Glossary

Audit Committee

The Audit Committee refers to the governance body that is charged with oversight of the organisation’s audit and control functions. An audit committee is an operating committee of the Board of Directors. Committee members are drawn from members of the company's board, with a chairperson selected from among the members.

Audit Engagement

An audit engagement is the very first stage of an audit procedure, where the client is notified by the auditor that the work pertaining to audit has been accepted by him/her. The audit engagement also provides clarifications about the scope and purpose of the audit.

Business Continuity Planning (BCP)

Business continuity planning is the process of creating systems of prevention and recovery to deal with different kinds of disaster. The business continuity plan is activated when an event materialises, including cybercrime, which is estimated as potentially threatening to the continuity of the business.

Capability Maturity Model Integration (CMMI)

Capability Maturity Model Integration (CMMI) is a process level improvement approach and appraisal programme. The CMMI principle is that the quality of a system or product is highly influenced by the process used to develop and maintain it. CMMI is used to guide process improvement across a project, a division, or an entire organisation. It is applied to all business processes.

Cloud solutions

Cloud computing is a general term for the delivery of hosted services over the internet. Cloud solutions enable companies to consume a computing resource – such as a virtual machine (VM), storage or an application – as a utility (just like electricity), rather than having to build and maintain computing infrastructures in-house.

COBIT Governance framework

COBIT (Control Objectives for Information and related Technology) provides managers, auditors, and IT users with a set of generally accepted measures, indicators, processes and best practices to assist them in developing effective enterprise governance over Information & Technology.

COSO Internal Control System

The COSO Internal Control System is a management framework developed to ensure reliable financial reporting, as well as effective and efficient operations and compliance. COSO issues recommendations and guidelines on internal control for reducing risks.

Cyber-security

Cyber-security is the process of protecting information by preventing, detecting, and responding to attacks and security breaches.

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. The new regulation came into effect in May 2018.

Governance, Risk management & Compliance (GRC)

Governance, Risk management, and Compliance (GRC) concerns an organisation’s approach across these three areas: corporate governance, risk management and regulatory compliance. GRC represents a new evolution in business, driven by increased stakeholder demands, heightened public scrutiny and new performance expectations.

ISO 2700x Information Security Standards

The ISO 2700x standards will help your organisation manage the security of information assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.

IT Governance

IT Governance consists of the leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives.

ITIL Service Management

The IT Infrastructure Library (ITIL®) provides a comprehensive and consistent set of good practices for IT service management, promoting a quality approach to achieving business effectiveness and efficiency in the use of information systems.

Outsourcing

Outsourcing is a business practice used by companies to reduce costs or improve efficiency by shifting tasks, operations, jobs or processes to an external contracted third party. Outsourcing often involves the contracting of a business process, or operational or supporting functions, such as IT, facility management, HR, etc.

Project Management

Project management is the discipline of planning, organising and managing resources to bring about the successful completion of specific project goals and objectives, while adhering to the project’s scope, time, cost and quality.

Risk Management

Risk management is the process of identifying, assessing and controlling threats to an organisation’s objectives. These threats, or risks, could stem from a wide variety of sources, including financial uncertainty, legal liabilities, strategic management errors, accidents, natural disasters as well as IT security threats and data-related risks.

User-developed Applications

User-developed applications (UDAs) typically consist of spreadsheets and databases created and used by end-users to extract, sort, calculate, and compile organisational data to analyse trends, make business decisions, or summarise operational and financial data and reporting results.