The heart of any internal control system is the information technology IT upon

The heart of any internal control system is the

This preview shows page 67 - 69 out of 74 pages.

The heart of any internal control system is the information technology (IT) upon which so much of the business processes rely. General IT controls are policies and procedures that relate to many applications and support the effective functioning of application controls by helping to ensure the continued proper operation of information systems. General IT controls commonly include controls over data center and network operations; system software acquisition, change and maintenance; access security; and application system acquisition, development, and maintenance. The auditor should be aware that IT poses specific risks to an entity’s internal control including reliance on systems or programs that are inaccurately processing data, processing inaccurate data, or both, unauthorized access to data that may result in destruction of data or improper changes to data; the possibility of IT personnel gaining access privileges beyond those necessary to perform their assigned duties thereby breaking down segregation of duties; unauthorized changes to data in master files; unauthorized changes to systems or programs, and other inappropriate actions. The internal control components are: the control environment, risk assessment, control activities, information, and communication, and monitoring. a202925199b97cb3e48d5bdd1256019671e960eb.doc
Image of page 67
a202925199b97cb3e48d5bdd1256019671e960eb.doc 68 The control environment means the overall attitude, awareness, and actions of directors and management regarding the internal control system and its importance in the entity. The control environment has a pervasive influence on the way business activities are structured, the way objectives are established, and the way risks are assessed. The control environment is influenced by the entity’s history and culture. Effectively controlled companies set a positive “tone at the top” and establish appropriate policies and procedures. Elements of the control environment are: communication and enforcement of integrity and ethical values; commitment to competence; participation by those charged with governance; management’s philosophy and operating style; organizational structure; assignment of authority and responsibility; and human resource policies and practices. All components of internal control, from control environment to monitoring, should be assessed for risk. Certain conditions may increase risk and, therefore, deserve special consideration. These conditions are: changed operating environment; new personnel; new or revamped information systems; rapid growth; new technology; new lines, products and activities; corporate restructuring; and foreign operations. Management’s risk assessment differs from, but is closely related to, the auditor’s risk assessment. Management assesses risks as part of designing and operating the internal control system to minimize errors and irregularities. Auditors assess risks to decide the evidence needed in the audit. The two risk assessment approaches are related in that if management effectively assesses
Image of page 68
Image of page 69

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture