Information technology controls (IT controls) are getting increased attention with the implementation of SAS 145, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatements.
In the following video, I provide an overview of what you need to do regarding IT controls including general and information processing controls.
Consider general controls and transaction processing controls as you plan your financial statement audits.
Examples of general controls include:
An example of a transaction processing control is a software requirement that information in purchase orders, invoices, and shipping documents agree (known as a three-way match) before processing the payment.
Review the design and implementation of these IT controls, and do so in the planning phase of your audit. Weak IT controls may require you to perform additional audit procedures to lower detection risk. Why? Because weak general controls or transaction processing controls might allow material misstatements to occur without detection.
Charles Hall is a practicing CPA and Certified Fraud Examiner. For the last thirty-five years, he has primarily audited governments, nonprofits, and small businesses. He is the author of The Little Book of Local Government Fraud Prevention, The Why and How of Auditing, Audit Risk Assessment Made Easy, and Preparation of Financial Statements & Compilation Engagements. He frequently speaks at continuing education events. Charles consults with other CPA firms, assisting them with auditing and accounting issues.
Session expired
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.