Glossary PDF

Summary

This is a glossary of accounting terms, defining various concepts and processes within accounting. It provides definitions of key terms, accompanied by the relevant chapter number where the term is first used.

Full Transcript

Glossary

The chapter in which the term is first defined is set in parentheses following the definition.

A
Access control list: Lists containing information that defines Algorithm: Procedure of shifting each letter in the cleartext
the access privileges for all valid users of the resource. An message by the number of positions that the key value
access control list assigned to each resource controls access indicates. (12)
to system resources such as directories, files, programs, and
printers. (16) Alphabetic codes: Alphabetic characters assigned
sequentially. (8)
Access controls: Controls that ensure that only authorized
personnel have access to the firm’s assets. (3) Alphanumeric codes: Codes that allow the use of pure
alphabetic characters embedded within numeric codes. (8)
Access method: Technique used to locate records and
navigate through the database. (2) Analytical review: Balances to identify relationships between
accounts and risks that are not otherwise apparent. (11)
Access tests: Tests that ensure that the application prevents
authorized users from unauthorized access to data. (17) Anomalies: Negative operational symptoms caused by
improperly normalized tables. (9)
Access token: These contain key information about the user,
including user ID, password, user group, and privileges AP subsidiary ledger: Records controlling the exposure in the
granted to the user. (16) cash disbursements subsystems. (5)

Accounting information systems (AIS): Specialized subset of Application controls: Controls that ensure the integrity of
information systems that processes financial transactions. (1) specific systems. (3)

Accounting record: Document, journal, or ledger used in Application-level firewall: Provides high-level network
transaction cycles. (2) security. (12)

Accounts payable pending file: File containing a copy of the Approved credit memo: The credit manager evaluates the
purchase requisition. (5) circumstances of the return and makes a judgment to grant
(or disapprove) credit. (4)
Accounts receivable (AR) subsidiary ledger: Account
record that shows activity by detail for each account type, Approved sales order: Contains sales order information
and containing, at minimum: customer name; customer for the sales manager to review once the sales order is
address; current balance; available credit; transaction dates; approved. (4)
invoice numbers; and credits for payments, returns, and Architecture description: Formal description of an
allowances. (4) information system that identifies and defines the structural
Accuracy: The state of being free from material error. (3) properties of the system. (13)

Accuracy tests: Tests that ensure that the system processes Archive file: File that contains records of past transactions
only data values that conform to specified tolerances. (17) that are retained for future reference. (2)

Activities: Work performed in a firm. (7) Asset acquisition: Obtaining a new asset or replacing an
existing one. (6)
Activity driver: Factor that measures the activity consumption
by the cost object. (7) Asset disposal: Report describing the final disposition of the
asset. (6)
Activity-based costing (ABC): Accounting technique that
provides managers with information about activities and cost Asset maintenance: Adjusting the fixed asset subsidiary
objects. (7) account balances as the assets (excluding land) depreciate over
time or with usage. (6)
Ad hoc reports: Technology that provides direct-inquiry and
report-generation capabilities. (8) Association: Relationship among record types. (9)
Advanced encryption standard (AES): Also known as Assurance services: Professional services, including the attest
Rijndael, a private key (or symmetric key) encryption function, designed to improve the quality of information, both
technique. (12) financial and nonfinancial, used by decision makers. (1)
Agents: Individuals and departments that participate in an Attendance file: File created by the timekeeping department
economic event. (1) upon receipt of approved time cards. (6)
773
774 GLOSSARY

Attest function: Independent auditor’s responsibility to opine Batch: Group of similar transactions accumulated over time
as to the fair presentation of a client firm’s financial statement. (1) and then processed together. (2)
Attributes: Equivalents to adjectives in the English language Batch control totals: Record that accompanies the sales order
that serve to describe the objects. (9) file through all of the data processing runs. (4)
Audit objectives: Task of creating meaningful test data. (17) Batch controls: Effective method of managing high volumes
Audit procedures: Combination of tests of application of transaction data through a system. (17)
controls and substantive tests of transaction details and Batch systems: Systems that assemble transactions into
account balances. (17) groups for processing. (2)
Audit risk: Probability that the auditor will render unqualified Big bang: Attempt by organizations to switch operations from
opinions on financial statements that are, in fact, materially their old legacy systems to a new system in a single event that
misstated. (17) implements the ERP across the entire company. (11)
Audit trail: Accounting records that trace transactions from
Bill of lading: Formal contract between the seller and
their source documents to the financial statements. (2)
the shipping company that transports the goods to the
Audit trail controls: Ensures that every transaction can be customer. (4)
traced through each stage of processing from its economic
source to its presentation in financial statements. (17) Bill of materials: Document that specifies the types and
quantities of the raw materials and subassemblies used in
Audit trail test: Ensures that the application creates an producing a single unit of finished product. (7)
adequate audit trail. (17)
Billing schemes: Schemes under which an employee causes
Auditing: Form of independent attestation performed by the employer to issue a payment to a false supplier or vendor
an expert who expresses an opinion about the fairness of a by submitting invoices for fictitious goods/services, inflated
company’s financial statements. (1) invoices, or invoices for personal purchases. See shell
company, pass through fraud, and pay-and-return. (3)
Auditor: Expert who expresses an opinion about the fairness
of a company’s financial statements. (1) Biometric devices: Devices that measure various personal
Authenticity tests: Tests verifying that an individual, a characteristics, such as finger, voice, or retina prints, or other
programmed procedure, or a message attempting to access a signature characteristics. (16)
system is authentic. (17) Blind copy: Purchase order copy that contains no price or
Authority: Right to make decisions pertaining to areas of quantity information. (5)
responsibility. (8) Block code: Coding scheme that assigns ranges of values to
Automated storage and retrieval systems (AS/RS): specific attributes such as account classifications. (8)
Computer-controlled conveyor systems that carry raw Bolt-on software: Software provided by third-party vendors
materials from stores to the shop floor and finished used in conjunction with already purchased ERP software. (11)
products to the warehouse. (7)
Botnets: Collections of compromised computers. (12)
Automation: Using technology to improve the efficiency and
effectiveness of a task. (4) Bribery: Giving, offering, soliciting, or receiving things of
value to influence an official in the performance of his or her
lawful duties. (3)
B Budget: Process that helps management achieve its financial
objectives by establishing measurable goals for each
Backbone systems: Basic system structure on which to build. (1)
organizational segment. (8)
Back-order: Records that stay on file until the inventories
Budget master file: Contains budgeted amounts for
arrive from the supplier. Back-ordered items are shipped
revenues, expenditures, and other resources for responsibility
before new sales are processed. (4)
centers. (8)
Back-order file: Contains customer orders for out-of-stock
Business ethics: Pertains to the principles of conduct that
items. (4)
individuals use in making choices and guiding their
Backup controls: Ensure that in the event of data loss due to behavior in situations that involve the concepts of right and
unauthorized access, equipment failure, or physical disaster, wrong. (3)
the organization can recover its files and databases. (16)
Balanced scorecard (BSC): Management system that enables
organizations to clarify their vision and strategy and translate
them into action. (13)
C
Caesar cipher: Earliest encryption method; Julius Caesar is
Base case system evaluation (BCSE): Variant of the test data said to have used it to send coded messages to his generals in
technique in which comprehensive test data are used. (17) the field. (12)
 GLOSSARY 775

Call-back device: Hardware component that asks the caller to Closed sales order file: File of sales order records that
enter a password and then breaks the connection to perform a were closed upon shipment of good to the customer. (4)
security check. (16)
Closed voucher file: File of voucher packets of all paid
Cardinality: Numerical mapping between entity instances. (2) (closed) accounts payable items. (5)
Cash disbursement vouchers: Provide improved control over Cohesion: Number of tasks a module performs. (14)
cash disbursements and allow firms to consolidate several
Cold turkey cutover: Process of converting entirely from an
payments to the same supplier on a single voucher, thus
existing accounting system to a new system on a particular day
reducing the number of checks written. (5)
rather than phasing in the conversion process over time. (14)
Cash disbursements journal: Contains the voucher number
Commodity IT assets: Assets not unique to an organization
authorizing each check and provides an audit trail for verifying
and easily acquired in the marketplace (e.g., network
the authenticity of each check written. (5)
management, systems operations, server maintenance, help-
Cash larceny: Theft of cash receipts from an organization desk functions). (15)
after those receipts have been recorded in the organization’s
Competency analysis: Provides a complete picture of the
books and records. (3)
organization’s effectiveness as seen via four strategic filters:
Cash receipts journal: Records that include details of all cash resources, infrastructure, products/services, and customers. (13)
receipts transactions, including cash sales, miscellaneous cash
Compilers: Language translation modules of the operation
receipts, and cash received. (4)
system. (16)
Centralized data processing: Model under which all data Completeness: For reports, state in which all necessary
processing is performed by one or more large computers, calculations are provided and the message is presented clearly
housed at a central site, that serve users throughout the and unambiguously. (3)
organization. (1)
Completeness tests: Tests identifying missing data within a
Centralized database: Database retained in a central single record and entire records missing from a batch. (17)
location. (9)
Composite key: Composed of two attributes: INVOICE NUM
Certification authorities (CAs): Trusted third parties that and PROD NUM. (9)
issue digital certificates. (12)
Computer ethics: Analysis of the nature and social impact of
Changed data capture: Technique that can dramatically computer technology and the corresponding formulation and
reduce extraction time by capturing only newly modified justification of policies for the ethical use of such technology.
data. (11) Includes details about software as well as hardware and
Chart of accounts: Listing of an organization’s accounts concerns about networks connecting computers as well as
showing the account number and name. (8) computers themselves. (3)

Check digit: Method for detecting data coding errors in which Computer fraud: Theft, misuse, or misappropriation of assets
a control digit is added to the code when it is originally by altering computer-readable records and files, or by altering
designed to allow the integrity of the code to be established the logic of computer software; the illegal use of computer-
during subsequent processing. (17) readable information; or the intentional destruction of
computer software or hardware. (15)
Check register: Record of all cash disbursements. (5)
Computer numerical control (CNC): Computer-controlled
Check tampering: Forging, or changing in some material machines that replace skilled labor. The computer contains
way, a check that was written to a legitimate payee. (3) programs for all parts being manufactured by the machine. (7)
Checkpoint feature: Feature that suspends all data processing Computer-aided design (CAD): Use of computers to design
while the system reconciles the transaction log and the products to be manufactured. (7)
database change log against the database. (16)
Computer-aided manufacturing (CAM): Use of computers
Client-server model: Form of network topology in which in factory automation. (7)
a user’s computer or terminal (the client) accesses the
ERP programs and data via a host computer called the Computer-aided software engineering (CASE): Use of
server. (11) computer systems to design and code computer software. (14)

Closed accounts payable file: Record of all accounts Computer-assisted audit tools and techniques (CAATTs):
payable that have been discharged by making payment to Use of computers to illustrate how application controls are
the creditors. (5) tested and to verify the effective functioning of application
controls. (17)
Closed database architecture: Database management system
used to provide minimal technological advantage over flat file Computer-integrated manufacturing (CIM): Completely
systems. (11) automated environment. (7)

Closed purchase order file: File of purchase order records Conceptual system: Production of several alternative designs
that were closed upon receipt of goods. (5) for a new system. (1)
776 GLOSSARY

Conceptual user views: Description of the entire database. (14) Credit records file: Files that provide customer credit data. (4)
Concurrency control: System that ensures that transactions Currency of information: Problem associated with the flat-
processed at each site are accurately reflected in the databases file model because of its failure to update all the user files
at all other sites. (9) affected by a change in status; may result in decisions based
on outdated information. (1)
Conflict of interest: Outline of procedures for dealing with
actual or apparent conflicts of interest between personal and Customer open order file: File containing a copy of the sales
professional relationships. (3) order. (4)
Consolidation: Aggregation or roll-up of data. (11) Customer order: Document indicating the type and quantity
of merchandise being requested. (4)
Construct: Design and building of software that is ready to be
tested and delivered to its user community. This phase Cutover: Process of converting from the old system to the
involves modeling the system, programming the applications, new system. (14)
and application testing. (14)
Cycle billing: Method of spreading the billing process out
Control activities: Policies and procedures to ensure that over the month. (4)
appropriate actions are taken to deal with the organization’s
risks. (3)
Control environment: The foundation of internal control. (3)
Controller: The cash receipts department typically reports to
D
Data: Facts, which may or may not be processed (edited,
the treasurer, who has responsibility for financial assets.
summarized, or refined) and which have no direct effect on
Accounting functions report to the controller. Normally
the user. (1)
these two general areas of responsibility are performed
independently. (4) Data attribute: The most elemental piece of potentially useful
data in the database. (9)
Conversion cycle: Cycle composed of the production system
and the cost accounting system. (2) Data collection: First operational stage in the information
system. (1)
Cookies: Files containing user information that are created by
the web server of the site being visited and are then stored on Data collision: Collision of two or more signals due to
the visitor’s own computer hard drive. (12) simultaneous transmission that destroys both messages from
the transmitting and the receiving nodes. (12)
Core applications: Applications that operationally support
the day-to-day activities of the business. (11) Data currency: When the firm’s data files accurately reflect
the effects of its transactions. (9)
Core competency theory: Theory underlying outsourcing
that posits an organization should focus exclusively on its Data definition language (DDL): Programming language
core business competencies while allowing outsourcing used to define the database to the database management
vendors to manage non-core areas such as IT functions system. (9)
efficiently. (15)
Data dictionary: Description of every data element in the
Corporate IT function: Coordinating IT unit that attempts database. (9)
to establish corporatewide standards among distributed IT
units. (15) Data encryption: Use of an algorithm to scramble selected
data, making it unreadable to an intruder browsing the
Corrective controls: Actions taken to reverse the effects of database. (16)
errors detected. (3)
Data flow diagram: Use of a set of symbols in a diagram
Cost accounting system: Process of tracking, recording, and to represent the processes, data sources, data flows,
analyzing costs associated with the products or activities of an and process sequences of a current or proposed
organization. (7) system. (2)
Cost center: Organizational unit with responsibility for cost Data manipulation language (DML): Language used to
management within budgetary limits. (8) insert special database commands into application programs
written in conventional languages. (9)
Cost objects: Reasons for performing activities. (7)
Data mart: Data warehouse organized for a single department
Cost-benefit analysis: Process that helps management
or function. (11)
determine whether (and by how much) the benefits costs. (13)
Data mining: Process of selecting, exploring, and modeling
Coupling: Measure of the degree of interaction between
large amounts of data to uncover relationships and global
modules. (14)
patterns that exist in large databases but are hidden among
Credit authorization: Consent for authorizing credit. (4) the vast amount of facts. (8)
Credit memo: Document used to authorize the customer to Data model: Blueprint for what ultimately will become the
receive credit for the merchandise returned. (4) physical database. (2)
 GLOSSARY 777

Data modeling: Task of formalizing the data requirements of Denial of service attack (DOS): Assault on a web server to
the business process as a conceptual model. (14) prevent it from servicing its legitimate users. (12)
Data processing: Group that manages the computer Deposit slip: Written notification accompanying a bank
resources used to perform the day-to-day processing of deposit that specifies and categorizes the funds (such as
transactions. (1) checks, bills, and coins) being deposited. (4)
Data redundancy: State of data elements being represented Depreciation schedule: Record used to initiate depreciation
in all user files. (9) calculations. (6)
Data sources: Financial transactions that enter the information
system from both internal and external sources. (1) Design phase: Production of a detailed description of the
proposed system that both satisfies the system requirements
Data storage: Efficient information system that captures and identified during systems analysis and is in accordance with
stores data only once and makes this single source available to the conceptual design. (14)
all users who need it. (1)
Detailed design report: Set of blueprints that specify input
Data structures: Techniques for physically arranging records screen formats, output report layouts, database structures, and
in a database. (2) process logic. (14)
Data updating: Periodic updating of data stored in the files of Detailed feasibility study: Step in the system evaluation and
an organization. (1) selection process where the feasibility factors that were
Data warehouse: Database constructed for quick searching, evaluated on a preliminary basis as part of the systems
retrieval, ad hoc queries, and ease of use. (8) proposal are reexamined. (13)

Database: Physical repository for financial data. (1) Detective controls: Devices, techniques, and procedures
designed to identify and expose undesirable events that elude
Database administrator (DBA): Individual responsible for preventive controls. (3)
managing the database resource. (9)
Digest: Mathematical value calculated from the text content of
Database authorization table: Table containing rules that the message. (16)
limit the actions a user can take. (16)
Digital certificate: Sender’s public key that has been digitally
Database conversion: Transfer of data from its current form signed by trusted third parties. (12)
to the format or medium the new system requires. (14)
Digital envelope: Encryption method in which both DES and
Database lockout: Software control that prevents multiple RSA are used together. (12)
simultaneous access to data. (9)
Digital signature: Electronic authentication technique that
Database management: Special software system that is ensures the transmitted message originated with the
programmed to know which data elements each user is authorized sender and that it was not tampered with after the
authorized to access. (1) signature was applied. (12)
Database management fraud: Altering, deleting, corrupting, Direct access files: Files in which each record has a unique
destroying, or stealing an organization’s data. (3) location or address. (2)
Database management system (DBMS): Software system Direct access structures: Storage of data at a unique location,
that controls access to the data resource. (1) known as an address, on a hard disk or floppy disk. (2)
Database model: Symbolic model of the structure of, and the Disaster recovery plan (DRP): Comprehensive statement of
associations between, an organization’s data entities. (1) all actions to be taken before, during, and after a disaster,
Database tables: Flexible database approach that permits the along with documented, tested procedures to ensure the
design of integrated systems applications capable of continuity of operations. (15)
supporting the information needs of multiple users from a Discovery model: Model that uses data mining to discover
common set of integrated database tables. (1) previously unknown but important information that is hidden
Deadlock: ‘‘Wait’’ state that occurs between sites when data within the data. (8)
are locked by multiple sites that are waiting for the removal Discretionary access privileges: Grants access privileges to
of the locks from the other sites. (9) other users. For example, the controller, who is the owner of
Decision-making process: Cognitive process leading to the the general ledger, may grant read-only privileges to a
selection of a course of action among variations. (8) manager in the budgeting department. (16)

Deep packet inspection (DPI): Program used to determine Disseminating: Providing knowledge to recipients in a usable
when a DOS attack is in progress through a variety of form. (14)
analytical and statistical techniques that evaluate the contents
Distributed data processing (DDP): Reorganizing the
of message packets. (16)
IT function into small information processing units (IPUs)
Deletion anomaly: Unintentional deletion of data from a that are distributed to end users and placed under their
table. (9) control. (1)
778 GLOSSARY

Distributed databases: Databases distributed using either the Embedded audit module (EAM): Technique in which one
partitioned or replicated technique. (9) or more specially programmed modules embedded in a host
application select and record predetermined types of
Distributed denial of services (DDos): A distributed denial transactions for subsequent analysis. (17)
of service (DDos) attack may take the form of a SYN flood or
Smurf attack. The distinguishing feature of the DDos is the Embedded instructions: Instructions contained within the
sheer scope of the event. (12) body of the form itself rather than on a separate sheet. (14)
Distribution level: Internet marketing model that sells and Employee file: File used with the attendance file to create an
delivers digital products to customers. (12) online payroll register. (6)
Document flowchart: Flowchart of the relationship among Employee fraud: Performance fraud by nonmanagement
processes and the documents that flow between them. (2) employee generally designed to directly convert cash or other
Document name: A component of the URL that indicates the assets to the employee’s personal benefit. (3)
name of the file/document. (12) Employee payroll records: System an employer uses to
Documentation: Written description of how the system calculate, track, and report employee pay. (6)
works. (14)
Empty shell: Arrangement that involves two or more user
Domain name: Organization’s unique name combined with a organizations that buy or lease a building and remodel it into
top-level domain (TLD) name. (12) a computer site, but without the computer and peripheral
equipment. (15)
Drill-down: Operations permitting the disaggregation of data
to reveal the underlying details that explain certain Encryption: Use of a computer program to transform a
phenomena. (11) standard message being transmitted into a coded (cipher text)
form. (16)
Duality: An economic exchange represented by a give event
and a corresponding take event. (10) End users: Users for whom the system is built. (1)
Dynamic virtual organization: Electronic partnering of Enterprise resource planning (ERP): System assembled of
business enterprises sharing costs and resources for the prefabricated software components. (1)
purpose of benefits to all parties involved. (12)
Entity: Resource, event, or agent. (2)

E Entity relationship (ER) diagram: Documentation technique
used to represent the relationship among activities and users
Eavesdropping: Listening to output transmissions over in a system. (2)
telecommunications lines. (3) Ethical responsibility: Responsibility of organization
Echo check: Technique that involves the receiver of the managers to seek a balance between the risks and benefits to
message returning the message to the sender. (16) their constituents that result from their decisions. (3)

Economic events: Phenomena that affect changes (increases Ethics: Principles of conduct that individuals use in making
or decreases) in resources. (10) choices that guide their behavior in situations involving the
concepts of right and wrong. (3)
Economic extortion: Use (or threat) of force (including
Event monitoring: Summarizes key activities related to
economic sanctions) by an individual or organization to obtain
system resources. (16)
something of value. The item of value could be a financial or
economic asset, information, or cooperation to obtain a Event-driven language: Visual Basic or object-oriented
favorable decision on some matter under review. (3) programming (OOP) languages such as Java or Cþþ. (14)
Economic feasibility: Pertains to the availability of funds to Events: Phenomena that affect changes in resources. (1)
complete the project. (13)
Existence or occurrence: Management assertion that all
Economic order quantity (EOQ) model: Inventory model assets and equities contained in the balance sheet exist and
designed to reduce total inventory costs. (7) that all transactions in the income statement actually
occurred. (17)
EDE3: Encryption that uses one key to encrypt the message. (16)
Expenditure cycle: Acquisition of materials, property, and
EEE3: Encryption that uses three different keys to encrypt the labor in exchange for cash. (2)
message three times. (16)
Expense reimbursement fraud: Claiming reimbursement of
Electronic data interchange (EDI): Intercompany exchange fictitious or inflated business expenses. (3)
of computer-processible business information in standard
format. (4) Exposure: Absence or weakness of a control. (3)

Electronic input techniques: Forms of electronic data External agent: Economic agents outside the organization
collection. These fall into two basic types: input from source with discretionary power to use or dispose of economic
documents and direct input. (14) resources. (10)
 GLOSSARY 779

Extranet: Password-controlled network for private users General computer controls: Specific activities performed by
rather than the general public. (12) persons or systems designed to ensure that business objectives
are met. (15)

F General controls: Controls that pertain to entity-wide
concerns such as controls over the data center, organization
Fault tolerance: Ability of the system to continue operation databases, systems development, and program maintenance.
when part of the system fails due to hardware failure, (3)
application program error, or operator error. (15) General ledger change report: Report that presents the
Feedback: Form of output that is sent back to the system as a effects of journal voucher transactions on the general ledger
source of data. Feedback may be internal or external and is accounts. (8)
used to initiate or alter a process. (1) General ledger history file: File that presents comparative
File Transfer Protocol (FTP): Protocol used to transfer text financial reports on a historic basis. (8)
files, programs, spreadsheets, and databases across the General ledger master file: Principal file in the GLS
Internet. (12) database. This file is based on the organization’s published
Financial transaction: Economic event that affects the assets chart of accounts. (8)
and equities of the organization, is measured in financial General ledger/financial reporting system (GL/FRS):
terms, and is reflected in the accounts of the firm. (1) System that produces traditional financial statements, such as
Firewall: Software and hardware that provide a focal point for income statements, balance sheets, statements of cash flows,
security by channeling all network connections through a tax returns, and other reports required by law. (1)
control gateway. (12) General model for viewing AIS applications: Model that
First normal form (1NF): Low degree of normalization of describes all information systems, regardless of their techno-
relational database tables. (9) logical architecture. The elements of the general model are end
users, data sources, data collection, data processing, database
Fixed assets: Property, plant, and equipment used in the management, information generation, and feedback. (1)
operation of a business. (6)
Generalized audit software (GAS): Software that allows
Flat file: File structure that does not support the integration of auditors to access electronically coded data files and perform
data. (9) various operations on their contents. (17)
Flat-file approach: Organizational environment in which Give event: Economic event mirrored by another event in the
users own their data exclusively. (2) opposite direction. These dual events constitute the give event
and receive event of an economic exchange. (10)
Flat-file model: Environment in which individual data files
are not related to other files. (1) Goal congruence: Merging of goals within an organization. (8)
Foreign key: Key that permits the physical connection of Group codes: Codes used to represent complex items or
logically related tables to achieve the associations described in events involving two or more pieces of related data. (8)
the data model. (9)
Group memory: The collective knowledge of an organization
Formalization of tasks: Subdivision of organizational areas that makes it more effective, just as human beings become
into tasks that represent full-time job positions. (8) more effective and mature with the accumulation of thoughts
and memories. (14)
Fraud: False representation of a material fact made by one
party to another party, with the intent to deceive and induce
the other party to justifiably rely on the material fact to his or
her detriment. (3) H
Fraud Triangle: Triad of factors associated with management Hard copy: Traditional paper-based data storage medium
and employee fraud: situational pressure (includes personal or used for reports and documentation. (14)
job-related stresses that could coerce an individual to act Hash total: Control technique that uses nonfinancial data to
dishonestly); opportunity (involves direct access to assets and/ keep track of the records in a batch. (17)
or access to information that controls assets); and ethics
(pertains to one’s character and degree of moral opposition to Hashing structure: Structure employing an algorithm that
acts of dishonesty). (3) converts the primary key of a record directly into a storage
address. (2)

G Hierarchical indexed direct access method (HIDAM):
Method in which the root segment (customer file) of the
Gantt chart: Horizontal bar chart that presents time on a database is organized as an indexed file. (9)
horizontal plane and activities on a vertical plane. (14)
Hierarchical model: Database model that represents data in a
Gathering: Process in knowledge management that brings hierarchical structure and permits only a single parent record
data into the system. (14) for each child record. (9)
780 GLOSSARY

Home page: Typical point of entry for an Internet website. (12) Information level: Level of activity in which an
organization uses the Internet only to display information
Human resource management (HRM) system: Captures
about the company, its products, services, and business
and processes a wide range of personnel-related data,
policies. (12)
including employee benefits, labor resource planning,
employee relations, employee skills, and personnel actions Information overload: When a manager receives more
(pay rates, deductions, and so on), as well as payroll. HRM information than can be assimilated. (8)
systems need to provide real-time access to personnel files for
Information system: Set of formal procedures by which data
purposes of direct inquiries and recording changes in
are collected, processed into information, and distributed to
employee status as they occur. (6)
users. (1)
HyperText Markup Language (HTML): Provides the
Information technology controls: Include controls over IT
formatting for a web page as well as hypertext links to other
governance, IT infrastructure, security, and access to operating
web pages. The linked pages may be stored on the same
systems and databases, application acquisition and
server or anywhere in the world. (12)
development, and program changes. (15)
HyperText Transfer Protocol (HTTP): Communications
Inheritance: Programming property that allows each object
protocol used to transfer or convey information on the World
instance to inherit the attributes and operations of the class to
Wide Web. (12)
which it belongs. (14)
HyperText Transport Protocol–Next Generation (HTTP–
Insertion anomaly: Unintentional insertion of data into a
NG): Enhanced version of HTTP that maintains the simplicity
table. (9)
of HTTP while adding important features such as security and
authentication. (12) Instance: Single occurrence of an object within a class. (14)

I
Integrated test facility (ITF): Automated technique that
enables the auditor to test an application’s logic and controls
during its normal operation. (17)
Illegal gratuity: Giving, receiving, offering, or soliciting
something of value because of an official act that has been Intelligent control agents: Computer programs that embody
taken. (3) auditor-defined heuristics that search electronic transactions
for anomalies. (12)
Implementation: Carrying out, execution, or practice of a
plan, a method, or any design for doing something. Short- Intelligent forms: Forms that help the user complete the form
term planning involves the implementation of specific plans and that make calculations automatically. (14)
that are needed to achieve the objectives of the long-range Internal agent: Economic agents inside the organization
plan. (8) with discretionary power to use or dispose of economic
Inappropriate performance measures: Behavior and resources. (10)
performance measures inconsistent with the objectives of the
Internal auditing: Appraisal function housed within the
firm. (8)
organization. (1)
Independence: Separation of the record-keeping function of
Internal control system: Policies a firm employs to safeguard
accounting from the functional areas that have custody of
the firm’s assets, ensure accurate and reliable accounting
physical resources. (1)
records and information, promote efficiency, and measure
Indexed random file: Randomly organized file accessed via compliance with established policies. (3)
an index. (2)
Internal view: Physical arrangement of records in the
Indexed sequential file: Sequential file structure accessed via database. (9)
an index. (9)
International Standards Organization (ISO): Voluntary
Indexed structure: Class of file structure that uses indexes for group composed of representatives from the national
its primary access method. (2) standards organizations of its member countries. The
ISO works toward the establishment of international
Industry analysis: Analysis provided to management of the
standards for data encryption, data communications, and
driving forces that affect the industry and the organization’s
protocols. (12)
performance. (13)
Internet Message Access Protocol (IMAP): Protocol
Information: Facts that cause the user to take an action that
for transmitting e-mail messages. Other e-mail protocols are
he or she otherwise could not, or would not, have taken. (1)
Post Office Protocol (POP) and Simple Network Mail Protocol
Information content: Ability of a report to reduce uncertainty (SNMP). (12)
and influence behavior of the user. (8)
Internet Relay Chat (IRC): Interactive Internet service that
Information flows: Flow of information into and out of an lets thousands of people from around the world engage in
organization. (1) real-time communications via their computers. (12)

Information generation: Process of compiling, arranging, Interpreters: Language translation modules of the operation
formatting, and presenting information to users. (1) system that convert one line of logic at a time. (16)
 GLOSSARY 781

Intrusion Prevention Systems (IPS): Use of deep packet
inspection (DPI) to determine when an attack is in progress.
(16)
K
Key: Mathematical value that the sender selects for the
Inventory subsidiary file: Contains details of inventory on purpose of encrypting or decoding data. (12)
hand. (5)
Keystroke monitoring: Recording both the user’s keystrokes
Inventory subsidiary ledger: Ledger with inventory records and the system’s responses. (16)
updated from the stock release copy by the inventory control
system. (4) Knowledge management: Gathering, organizing, refining,
and disseminating information. (14)
Inverted list: Cross-reference created from multiple indexes. (9)

L
Investment center: Organizational unit that has the objective
of maximizing the return on investment assets. (8)
IP broadcast address: 32-bit number that identifies each Labor distribution summary: Summarization of labor costs
sender or receiver of information sent in packets across the in work-in-process accounts. (6)
Internet. (12)
Labor usage file: File in which the cost accounting
IP spoofing: Form of masquerading to gain unauthorized department enters job cost data (real time or daily). (6)
access to a web server and/or to perpetrate an unlawful act
without revealing one’s identity. (12) Lapping: Use of customer checks, received in payment of
their accounts, to conceal cash previously stolen by an
Islands of technology: Environment where modern employee. (3)
automation exists in the form of islands that stand alone
within the traditional setting. (7) Lean manufacturing: Improves efficiency and effectiveness in
product design, supplier interaction, factory operations,
IT auditing: Review of the computer-based components of an employee management, and customer relations. (7)
organization. The audit is often performed as part of a broader
financial audit. (1) Ledger: Book of accounts that reflects the financial effects of
the firm’s transactions after they are posted from the various
IT outsourcing: Contracting with a third-party vendor to take journals. (2)
over the costs, risks, and responsibilities associated with
maintaining an effective corporate IT function, including Ledger copy: Copy of the sales order received along with the
management of IT assets and staff and delivery of IT services customer sales invoice by the billing department clerk from the
such as data entry, data center operations, applications sales department. (4)
development, applications maintenance, and network
Legacy systems: Large mainframe systems implemented in
management. (15)
the late 1960s through the 1980s. (1)
Legal feasibility: Ensures that the proposed system is not in

J conflict with the company’s ability to discharge its legal
responsibilities. (13)
Job tickets: Mechanisms to capture the time that individual Line error: Errors caused when the bit structure of the
workers spend on each production job. (6) message is corrupted through noise on the communications
Join: Builds a new physical table from two tables consisting of lines. (16)
all concatenated pairs of rows from each table. (9) Logical key pointer: Pointer containing the primary key of
Journal: Record of a chronological entry. (2) the related record. (2)

Journal voucher (JV): Accounting journal entries into an Log-on procedure: Operating system’s first line of defense
accounting system for the purposes of making corrections or against unauthorized access. (16)
adjustments to the accounting data. For control purposes, all
JVs should be approved by the appropriate designated
authority. (4)
Journal voucher file: Compilation of all journal vouchers
M
posted to the general ledger. (4) Mail room fraud: Fraud committed when an employee
opening the mail steals a customer’s check and destroys the
Journal voucher history file: File that contains journal associated remittance advice. (3)
vouchers for past periods. (8)
Management assertion: Combination of tests of application
Journal voucher listing: Listing that provides relevant controls and substantive tests of transaction details and
details about each journal voucher received by the account balances. (17)
GL/FRS. (8)
Management by exception: Concept that managers should
Just-in-time (JIT): Philosophy that addresses manufacturing limit their attention to potential problem areas rather than
problems through process simplification. (7) being involved with every activity or decision. (8)
782 GLOSSARY

Management control decisions: Technique for motivating
managers in all functional areas to use resources as
productively as possible. (8)
N
Navigational model: Model that possesses explicit links or
Management fraud: Performance fraud that often uses paths among data elements. (9)
deceptive practices to inflate earnings or to forestall
Net present value method: Method in which the present
the recognition of either insolvency or a decline in
value of the costs is deducted from the present value of the
earnings. (3)
benefits over the life of the system (13)
Management information system (MIS): System that
Network model: Variation of the hierarchical model. (9)
processes nonfinancial transactions not normally processed by
traditional accounting information systems. (1) Network News Transfer Protocol (NNTP): Network used to
connect to Usenet groups on the Internet. (12)
Management report: Discretionary report used for internal
decision making. Management reports are not mandated like Network-level firewall: System that provides basic screening
income statements, balance sheets, etc. (8) of low-security messages (for example, e-mail) and routes
them to their destinations based on the source and destination
Management reporting system (MRS): System that addresses attached. (12)
provides the internal financial information needed to manage
a business. (1) Non-cash fraud schemes: Theft or misuse of non-cash assets
(e.g., inventory, confidential information). (3)
Management responsibility: Concept under which the
responsibility for the establishment and maintenance of a Nonfinancial transactions: Events that do not meet the
system of internal control falls to management. (3) narrow definition of a financial transaction. For example,
adding a new supplier of raw materials to the list of valid
Manufacturing flexibility: Ability to physically organize and suppliers is an event that may be processed by the enterprise’s
reorganize production facilities and the employment of information system as a transaction. (1)
automated technologies. (7)

Manufacturing resources planning (MRP II): System that
incorporates techniques to execute the production plan, O
provide feedback, and control the process. (7) Object class: Logical grouping of individual objects that share
Master file: File containing account data. (2) the same attributes and operations. (14)
Object-oriented design: Building information systems from
Materials requirements planning (MRP): System used to
reusable standard components or modules. (14)
plan inventory requirements in response to production work
orders. (7) Object-oriented programming (OOP) language:
Programming language containing the attributes and
Materials requisition: Document that authorizes the operations that constitute the object modules represented in the
storekeeper to release materials to individuals or work centers ER diagram at the implementation phase of the SDLC. (14)
in the production process. (7)
Objects: Equivalent to nouns in the English language. (14)
Message sequence number: Sequence number inserted in
each message to foil any attempt by an intruder in the Occurrence: Used to describe the number of instances or
communications channel to delete a message from a stream of records that pertain to a specific entity. (9)
messages, change the order of messages received, or duplicate
Off-site storage: Storage procedure used to safeguard the
a message. (16)
critical resources. (15)
Message transaction log: Log in which all incoming and On-demand reports: Reports triggered by events. (8)
outgoing messages, as well as attempted (failed) access,
should be recorded. (16) One-time passwords: Network passwords that constantly
change. (16)
Methods: Actions that are performed on or by objects that
may change the objects’ attributes. (14) Online analytical processing (OLAP): Enterprise resource
planning tool used to supply management with real-time
Mirrored data center: Data center that reflects current information. It also permits timely decisions that are
economic events of the firm. (15) needed to improve performance and achieve a competitive
advantage. (11)
Mnemonic codes: Alphabetic characters in the form of
acronyms that convey meaning. (8) Online documentation: Guides the user interactively in the
use of a system. Examples include tutorials and help features.
Monitoring: Process by which the quality of internal control (14)
design and operation can be assessed. (3)
Online transaction processing (OLTP): Events consisting
Move ticket: Document that records work done in each work of large numbers of relatively simple transactions such as
center and authorizes the movement of the job or batch from updating accounting records that are stored in several related
one work center to the next. (7) tables. (11)
 GLOSSARY 783

Open accounts payable file: File organized by payment due Parallel simulation: Technique that requires the auditor to
date and scanned daily to ensure that debts are paid on the write a program that simulates key features of processes of the
last possible date without missing due dates and losing application under review. (17)
discounts. (5)
Parity check: Technique that incorporates an extra bit into the
Open purchase order file: File that contains the last copy structure of a bit string when it is created or transmitted. (16)
of the multipart purchase order along with the purchase
Partial dependency: Occurs when one or more nonkey
requisition. (5)
attributes are dependent on (defined by) only part of the
Open purchase requisition file: File that contains a copy of primary key rather than the whole key. (9)
purchase requisitions (5)
Partitioned database: Database approach that splits the
Open sales order file: File showing the status of customer central database into segments or partitions that are
orders. (4) distributed to their primary users. (9)
Open System Interface (OSI): Provides standards by which Pass through fraud: Similar to shell company except that a
the products of different manufacturers can interface with one transaction actually takes place. The perpetrator creates a false
another in a seamless interconnection at the user level. (12) vendor and issues purchases orders to it for inventory or
supplies. The false vendor purchases the needed inventory
Open vouchers payable file: File to which source documents from a legitimate vendor, charges the victim company a much
such as the PO, the receiving report, and the invoice are higher than market price for the items, and pockets the
transferred after recording liability. (5) difference. See shell company. (3)
Operating system security: Controls the system in an ever- Password: Code, usually kept secret, entered by the user to
expanding user community sharing more and more computer gain access to data files. (16)
resources. (16)
Pay-and-return: Scheme under which a clerk with check-
Operating systems: Computer’s control program. (15) writing authority pays a vendor twice for the same products
Operational control decisions: Technique that ensures that (inventory or supplies) received, then intercepts and cashes
the firm operates in accordance with pre-established criteria. (8) the overpayment returned by the vendor. (3)

Operational feasibility: Pertains to the degree of Payback method: Variation of break-even analysis. Under the
compatibility between the firm’s existing procedures and payback method, the break-even point is reached when total
personnel skills and the operational requirements of the new costs equal total benefits. (13)
system. (13) Paycheck: A bank check given as salary or wages. (6)
Operations control reports: Identifies activities that are about Payroll fraud: Distribution of fraudulent paychecks to existent
to go out of control and ignores those that are functioning and/or nonexistent employees. (3)
within normal limits. (14)
Payroll imprest account: Account into which a single check
Operations fraud: Misuse or theft of the firm’s computer for the entire amount of the payroll is deposited. (6)
resources. (3)
Payroll register: Document showing gross pay, deductions,
Organization: Refers to the way records are physically overtime pay, and net pay. (6)
arranged on the secondary storage device (e.g., a disk). (2)
Personnel action form: Document identifying employees
Organizational chart: Shows typical job positions in a authorized to receive a paycheck; the form is used to
manufacturing firm. (8) reflect changes in pay rates, payroll deductions, and job
Organizing: Associating data items with subjects, giving them classification. (6)
context. (14) PERT chart: Chart that reflects the relationship among
Ownership: State or fact of exclusive rights and control over the many activities that constitute the implementation
property, which may be an object, land/real estate, intellectual process. (14)
property, or some other kind of property. (3) Phased cutover: Process of converting an old system to a new
system in modules. (14)

P Phased-in: Approach for implementing ERP systems in a
phased manner. (11)

Packet switching: Division of messages into small packets for Physical address pointer: Contains the actual disk storage
transmission. (12) location (cylinder, surface, and record number) that the disk
controller needs. (2)
Packing slip: Document that travels with the goods to the
customer to describe the contents of the order. (4) Physical database: Lowest level of the database containing
magnetic spots on magnetic disks. (9)
Parallel operation cutover: Conversion process in which the
old system and the new system are run simultaneously for a Physical system: Medium and method for capturing and
period of time. (14) presenting the information. (1)
784 GLOSSARY

Ping: Internet maintenance tool used to test the state of Production schedule: Formal plan and authorization to begin
network congestion and determine whether a particular host production. (7)
computer is connected and available on the network. (12)
Profit center: Organizational unit with responsibility for both
Pointer structure: Structure in which the address (pointer) of cost control and revenue generation. (8)
one record is stored in the field on a related record. (2)
Program flowchart: Diagram providing a detailed description
Point-of-sale (POS) system: Revenue system in which no of the sequential and logical operations of the program. (2)
customer accounts receivable are maintained and inventory is
Program fraud: Techniques such as creating illegal programs
kept on the store’s shelves, not in a separate warehouse. (4)
that can access data files to alter, delete, or insert values into
Polling: Actively sampling the status of an external device by a accounting records; destroying or corrupting a program’s logic
client program as a synchronous activity. (12) using a computer virus; or altering program logic to cause the
application to process data incorrectly. (3)
Post Office Protocol (POP): Protocol for transmitting e-mail
messages. Other e-mail protocols are Internet Message Programmed reports: Reports that provide information to
Access Protocol (IMAP) and Simple Network Mail Protocol solve problems that users have anticipated. (8)
(SNMP). (12)
Project: Extracts specified attributes (columns) from a table to
Prenumbered documents: Documents (sales orders, create a virtual table. (9)
shipping notices, remittance advices, and so on) sequentially
Project feasibility: Analysis that determines how best to
numbered by the printer that allow every transaction to be
proceed with a project. (13)
identified uniquely. (4)
Protocol: Rules and standards governing the design of
Presentation and disclosure: Management assertion that
hardware and software that permit network users to
contingencies not reported in financial accounts are properly
communicate and share data. (12)
disclosed in footnotes. (17)
Protocol prefix: General format for a URL; i.e., http:// is a
Preventive controls: Passive techniques designed to reduce
protocol prefix. (12)
the frequency of occurrence of undesirable events. (3)
Prototyping: Technique for providing users with a preliminary
Primary key: Characteristics that uniquely identify each
working version of the system. (14)
record in the tables. (9)
Pseudocode: English-like code that describes the logic of a
Privacy: Full control of what and how much information
program without specific language systems. (14)
about an individual is available to others and to whom it is
available. (3) Public Company Accounting Oversight Board (PCAOB):
Federal organization empowered to set auditing, quality
Privacy Enhanced Mail (PEM): Standard for secure e-mail
control, and ethics standards; to inspect registered accounting
on the Internet. It supports encryption, digital signatures, and
firms; to conduct investigations; and to take disciplinary
digital certificates as well as both private and public key
actions. (3)
methods. (12)
Public key encryption: Technique that uses two encryption
Privacy violation: Having had one’s privacy intruded upon
keys: one for encoding the message, the other for decoding
via the Internet. (12)
it. (12)
Private Communications Technology (PCT): Security
Public key infrastructure (PKI): Constitutes the policies and
protocol that provides secure transactions over the World
procedures for administering this activity. (12)
Wide Web. (12)
Pull processing: Principle characterizing the lean
Private key: One method of encryption. (12)
manufacturing approach where products are pulled into
Proactive management: Management that stays alert to production as capacity downstream becomes available.
subtle signs of problems and aggressively looks for ways to Products are pulled from the consumer end (demand). (7)
improve the organization’s systems. (13)
Purchase order: Document based on a purchase requisition
Procedural language: Specifies the precise order in which the that specifies items ordered from a vendor or supplier. (5)
program logic is executed. (14)
Purchase requisition: Document that authorizes a purchase
Process simplification: Process of improving the way work is transaction. (5)
done by providing value-added services, which deliver the
results necessary to transform and grow the business faster,
better, and cheaper than the competitor. (7)
Product documents: Documents that result from transaction
processing. (2)
Q
Quality assurance group: Independent group of
Product family: Product families share common processes programmers, analysts, users, and internal auditors who
from the point of placing the order to shipping the finished simulate the operation of the system to uncover errors,
goods to the customer. (7) omissions, and ambiguities in the design. (14)
 GLOSSARY 785

R and unique paths through the database to solve a wide range
of business problems. (9)
REA (resources, events, and agents) model: Alternative Relative address pointer: Contains the relative position of a
accounting framework for modeling an organization’s critical record in the file. (2)
resources, events, and agents, and the relationships between
them. (1) Relevance: Concept that contents of a report or document
must serve a purpose. (3)
REA diagram: Diagram consisting of three entity types
(resources, events, and agents) and a set of associations Reliability: Property of information that makes it useful to
linking them. (10) users. (1)

Reactive management: Management that responds to Remittance advice: Source document that contains key
problems only when they reach a crisis state and can no longer information required to service the customers account. (4)
be ignored. (13) Remittance list: Cash prelist, where all cash received is
Real-time systems: Systems that process transactions logged. (4)
individually at the moment the economic event occurs. (2) Reorder point: Lead time multiplied by daily demand. (7)
Reasonable assurance: Assurance provided by the internal Repeating group data: Existence of multiple values for a
control system that the four broad objectives of internal particular attribute in a specific record. (9)
control are met in a cost-effective manner. (3)
Replicated database: Database approach in which the central
Receive event: Economic event mirrored by another event in
database is replicated at each site. (9)
the opposite direction. These dual events constitute the give
event and receive event of an economic exchange. (10) Report attributes: Characteristics of a report. To be effective, a
report must possess the following attributes: relevance,
Receiving report: Report that lists quantity and condition of
summarization, exception orientation, accuracy, completeness,
the inventories received. (5)
timeliness, and conciseness. (8)
Receiving report file: File in which a copy of the receiving
Request for proposal (RFP): Document summarizing
report (stating the quantity and condition of the inventories) is
system requirements and sent to each prospective
placed. (5)
vendor. (14)
Record layout diagrams: Used to reveal the internal structure
of the records that constitute a file or database table. The Request-response technique: Technique in which a control
layout diagram usually shows the name, data type, and length message from the sender and a response from the sender are
of each attribute (or field) in the record. (2) sent at periodic synchronized intervals. (16)

Recovery module: Uses the logs and backup files to restart Resources: Assets of an organization. (1)
the system after a failure. (16) Responsibility: Individual’s obligation to achieve desired
Recovery operations center (ROC): Arrangement results. (8)
involving two or more user organizations that buy or lease a Responsibility accounting: Concept that every economic
building and remodel it into a completely equipped computer event affecting the organization is the responsibility of and can
site. (15) be traced to an individual manager. (8)
Redundancy tests: Tests that determine that an application
Responsibility center file: Contains the revenues,
processes each record only once. (17)
expenditures, and other resource utilization data for each
Redundant arrays of independent disks (RAID): Use of responsibility center in the organization. (8)
parallel disks that contain redundant elements of data and
Responsibility centers: Organization of business entities into
applications. (15)
areas involving cost, profit, and investment. (8)
Reengineering: Identification and elimination of nonvalue-
added tasks by replacing traditional procedures with those that Responsibility reports: Reports containing performance
are innovative and different. (4) measures at each operational segment in the firm, which flow
upward to senior levels of management. (8)
Reference file: File that stores the data used as standards for
processing transactions. (2) Restrict: Command to extracts specified rows from a specified
table. (9)
Refining: Adding value by discovering relationships between
data, performing synthesis, and abstracting. (14) Return slip: Document recording the counting and inspect of
items returned, prepared by the receiving department
Relational database model: Model that permits the design of employee. (4)
integrated systems applications capable of supporting the
information needs of multiple users from a common set of Reusable password: Network password that can be used
integrated database tables. (1) more than one time. (16)

Relational model: Data model that is more flexible than Revenue cycle: Cycle composed of sales order processing and
traditional navigational models. It allows users to create new cash receipts. (2)
786 GLOSSARY

Rights and obligations: A management assertion. (17) Sales journal: Special journal used for recording completed
sales transactions. (4)
Risk: Possibility of loss or injury that can reduce or
eliminate an organization’s ability to achieve its objectives. Sales journal voucher: Represents a general journal entry
In terms of electronic commerce, risk relates to the loss, and indicates the general ledger accounts affected. (4)
theft, or destruction of data as well as the use of computer
programs that financially or physically harm an Sales order: Source document that captures such vital
organization. (12) information as the name and address of the customer
making the purchase; the customer’s account number; the
Risk assessment: Identification, analysis, and management name, number, and description of the product; the quantities
of risks relevant to financial reporting. (3) and unit price of the items sold; and other financial
information. (4)
Rivest-Shamir-Adleman (RSA): One of the most trusted
public key encryption methods. This method, however, is Sales order (credit copy): Copy of sales order sent by the
computationally intensive and much slower than private key receive-order task to the check-credit task. It is used to check
encryption. (12) the credit-worthiness of a customer. (4)
Robotics: CNC machine used in hazardous environments or Sales order (invoice copy): Copy of sales order to be
to perform dangerous tasks and monotonous tasks that may reconciled with the shipping notice,. It describes the products
result in accidents. (7) that were actually shipped to the customer. (4)
Role: Formal technique for grouping users according to the Sarbanes-Oxley Act: Most significant federal securities law,
system resources they require to perform their assigned with provisions designed to deal with specific problems
tasks. (11) relating to capital markets, corporate governance, and the
Role-based governance systems: Systems that allow auditing profession. (3)
managers to view current and historical inventory of roles, Scalability: Ability of the system to grow smoothly and
permissions granted, and individuals assigned to roles; identify economically as user requirements increase. (11)
unnecessary or inappropriate access entitlements and
segregation-of-duties violations; and verify that changes to Scavenging: Searching through the trash of the computer
roles and entitlements have been successfully implemented. center for discarded output. (3)
(11)
Schedule feasibility: Relates to the firm’s ability to implement
Rounding error tests: Tests that verify the correctness of the project within an acceptable time. (13)
rounding procedures. (17)
Scheduled reports: Reports produced according to an
Route sheet: Document that shows the production path a established time frame. (8)
particular batch of products follows during manufacturing. (7)
Schema (conceptual view): Description of the entire
Run: Each program in a batch system. (2) database. (9)

Run manual: Documentation describing how to run Screening router: Firewall that examines the source and
the system. (14) destination addresses attached to incoming message
packets. (16)
Run-to-run controls: Controls that use batch figures to
monitor the batch as it moves from one programmed Second normal form (2NF): Table that is free of both
procedure to another. (17) repeating group and partial dependencies. (9)
Secure Electronic Transmission (SET): Encryption scheme
S developed by a consortium of technology firms and banks to
secure credit card transactions. (12)
SO pending file: File used to store the sales order (invoice Secure Sockets Layer (SSL): Low-level encryption scheme
copy) from the receive-order task until receipt of the shipping used to secure transmissions in higher-level HTTP format. (12)
notice. (4)
Security: Attempt to avoid such undesirable events as a loss of
Safe Harbor Agreement: Two-way agreement between the confidentiality or data integrity. (3)
United States and the European Union establishing standards
for information transmittal. (12) Segments: A functional unit of a business organization. (1)
Safety stock: Additional inventories added to the reorder Segregation of duties: Separation of employee duties to
point to avoid unanticipated stock-out conditions. (7) minimize incompatible functions. (3)
Salami fraud: Fraud in which each of multiple victims is Semantic models: Models that capture the operational
defrauded out of a very small amount, but the fraud in total meaning of the user’s data and provide a concise description
constitutes a large sum. (17) of it. (10)
Sales invoice: Document that formally depicts the charges to Sequential access method: Method in which all records in
the customer. (4) the file are accessed sequentially. (2)
 GLOSSARY 787

Sequential codes: Codes that represent items in some Statement on Auditing Standards No. 78 (SAS 78):
sequential order. (8) Authoritative document for specifying internal control
objectives and techniques, based on the Committee of
Sequential files: Files that are structured sequentially and Sponsoring Organizations of the Treadway Commission
must be accessed sequentially. (2) (COSO) framework. (3)
Sequential structure: A data structure in which all records in Statement on Auditing Standards No. 99 (SAS 99):
the file lie in contiguous storage spaces in a specified sequence Authoritative document that defines fraud as an intentional
arranged by their primary key. (2) act that results in a material misstatement in financial
Shell company: Establishment of a false vendor on the statements. (3)
company’s books, then manufacturing false purchase orders, Steering committee: Organizational committee consisting of
receiving reports, and invoices in the name of the vendor and senior-level management responsible for systems
submitting them to the accounting system, creating the planning. (13)
illusion of a legitimate transaction. The system ultimately
issues a check to the false vendor. (3) Stock flow: Economic events that effect changes (increases or
decreases) in resources. (10)
Shipping log: Specifies orders shipped during the period. (4)
Stock records: Formal accounting records for controlling
Shipping notice: Document that informs the billing inventory assets. (4)
department that the customer’s order has been filled and
shipped. (4) Stock release: Document that identifies which items of
inventory must be located and picked from the warehouse
Simple Network Mail Protocol (SNMP): Protocol for shelves. (4)
transmitting e-mail messages. Other e-mail protocols are Post
Office Protocol (POP) and Internet Message Access Protocol Storekeeping: Location where raw materials and other
(IMAP). (12) inventory assets are secured until needed in production. (7)

Skimming: Stealing cash from an organization before it is Strategic planning decisions: Planning with a long-term
recorded on the organization’s books and records. (3) time frame that is associated with a high degree of
uncertainty. (8)
Slicing and dicing: Operations enabling the user to examine
data from different viewpoints. (11) Structure diagram: Diagram that divides processes into
input, process, and output functions. (14)
Smurf attack: DOS attack that involves three parties: the
perpetrator, the intermediary, and the victim. (12) Structured design: Disciplined way of designing systems
from the top down. (14)
Sophisticated users: Users of financial reports who
understand the conventions and accounting principles that are Structured model: The data elements for predefined
applied and that the statements have information content that structured paths. (9)
is useful. (8) Structured problem: Problem in which data, procedures, and
Source documents: Documents that capture and formalize objectives are known with certainty. (8)
transaction data needed for processing by their respective Structured query language (SQL): Data processing tool for
transaction cycles. (2) end users and professional programmers to access data in
Span of control: Number of subordinates directly under a the database directly without the need for conventional
manager’s control. (8) programs. (9)

Specific IT assets: Assets unique to an organization that Subdirectory name: General format for a URL. (12)
support its strategic objectives. Specific IT assets have little Substantive tests: Tests that determine whether database
value outside their current use. May be tangible (computer contents fairly reflect the organization’s transactions. (17)
equipment), intellectual (computer programs), or human. (15)
Subsystem: System viewed in relation to the larger system of
Spooling: Direction of an application’s output to a magnetic which it is a part. (1)
disk file rather than to the printer directly. (17)
Summarization: Information aggregated in a detailed manner
Stakeholders: Entities either inside or outside an organization in accordance with the user’s need.(3)
that have a direct or indirect interest in the firm. (1)
Supervision: Control activity involving the critical oversight of
Standard cost system: Organizations that carry their employees. (3)
inventories at a predetermined standard value regardless of
the price actually paid to the vendor. (5) Supplier’s invoice: Bill sent from the seller to the buyer