Menu
: Home : Terminology : Best Practice : : COBIT : : ISO 27002 (ISO 17799) : : ISO 27001 : : ISO 27000 Series : : ISO 20000 - ITIL : : COSO : : Info Security Policy : : Security Domains : SOX : Links : : Organisations : : Standards Orgs : : Audit Links : : Security Links : The News Page : Your IP Address : Contact : Legal Disclaimer
Search

Definitions and Terminology

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

control deficiency

A control deficiency exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis. * A deficiency in design exists when (a) a control necessary to meet the control objective is missing or (b) an existing control is not properly designed so that, even if the control operates as designed, the control objective is not always met. * A deficiency in operation exists when a properly designed control does not operate as designed, or when the person performing the control does not possess the necessary authority or qualifications to perform the control effectively.

source: PCAOB AS no2:2004

a deficiency in the design or operation of a control that does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis. (1) A deficiency in design exists when (a) a control necessary to meet the control objective is missing or (b) an existing control is not properly designed so that, even if it operates as designed, the control objective is not always met. (2) A deficiency in operation exists when a properly designed control does not operate as designed, or when the person performing the control does not possess the necessary authority or qualifications to perform the control effectively.

source: Framework for Evaluating Control Excepti:IIA:2004

Something missing on this page? Let us know