530 Exam 2 Material
Sign Check
A check that returns an error message if a negative number is entered
Validity Check
A check that returns an error message if the value does not match a database of acceptable values
Limit Check
A check that returns an error message if the value is above a specified limit
Alteryx
A tool used for data transformation in the ETL process
Compliance
Adherence to laws, regulations, and standards
Race Conditions
Attacks that exploit the simultaneous execution of multiple tasks
Buffer Overflows
Attacks that fill a memory buffer with more data than it can handle
Covert Channels
Attacks that hide data within unexpected portions of data packets
Cross-Site Scripting
Attacks that inject malicious scripts into trusted applications or websites
Replay
Attacks that intercept and modify data packets to misdirect the receiver
SQL Injection
Attacks that manipulate SQL code to gain unauthorized access to databases
Enumeration
Attacks that use brute-force methods to find specific information in a database
Email Schemes
Attacks where attackers access company email accounts and request cash disbursement
Social Engineering
Attacks where attackers pose as legitimate representatives to obtain sensitive information
Evil Twinning
Attacks where attackers use rogue Wi-Fi access points to gain unauthorized access
ACL
Audit Command Language, a tool used for data analytics
Black Box Approach
Auditing around the computer without understanding the internal workings of the system
White Box Approach
Auditing through the computer by understanding the internal workings of the system
CCPA
California Consumer Privacy Act, a regulation that protects consumer privacy rights
Increasingly Customizable
Can be customized to fit the specific needs of the organization
Alpha-Numeric Checks
Checks that return error messages if a letter is entered in a numeric field or vice versa
Missing Data Checks
Checks that return error messages if there are blank spaces in a field
Benchmarking
Comparing performance against industry standards or best practices
Reconciliations
Comparing the general ledger balance to the system generated details
CAATs
Computer-Assisted Audit Techniques, automated analyses performed on transactional data for auditing purposes
Data Access Control
Controlling access to sensitive data within an ERP system
Cell Phone Cybersecurity
Controls and risks related to securing cell phone devices
Application Controls
Controls included in the ERP/AIS software that help ensure transactions are recorded appropriately
User Controls
Controls that allow intermediaries and end users to control data privacy, accuracy, and storage
Automated Controls
Controls that are an automated version of manual controls
Manual Controls
Controls that are not automated and are compared to application controls
Configurable Application Controls
Controls that can be customized through software programming
Non-Configurable Application Controls
Controls that cannot be customized through software programming
Output Controls
Controls used to address how data is used and control output activities
Processing Controls
Controls used to detect problems during the processing of data
Input Controls
Controls used to minimize data entry errors and validate input data
Reduces Control Testing Frequency
Decreases the number of times controls need to be tested
Traditional Models
Different departments using different systems that do not communicate with each other
Purchased ERPs
ERPs that are bought from a vendor
Real-Time ERPs
ERPs that process data immediately as it is entered
ETL Process
Extract, Transform, Load process used to prepare data for analysis
Quicker Implementation
Faster to implement compared to developing an ERP in-house
GDPR
General Data Protection Regulation, a regulation that protects the privacy and data of EU citizens
GLBA
Gramm-Leach-Bliley Act, a regulation that requires financial institutions to protect customer information
HIPAA
Health Insurance Portability and Accountability Act, a regulation that protects patient health information
IDEA
Integrated Data Extraction and Analysis, a tool used for data analytics
ERP Systems
Integrated software packages designed to meet an organization's information needs
Lower Cost
Less expensive compared to developing an ERP in-house
Mobile Code
Malicious programs that move from computer to computer, modifying systems without consent
Comprehensive Cybersecurity Measures
Measures taken to protect against cyber risks and attacks
Reduces Manual Errors
Minimizes the likelihood of errors made by humans
OLAP
Online Analytical Processing, a technology used for data analysis and reporting
OLTP
Online Transaction Processing, a technology used for real-time transaction processing
Threat Modeling
Optimizing network security by identifying vulnerabilities and developing countermeasures
SOC 2 Reports
Optional reports available to all service providers, focused on systems significant to the company's operations
SOC 3 Reports
Optional reports focused on high-level view of systems significant to the company's operations
PCI Regulation
Payment Card Industry Data Security Standard, a regulation that secures cardholder data
Analytical Procedures
Procedures used to analyze data and identify anomalies
Batch Processing
Processing data in batches at a later time
Best Practices
Recommended methods or techniques that are considered the most effective
Cyber Regulations
Regulations related to cybersecurity and data protection
SOC 1 Reports
Reports required by SOX for public companies, focused on internal control over financial reporting
Type I Reports
Reports that assess the design and as-of a specific date
Type II Reports
Reports that assess the design and operating effectiveness over a period of time
Cyber Disclosure Requirements
Requirements for disclosing cyber risks and incidents in financial statements
Less Time to Test Controls
Requires less time to test the effectiveness of controls
Cloud Service Risks
Risks associated with using cloud services for data storage and processing
Regulation
Rules and guidelines set by governing bodies
SOX
Sarbanes-Oxley Act, a regulation that requires public companies to have internal controls over financial reporting
Output Spooling
Saving output to a magnetic disk instead of sending it directly to an output device
SOC Reports
Service Organization Control reports that provide information about controls at a service organization
Malware Software
Software that attackers load onto IT systems to perform malicious activities
Ransomware
Software that encrypts data or programs and demands a ransom for access
Frameworks
Structured approaches to achieving specific goals
Efficiency
The ability to accomplish a task with minimal wasted effort or resources
Accuracy
The correctness or precision of data or information
ITGC Environment
The effectiveness of the IT General Controls environment
Financial Statement Account Balances
The final balances of accounts in the financial statements
A/R and A/P Process Flows
The flow of accounts receivable and accounts payable processes in ERPs compared to traditional models
Audit Implications
The impact on the audit process due to the presence of application controls
Risk Response
The implementation of actions to address identified risks
System Application Complexity
The level of complexity of the system application
IT Governance
The management and assessment of strategic IT resources within an organization
Risk Monitoring
The ongoing process of tracking and evaluating risks
Cyber Risks
The possibility of technologies, processes, and practices being compromised or circumvented
Risk Evaluation
The process of determining appropriate actions based on the significance of a specific risk exposure
Risk Assessment
The process of evaluating and identifying risks
Risk Analysis
The process of identifying valuable information assets, vulnerabilities, and estimating potential losses
Risk Management
The process of identifying, assessing, and prioritizing risks
Transaction Processing
The process of recording and handling transactions in a system
Reliability
The quality of being trustworthy and accurate
Data Localization
The requirement to store data within a specific geographic location
Completeness
The state of being whole or having all necessary parts
Cyber Security
The technologies, processes, and practices designed to protect IT systems and information
Record Count
The total number of records contained in a batch
Hash Total
The total of a non-financial field
Control Total
The total value of a financial field
Interaction
The way in which two or more things or people affect each other
Defense in Depth
Using multiple layers of defense to protect assets
Visualizations
Visual representations of data that make patterns and trends apparent