Page 128 - ITGC_Audit Guides
P. 128

group of practices or procedures. [Internal Auditing: Assurance & Advisory Services , 4th
                       edition]
                   fraud* — Any illegal act characterized by deceit, concealment, or violation of trust. These acts
                       are not dependent upon the threat of violence or physical force. Frauds are perpetrated by
                       parties and organizations to obtain money, property, or services; to avoid payment or loss
                       of services; or to secure personal or business advantage.
                   governance* — The combination of processes and structures implemented by the board to
                       inform, direct, manage, and monitor the activities of the organization toward the
                       achievement of its objectives.

                   hosting — Providing the physical and logical infrastructure to run software applications that have
                       distributed users.

                   identifier — Unique data used to represent a person’s identity and associated attributes. A name
                       or a card number are examples of identifiers. A unique label used by a system to indicate a
                       specific entity, object, or group [NIST SP 800-53r5 Glossary].
                   industrial control system — General term that encompasses several types of control systems,
                       including supervisory control and data acquisition systems, distributed control systems,
                       and other control system configurations such as programmable logic controllers found in
                       the industrial sectors and critical infrastructures. An industrial control system consists of
                       combinations of control components (like electrical, mechanical, hydraulic, and pneumatic)
                       that act together to achieve an industrial objective (such as manufacturing, or the
                       transportation of matter or energy) [NIST SP 800-53r5 Glossary].
                   information technology controls* — Controls that support business management and
                       governance as well as provide general and technical controls over information technology
                       infrastructures such as applications, information, infrastructure, and people.

                   information technology governance* — Consists of the leadership, organizational structures,
                       and processes that ensure that the enterprise’s information technology supports the
                       organization’s strategies and objectives.

                   inherent risk — The combination of internal and external risk factors in their pure, uncontrolled
                       state, or, the gross risk that exists, assuming there are no internal controls in place [Internal
                       Auditing: Assurance & Advisory Services, 4th ed.]

                   integrity [of systems or data] — The guarding against improper information modification or
                       destruction, and includes ensuring information nonrepudiation and authenticity [ISACA
                       Glossary].

                   interface — Common boundary between independent systems or modules where interactions
                       take place [NIST SP 800-53r5 Glossary].
                   internal audit activity* — A department, division, team of consultants, or other practitioner(s)
                       that provides independent, objective assurance and consulting services designed to add
                       value and improve an organization’s operations. The internal audit activity helps an
                       organization accomplish its objectives by bringing a systematic, disciplined approach to




                   28 — theiia.org
   123   124   125   126   127   128   129   130   131   132   133