Threat - ANSWER-Any potential adverse event that could harm an organization or its
accounting information system
Exposure (Impact) - ANSWER-The potential dollar loss if a threat occurs
Likelihood - ANSWER-Probability that a threat will occur
Accounting Information System (AIS) - ANSWER-System that collects, stores,
processes data, and provides controls and information
Data Transformation - ANSWER-Process of converting raw data into meaningful
information
Control Objective - ANSWER-Goal of AIS controls to ensure reliability, security, and
efficiency of information
Internal Control - ANSWER-Processes designed to provide reasonable assurance that
organizational objectives are achieved
Safeguarding Assets - ANSWER-Protecting company resources from theft, loss, or
misuse
Reliable Information - ANSWER-Ensuring financial and operational data is accurate and
trustworthy
Operational Efficiency - ANSWER-Improving the effectiveness and productivity of
business processes
Regulatory Compliance - ANSWER-Following laws and regulations such as SOX and
FCPA
General Controls - ANSWER-IT controls that ensure the stability and proper
management of the AIS environment
Application Controls - ANSWER-Controls that ensure transaction-level accuracy,
validity, and completeness
Data Integrity - ANSWER-Ensuring data is accurate, complete, and valid
, Data Processing Integrity Control - ANSWER-Controls ensuring transactions are
processed correctly
Access Control - ANSWER-Restricts user access to authorized data and functions
Encryption - ANSWER-Method of protecting data by converting it into unreadable form
Tokenization - ANSWER-Replacing sensitive data with non-sensitive identifiers
Backup Procedures - ANSWER-Creating copies of data for recovery
Disaster Recovery - ANSWER-Process of restoring systems after a major failure
Preventive Control - ANSWER-Control designed to stop errors or fraud before they
occur
Detective Control - ANSWER-Control that identifies errors or fraud after they occur
Corrective Control - ANSWER-Control that fixes problems and restores normal
operations
FCPA (Foreign Corrupt Practices Act) - ANSWER-Law requiring internal controls to
prevent bribery and ensure accurate financial records
SOX (Sarbanes-Oxley Act) - ANSWER-Law strengthening internal controls and financial
reporting for public companies
CEO Certification - ANSWER-Requirement that CEO confirms financial statements are
accurate and not misleading
Audit Committee - ANSWER-Independent group overseeing financial reporting and
audits
Control Framework - ANSWER-Structured model used to design and evaluate internal
controls
COSO Framework - ANSWER-Widely used framework for enterprise internal control
and risk management
COBIT Framework - ANSWER-IT governance framework for managing enterprise
technology
COSO-ERM - ANSWER-Risk-based extension of COSO focused on enterprise risk
management
NIST CSF - ANSWER-Cybersecurity framework guiding risk-based security governance
Control Environment - ANSWER-Foundation of internal control including ethics,
structure, and leadership
Ethical Culture - ANSWER-Organizational commitment to integrity and ethical behavior
Segregation of Duties - ANSWER-Dividing responsibilities to reduce fraud risk
Board Oversight - ANSWER-Governance role ensuring accountability and control
effectiveness
Risk - ANSWER-Event that could negatively affect achieving objectives
Likelihood - ANSWER-Probability of a risk occurring
Impact - ANSWER-Severity of loss if a risk occurs
Inherent Risk - ANSWER-Risk before controls are applied
Residual Risk - ANSWER-Risk remaining after controls are applied
Risk Assessment - ANSWER-Process of identifying and evaluating risks
Risk Appetite - ANSWER-Level of risk an organization is willing to accept
Risk Response - ANSWER-Strategy for addressing risk (reduce, accept, share, avoid)
Event Identification - ANSWER-Process of recognizing potential risk events
Control Activities - ANSWER-Policies and procedures that mitigate risks
Authorization Control - ANSWER-Ensuring transactions are approved before execution