Phishing – Phishing uses social engineering techniques to solicit sensitive personal information
            from unsuspecting users. Phishing emails are crafted to appear as if they have been sent from a
            legitimate organization or known individual. These emails often attempt to entice users to click
            on a link that will take the user to a fraudulent website that appears legitimate. The site may then
            ask users for personal information, such as account usernames and passwords, that can be
            used maliciously. These fraudulent websites may also contain malicious code.

            Process controls – Controls that are employed during the application processing of data to filter
            anomalies. These controls are used to ensure the validity and reliability of data being processed
            and stored.

            Quantitative analysis – The broad term used for the collection, organization, analysis,
            interpretation, and presentation of data.

            Ransomware – A type of malicious software, or malware, designed to deny access to a
            computer system or data until a ransom is paid.

            Real-time data warehouse – A Real-Time Data Warehouse captures and provides data in more or
            less real time.

            Regression – A statistical tool for measuring the relation between variables. In business,
            regression is generally used either for forecasting or optimization. Regressions range from
            simple models to highly complex equations.

            Relevant assertions – SAS No. 106, Audit Evidence, (AU section 326; Audit Evidence: Auditing
            Interpretations of Section 326 (AU sec. 9326), defines relevant assertions as those assertions
            that have a meaningful bearing on whether the account is stated fairly.

            Risk of material misstatement – The risk of material misstatement (RMM) is defined as the risk
            that an account balance, class of transactions or disclosures, and relevant assertions are
            materially misstated. Misstatements can result from errors or fraud.
            The RMM consists of two components which are Inherent Risk and Control Risk.

            Using the audit risk model to illustrate this concept: Inherent Risk x Control Risk = RMM

            Auditors describe RMM as the combined assessment of inherent risk and control risk. However,
            auditors may make a separate assessment of inherent risk and control risk.

            Significant deficiency – A significant deficiency (SD) is a control deficiency, or combination of
            control deficiencies, that adversely affects the entity's ability to initiate, authorize, record,
            process, or report financial data reliably in accordance with generally accepted accounting
            principles such that there is more than a remote likelihood that a misstatement of the entity's
            financial statements that is more than inconsequential will not be prevented or detected. Source:
            AICPA, http://www.aicpa.org/download/members/div/auditstd/AU-00325.PDF
            SME – A subject-matter expert. One who has the knowledge, skills, and abilities to professionally
            address issues related to the topic.





            © 2019 Association of International Certified Professional Accountants. All rights reserved.    Glossary 9