Page 145 - CITP Review
P. 145

Glossary of CITP Terms



            Advanced persistent threat – A large-scale attack that takes place over an extended period of
            time, generally for the purpose of espionage or financial or political gain.

            Application controls – Application Controls are internal controls, whether automated or manual,
            that operate at the transaction-level with the objectives of ensuring that

              Proper authorization is obtained to initiate and enter transactions;
              Applications are protected from unauthorized access;
              Users are only allowed access to those data and functions in an application that they should
               have access to;
              Errors in the operation of an application will be prevented or detected and corrected in a
               timely manner;
              Application output is protected from unauthorized access or disclosure;
              Reconciliation activities are implemented when appropriate to ensure that information is
               complete and accurate; and
              High-risk transactions are appropriately controlled.

            Artificial intelligence – AI is an area of computer science study that involves automated
            reasoning and problem solving, emulating human intelligence.

            Attribute – A characteristic of something in a data file. For example, the part number of an
            inventory item is an attribute of the item. Also referred to as a field or a column in relational
            databases.

            Audit data analytics – A technique that can be used to enhance relevancy and value of the
            financial statement audit and in continuing to improve audit quality. Large data sets can now be
            analyzed for audit relevancy by way of technology advancements and the proliferation of
            mainstream analytical software solutions. This data can be internally and externally sourced,
            and leveraged by internal and external auditors to produce audit evidence.

            Automated control – Controls automation involves leveraging technology to build and enforce
            internal controls with the least manual intervention possible. It can take many forms, including
            better use of available system configuration options of the kind common in enterprise resource
            planning (ERP) systems, to using workflow and imaging technologies to automate and drive
            processes from start to completion.

            Availability – A core area of the information security triad that is about the systems,
            technologies, and associated processes and data being available when needed for business
            operations.
            Balanced scorecard – BSC is a holistic performance measuring and managing methodology
            combining financial, customer, internal processes, and learning/growth objectives into a single
            report.

            Brute force attack – A malicious actor tries to access an account by guessing the password.



            © 2019 Association of International Certified Professional Accountants. All rights reserved.    Glossary 1
   140   141   142   143   144   145   146   147   148   149   150