Sabotage
Deliberate act of destruction of property or disruption of normal
College operations. Malicious, intentional, and willful destruction
or defacing of public or private property.
Salami technique
A method of computer fraud involving a computer code that instructs
the computer to slice off small amounts of money from an authorized
computer transaction and reroute this amount to the perpetrator's
account.
Sample size
The number of population items selected when a sample is
drawn from a population.
Sampling error
Unless the auditor examines 100% of the population, there
is some chance the sample results will mislead the auditor. This risk
is sampling error. The larger the sample, the less chance of sampling
error and the greater the reliability of the results.
Sampling risk
The probability that the auditor has reached an incorrect conclusion
because an audit sample, rather than the whole population, was tested.
While sampling risk can be reduced to an acceptably low level by using
an appropriate sample size and selection method, it can never be eliminated.
Sarbanes-Oxley Act
Established the Public Company Accounting Oversight Board
and added requirements for publicly traded companies, their officers,
boards and auditors. It increased penalties for corporate financial
fraud.
‘SAS’ Statements on Auditing
Standards
Interpretations of U.S. generally accepted auditing standards.
Scope
The type of engagement. The scope of an engagement might
be a review, an audit, or a compilation. A scope limitation is a restriction
on the evidence the auditor can gather.
Scope paragraph
The paragraph in the audit report that explains the scope
of the engagement. The wording of the standard scope paragraph is:
"We conducted our audit in accordance with U.S. generally accepted
auditing standards. Those standards require that we plan and perform
the audit to obtain reasonable assurance about whether the financial
statements are free of material misstatement. An audit includes examining,
on a test basis, evidence supporting the amounts and disclosures in
the financial statements. An audit also includes assessing the accounting
principles used and significant estimates made by management, as well
as evaluating the overall financial statement presentation. We believe
that our audit provides a reasonable basis for our opinion."
Security administrator
The person responsible for implementing, monitoring and enforcing
security rules established and authorized by management.
Security policy
The set of management statements that documents an organization's
philosophy of protecting its computing and information assets, or
the set of security rules enforced by the system's security features.
Segregation/separation of duties
Assigning different people the responsibilities of authorizing transactions,
recording transactions, and maintaining custody of assets. Segregation
of duties reduces the opportunities for one person to both perpetrate
and conceal errors or fraud.
Sequence check
Verifies that the control number follows sequentially and any control
numbers out of sequence are rejected or noted on an exception report
for further research (can be alpha or numeric and usually utilizes
a key field).
Sequential file
A computer file storage format in which one record follows another.
Records can be accessed sequentially only. It is required with magnetic
tape.
Service level agreement ( SLA )
Defined minimum performance measures at or above which the service
delivered is considered acceptable.
Service provider
The organization providing the outsourced service.
Service user
The organization using the outsourced service.
Sexual harassment
A form of sex discrimination that may include unwelcome sexual advances,
requests for sexual favors, and other verbal or physical conduct of
a sexual nature.
Shell
The interface between the user and the system.
Shipping document
A document prepared when goods are shipped. It lists the
date shipped, the customer, method of shipment, and quantities and
specifications of goods shipped.
Signatures
Patterns indicating misuse of a system.
Smart card
A small electronic device that contains electronic memory, and possibly
an embedded integrated circuit. It can be used for a number of purposes
including the storage of digital certificates or digital cash, or
it can be used as a token to authenticate users.
SMTP (Simple Mail Transport Protocol)
The standard e-mail protocol on the Internet.
Software
Programs and supporting documentation that enable and facilitate use
of the computer. Software controls the operation of the hardware.
Source code
Source code is the language in which a program is written. Source
code is translated into object code by assemblers and compilers. In
some cases, source code may be converted automatically into another
language by a conversion program. Source code is not executable by
the computer directly. It must first be converted into a machine language.
Specialist
An expert at activities not usually done by auditors (such
as an appraiser for valuation).
Statistical sampling
A method of selecting a portion of a population, by means of mathematical
calculations and probabilities, for the purpose of making scientifically
and mathematically sound inferences regarding the characteristics
of the entire population.
Stop-or-go sampling
Taking a sample from a population and checking after each
sample item is drawn whether the sample supports a desired conclusion.
Sampling ceases as soon as that conclusion is supported.
Structured programming
A top-down technique of designing programs and systems. It makes programs
more readable, more reliable and more easily maintained.
Structured Query Language (SQL)
The primary language used by both application programmers and end
users in accessing relational databases.
Subsidiary ledger
The detailed information that totals to the balance in the
general ledger account. The total of all customer accounts receivable
included in the subsidiary ledger of accounts receivable is the balance
in the general ledger accounts receivable account.
Substantiated
Supported with proof or evidence.
Substantive
A substantive audit procedure is a direct test of a financial
statement balance.
Substantive testing
Tests of detailed activities and transactions, or analytical review
tests, designed to obtain audit evidence on the completeness, accuracy
or existence of those activities or transactions during the audit
period.
Sufficient
A measure of the quantity of audit evidence. The independent auditor's
objective is to obtain sufficient competent evidence to provide a
reasonable basis for forming an opinion.
Suppliers
Provide goods or services to an audited entity. Sometimes called vendors.
SYN (synchronize)
A flag set in the initial setup packets to indicate that the communicating
parties are synchronizing the sequence numbers used for the data transmission.
System flowcharts
System flowcharts are graphical representations of the sequence of
operations in an information system or program. Information system
flowcharts show how data from source documents flow through the computer
to final distribution to users. Symbols used should be the internationally
accepted standard. System flowcharts should be updated when necessary.
System narratives
System narratives provide an overview explanation of system flowcharts,
with explanation of key control points and system interfaces.
System testing
A series of tests designed to ensure that the modified program interacts
correctly with other system components. These test procedures typically
are performed by the system maintenance staff in their development
library.
