Essay on Itgc Case Study

6301 Words26 Pages
ISSUES IN ACCOUNTING EDUCATION Vol. 24, No. 1 February 2009 pp. 63–76 Assessing Information Technology General Control Risk: An Instructional Case Carolyn Strand Norman, Mark D. Payne, and Valaria P. Vendrzyk ABSTRACT: Information Technology General Controls (ITGCs), a fundamental category of internal controls, provide an overall foundation for reliance on any information produced by a system. Since the relation between ITGCs and the information produced by an organization’s various application programs is indirect, understanding how ITGCs interact and affect an auditor’s risk assessment is often challenging for students. This case helps students assess overall ITGC risk within an organization’s information systems. Students identify…show more content…
For example, FFC relies on bar code scanners and credit/debit card readers. To maintain its competitive edge in its market area, FFC recently implemented a fingerprint bio-coding payment system in all of its stores. This new systems implementation required that FFC change several of its general-ledger application programs; in particular, those related to its cash receipts processing. FFC does not use any outside service organizations to provide its IT services. Sophie Ewing, the audit senior who heads up your team, decided that because of FFC’s complex and sophisticated IT processing, an IT General Control (ITGC) review is mandatory to meet SAS 109’s risk assessment procedures and SOX Section 404 Management Assessment of Internal Controls requirements. You know that an ITGC review is very important because ITGCs provide the foundation for reliance on any financial information FCC’s systems produce. Your evaluation will affect the financial auditor in assessing the risk of material misstatement in FFC’s financials, and consequently, the audit plan. At your first team meeting, Sophie announced that your firm’s network security specialists would review the technical issues related to FFC’s internal controls. They will evaluate FFC’s operating systems, its telecommunications software, and its network configuration and firewalls. In preparation for the meeting, Sophie encouraged you to review the key provisions included in SAS 109, SOX Section 404,

More about Essay on Itgc Case Study

Open Document