Access control
The process that limits and controls access to resources of a computer system or physical facilities; a logical or physical control designed to protect against unauthorized entry or use. Access control can be defined by the system (mandatory access control, or MAC) or defined by the user who owns the object (discretionary access control, or DAC).
Access rights
Also called permissions or privileges are the rights granted to users by the administrator or supervisor. Access rights determine the actions users can perform, such as read, write, execute, create, and delete on files in shared volumes or files shared on the server.
Accountability
Ability to map a given activity or event back to the responsible party. Responsibility to account for and/or explain actions undertaken.
Accounting data
Journals, ledgers and other records, such as spreadsheets, that support financial statements. It may be in computer readable form or on paper.
Accounting estimate
Approximation of a financial statement element. Estimates are included in historical financial statements because some amounts are uncertain pending outcome of future events and relevant data about events that have occurred cannot be accumulated on a timely, cost-effective basis.
Accounting principles
Alternative ways of reporting and disclosing information in financial statements and related footnotes.
Accounts receivable
Debts due from customers from sales of products or services. Accounts receivable are normally a current asset.
Active recovery site (mirrored)
Recovery strategy that involves two active sites, each capable of taking over the other's workload in the event of a disaster. Each site will have enough idle processing power to restore data from the other site and to accommodate the excess workload in the event of a disaster.
Adjusting entries
Accounting entries made at the end of an accounting period to allocate items between accounting periods, or to correct wrong journal entries, ledgers, or records detected during an accounting period.
Administrative controls
Actions/controls dealing with operational effectiveness, efficiency and adherence to regulations and policies.
Administrative internal control review
Review focusing on the activities at the departmental level that are components of major business activities, such as payroll, benefits, cash handling, inventory, equipment and their physical security, grants, contracts, and financial reporting.
Adverse
Audit opinion that the financial statements, as a whole, are not in conformity with U.S. Generally Accepted Accounting Principles – GAAP.
Advisory services
Consulting service in which the counselor develops findings and recommendations, presented for client decision-making to enhance the client’s risk management processes.
Alcohol abuse
Improper use of alcohol on the job, or being under the influence of alcohol at work.
Allocation
Distribution according to a plan. Depreciation, amortization, and depletion are methods to allocate costs to periods benefited.
Allowance
A contra asset account with a credit balance used to reduce the carrying amount of accounts receivable to net realizable value. The allowance balance is the estimated total of uncollectible accounts included in accounts receivable.
American Institute of Certified Public Accountants (AICPA)
The professional organization of CPAs in the U.S. It is a private organization of CPAs, not an arm of the government. Each state issues CPA certificates, not the AICPA. Since each state makes its own laws, each state could prepare and grade their own CPAs examination. However, each state uses the uniform CPA exam prepared and graded by the AICPA.
Analytical procedure
A comparison of financial statement amounts with an expectation. An example is to compare actual interest expense for the year with an estimate of what that interest expense should be. If actual interest expense differs significantly from the expectation, the auditor explains the difference in audit documentation.
Analyze
Identify and classify items for further study.
Anonymity
The quality or state of not being named or identified.
Anticipated
Expected.
Antivirus software
Applications that detect, prevent, and possibly remove all known viruses from files located in a microcomputer hard drive.
Appearance of independence
Behavior adequate to meet the situations occurring during audit work (interviews, meetings, reporting, etc.). The auditor should be aware that appearance of independence depends upon the perceptions of others and can be influenced by improper actions or associations.
Application acquisition review
An evaluation of an application system being acquired or evaluated, which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete, accurate and reliable manner; the application will function as intended; the application will function in compliance with any applicable statutory provisions; the system is acquired in compliance with the established system acquisition process.
Application controls
Refer to the transactions and data relating to each computer-based application system and are therefore specific to each such application. The objectives of application controls, which may be manual, or programmed, are to ensure the completeness and accuracy of the records and the validity of the entries made therein resulting from both manual and programmed processing. Examples of application controls include data input validation, agreement of batch totals and encryption of data transmitted.
Application development review
An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete, accurate and reliable manner; the application will function as intended; the application will function in compliance with any applicable statutory provisions.
Application implementation review
An evaluation of any part of an implementation and project maintenance (e.g., project management, test plans, user acceptance testing procedures).
Application system
An integrated set of computer programs designed to serve a particular function that has specific input, processing and output activities (e.g., general ledger, manufacturing resource planning, human resource management).
Approve
To authorize. A manager authorizes a cash payment by signing a voucher providing approval for the disbursement.
Ascertain
Audit procedure to determine or to discover with certainty. For example, to ascertain the date on which an investment was purchased by examining source documents.
Assertion
Management asserts financial statements are correct with regard to existence or occurrence of assets, liabilities or transactions, completeness of information in the financial statements, rights and obligations at a point in time, appropriate valuation or allocation, presentation, and disclosure.
Assess
To determine the value, significance, or extent of.
Assessed determined
The level of control risk determined by the auditor, based on tests of controls, is the assessed level of control risk.
Assurance
The level of confidence one has.
Attest report
In an attest engagement, the auditor issues a written conclusion about the reliability of a written assertion that is the responsibility of another party.
Attitude
Way of thinking, behaving, feeling, etc.
Attorney’s letter
A letter signed by the client's lawyer and addressed to the auditor. It is the auditor's primary means to corroborate information furnished by management about litigation, claims, and assessments.
Attribute sampling
An audit technique used to select items from a population for audit testing purposes based on selecting all those items that have certain attributes or characteristics (such as all items over a certain size).
Audit
The process of generating, recording and reviewing a chronological record of system events to ascertain their accuracy.
Audit accountability
Performance measurement of service delivery including cost, timeliness and quality against agreed service levels.
Audit adjustment
Proposed correction of the financial statements that may not have been detected except through audit procedures.
Audit authority
A statement of the position within the organization, including lines of reporting and the rights of access.
Audit charter
A document which defines the audit activity's responsibility, authority and accountability.
Audit committee
A committee of the board of directors or of external individuals selected from a variety of industries responsible for oversight of the financial reporting process, selection of the independent auditor, and receipt of audit results.
Audit documentation
Records kept by the auditor of procedures applied, tests performed, information obtained, and pertinent conclusions reached in the engagement. The documentation provides the principal support for the auditor's report.
Audit evidence
The auditor gathers information in the course of performing an audit. The information used by the auditor to meet audit objectives is referred to as audit evidence. Also used to describe the level of risk that an auditor is prepared to accept during an audit engagement.
Audit objectives
The specific goal(s) of an audit. These often center on substantiating the existence of internal controls to minimize business risks.
Audit planning
Developing an overall strategy for the audit. The nature, extent, and timing of planning varies with size and complexity of the entity, experience with the entity, and knowledge of the entity's business.
Audit program
A series of steps to complete an audit objective.
Audit responsibility
The role, scope and objectives documented in the service level agreement between management and audit.
Audit risk
The risk of giving an incorrect audit opinion.
Audit sampling
The application of audit procedures to less than 100 percent of the items within a population to obtain audit evidence about a particular characteristic of the population.
Audit trail
A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source.
Authentication
The act of verifying the identity of a system entity (e.g., a user, a system, a network node) and the entity's eligibility to access computerized information. Designed to protect against fraudulent logon activity. Authentication can also refer to the verification of the correctness of a piece of data.
Availability
Availability relates to information being available when required by the business process now and in the future. It also concerns the safeguarding of necessary resources and associated capabilities.
