Organization Control reports that provide information about controls at a service organization

Malware Software

Software that attackers load onto IT systems to perform malicious activities

Ransomware

Software that encrypts data or programs and demands a ransom for access

Frameworks

Structured approaches to achieving specific goals

Efficiency

The ability to accomplish a task with minimal wasted effort or resources

Accuracy

The correctness or precision of data or information

ITGC Environment

The effectiveness of the IT General Controls environment

Financial Statement Account Balances

The final balances of accounts in the financial statements

A/R and A/P Process Flows

The flow of accounts receivable and accounts payable processes in ERPs compared to traditional models

Audit Implications

The impact on the audit process due to the presence of application controls

Risk Response

The implementation of actions to address identified risks

System Application Complexity

The level of complexity of the system application

IT Governance

The management and assessment of strategic IT resources within an organization

Risk Monitoring

The ongoing process of tracking and evaluating risks

Cyber Risks

The possibility of technologies, processes, and practices being compromised or circumvented

Risk Evaluation

The process of determining appropriate actions based on the significance of a specific risk exposure

Risk Assessment

The process of evaluating and identifying risks

Risk Analysis

The process of identifying valuable information assets, vulnerabilities, and estimating potential losses

Risk Management

The process of identifying, assessing, and prioritizing risks

Transaction Processing

The process of recording and handling transactions in a system

Reliability

The quality of being trustworthy and accurate

Data Localization

The requirement to store data within a specific geographic location

Completeness

The state of being whole or having all necessary parts

Cyber Security

The technologies, processes, and practices designed to protect IT systems and information

Record Count

The total number of records contained in a batch

Hash Total

The total of a non-financial field

Control Total

The total value of a financial field

Interaction

The way in which two or more things or people affect each other

Defense in Depth

Using multiple layers of defense to protect assets

Visualizations

Visual representations of data that make patterns and trends apparent