Vetting Information Technology Controls in Risk Assessment: SAS 145

information technology

Information technology controls (IT controls) are getting increased attention with the implementation of SAS 145, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatements.

IT Controls Video

In the following video, I provide an overview of what you need to do regarding IT controls including general and information processing controls. 

Consider general controls and transaction processing controls as you plan your financial statement audits.ย 

General Controls

Examples of general controls include:

  • Passwords
  • Intrusion detection
  • Backup and recovery
  • Logical access to softwareย 
  • Change control
  • Physical protection of IT systems

Transaction Processing Controls

An example of a transaction processing control is a software requirement that information in purchase orders, invoices, and shipping documents agree (known as a three-way match) before processing the payment. 

Design and Implementation 

Review the design and implementation of these IT controls, and do so in the planning phase of your audit. Weak IT controls may require you to perform additional audit procedures to lower detection risk. Why? Because weak general controls or transaction processing controls might allow material misstatements to occur without detection. 

Learn from my CPA Hall Talk newsletter!

Get my free accounting and auditing digest with the latest content.

Powered by Kit

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.