A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #
A.
(Top)
B
(Top)
C
COBIT - Control Objectives for Information and related Technology
A framework for IT governance. Version 4.0 is the current release. See www.isaca.org.
Control Environment
It is how executives and other management personnel feel about internal control. Are controls frequently bypassed? Is management concerned with the proper implementation of a control structure?
COSO - Committee of Sponsoring Organizations
Compensating Control
An internal control that reduces the risk of a weakness in another control resulting in errors. (source: isaca.org)
(Top)
D
(Top)
E
(Top)
F
(Top)
G
GAS / GAGAS - Government Auditing Standards
Paragraph 1.01 of the Government Auditing Standards states that the standards are 'intended for use by government auditors to ensure that they maintain competence, integrity, objectivity, and independence in planning, conducting, and reporting their work, and are to be followed by auditors and audit organizations when required by law, regulation, contract, agreement, or policy.'
The standards were most recently updated in 2003 and are often referred to as the 'Yellow Book'. The 2007 revision of the standards has been released and becomes mandatory in January of 2008. It is the policy of the Council Auditor's Office to adhere to the Yellow Book standards.
(Top)
H
(Top)
I
Internal Control
Paragraph 2.11 of the Government Auditing Standards states that internal control 'includes the processes and procedures for planning, organizing, directing, and controlling program operations, and the system put in place for measuring, reporting, and monitoring program performance.'
An organization's internal controls are the responsibility of management. The control environment is the 'tone from the top' and is how management views internal control and its significance.
Auditor's Role
Internal audit's role is to examine and report on the effectiveness of management's internal controls, noting weaknesses that may put the organization at increased risk.
Internal Control Weakness
A weakness in the design, implementation or execution of an internal control.
(Top)
J
(Top)
K
(Top)
L
(Top)
M
(Top)
N
(Top)
O
(Top)
P
Principle of Least Privilege
DoD 5200.28-STD - Department of Defense Trusted Computer System Evaluation Criteria describes least privilege as follows :
'This principle requires that each subject in a system be granted the most restrictive set of privileges (or lowest clearance) needed for the performance of authorized tasks. The application of this principle limits the damage that can result from accident, error, or unauthorized use.'
In other words, permissions for a user should be limited to the lowest possible permissions necessary to accomplish his/her job function.
(Top)
Q
(Top)
R
Reconcile
(Top)
S
Separation of Duties
Where segregation of duties is unattainable, compensating controls should be implemented.
(Top)
T
Tone at the Top
'Tone at the top refers to the ethical atmosphere that is created in the workplace by the organization's leadership. Whatever tone management sets will have a trickle-down effect on employees of the company. If the tone set by managers upholds ethics and integrity, employees will be more inclined to uphold those same values. However, if upper management appears unconcerned with ethics and focuses solely on the bottom line, employees will be more prone to commit fraud because they feel that ethical conduct is not a focus or priority within the organization. Employees pay close attention to the behavior and actions of their bosses, and they follow their lead. In short, employees will do what they witness their bosses doing.' (source: afce.com)
(Top)
U
(Top)
V
(Top)
W
(Top)
X
(Top)
Y
(Top)
Z
(Top)
#