May 09, 2005
IT Controls are the Least Understood by External Auditors
IT professionals beware: In our recent attendance at the SEC Section 404 Review Meetings in Washington DC April 13, it was painfully clear that the Big Four Accounting Firms had little to no expertise in examining IT controls. Therefore, they over did testing and used manual control testing on IT. Make it easy for them or the cost for this portion of the 404 audit may be huge!
For an excerpt a related IT controls topic, see here:
"BE A CONTROL FREAK
Essentially, SOX legislates what used to be IT security best practices. If you've dealt with IT auditors in the past, either internally or via your company's CPA firm, you're already familiar with controls. (However, you should expect an auditor to go deeper into your company's records and be less forgiving than ever before, because CPA firms are determined to avoid another Arthur Andersen debacle and internal auditors could conceivably be held criminally responsible under SOX.) In a nutshell, SOX requires corporations to implement controls that assure the integrity and accuracy of the company's financial reporting. At the highest level of management, this requirement translates to written policies, memos, meeting minutes, and other documents that demonstrate that management is taking the lead and involved in risk management and financial-reporting controls. At a lower level, corporations must show that they have processes that effectively implement the higher-level policies and directives for risk management and financial-reporting controls." For the complete article, click here.
To see how your company can effectively, rapidly and simply comply with Sarbanes-Oxley, see www.issuescentral.com and find out more about our no obligation 30 day evaluation.
For an excerpt a related IT controls topic, see here:
"BE A CONTROL FREAK
Essentially, SOX legislates what used to be IT security best practices. If you've dealt with IT auditors in the past, either internally or via your company's CPA firm, you're already familiar with controls. (However, you should expect an auditor to go deeper into your company's records and be less forgiving than ever before, because CPA firms are determined to avoid another Arthur Andersen debacle and internal auditors could conceivably be held criminally responsible under SOX.) In a nutshell, SOX requires corporations to implement controls that assure the integrity and accuracy of the company's financial reporting. At the highest level of management, this requirement translates to written policies, memos, meeting minutes, and other documents that demonstrate that management is taking the lead and involved in risk management and financial-reporting controls. At a lower level, corporations must show that they have processes that effectively implement the higher-level policies and directives for risk management and financial-reporting controls." For the complete article, click here.
To see how your company can effectively, rapidly and simply comply with Sarbanes-Oxley, see www.issuescentral.com and find out more about our no obligation 30 day evaluation.
