Search Sox-Online
SOX-online: The Vendor-Neutral Sarbanes-Oxley Site
ITGI on IT Controls
Excerpt
Source: IT Control Objectives for Sarbanes-Oxley
"The PCAOB standard includes specific requirements for auditors to
understand the flow of transactions, including how transactions are initiated,
authorized, recorded, processed and reported. Such transactions� flows
commonly involve the use of application systems for automating processes
and supporting high volume and complex transaction processing. The
reliability of these application systems is in turn reliant upon various IT
support systems, including networks, databases, operating systems and more.
Collectively, they define the IT systems that are involved in the financial
reporting process and, as a result, should be considered in the design and
evaluation of internal control.
The PCAOB suggests that these IT controls have a pervasive effect on the
achievement of many control objectives. They also provide guidance on the
controls that should be considered in evaluating an organization�s internal
control, including program development, program changes, computer
operations, and access to programs and data. While general in nature, these
PCAOB principles provide direction on where SEC registrants likely should
focus their efforts to determine whether specific IT controls over transactions
are properly designed and operating effectively.
This document discusses the IT control objectives that might be considered
for assessing internal controls, as required by the Act. The appendices of this
document provide control examples that link PCAOB principles, including
their relationship to internal control over financial reporting. To support
implementation and assessment activities, illustrative control activities and
tests of controls are provided in the appendices."
|