Dictionary · FFIEC IT Examination Handbook - Audit, April 2012

To record something in detail through photography, writing, or other form.

To modernize or bring up to date.

To cause or facilitate the beginning of a process or action.

To secure goods or a service from an outside source by contract.

To restrict or assign boundaries to something.

To make something or someone ready for use or consideration.

To arrange something into a structured order.

To put something into service; make use of.

To establish, indicate, or verify who or what someone or something is.

To deal with an issue.

To establish what something is and describe exactly the nature, scope, or meaning of it.

To estimate, measure, or note the similarity or dissimilarity between two or more things.

To make or become better; enhance in value or quantity.

To carry out an action, task, or function.

To change or cause to change; make different; transform.

To bring into being by combining substances or putting parts together; form; shape; create.

To state authoritatively or lay down as a rule, guide, direction, or regulation.

To determine the order for dealing with a series of items or tasks according to their relative importance.

To retain records in identifiable record keeping systems over time in accordance with appraisal decisions.

To act in accordance with a wish, command, law, standard, or contractual obligation.

To keep something from happening or stop someone from doing something.

To officially accept as satisfactory.

To emerge, become apparent, or come into being.

To include, take in or contain something as part of a whole.

To estimate or determine the nature, value, ability, or quality of someone or something; evaluate.

To run a business, organization, or undertaking; direct; administer; be in charge of.

To appoint someone to a job, duty, task, or organization; allocate a job, duty, or task.

To make certain that something shall occur or be the case.

The act of moving from one place, medium, device or means of transport to another.

To be given, presented with, paid, or come into possession of something.

To make smaller or less in amount, degree , or size.

To start something that will last for a long time, or to create or set something in a particular way.

To think carefully about something before taking a course of action or making a decision.

To supervise a person or their work.

To put or bring into a specified state.

To look over again and alter something in the light of further evidence.

To manage, control, or organize and carry out.

To assess or form an idea of the nature, quality, ability, amount, number, or value of something.

To carry out fully or put something completely into effect.

To provide aid or give assistance to.

To exercise authority over; direct; regulate. This include exercising authority over the processesses of issuance and revocation, management, and auditing.

To confine or put a limit on; keep under control; restrain.

To make or put right; amend; rectify.

To take part in some activity; be involved.

To dismiss as inadequate, inappropriate, unacceptable, or faulty; refuse to agree to.

Any subsequent examinations or views.

To make certain or prove that something is true or accurate; confirm; substantiate.

To not do something.

To shield or defend from danger, harm, injury, loss, destruction, or damage.

To identify or state clearly, definitely, and in detail.

To specify as compulsory or obligatory.

To create or prepare methodically.

Evidence or an argument that helps to establish the truth of something.

To publish, announce, or display something in a public place.

To give someone facts or information about something, typically in an official or formal manner.

To put forward an idea or plan for consideration.

To put into action.

To send a letter or e-mail further on to a new address.

To include someone or something in an activity or situation, or as a necessary part.

To be exact.

To be satisfactory or acceptable in quality or quantity.

To be in operation.

To be inadequate.

To state or describe exactly the nature, scope, or meaning of something.

To produce or provide something promised, desired, or expected.

To be enough for a particular purpose.

To supply or make something available for use.

To perceive the intended meaning, significance, explanation, or cause of something.

To give a detailed account of something in words.

To have all the necessary or appropriate parts.

To be enclosed or surrounded by something.

To plan, analyze, and deploy.

To deal with a subject by describing or analyzing its most important aspects or events.

To be unchanging and not contradictory.

To belong to the present time.

To take responsibility for.

To act according to the instruction or example.

To introduce.

To create or produce.; bring into activity; generate.

To function, especially properly or effectively.

To identify at an early point in time potential risks to the survival of a member institution, which therefore allows the persons in charge to intervene or take countermeasures at an early point in time.

To release, transfer, spread widely, or communicate verbally, in writing, electronically, or any other means to a third party.

To deal out or supply; give shares of something.

To perform, work on, or carry out.

Reach, make, or come to a decision about something.

To do something official in order to achieve an objective or handle a problem.

To give what is requested; approve; allow.

To gain, secure, or acquire something, usually by planned action or effort.

To get possession of or secure something wanted or desirable.

To make, or become different; alter.

To find a solution to or fix a problem or contentious matter.

To answer or say something in reply.

An identification means for a group or individual in order to gain access to a resource, such as a computer or the Internet.

To advise, suggest, or present as being worthy or suitable for a particular purpose or role.

To affix letters, numbers, symbols, or other characters on a surface using a pen, pencil, stylus, or similar device.

The possession of the means or skill to do something.

The ability, right, or permission to approach, enter, speak with someone, or use something.

Numeric or alphanumeric data which, when entered correctly, authorizes entry into a secure area.

In a manner agreeing, conforming, or consistent with.

An attribute or accomplishment that makes someone suitable for a particular job or activity.

A classification according to a comparative assessment of quality, standard, or performance.

A network established and operated by a third party telecommunications provider for specific purpose of providing data transmission services for the public. Data over public networks can be intercepted, modified, and/or diverted while in transit. Examples of public networks include, but are not limited to, the Internet, wireless, and mobile technologies.

The degree of excellence of something.

The purpose of this task is to reestablish a close relationship or to settle or resolve something.

The purpose of this function is to review the software project activities and to test the software products throughout their life cycle in order to determine if they are meeting the functional specifications of the users and are following the established plans, standards, and procedures to maintain a desired level of quality for a service or product.

To put down in permanent form for later reference.

Government body formed or mandated under the terms of a legislative act to ensure compliance with the provisions of the act, and in carrying out its purpose.

A written document describing the findings of some individual or group.

A documented rule or directive created and maintained by a governing authority.

Assistance with the compliance to regulations.

The interaction between the IT service provider and the business.

The report prepared by the Board, or other federal or state financial institution supervisory agency, concerning the examination of a financial institution, and includes reports of inspection and reports of examination of U.S. branches or agencies of foreign banks and representative offices of foreign organizations, and other institutions examined by the Federal Reserve System.

Express the need or desire for; ask for.

Access to an organization's nonpublic information system by an authorized user (or an information system) communicating through an external, non-organization-controlled network (e.g., the Internet).

A formal statement of a necessary condition; something needed.

An action taken that addresses an incident and assesses the level of containment and control activity required.

The action of solving a problem, dispute, or contentious matter.

The state or fact of having control over someone.

A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of: • the adverse impacts that would arise if the circumstance or event occurs; and • the likelihood of occurrence. Note: Information system-related security risks are those risks that arise from the loss of confidentiality, integrity, or availability of information or information systems and consider the adverse impacts to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.

Measurable characteristic or element, a change in which can affect the value of an asset, such as exchange rate, interest rate, and market price.

The extent of risk faced by an organization that is expressed in terms of either the likelihood or impact of a loss.

An approach that focuses upon how an organization responds to the risks it faces in achieving its goals and objectives.

The identification, analysis, assessment, control, and avoidance, minimization, or elimination of unacceptable risks. An organization may use risk assumption, risk avoidance, risk retention, risk transfer, or any other strategy (or combination of strategies) in proper management of future events.

A documented listing of procedures, schedules, roles and responsibilities, and plans to be performed to identify, control, and reduce or eliminate risks to operations, assets, or individuals that are inherent to system development and operations.

This record contains an outline of the number, type, and potential effects of risks to which an asset or organization are exposed.

The underlying or original source of an incident or problem.

A LAN/WAN device operating at Layers 1 (physical), 2 (data link), and 3 (network) of the OSI 7 Layer Reference Model.

A principle, condition, or regulation that customarily governs behavior or procedure within a particular area of activity.

A set of responsibilities defined in a process and assigned to a person or team.

The extent or boundary to which a process, configuration item, application, contract, etc. applies.

The protection of computer facilities, computer systems, and data stored on computer systems or transmitted via computer networks from loss, misuse, or unauthorized access. Computer security, as defined by Appendix III to OMB Circular A-130, involves the use of management, personnel, operational, and technical controls to ensure that systems and applications operate effectively and provide confidentiality, integrity, and availability.

The degree of service expected of a service provider and promised to a client as encapsulated in a contract.

This group focuses on directing and controlling the organization at the highest level. Any individuals or group that is involved in directing and controlling an organization should be assigned to this role.

The statement of required protection of the information objects that documents an organization's philosophy of managing, protecting, and distributing its computing and information assets. The set of security rules enforced by the system's security features.

An assortment of things from which a choice can be made.

A business that provides its customers with a service.

A formal agreement between a service provider and consumer that specifies the details of the service performed by the provider.

A measure of the importance assigned to information by its owner, for the purpose of denoting its need for protection.

The action or state of moving or being moved apart.

Practice of dividing steps in a function among different individuals, so as to keep a single individual from being able to subvert the process.

Something of value provided to a customer such as banking, legal support, IT support, etc. that is not a physical thing with material value.

The public or private distribution of an initial or upgraded version of a computer software product.

A product or service designed to meet a specific need.

The physical magnitude or relative extent of something; how big something is.

The programming language in which a program is written.

Computer programs and associated data, within the cryptographic boundary and usually stored on erasable media, that may be dynamically written or modified during execution. (e.g., Erasable media may include but are not limited to hard drives.).

All the people employed by an organization.

To express or establish something definitely or formally in speech or writing.

A measure or action, especially one of a series taken in order to deal with or achieve a particular thing.

(law) an agreement or concession made by parties in a judicial proceeding (or by their attorneys) relating to the business before the court; must be in writing unless they are part of the court record.

The purpose of this task is to determine long-term goals and identify the best method to achieve these goals.

The manner in which elements of something complex are arranged and related.

This role is focused on supplying or providing goods or services. Any organization that provides goods or services to other organizations should be assigned to this role.

To bring under control or jurisdiction.

A group of people or things arranged or following in order.

The action of overseeing the performance or operation of a person or group.

An interconnected set of information resources under the same direct management control which shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people.

The process of designing and producing a system.

A series of stages that the process of system development goes through in order to design and produce a system.

Methodologies developed through software engineering to manage the complexity of system development. Development methodologies include software engineering aids and high-level design analysis tools.

Detailed information about a computer system its architecture, design, data flow, and programming logic.

An organization that provides technical solutions in the form of a paid service.

Equipment and machinery developed from the practical application of scientific knowledge to commerce or industry.

An input or output device that operates independently of the system to which it is linked.

The transmission, between or among points specified by the user, of information of the user's choosing, without change in the form or content of the information as sent and received.

A coming to an end of a contract period.

A formal document defining the subject of the test, the test plan, approach, analysis tools, and conclusions found during the testing process.

Conscientiousness in performing all aspects of a task.

A procedure, method, or process meant to ascertain the performance, reliability, or quality of something.

Public and private parties, nationally and internationally, should act in a timely coordinately manner to prevent and respond to breaches of security of information systems.

A person or group besides the two primarily involved in a situation, agreement, business, etc.

A span of time.

Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability.

To teach a person or animal a particular skill or type of behavior through sustained practice and instruction.

The process of sending, propagating and receiving an analogue or digital information signal over a physical point-to-point or point-to-multipoint transmission medium, either wired or wireless.

An interaction where something is bought and sold.

A group of one or more computerized records containing current business activity and processed with an associated master file. Transaction files are sometimes accumulated during the day and processed in batch production overnight or during off-peak processing periods.

Any instruments required to electronically transfer data over a network.

The general direction in which something is developing or moving.

A transaction that has not yet been processed, but may affect the amount of credit available.

A try at gaining access to a system without authorization or approval.

An internal rating system used by federal and state regulators to uniformly assess financial institution and service provider risks introduced by IT.

The action of being used, the manner in which something is used, or the amount of something that is used.

This role focuses on the use or operation of a system, having an account on a system, accessing a cryptographic module to obtain cryptographic services, or receiving or using services from an automated information system facility. Any individual or organization that uses or operates a system, has an account on a system, accesses cryptographic modules to obtain cryptographic services, or uses or receives services from an automated information system facility should be assigned to this role.

A user guide or user's guide, also commonly known as a manual, is a technical communication document intended to give assistance to people using a particular system.

Permission or ability for an external user to connect to a Virtual Private Network.

The written record of the basis for the auditor's conclusions that provides the support for the auditor's representations, whether those representations are contained in the auditor's report or otherwise.

An exception noted in tests of properly designed internal controls that may indicate ineffectiveness. Management must consider the extent of a weakness in such cases. Weaknesses can be classified as a simple deficiency, significant deficiency, or a material weakness.

A specific series of detailed steps to achieve an audit objective.

The property of something that is great in magnitude.

This limits a Control or Mandate's secondary verb to be put into play as something is happening.

A financial institution that offers electronic funds transfer service

A transfer of funds between banks by electronic means.

A company's policy on when its customers should pay for goods or services they have ordered a government's policy at a particular time on how easy or difficult it should be for people and businesses to borrow and how much it should cost. The government influences this through changes in interest rates.

Give reasons for.

The fact or condition of being required or expected to justify actions or decisions; responsibility.

The quality or state of being correct, precise, or near to the true value.

Materials received by a repository as a unit; an accession.

The process or fact of doing something; a thing done.

A provider of audit services.

Activities are the major tasks performed by the organization to accomplish each of its functions. Activities are usually defined as part of processes or plans, and are documented in procedures. Several activities may be associated with each function. An activity is identified by the name it is given and its scope (or definition). The scope of the activity encompasses all of the transactions that take place in relation to it. Depending on the nature of the transactions involved, an activity may be performed in relation to one function, or it may be performed in relation to many functions. In cost accounting, an activity is the actual work task or step performed in producing and delivering products and services. An aggregation of activities performed within an organization that is useful for purposes of activity-based costing.

The action of providing an description of an account holder's activity.

Materials added to an existing collection; an accretion; an accrual.

Sufficient to satisfy a requirement or meet a need.

Alter or regulate so as to achieve accuracy or conform to a standard.

This record category contains records of mutual understandings, written or verbal, made by two or more parties regarding a matter of opinion or their rights and obligations toward each other.

The action or process of distributing resources or duties, or sharing out something.

A specifically laid out course of action to ensure that communication is not disrupted if the main network is inaccessible; must include access to a secondary communication network.

To examine methodically, typically for purposes of explanation and interpretation.

A computer program designed to help people perform a certain type of work, including specific functions, such as payroll, inventory control, accounting, and mission support. Depending on the work for which it was designed, an application can manipulate text, numbers, graphics, or a combination of these elements. An application contrasts with systems program, such as an operating system or network control program, and with utility programs, such as copy or sort.

Controls related to transactions and data within application systems. Application controls ensure the completeness and accuracy of the records and the validity of the entries made resulting from both programmed processing and manual data entry. Examples of application controls include data input validation, agreement of batch totals and encryption of data transmitted.

The process during which a team creates a software program for a customer.

The formal act of approving.

Learn or discover with certainty.

The purpose of this task is to estimate or determine the nature, value, ability, or quality of someone or something.

The activity of contributing to the fulfillment of a need or furtherance of an effort or purpose.

A compilation of current audit policies, procedures, and guidelines.

A document which defines the IS audit function’s responsibility, authority and accountability, and approved by the board.

The purpose of this function is to provide an independent, objective assurance and consulting activity to evaluate and improve the effectiveness of risk management, control, and governance.

The frequency with which a person is present.

An operating committee of the Board of Directors charged with oversight of audit operations, including appraising the performance of the CPA firm, financial reporting and disclosure. Committee members are drawn from members of the company's board of directors, with a Chairperson selected from among the committee members.

The standards or benchmarks used to meet an audit's requirements.

The accounting process that auditors employ in the review of a company's financial information. The audit cycle includes the steps that an auditor will take to ensure that the company's financial information is valid and accurate before releasing any financial statements.

A description of the standards and guidelines an organization uses for going through external audits or conducting internal audits.

The dates on which a planned, official examination of a system or equipment will be performed.

Determination of the range of the activities and the period (months or years) of records that are to be subjected to an audit examination.

The materials that are used by auditors to conduct an audit.

Those activities and procedures through which information is obtained to verify conformance to regulatory or organizational requirements

The documented conclusion reached as a result of an official inspection of an organization’s accounts or other item or process being audited, typically by an independent body.

Rules prescribed for auditors by various national and international organizations such as the Auditing Practices Board (in the UK) and the Auditing Standards Board (in the US).

The task of reviewing and examining records and activities to assess the adequacy of controls, to ensure compliance with established policies and operational procedures or other applicable contractual and licensing requirements, and to recommend necessary changes in controls, policies, or procedures. May be carried out by internal or external groups. The most common forms are compliance, operational, or vulnerability.

A detailed description of the steps necessary to implement an audit in conformance with applicable standards.

The audit policies, procedures, and strategies that govern the audit function, including Information Technology (IT) audit.

All people who are employed by an organization to perform audit activities.

One of several systems which restrict user access to a network.

A high level description of the audit work to be performed in a certain period of time (ordinarily a year). It includes the areas to be audited, the type of work planned, the high level objectives and scope of the work, and topics such as budget, resource allocation, schedule dates, type of report, and its intended audience and other general aspects of the work.

This record category contains records of working papers that are vital to the successful accomplishment of all audit assignments performed.

A person who conducts audits from either inside or outside of the organization being audited.

A report issued by an independent Auditor that expresses an opinion about whether the financial statements present fairly a company's financial position, operating results, and cash flows in accordance with generally accepted accounting principles.

An inventory of audit areas that is compiled and maintained to identify areas for audit during the audit planning process.

Official permission or approval.

This record contains chronological records that enables one to trace information back to the original input source, who changed what and when for accountability, allowing for the reconstruction and examination of the sequence of activities surrounding or leading to specific operations, procedures, or events in a security relevant transaction from inception to final result, including source documents, electronic logs, and records of access to restricted files.

A method of Verifying the identity of a user, such as a challenge password or a digital certificate.

The verification of the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.

Person(s) or established bodies with rights and responsibilities to exert control in an administrative sphere.

Any transaction made through the Automated Clearing House network.

A service that allows a user to transmit automated clearing house data to a bank for posting and clearing.

This role is focused on a person who has been given permission to do something by an authority. Any individual who has been granted permission to do something on behalf of their organization should be assigned to this role.

Be suitable or proper in the circumstances.

This limits a Control or Mandate's secondary verb to be put into play prior to the event taking place.

Procedures and guidelines that are widely accepted because experience and research has demonstrated that they are optimal and efficient means to produce a desired result.

Having or showing knowledge or perception about a situation, fact, or development.

Request for payment of a debt.

An employee whose skills and knowledge are vital to organization's operations.

Is the corporate board of directors or any other oversight authority for the organization.

A group of persons chosen to govern the affairs of a corporation or other large institution.

The functions, processes, actions, and transactions of an organization and its employees.

A term used in business planning that implies a careful selection and application of resources to obtain a competitive advantage in anticipation of future events or trends.

A division or segment of an organization that operates as an independent enterprise representing a specific business function.

A structure that has a roof and walls and stands more or less permanently in one place.

A form of testing designed to determine the effectiveness of an organization's in-place strategy for full recovery of business functions following a disaster or disruption.

A determination of something by mathematical or logical methods.

The maximum throughput a configuration item or IT service can deliver while still meeting agreed service level targets. For some types of configurable items, capacity may be the size or volume, for example, a disk drive.

This Triggering Event takes place when one technology is swapped out for another.

A set of standards and guidelines which are/should be used when writing the source code for a program.

Any addition or modification to or within an application.

The charge a credit card merchant pays to a customer after the customer successfully disputes an item on his or her credit card statement.

Free from obscurity and easy to understand; the comprehensibility of clear expression.

A person or organization using the services of a company or professional person, such as a lawyer, psychologist, financial advisor, etc.

Evidence attesting to one's right to credit or authority.

The action or process of gathering or bringing things together.

A letter or message containing information or news.

The state of having all the necessary or appropriate parts; having everything that is needed.

The degree of intricacy of a system or system component, determined by such factors as the number of conditional branches, the degree of nesting and the length and types of data structures. (CMS).

Something that is composed of several elements.

The function responsible for operating the computer and peripheral equipment, including providing the tape, disk, or paper resources as requested by the application systems.

A facility used to house computer systems and associated components, such as telecommunications and storage systems, generally including redundant or backup power supplies, redundant data communications connections, environmental controls (e.g., air conditioning, fire suppression) and various security devices.

A collection of individual communications networks, transmission systems, relay stations, tributary stations, and data terminal equipment (DTE) usually capable of interconnection and interoperation to form an integrated whole.

Something, typically money, given or received in recognition of loss, suffering, or injury.

The state of being in accordance with laws, regulations, industry codes, organizational standards, or contractual arrangements.

Come or bring to a finish or an end.

The state or quality of possessing the necessary ability, knowledge, or skill to do something successfully.

To bring into danger, suspicion, or disrepute.

A compliance plan is a system of checks and balances through which a reasonable effort is made to identify potential non-compliance issues regarding applicable laws and regulations, and to eliminate or mitigate those issues.

A document that records the terms and conditions of a legally binding agreement.

The intellectual substance of a document, including text, data, symbols, numerals, images, and sound.

Determine the total number of a collection of items.

The state of being linked physically or notionally.

This record contains management policies and procedures for emergency response, backup procedures, and post disaster recovery designed to maintain or restore business operations, including computer operations, possibly at an alternate location, in the event of emergencies, system failures, or disaster.

The purpose of this task is to support the required actions for planning, responding, and mitigating damaging events.

A position or opinion or judgment reached after consideration.

Observe.

Give legal or constitutional form to (an institution); establish by law.

A person who provides expert advice professionally.

A particular state of a person or thing.

Compliance with standards, rules, or laws.

Have its essential character; be comprised or contained in; be embodied in.

Written and signed stipulations (within the said contract) employed in controlling, directing, or managing an activity, organization, or system.

A process of changing something's form or function.

Action that is taken in order to rectify errors that were made.

The monetary value of resources used or sacrificed or liabilities incurred to achieve an objective such as to acquire or produce a good or to perform an activity or service.

A client's formal contract with an individual or organization whereby the client receives goods or services.

A term used in the Information Security Standards to mean any record containing non-public personal information about a customer, whether in paper, electronic, or other form, that is maintained by or on behalf of a financial institution.

This role focuses on the buying or leasing of goods or services or on financial transactions in relation to accounts maintained in a person's name or for whom a financial institution has acted as a fiduciary. Any individual involved in buying or leasing goods or services or for whom a financial institution has acted as a fiduciary should be assigned to this role.

The purpose of this function is to provide and manage information delivery and support to an organization's clients regarding its products and/or services.

Detrimental effects; physical harm or injury that impairs value or usefulness.

A subset of information in an electronic format that allows it to be retrieved or transmitted. (CNSSI-4009)

A facility used to house computer systems and associated components, such as telecommunications and storage systems.

The function responsible for seeing that all data necessary for processing is present and that all output is complete and distributed properly. This function is generally responsible for reconciling record counts and control totals submitted by users with similar counts and totals generated during processing.

A process by which cardholder data is managed and processed by the vendor for subsequent use in the personalization process.

Work performed by an organization to fulfill a need for a customer or client regarding data processing.

A position or opinion or judgment reached after consideration.

The purpose of this task is to enter data into an application or database.

Protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure. (CNSSI-4009).

A failing, shortcoming, or lack of an adequate quantity or number.

The purpose of this task is to bring new software or hardware up and running properly in its environment.

The action or process of reaching important conclusions or resolutions after consideration; action or process of making important decisions.

Provide details for.

Talk about (something) with another person or group of people.

The process of growing, advancing, or elaborate.

A plan that describes the process to recover from major processing interruptions.

A conversation or debate about a specific topic.

An examination of the controls within an Information technology (IT) infrastructure.

Refers to the internal controls over security management, system development and change management, information processing, communications networks and management of technology service providers.

A documented listing of procedures, schedules, roles and responsibilities, and plans to manage Information Technology resources of an organization in accordance with its needs and priorities. These resources may include tangible investments like computer hardware, software, data, networks and data center facilities, as well as the staff who are hired to maintain them.

The activities and work involving Information Technology equipment and personnel.

Any possibility of harm or damage related to Information Technology systems and data.

Instructions, specifications, and other descriptive information relating to the installation and use of hardware, software, systems, or files.

The purpose of this task is to take reasonable action in order to comply with a law or industry standard.

A social, moral, or legal obligation; a responsibility.

The remote delivery of new and traditional banking products and services through electronic delivery channels.

The degree to which information is relevant and pertinent to the business process as well as delivered in a timely, correct, consistent, and usable manner.

The use of telecommunications networks to transfer funds from one financial institution, as a bank, to another, or to withdraw funds from one's own account to deposit in a creditor's.

Begin to be involved in.

The process of receiving or giving systematic instruction, especially at a school or university.

This role focuses on individuals who work directly for an organization, e.g. university, government, company. Any individual who works directly for an organization and is paid a wage or salary for their work should be assigned to this role.

A change brought about by a cause, action, or agent; a result.

Any transfer of funds which is initiated through an electronic terminal, telephonic instrument, computer, or magnetic tape so as to order, instruct, or authorize a financial institution to debit or credit an account. ... These are normally considered retail funds transfer systems.

Any activity that corresponds with or relates to the transfer of funds electronically

Any, instruments or machinery required for an electric transfer of money to take place.

The accommodation, air conditioning, power system, etc. in the physical environment.

This record contains formal agreements to perform services in exchange for compensation.

Act of ascertaining or making a judgment about the amount, number, value, or worth of something.

This role is focused on the consumers of a product or the access to and use of information systems and networks within the organization. Any individual who who uses the product should be assigned to this role.

A technical review that makes the evidence visible and suitable for analysis; tests performed on the evidence to determine the presence or absence of specific data.

A person who inspects or investigates someone or something.

The fact or state of being or having objective reality.

The necessary items for a particular purpose.

A defect in function or structure; deviation from what is correct.

Information used to establish facts.

An organization founded for a specific purpose, such as religious, educational, professional, or social.

Have objective reality or being.

The accumulation of knowledge or skill that results from direct participation in events or activities.

Controls that are already present in an organization to protect against the identified threats and vulnerabilities.

A strong belief that something will happen or be the case in the future.

An auditor who is independent of the legal entity whose financial statements they perform audits on.

A range of values or locations; The space, area, volume, etc., to which something extends.

Anything that contributes to or influences a result.

Individuals that are non-workforce members or personnel who are authorized by customers, entity management, or other authorized persons to interact with the system.

Any law, contractual obligation, code of connection, service level agreement, or even international agreement.

The status of a firm's assets, liabilities and equity positions at a specific point in time, often described in a financial statement.

Collections of data or information under unique identifying names kept in a computers memory or a storage device.

Pursue to a conclusion or bring to a successful issue.

Any bank licensed under the Banking Act (Cap. 19); any finance company licensed under the Finance Companies Act (Cap. 108); any person that is approved as a financial institution under section 28; any money-changer licensed to conduct money-changing business, or any remitter licensed to conduct remittance business, under the Money-changing and Remittance Businesses Act (Cap. 187); any insurer licensed or regulated under the Insurance Act (Cap. 142); any insurance intermediary registered or regulated under the Insurance Act; any licensed financial adviser under the Financial Advisers Act (Cap. 110); any approved holding company, securities exchange, futures exchange, recognised market operator, licensed trade repository, licensed foreign trade repository, approved clearing house, recognised clearing house or holder of a capital markets services licence under the Securities and Futures Act (Cap. 289); any trustee for a collective investment scheme authorised under section 286 of the Securities and Futures Act, that is approved under that Act; any trustee-manager of a business trust that is registered under the Business Trusts Act (Cap. 31A); any licensed trust company under the Trust Companies Act (Cap. 336); any holder of a stored value facility under the Payment Systems (Oversight) Act (Cap. 222A); any designated financial holding company under the Financial Holding Companies Act 2013 (Act 13 of 2013); any person licensed under the Banking Act (Cap. 19) to carry on the business of issuing credit cards or charge cards in Singapore; and any other person licensed, approved, registered or regulated by the Authority under any written law, but does not include such person or class of persons as the Authority may, by regulations made under this section, prescribe.

Something discovered as a result of an inquiry or investigation.

Hardware and/or software gateway technology that protects network resources from unauthorized access. A firewall permits or denies computer traffic between networks with different security levels based upon a set of rules and other criteria.

The organizational document that defines the parameters for each Configurable Item on each of the organization's router and firewall components, and then how each of those individual components should be configured as a part of the overall networking system.

An officially recognized agreement between two or more parties.

Assets in the form of money.

The rate at which something occurs within a given period of time.

Controls, other than application controls, that relate to the environment within which application systems are developed, maintained, and operated, and that are therefore applicable to all the applications at an institution. The objectives of general controls are to ensure the proper development and implementation of systems, and the integrity of program and data files and of computer operations.

An information processing device used for the purpose of executing deposit account transactions between financial institutions and their customers by either the direct transmission of electronic impulses or the recording of electronic impulses for delayed processing.

Conduct the policy, actions, and affairs of (a state, organization, or people).

The object of a person or processes' ambition or effort; the aim or desired result.

Information that provides direction or advice as to a decision or course of action.

In Computing: The process of entering data or a program into a computer system.

A help file (sometimes called a help system ) is a documentation component of a software program that explains the features of the program and helps the user understand its capabilities. A bit like an extensive, organized, and thorough collection of FAQ s (frequently asked questions), the help system's purpose is to provide the answers that a user needs to understand to use the program effectively.

The total balance of all credit and debit postings that go into an account.

This limits a Control or Mandate's secondary verb to be put into play precisely because the event has taken place.

Have reference to; concern.

To come into contact with another object forcibly.

With the purpose of doing something.

Make part of a whole or set.

An analysis of findings performed by a third party for an organization to provide impartiality.

Free from external control and constraint or influence of another.

Give someone facts or information.

Freedom from outside control or support.

The ability, without the service of others, or with a reduced level of the services of others, to function within the community.

Insight necessary to manage objectives, goals, risks and problems.

A service provided to one or more customers by an Information Technology (IT) service provider. An IT service is based on the use of information technology and supports the customer’s business processes. An IT service is made up from a combination of people, processes, and technology and should be defined in a service level agreement.

The consumption and savings opportunity gained by an entity within a specified time frame, which is generally expressed in monetary terms.

Any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual.

Information technology systems are collectively the equipment used to create, store and transmit digital data and any related software owned (or otherwise controlled) and used by the State and its agencies to fulfill its service and obligations to the citizens of Arizona.

The amount of risk or liability covered for an individual or entity by way of insurance services. Insurance coverage is issued by an insurer in the event of an unforeseen or unwanted occurrences.

The purpose of this function is to protect information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality, and availability.

The rules and guidelines of an organization on how to ensure the confidentiality, integrity, and availability of the organization's information.

An add-on provision to a basic insurance policy that provides additional benefits to the policyholder at an additional cost. Standard policies usually leave little room for modification or customization beyond choosing deductibles and coverage amounts.

Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity.

Monitors the audit scope and risk assessments to ensure that audit coverage remains adequate.

An internal audit program defines the type of internal audit being conducted (IT, HR, financial, etc.), the specific subject(s) attended to, the roles and responsibilities of those involved, the method being used to conduct the audit, and the schedule of the audit.

An audit that is performed for the management and other internal purposes by individuals who are employed by the organization.

A system owned and operated by the organization.

To interact with.

A report issued by an independent auditor within an organization that expresses an opinion about whether the financial statements present fairly a company's financial position, operating results, and cash flows in accordance with generally accepted accounting principles.

This role is focused on providing independent and objective evaluations of the organization's financial records, systems, or anything else being audited. Any individual who performs internal audits should be assigned to this role.

Internet access refers to the means by which users connect to the Internet, and includes the following components: (1) The transmission of information as common carriage; (2) The transmission of information as part of a gateway to an information service, when that transmission does not involve the generation or alteration of the content of information, but may include data transmission, address translation, protocol conversion, billing management, introductory information content, and navigational systems that enable users to access information services, and that do not affect the presentation of such information to users; and (3) Electronic mail services (e-mail).

An appraisal activity established or provided as a service to the entity. Its functions include, amongst other things, examining, evaluating and monitoring the adequacy and effectiveness of internal control.

The purpose of this task is to provide reasonable assurance that operations are effective and efficient, financial reporting is reliable, and applicable laws and regulations are being followed.

An important question, point, or problem to be disputed, discussed, or decided.

To conduct or hold a meeting in which one or more persons consult, question, examine, or evaluate another person.

The act of sharing in the activities of a group.

A type of internal control designed to detect errors or fraud in financial statements.

A break or intermission in the occurrence of something.

The branch of an organization's personnel that is responsible for anything pertaining to law or legalities. Lawyers.

An individual rule as part of a system of law.

Facts, information, and skills acquired by a person through experience or education; the theoretical or practical understanding of a subject.

A connected series of events or actions or developments.

A mechanism that provides for the logical safety of assets.

The purpose of this task is to support the identification, prioritization, and estimation of risks to organizational operations, organizational assets, individuals, other organizations, and the Nation through the operation of an information system and assign a value to assets, threat frequency, and consequences.

Logical Security consists of software safeguards for an organization's systems, including user identification and password access, authenticating, access rights and authority levels. These measures are to ensure that only authorized users are able to perform actions or access information in a network or a workstation.

A system of examinations, interviews, or tests performed by an assessor in order to support the identification, prioritization, and estimation of risks to organizational operations, organizational assets, individuals, other organizations, and the Nation through the operation of an information system and assign a value to assets, threat frequency, and consequences.

A particular point or position in space.

Examine, make changes if necessary, and officially accept.

The application of risk management principles.

Put trust in with confidence.

A Security Management family component.

A book of instructions, especially for operating a machine or learning a subject.

This role focuses on administering, organizing, and overseeing the organization. Any individuals who are involved in the administration, organization, supervision, and oversight of the organization should be assigned to this role.

The hierarchical arrangement and relations of managerial roles, power, and responsibilities, how they are delegated, controlled, and coordinated, and how information flows between levels of management.

The purpose of this task is to move records from one system or storage medium to another while maintaining authenticity, integrity, reliability, and usability.

Fulfill or satisfy (a need, requirement, or condition).

A particular way of performing an operation designed to produce precise deliverables at the end of each stage.

A unit of time equal to 60 seconds or 1/60th of an hour.

A change in the affairs of a company that is expected to have a significant effect on the market value of its securities - such as a change in the nature of the business, a change in the Board of Directors or the principal officers, a change in the share ownership of the company that could affect control, or the acquisition or disposition of any securities in another company. A material change must be reported to the applicable self-regulatory organization.

To ascertain the size, amount, or degree of (something) by using an instrument or device marked in standard units or by comparing it with an object of known size.

The strongly felt aim or ambition of a person or group.

The basic or inherent qualities, characteristics, or features of something.

Failure to take proper care of something.

The act of making partial or minor changes to something.

To watch and check the progress or quality of something over a period of time; keep under regular surveillance.

Something wanted or required.

Information system(s) implemented with a collection of interconnected components. Such components may include routers, hubs, cabling, telecommunications controllers, key distribution centers, and technical control devices.

A backup process or facility that stores backup data or applications external to the organization or core IT environment

The machine code generated by a source code language processor such as an assembler or compiler. A file of object code may be executable immediately or it may require linking with other object code files (e.g., libraries, to produce a complete executable program).

A projected state of affairs that a person or a system plans or intends to achieve a personal or organizational desired end-point in some sort of assumed development. Many people endeavor to reach goals within a finite time by setting deadlines.

Someone or something that has been left out or excluded.

A plan of action adopted by the organization for how and when the appropriate individuals are notified.

The obligation to officially inform a party of something important.

The quality of being not influenced by personal feelings or opinions in considering and representing facts.

A contract between the institution and an audit services firm to provide internal audit services.

(of a person) control the functioning of (a machine, process, or system).

Data processing in which the result is completely specified by a rule (especially the processing that results from a single instruction).

This group focuses on corporate bodies, businesses, federal agencies and their operational elements, and any entity that has people, resources, and budgets. Any of these bodies should be assigned to this group.

A web-browser-based access to an acquirer, processor or third party service provider website to authorize payment card transactions, where the merchant manually enters payment card data via a securely connected web browser. Unlike physical terminals, virtual payment terminals do not read data directly from a payment card. Because payment card transactions are entered manually, virtual payment terminals are typically used instead of physical terminals in merchant environments with low transaction volumes.

Any of the processes required to initiate an automated clearing house transaction.

The software 'master control application' that runs the computer. It is the first program loaded when the computer is turned on, and its principal component, the kernel, resides in memory at all times. The OS sets the standards for all application programs (such as the mail server) that run in the computer. The applications communicate with the OS for most user interface and file management operations.

This record contains acquisition or outsourcing contracts for IT services.

Data or information produced by computer processing, such as graphic display on a terminal or hard copy.

The outsourcing contract is one of the most important document in an outsourcing relationship. The contract, terms and the quality of the contract will largely influence the outsourcing relations, governance and overall the success of the outsourcing venture.

The amount by which withdrawals exceed deposits, or the extension of credit by a lending institution to allow for such a situation.

The act of taking part or sharing in something.

The action of supervising something.

(computer science) a bit that is used in an error detection procedure in which a 0 or 1 is added to each group of bits so that it will have either an odd number of 1's or an even number of 1's; e.g., if the parity is odd then any group of bits that arrives with an even number of 1's must contain an error.

A person or group participating in an action or affair.

A string of characters that allows access to a computer, interface, or system.

A range of different cards that can be used to access cash assets through point-of-sale terminals or other facilities in order to make payments, receive cash money, exchange currency and perform other actions determined by the card issuer and its terms.

The act of doing a job, an activity, etc.

The purpose of this task is to evaluate one's abilities to execute the required functions of a job and to analyze the system for performance against a known benchmark or design document.

A mechanism that provides for the physical safety of assets.

An examination taken by graduate students to determine their fitness to continue.

People who are employed by and work directly within an organization.

The protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage to an enterprise, agency, or institution. This includes protection from fire, natural disasters, burglary, theft, vandalism, and terrorism.

A set of rules that define the manner in which an organization deals with a human resources or personnel-related matter.

Information containing an account-holder's secret code that is used to verify the identity of their identity when trying to access a computer system, network, credit card account, ATM, etc.

A sequence of steps for doing or achieving something.

A program that focuses on the policies and management of those policies.

A particular series of actions or steps to bring about a certain outcome; series of procedures.

An official expression of principles that direct an organization's operations.

A set of policies are principles, rules, and guidelines formulated or adopted by an organization to reach its long-term goals and typically published in a booklet or other form that is widely accessible. Policies and procedures are designed to influence and determine all major decisions and actions, and all activities take place within the boundaries set by them. Procedures are the specific methods employed to express policies in action in day-to-day operations of the organization. Together, policies and procedures ensure that a point of view held by the governing body of an organization is translated into steps that result in an outcome compatible with that view.

A customary way of operation or behavior.

This limits a Control or Mandate's secondary verb to be put into play before the event takes place.

An established or official method for implementing a policy or performing a task or operation which must be executed in the same manner in order to obtain the same results in the same circumstances.

An article or substance produced by human or mechanical effort or by a natural process.

Something tangible or intangible owned or belonging to someone.

An underlying cause for one or more incidents.

A condition that must be fulfilled in order for something to be processed.

The purpose of this task is to transform tangible inputs and intangible inputs into goods or services, to create output or deliverables (goods or services) for another party, and to retrieve documents and make them available for use in a legal proceeding, especially as part of discovery.

Advance or development toward a better, more complete, or more modern condition.

The application of processes, methods, knowledge, skills and experience to complete a project.

A structured grouping of interdependent projects that includes the full scope of business, process, people, technology, and organizational activities that are required (both necessary and sufficient) to achieve a clearly specified business outcome.

Set of rules and formats, semantic and syntactic, permitting information systems to exchange information.

A proposal for the best course of action.

A written or printed acknowledgment that something has been paid for or that goods have been received.

The purpose of this function is to manage the act of contracting, assuming, or acquiring possession of something.