Information Technology, Internal Control, and Financial Statement Audits

2182 Words Mar 25th, 2011 9 Pages
Information Technology, Internal Control,and Financial Statement Audits

By Thomas A. Ratcliffe and Paul Munter

In Brief

ASB Tackles IT System Control Risk

Modern data processing systems pose new, risk-laden challenges to the traditional audit process. Whereas it was once possible to conduct a financial statement audit by assessing and monitoring the controls over paper-based transaction and accounting systems, businesses have increasingly turned to electronic transaction and accounting systems. SAS 94 offers guidance on collecting sufficient, competent evidence in an electronic processing environment. It pays particular attention to identifying circumstances when the system of control over electronic processing must be
…show more content…
Ease of use. Electronic evidence often requires extraction of data by an expert, whereas paper evidence can be evaluated without additional tools.
Clarity. Competent evidence should allow the same conclusions to be drawn by different auditors performing the same tasks. The nature of electronic evidence is not always clear. For example, similar record formats could lead to mistaking an EDI network transmission confirmation for a vendor’s order confirmation, in the absence of appropriate controls.
Objectives of SAS 94

Prior to the release of SAS 94, although some guidance addressed audit considerations in an IT environment, there had not been an update to the evaluation of controls and assessment of control risk since SAS 78. SAS 94 filled this gap. It is intended to fulfill the following objectives:

Incorporate and expand the SAS 80 concepts to emphasize that an auditor may be compelled in certain circumstances to obtain evidential matter about the effectiveness of the design and operation of electronic data controls.
Describe how IT may effect internal controls, evidential matters, the understanding of internal controls, and the assessment of control risk.
Describe the internal control benefits and risks of IT and describe how IT affects the components of internal control, particularly control activities, information, and communication components.
Provide guidance for deciding whether specialized skills are needed to
Open Document