misstatement individually as well as in aggregate with other misstatements, assuming there are
            no related controls.

            Input controls – Controls that are employed at the data entry stage and are used to filter bad
            data or missing data — that is, the controls are used to validate and verify data, as much as
            possible, as it is input into the system.
            Insider threat – An insider with authorized access to a network or system who could, purposely
            or unknowingly, harm or damage that network or system through the alteration, destruction, or
            disclosure of data.

            Integrity – A core area of the information security triad that focuses on the accuracy and
            reliability of data, the systems and processes that generate it, and the information produced
            from data.

            Internal control – Internal control is a process, affected by an entity’s board of directors,
            management and other personnel, designed to provide reasonable assurance regarding the
            achievement of objectives in the following categories:

              Effectiveness and efficiency of operations
              Reliability of financial reporting
              Compliance with applicable laws and regulations

            Key Concepts:

              Internal control is a process. It is a means to an end, not an end in itself.
              Internal control is affected by people. It’s not merely policy manuals and forms, but people at
               every level of an organization.
              Internal control can be expected to provide only reasonable assurance, not absolute
               assurance, to an entity’s management and board.
              Internal control is geared to the achievement of objectives in one or more separate but
               overlapping categories.

               Source: COSO; http://www.coso.org/IC.htm


            For additional resources on internal control over financial reporting visit www.cpa2biz.com for:
              Internal Control—Integrated Framework (product no. 990012kk), a paperbound version of the
               COSO report that established a common definition of internal control different parties can
               use to assess and improve their control systems.
               [http://www.cpa2biz.com/AST/Main/CPA2BIZ_Primary/
               InternalControls/COSO/PRDOVR~PC-990009/PC-990009.jsp]
              Financial Reporting Fraud: A Practical Guide to Detection and Internal Control (product no.
               029879kk), a paperbound publication for CPAs in both public practice and industry.
               [http://www.cpa2biz.com/AST/Main/CPA2BIZ_Primary/FinancialManagement/Finance/Fina
               ncialReporting/PRDOVR~PC-029879/PC-029879.jsp]
              In July 2006, COSO released its guidance, "Internal Control over Financial Reporting—
               Guidance for Smaller Public Companies," which may assist companies and auditors in
               understanding the applicability of the COSO Framework to smaller entities. This publication
               can be ordered from the www.cpa2biz.com or through any of the sponsoring organizations.



            © 2019 Association of International Certified Professional Accountants. All rights reserved.    Glossary 6