Capacity stress testing
Testing an application with large quantities of data to evaluate its
performance during peak periods. It is also called volume testing.
Capitalized
Recorded as an asset. A capitalized lease is in substance
a purchase to the lessee. An asset is recorded equal to the present
value of the lease payments, which is also recorded as a liability.
Payments, partly interest and partly principal, are made on the lease
liability. The lease asset is depreciated by the lessee as though
it is legally owned by the lessee.
Card swipes
A physical control technique that uses a secured card or ID to gain
access to a highly sensitive location. Card swipes, if built correctly,
act as a preventative control over physical access to those sensitive
locations. After a card has been swiped, the application attached
to the physical card swipe device logs all card users that try to
access the secured location. The card swipe device prevents unauthorized
access and logs all attempts to enter the secured location.
Check register
A listing of checks issued, normally in numeric sequence
and in order by date issued.
Classification
Arrangement or grouping.
Collateralize
To pledge property as security (collateral) for a debt.
Collusion
A secret agreement between two or more parties for fraud
or deceit.
Comparability
Users evaluate accounting information by comparison. Similar
companies account for similar transactions in similar ways. Another
goal is comparison of one company's information from one period to
the next (consistency). Operating trends should not be disguised by
changing accounting methods.
Compare
Similarities and differences among items.
Comparison program
A program for the examination of data, using logical or conditional
tests to determine or to identify similarities or differences.
Compensating balance
An offsetting balance. A requirement by some banks that a
borrower maintain a minimum balance in a checking or savings account
as a condition of a loan.
Compensating control
An internal control that reduces the risk of an existing or potential
control weakness resulting in errors and omissions.
Competence
Competent audit evidence is valid and reliable.
Compile
A compilation is presenting in the form of financial statements
information that is the representation of management without expressing
assurance. Compilation of a financial projection is assembling prospective
statements based on assumptions of a responsible party, considering
appropriateness of presentation, and issuing a compilation report.
No assurance is provided on the statements or underlying assumptions.
Completeness
Assertions about completeness deal with whether all transactions
and accounts that should be in the financial statements are included.
For example, management asserts that all purchases of goods and services
are included in the financial statements. Similarly, management asserts
that notes payable in the balance sheet include all such obligations
of the entity.
Completeness check
A procedure designed to ensure that no fields are missing from a record.
Compliance
Following applicable rules or laws.
Compliance testing
Tests of control designed to obtain audit evidence on both the effectiveness
of the controls and their operation during the audit period.
Compliance Audits
This type of audit determines the degree of a unit’s
adherence to laws, regulations, policies, and procedures. Recommendations
often call for improvement in processes and controls intended to ensure
compliance with regulations and College’s policies.
Computer controls
Internal controls performed by computer (software controls)
as opposed to manual controls. Also means general and application
controls over the computer processing of data.
Condensed financial statements
Presented in considerably less detail than complete financial
statements.
Confidentiality
Confidentiality concerns the protection of sensitive information from
unauthorized disclosure.
Confirm
Communication with parties to authenticate internal evidence.
Consistency
To achieve comparability of information over time, the same
accounting methods must be followed. If accounting methods are changed
from period to period, the effects must be disclosed.
Consulted
Sought advice or information.
Consulting services
Include consultations, advisory services, implementation
services, product services, transaction services, and staff and support
services.
Contingency
An existing condition involving uncertainty as to possible
gain or loss that will be resolved by future events. Estimates, such
as the useful life of an asset, are not contingencies. Eventual expiration
of the asset's utility is not uncertain.
Continuing auditor
The auditor of the current year who also audited the financial
statements for the previous year.
Continuing accounting significance
Matters of continuing accounting significance are those normally
included in the permanent audit documentation, such as the analysis
of balance sheet accounts, and those relating to contingencies. Such
information from a prior year is used by the auditor in the current
year's audit and is updated each year.
Continuity
The acts preventing, mitigating and recovering from disruption. The
terms business resumption planning, disaster recovery planning and
contingency planning also may be used in this context; they all concentrate
on the recovery aspects of continuity.
Continuous auditing approach
This approach allows auditors to monitor system reliability on a continuous
basis and to gather selective audit evidence through the computer.
Control
A policy or procedure that is part of internal control, implemented
to achieve a related control objective.
Control environment
Attitude, awareness, and actions of the board, management,
owners, and others about the importance of control. This includes
integrity and ethical rules, commitment to competence, board or audit
committee participation, organizational structure, assignment of authority
and responsibility, and human resource policies and practices.
Control group
Members of the operations area that are responsible for the collection,
logging and submission of input for the various user groups.
Control objective
The objectives of management that are used as the framework for developing
and implementing controls (control procedures).
Control policies and procedures
Control activities are the policies and procedures that help
ensure management directives are carried out. Those pertinent to an
audit include performance reviews, information processing, physical
controls and segregation of duties.
Control risk
The risk that an error which could occur in an audit area, and which
could be material, individually or in combination with other errors,
will not be prevented or detected and corrected on a timely basis
by the internal control system.
Control weakness
A deficiency in the design or operation of a control procedure. Control
weaknesses can potentially result in risks relevant to the area of
activity not being reduced to an acceptable level Control weaknesses
can be material when the design or operation of one or more control
procedures does not reduce to a relatively low level the risk that
misstatements caused by illegal acts or irregularities may occur and
not be detected by the related control procedures.
Controller
An officer who supervises financial affairs of an entity.
In internal control the controller is often the person with general
ledger responsibilities.
Corporate governance
The structure through which the objectives of an organization are
set, the means of attaining those objectives are provided, determines
performance monitoring guidelines, and encouraging to use resources
efficiently.
Corrective controls
These controls are designed to correct errors, omissions and unauthorized
uses and intrusions, once they are detected.
Corroborate
To strengthen with other evidence, to make more certain.
COSO
A report on "Internal Control—An Integrated Framework"
sponsored by the Committee of Sponsoring Organizations of the Treadway
Commission in 1992. It provides guidance and a comprehensive framework
of internal control for all organizations.
Criteria
The standards and benchmarks used to measure and present the subject
matter and against which the IS auditor evaluates the subject matter.
Criteria should be: Objective—free from bias; measurable—provide
for consistent measurement; complete—include all relevant factors
to reach a conclusion; relevant—relate to the subject matter.
Current ratio
Total current assets divided by total current liabilities.
Custodian
One who has possession or is in charge of something. Some
entities entrust marketable investment securities to a bank, which
is custodian of the company's securities.
Custody
Possession.
Cutoff
Designating a point of termination. An auditor uses tests
of cutoff to obtain evidence that transactions for each year are included
in the financial statements of the appropriate year.
