369 paragraphs found
Attestation engagement on controls―A reasonable or limited assurance engagement in which a party other than the assurance practitioner, being the responsible party or evaluator, evaluates the design against the control objectives, and, if included in the …
Anomaly―A deviation in a sample that is demonstrably not representative of deviations in a population. …
Carve-out method―A method of dealing with controls operating at a third party, which are integral to the system or control component which is subject to the engagement, whereby that third party’s relevant control objectives and related controls are …
Compensating control―A control which makes up for a deficiency in another control in mitigating the risks that threaten achievement of a control …
Complementary user entity controls―Controls that an entity, which is a service organisation, assumes, in the design of its service, will be implemented by user entities or clients, and which, if necessary to achieve control objectives stated in the …
Components of control―The integrated components which comprise the system of control, as defined by the control framework applied. (Ref: Para. A9 …
Control objective―The aim or purpose of a particular aspect of controls. Control objectives relate to risks that controls seek to mitigate and may be categorised by the framework applied, such as operational (economy, effectiveness and efficiency), …
Control or internal control―The process designed, implemented and maintained by those charged with governance, management and other personnel to mitigate the risks which may prevent achievement of control objectives relating to the entity’s system. …
Criteria―The benchmarks used to measure or evaluate the underlying subject matter. The “applicable criteria” are the criteria used for the particular …
Description of the system―A document prepared by the responsible party and provided to users, if included in the scope of the engagement, describing the entity’s system, within which the controls to be concluded upon operate, including identification of: …