IT can improve a company’s internal controls; however, it can also affect the company's overall control risk.
If IT systems fail, organizations can be paralyzed by the inability to retrieve information or by the use of unreliable information caused by processing errors.
3 3 Without proper physical protection, hardware or software may not function or may function improperly.
When organizations replace manual procedures with technology-based procedures, the risk of random error from human involvement decreases. However, the risk of systematic error increases because once procedures are programmed into computer software, the computer processes information consistently for all transactions.
IT cased accounting systems often allow online access to electronic data in master files software and other records. Because online access can occur from remote access points, there is potential for illegitimate access.
With the use of computers, IT often reduces or even eliminates source documents and records that allow the organization to trace accounting information.
In many IT systems, employees who deal with the initial processing of transactions never see the final results. Therefore, they are less able to identify mistakes.
General controls apply to all aspects of the IT function including IT admin, separation of IT duties, systems development, physical and online security over access to hardware, software and related data.
The CIO or IT manager should be responsible for oversight of the IT function.
Systems analysts are responsible for the overall design of each application system
11 11 Pilot testing is when a new system is implemented in one part of the organization while other locations continue to
rely on the old system.
Physical controls decrease the risk of unauthorized changes to programs and improper use of programs and data files.
13 13
Ineffective general controls create the potential for material misstatements across all system applications regardless of the quality of the application controls.
Client changes to application software affect the auditor’s reliance on automated controls.
Auditors obtain information about general and application controls through interviews, examination of system documentation, and reviews of detailed questionnaires completed by IT staff.
23 23 Auditor’s process their own test data using the client’s computer system and application program to determine