8/11/2019 ACC 626 Term Paper KiengIv
1/31
UNIVERSITY OF WATERLOO SCHOOL OF ACCOUNTING AND FINANCE
ACC 626 Term PaperInforma!on e"#no$o%& !mpa" on
a''(ran"e en%a%emen) Impa" of
Sar*ane' O+$e&) Inerna$ Conro$' an,
O('o(r"!n%
Kieng Iv 20233702
6/30/2011
Abstract:
Information technology has created risks for businesses and auditors such as segregation of duties,complex revenue streams and computer crimes. C-suite executives should understand the impact thatinformation technology can have on their businesses. The profession and businesses manage these risks
through experts, frameworks, information technology tools and access management. There are newinformation technology tools, such as cloud computing, that need to be addressed by auditors becausethey create implications for internal controls and security of the business. This is something that is notcurrently addressed by the profession but must be addressed in order to meet the needs of their clients.
8/11/2019 ACC 626 Term Paper KiengIv
2/31
Table of ContentsIntroduction.................................................................................................................................................. 1
Information Technology Risk........................................................................................................................1
Managing Information Technology Risk.......................................................................................................4
Sarbanes Oxley Impact...............................................................................................................................
Outsourcing Information Technology........................................................................................................ ...!
"onclusion................................................................................................................................................. 1#
$ork "ited................................................................................................................................................. 11
%nnotated &ibliography.............................................................................................................................. 1'
8/11/2019 ACC 626 Term Paper KiengIv
3/31
Introduction
Information technology has re(olutioni)ed the business *orld through ho* it operates and inno(ates+
ho*e(er, the same technology has also created many risks *ithin the business *orld and should be a
main concern for "-suite executi(es. Information systems permeate all areas of organi)ations,
differentiate them in the marketplace, and consume increasing amounts of human and financial capital./1
The same information technology has had a per(asi(e impact on audit risk for internal and external
auditors. %uditors and the profession manage this relati(ely ne* risk in (arious *ays such as use of frame
*orks, assistance from specialists and information technology tools. This risk has increased significantly
due to the Sarbanes Oxley %ct 0##0. Sarbanes Oxley has had significant impact on internal controls and
internal control reporting, and it has increased the risk of outsourcing information technology processes.
This paper *ill also identify areas of risk *ith outsourcing information technology, sho* ho* the business
community manages that risk, and *ill identify any gaps not currently addressed that *ill need to be
addressed by the accounting profession.
Information Technology Risk
% sur(ey done by "omputer "rime and Security has sho*ed that 42 of unauthori)ed access *as
performed by insiders *ithin a company.0Insiders ha(e access to and kno*ledge of the system that is not
as readily a(ailable to outsiders. 3mployees can also damage the organi)ation through unintentional
means such as deleting important files, opening emails *ith (iruses, and other such accidental acts. To
mitigate the risk of intentional and unintentional damage, organi)ations need effecti(e access
management. Segregation of duties built into non-information technology processes need to be
implemented in the information technology en(ironment. $ith the use of information technology, capital
has replaced human capital in many traditional functions *ithin the *orkplace+ ho*e(er, the same
segregation of duties reuirements is still needed. %n example of this is the posting of 5ournal entries.
6rior to information technology, there may ha(e been the need to ha(e many accounting clerks to
manage all the 5ournal entries of the organi)ation+ nonetheless, *ith automated functions, the need for
accounting clerks is reduced. This is only an issue *hen functions need to be segregated. $ith fe*er
employees, organi)ations ha(e to ensure that no employee has too much access and this is easy to
1&orit), 3frim 7. 8Introduction to Internal "ontrol and the Role of Information Technology.8ComputerControl & udit !uide. 1th ed. $aterloo9 "entre for Information Integrity and Information Systems
%ssurance, 0#11. '-04. 6rint.0 Sillto*, 7ohn. 8Shedding :ight on Information Technology Risks.8 Internal uditor;ecember. $eb. 1 7une 0#11.?http9@@*eb.ebscohost.com.proxy.lib.u*aterloo.ca@ehost@pdf(ie*er@pdf(ie*erAsidB0fe1fd#'-'a4'-4b'd-a'f-4#db'4e4#c24#sessionmgr4C(idBDChidB1DE.
1
8/11/2019 ACC 626 Term Paper KiengIv
4/31
8/11/2019 ACC 626 Term Paper KiengIv
5/31
assertion that auditors need to test. One of the ma5or differences bet*een brick and mortar and online
sales is the collectability of the economic benefits. If an entity does not (alidate the method of payment for
online sales then fictitious transactions could be processed and re(enue could potentially be o(erstated+
ho*e(er, *ithout understanding the information technology en(ironment, auditors and the company *ould
not kno* that the re(enue cannot be recorded due to collectability issues until much later.
It is difficult to assess completeness and occurrence *ithout thorough understanding of controls for online
ad(ertising and other purely electronic re(enue streams such as (ideo games. Hor example, if re(enue is
recogni)ed *hen ad(ertisements are clicked on a *ebsite, then in order to capture *hen re(enue is
earned, the underlying information system has to capture the instances *hen ad(ertisements are clicked.
It is not enough to assess re(enue earned by the information captured by the system. %nother example is
if the batch transfer or the real-time transfer is corrupted or ne(er reaches the internal systems *hen
ad(ertisements are clicked, then the internal system *ill be inaccurate and the re(enues *ill be
misstated. This increases the risk of material misstatements to a greater extent than if there *ere noonline re(enue streams.
ot only does information technology increase the risk of material misstatement through complex re(enue
streams, accounting errors occur more often *hen there is information technology control deficiencies.
"ompanies *ith more information technology control deficiencies pay a higher audit fee and generally
employ smaller accounting firms.D:astly, auditors could issue the incorrect opinion if they do not
understand ho* the information technology impacts the business and this could lead to loss of reputation
and legal issues.
One of the top risks listed in the 0#1# Internal %udit "apabilities and eeds Sur(ey *as ability to assess
information technology risk, *hich also topped the list in 0##>. %lso high on the list is certification
standards for "O&IT. Managing director of 6roti(iti, Scott Jraham, stated that auditing information
technology processes and acti(ities should be one of the highest priorities in internal audit departments
gi(en that information technology enables (irtually all business functions/.!The Institute of Internal
%uditing has responded *ith this risk by introducing six standards co(ering topics including assessing
information technology go(ernance.
O(erall, there are many implications that information technology has created for the audit and the
businesses that utili)e information technology.
Jrant, Jerry G., Karen ". Miller, and Hatima %lali. 8The 3ffect of IT "ontrols on HinancialReporting.8 "anagerial uditing #ournal0'.! May 0#11.?http9@@***[email protected]*BpdfE.DIbid! 7aeger, 7aclyn. 8Sur(ey9 IT Risk, IHRS Top Internal %uditorsF $orries.8 $urvey% IT isk, I'$ TopInternal uditors( )orriesD.DD 4e-d!0f-4eDc-b4D-af4104#f!424#sessionmgr1CbdataB7npdJL>$h(c'NtbJl0S)0>*T1)aPRlQdbBbthC%B0!01E.
'
8/11/2019 ACC 626 Term Paper KiengIv
6/31
Managing Information Technology Risk
Information technology has increased audit risk and auditors had to address this risk by using information
technology specialists and information technology tools. The II% has pro(ided lots of material and training
to address the information technology issues *ithin internal audit. %s *ell, frame*orks such as "O&IT,
"OSO and IT"J ha(e pro(ided guidance for auditors to use in order to assess clientFs information
technology controls. :astly, %I"6% has clearly established that auditors are responsible for understanding
the role of information technology in the clientFs business.>
%I"6% has ad(ised auditors to consider using computer-related audit procedures, including information
technology specialists, *hen they obtain an understanding of client internal controls during audit
planning/.1#In a study done in the 7ournal of Information Systems, it *as found that 42 of sampled
engagements information technology specialist *ere used.11Information technology specialists are
generally in(ol(ed in the planning and performance of information technology controls testing to reduce
audit risk. The more complex the computer en(ironment, the more important it is to get an information
technology specialist in(ol(ed *hen performing an audit. %t ;eloitte, it is no* reuired to ha(e an IT
specialist in the audit planning at least e(ery three years because of the gro*ing importance of
information technology *ith the clientsF en(ironment produces the need to reduce the information
technology risk.10
The use of information technology specialist allo*s auditors to test sophisticated information technology
processes. Referring back to the example *ith electronic transfers, if an information technology specialist
is used, then the underlying system controls can be (erified *hether or not there is segregation of duties
issues and if there are unauthori)ed disbursements. %s *ell, online re(enue streams can be tested more
effecti(ely if the controls of the system are tested by information technology professors to (erify the
completeness and occurrence of those re(enue streams. Testing controls is not only necessary for these
complicated transactions, but also reduces the amount of substanti(e testing needed and creates audit
efficiencies.
>&edard, 7ean "., "ynthia 7ackson, and :ynford Jraham. 8Information Systems Risk Hactors, Risk%ssessments, and %udit 6lanning ;ecisions.8 $eb. 0! Mar. 0#11.
?http9@@aaah.org@audit@midyear@#'midyear@papers@Systems20#Risk20#Hactors20#and20#%udit20#6lanning20##>-1!.pdfE.1# 7ar(in, ;iane, 7ames &ierstaker, and 7ordan :o*e. 8%n In(estigation of Hactors Inuencing theLse of "omputer-Related %udit 6rocedure.8 #ournal of Information $ystems0' =9 1-00. $eb. 0'7une 0#11. ?http9@@***.bus.iastate.edu@d5an(rin@acct4!4!4@readings@#20#100-'.pdfE.117ar(in, ;iane, 7ames &ierstaker, and 7ordan :o*e. 8%n 3xamination of %udit Information TechnologyLse and 6ercei(ed Importance.8ccounting *ori+ons00.1 4e-d!0f-4eDc-b4D-af4104#f!424#sessionmgr1C(idBChidB1DE.106ryce, 7im. 8%"" 0 ;eloitte 6artner Inter(ie*.8 #' May 0#11. 3-mail.
4
8/11/2019 ACC 626 Term Paper KiengIv
7/31
In the past, !#2 of data files *ere processed using flat files and only 0#2 using databases. Go*e(er,
those percentages ha(e changed and no* !#2 of data files are processed using databases. The
implication is that record retention is not as clear, and as a result, audit trails are more complex or do not
exist in physical form.1'In order to obtain sufficient appropriate audit e(idence, computer assisted audit
techniues may be needed in situations such as the absence of input documents Hinancial auditors are reuired to gain an understanding of the
8entity and its en(ironment8 to ascertain the risk of material misstatement associated *ith that aspect of
the financial statements, and the "OSO model is extremely (aluable as a tool to comply *ith this
standard./0#"OSO pro(ides guidance on general, application, and physical controls. Jeneral controls
are controls that in general affect the computer systems &orit), 3frim 7. 8Introduction to Internal "ontrol and the Role of Information Technology.8ComputerControl & udit !uide. 1th ed. $aterloo9 "entre for Information Integrity and Information Systems
%ssurance, 0#11. '-04. 6rint.0#Singleton, Tommie. 8The "OSO Model9 Go* IT %uditors "an Lse It to 3(aluate the 3ffecti(eness ofInternal "ontrols.8 I$C. IS%"%. $eb. 04 7une 0#11. ?http9@@***.isaca.org@7ournal@6ast-Issues@0##D@olume-@6ages@The-"OSO-Model-Go*-IT-%uditors-"an-Lse-It-to-3(aluate-the-3ffecti(eness-of-Internal-"ontrols1.aspxE.
8/11/2019 ACC 626 Term Paper KiengIv
8/31
technologies employed by the entity in performing functions
8/11/2019 ACC 626 Term Paper KiengIv
9/31
safeguard its assets, check the accuracy and reliability of its accounting data, promote operating
efficiency, and encourage adherence to prescribed managerial policies/.0"ontrols entail t*o main (ie*s,
namely the cybernetic (ie* and socio-cultural (ie*. The cybernetic (ie* is based on the principles of a
self-monitoring system. It compromises of setting goals then follo*ing up if there are any de(iations. The
socio-cultural (ie* focuses on hiring good people, training, and sociali)ing employees into the culture of
the organi)ation. $hen beha(ioural processes are readily obser(able and goals, tasks and outcomes are
*ell specified then cybernetic is better to use since control can be better monitored o(er the process. If
the re(erse is true, then socio-cultural is superior to use. Go*e(er, most organi)ations use a combination
of socio-cultural and cybernetic. In addition to the (ie*s, there are fi(e components of an internal control
system and they are control en(ironment, risk assessment process, information system, control acti(ities,
and monitoring of controls.0
Sarbanes Oxley makes executi(es accountable for e(aluating and monitoring the effecti(eness of internal
control o(er financial reporting and disclosures.0D
%uditors must also attest to managementFs internalcontrol assessment and effecti(eness of controls. %n important component of internal controls is the
information technology controls, especially in entities that use computer systems extensi(ely. Ji(en the
importance of complying *ith Sarbanes Oxley and the harsh criticism of auditors from scandals in the
early 0###Fs, information technology controls ha(e increased the audit business risk and ha(e made
information technology risk e(en more important to manage. The cost of complying is high V audit fees
are higher and one of the biggest reasons is because of IT controls.0!
%n information system audit is assessing *hether the information systems and related resources in
safeguard assets maintain system and data integrity and a(ailability, pro(ide rele(ant and reliable
information, achie(e organi)ational goals effecti(ely, and consume resources efficiently. It also assesses
*hether internal controls that pro(ide assurance that business, operational, and control ob5ecti(es ha(e
been met and *hether undesired e(ents *ill be pre(ented or detected and corrected in a timely manner.
on-financial audit fees ha(e increased from 1>2 in 1>>0 to D>2 in 0##1 *hich indicates the continual
importance of IS auditing.0>Since 1>>#, the e(olution of the IS audit professional has changed from a
07ar(in, ;iane, 7ames &ierstaker, and 7ordan :o*e. 8%n In(estigation of Hactors Inuencing the Lse of"omputer-Related %udit 6rocedure.8 #ournal of Information $ystems0' =9 1-00. $eb. 0' 7une 0#11.?http9@@***.bus.iastate.edu@d5an(rin@acct4!4!4@readings@#20#100-'.pdfE.0"I"I% "%S '1 %ppendix 19
0D;amianides, Marios. 8SOP and IT Jo(ernance e* Juidance on IT "ontrols and"ompliance.8 Information $ystems "anagement May 0#11.?http9@@*eb.ebscohost.com.proxy.lib.u*aterloo.ca@ehost@detailA(idB'ChidB1DCsidBca14f>4e-d!0f-4eDc-b4D-af4104#f!424#sessionmgr1CbdataB7npdJL>$h(c'NtbJl0S)0>*T1)aPRlQdbBbthC%B1'#4D>E.0!Golmes, Monica "., and ;arian eubecker. 8The Impact Of The Sarbanes-Oxley %ct 0##0 On TheInformation Systems Of 6ublic "ompanies.8 Information $ystemD.0 May 0#11.?http9@@***.iacis.org@iis@0##iis@6;[email protected]>
D
8/11/2019 ACC 626 Term Paper KiengIv
10/31
secondary function to professionals that pro(ide (alue-added *ork *ith auditors *ho do not
understanding the *ork performed to finally, a key component of the risk assessment process. Sarbanes-
Oxley experts agreed that IT control *as a specific area likely to produce significant deficiencies by many
companies. %s the ma5ority of internal controls are embedded in automated systems, information system
auditors ha(e become a (ital part of complying *ith the standards, guidelines, and regulations/'#
Outsourcing Information Technology
Information technology and recent regulations, such as Sarbanes Oxley, ha(e unco(ered ne* risks for
organi)ations that outsource information technology. These same ne* risks for businesses ha(e also
pro(ided ne* assurance opportunities for public accounting firms to try and manage these risks for their
clients.
Sarbanes Oxley impacts outsourcing since management must report on controls of the organi)ation and
auditors must consider the risks of ha(ing mission critical applications outside of the organi)ation. It *as
found that Sarbanes Oxley increases pre-existing risks of large-scale information technology outsourcing
on compliance.'1One of the roles of management *ithin Sarbanes Oxley is to o(ersee of the internal
controls. Internal controls must be effecti(e or management *ill suffer conseuences, since information
technology outsourcing distances the information technology operations from management both
intellectually and physically. The managementFs inability to communicate *ith (endorsF leadership, *ho
are generally offsite, makes it more difficult to assess business strategy and information technology
issues, and *ill result in a higher likelihood that internal control failures *ill go undetected. In order to
audit these risks and outsourced controls, auditors must audit the outsourced organi)ations themsel(es or
recei(e S%S D# reports. This information could be more difficult to obtain if they are offshore companies.
There is an increased number of legislations, such as the passing of the follo*ing legislations+ the Gealth
Insurance 6ortability and %ccountability %ct of 1>> >>, Sarbanes-
Oxley %ct of 0##0, Sections 4#4 and '#0. The three rulings enforce protection of pri(acy, corporate
accountability, and establishment of internal controls throughout businesses. Thus, a need *as created
in many industries for a due diligence process that can aggregate many of the principles found *ithin
these three acts and pro(ide companies *ith a high le(el of assurance and confidence *hen using
ser(ice organi)ations for outsourcing critical business functions./'0This has created the need for S%S D#
and other eui(alent reporting. The importance of information technology assurance has increased *ith
ne* regulations and this has created many ne* opportunities for auditors.
'#Ibid'1
'0 ;enyer, "harles, and "hristopher ickell. 8%n Introduction to S%S D# %udits.8 enefits /aw#ournal. $eb. 0' 7une 0#11. ?http9@@***.csb.unc*.edu@people@I(ance(ich;@classes@MS%20#1@3xtra20#Readings20#on20#Topics@S%S20#D#@Intro20#to20#S%S20#D#20#%udits.pdfE.
!
8/11/2019 ACC 626 Term Paper KiengIv
11/31
8/11/2019 ACC 626 Term Paper KiengIv
12/31
8/11/2019 ACC 626 Term Paper KiengIv
13/31
Work Cited
&edard, 7ean "., "ynthia 7ackson, and :ynford Jraham. 8Information Systems Risk Hactors, Risk
%ssessments, and %udit 6lanning ;ecisions.8 $eb. 0! Mar. 0#11.?http9@@aaah.org@audit@midyear@#'midyear@papers@Systems20#Risk20#Hactors20#and20#%udit
20#6lanning20##>-1!.pdfE.
&e(eridge, 7ohn. CIT I"/0"01TTI1 )2$*. 66T.
&orit), 3frim 7. 8Introduction to Internal "ontrol and the Role of Information Technology.8Computer Control
& udit !uide. 1th ed. $aterloo9 "entre for Information Integrity and Information Systems
%ssurance, 0#11. '-04. 6rint.
"%S '1.1'
"I"I% "%S '1 %ppendix 19
;amianides, Marios. 8SOP and IT Jo(ernance e* Juidance on IT "ontrols and
"ompliance.8 Information $ystems "anagement May 0#11.
?http9@@*eb.ebscohost.com.proxy.lib.u*aterloo.ca@ehost@detailA(idB'ChidB1DCsidBca14f>4e-d!0f-
4eDc-b4D-
af4104#f!424#sessionmgr1CbdataB7npdJL>$h(c'NtbJl0S)0>*T1)aPRlQdbBbthC%
B1'#4D>E.
;enyer, "harles, and "hristopher ickell. 8%n Introduction to S%S D# %udits.8 enefits /aw #ournal. $eb.
0' 7une 0#11. ?http9@@***.csb.unc*.edu@people@I(ance(ich;@classes@MS%20#1@3xtra
20#Readings20#on20#Topics@S%S20#D#@Intro20#to20#S%S20#D#20#%udits.pdfE.
Jrant, Jerry G., Karen ". Miller, and Hatima %lali. 8The 3ffect of IT "ontrols on Hinancial
Reporting.8 "anagerial uditing #ournal0'.! May 0#11.
?http9@@***[email protected]*BpdfE.
Golmes, Monica "., and ;arian eubecker. 8The Impact Of The Sarbanes-Oxley %ct 0##0 On The
Information Systems Of 6ublic "ompanies.8 Information $ystemD.0 May
0#11. ?http9@@***.iacis.org@iis@0##iis@6;[email protected].
11
8/11/2019 ACC 626 Term Paper KiengIv
14/31
7aeger, 7aclyn. 8Sur(ey9 IT Risk, IHRS Top Internal %uditorsF $orries.8 $urvey% IT isk, I'$ Top Internal
uditors( )orriesD.DD 4e-d!0f-
4eDc-b4D-
af4104#f!424#sessionmgr1CbdataB7npdJL>$h(c'NtbJl0S)0>*T1)aPRlQdbBbthC%
B0!01E.
7ar(in, ;iane, 7ames &ierstaker, and 7ordan :o*e. 8%n 3xamination of %udit Information Technology Lse
and 6ercei(ed Importance.8ccounting *ori+ons00.1 4e-d!0f-
4eDc-b4D-af4104#f!424#sessionmgr1C(idBChidB1DE.
7ar(in, ;iane, 7ames &ierstaker, and 7ordan :o*e. 8%n In(estigation of Hactors Inuencing the Lse of
"omputer-Related %udit 6rocedure.8 #ournal of Information $ystems0' =9 1-00. $eb. 0' 7une0#11. ?http9@@***.bus.iastate.edu@d5an(rin@acct4!4!4@readings@#20#100-'.pdfE.
6ryce, 7im. 8%"" 0 ;eloitte 6artner Inter(ie*.8 #' May 0#11. 3-mail.
Rapp, 6eet. 8%uditing the "loud.8 'inancial 0xecutiveMay CdidB0#4!>!#D1CscalingBHL::CtsB1'#>D0>0>C(typ
eB6N;CrtB'#>CTSB1'#>D''4CclientIdB1D4E.
Sayana, %nantha. 8Lsing "%%Ts to Support IS %udit.8 Information $ystems Control1
8/11/2019 ACC 626 Term Paper KiengIv
15/31
8/11/2019 ACC 626 Term Paper KiengIv
16/31
8/11/2019 ACC 626 Term Paper KiengIv
17/31
8/11/2019 ACC 626 Term Paper KiengIv
18/31
Marios Jo(ernancee*Juidance onIT "ontrolsand"ompliance
SystemsManagement
0#11 cohost.com.proxy.lib.u*aterloo.ca@ehost@detailA(idB'ChidB1DCsidBca14f>4
e-d!0f-4eDc-b4D-af4104#f!424#sessionmgr1CbdataB7npdJL>$h(c'NtbJl0S)0>*T1)aPRlQdbBbthC
%B1'#4D>
Annotation
This article discusses ho* SOP has focused companies to impro(e their internal controls and maintainan effecti(e IT en(ironment in order to be compliant. This article further discusses ho* SOP has impactedexecuti(es and IS professionals.
$ith SOP regulation, IT professionals ha(e higher expectations to gi(e timely, accurate and(isible information *hile still maintaining high le(el security of these information assets
!! percent of senior business executi(es (ie* security as a top priority and D1 percent (ie*security as a positi(e in(estment due to more continuity and efficiency
SOP makes executi(es accountable for e(aluating and monitoring the effecti(eness of internalcontrol o(er financial reporting and disclosures
SOP has increased the need for companies to ha(e strong IT controls in place
One of the main criteria of IT go(ernance is to align IT *ith the o(erall business strategy
Hortune ## companies board members hardly discuss IT during board meetings V one out of tenboards ask IT uestions, t*o out of three appro(al IT strategy and six out of se(en directors areregularly informed about IT
Annotation #6
Author Title ofArticle
Perioical/!ebsite
"ol / $o /%ition
&ear'ublishe
Pages (ateaccesse
)ocation*ata base*!ebsite* lin+
7an(in,
;iane
&ierstaker,7ames
:o*e, 7ordan
%n
3xaminationof %uditInformationTechnologyLse and6ercei(edImportance
%ccounting
Gori)ons
ol. 00
o. 1
0##! 1-01 May 0!,
0#11
http9@@*eb.ebs
cohost.com.proxy.lib.u*aterloo.ca@ehost@pdf(ie*er@pdf(ie*erAsidBca14f>4e-d!0f-4eDc-b4D-af4104#f!424#sessionm
1
http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=3&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=15304579http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=3&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=15304579http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=3&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=15304579http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=3&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=15304579http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=3&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=15304579http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=3&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=15304579http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=3&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=15304579http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=3&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=15304579http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=3&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=15304579http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=3&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=15304579http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=3&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=15304579http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=3&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=15304579http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=3&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=15304579http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=3&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=15304579http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=3&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=15304579http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=3&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=15304579http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&vid=6&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&vid=6&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&vid=6&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&vid=6&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&vid=6&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&vid=6&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&vid=6&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&vid=6&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&vid=6&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&vid=6&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&vid=6&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=3&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=15304579http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=3&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=15304579http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&vid=6&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&vid=6&hid=178/11/2019 ACC 626 Term Paper KiengIv
19/31
8/11/2019 ACC 626 Term Paper KiengIv
20/31
8/11/2019 ACC 626 Term Paper KiengIv
21/31
8/11/2019 ACC 626 Term Paper KiengIv
22/31
Jraham,:ynford
7ackson,"ynthia
%udit6lanning
%uditing Issue 0 oo.ca@ehost@detailA(idB1#ChidB1DCsidBca14f>4e-d!0f-4eDc-b4D-
af4104#f!424#sessionmgr1CbdataB7npdJL>$h(c'NtbJl0S)0>*T1)aPRlQdbBbthC
%B1!##!4!>
Annotation
In this study, *e examine client characteristics identified by external auditors for actual audit clients,*hich are rele(ant to t*o important areas of systems risk9 system security and management informationuality/
It *as found that management information uality increased *ith the number of identified riskfactors but not the same result *as found for 3;6 security
3;6 security risks are associated *ith control acti(ities
Management information uality is associated *ith the control en(ironment
SOP %ct of 0##0 emphasi)es internal control *hich information systems play a key role
Managers must assess the effecti(eness of control design and the operating effecti(eness ofcontrols in the annual report
%uditors must also attest to managementFs internal control assessment and effecti(eness ofcontrols
The common 3;6 security risk factors included system security controls, outdated systems andmanagement style@attitude
The common management information risk factors included management style@attitude andmanagement competence
It *as found that only control acti(ities risk factors are significantly associated *ith audit planningfor 3;6 security
"ontrol en(ironment affects audit planning in management information uality but not 3;6security
Annotation #11
Author Title ofArticle
Perioical/!ebsite
"ol / $o /%ition
&ear'ublishe
Pages (ateaccesse
)ocation*ata base*!ebsite* lin+
"han, Sally Sarbanes-Oxley9 the ITdimension9informationtechnologycanrepresent akey factor inauditorsXassessment
0##4 http9@@findarticles.com@p@articles@mim41'@is11@ain10##@
0#
http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=10&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=18008489http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=10&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=18008489http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=10&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=18008489http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=10&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=18008489http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=10&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=18008489http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=10&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=18008489http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=10&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=18008489http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=10&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=18008489http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=10&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=18008489http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=10&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=18008489http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=10&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=18008489http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=10&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=18008489http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=10&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=18008489http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=10&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=18008489http://findarticles.com/p/articles/mi_m4153/is_1_61/ai_n6152500/http://findarticles.com/p/articles/mi_m4153/is_1_61/ai_n6152500/http://findarticles.com/p/articles/mi_m4153/is_1_61/ai_n6152500/http://findarticles.com/p/articles/mi_m4153/is_1_61/ai_n6152500/http://findarticles.com/p/articles/mi_m4153/is_1_61/ai_n6152500/http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=10&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=18008489http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=10&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=18008489http://findarticles.com/p/articles/mi_m4153/is_1_61/ai_n6152500/http://findarticles.com/p/articles/mi_m4153/is_1_61/ai_n6152500/http://findarticles.com/p/articles/mi_m4153/is_1_61/ai_n6152500/8/11/2019 ACC 626 Term Paper KiengIv
23/31
of financialreportingcontrols
Annotation
Sarbanes-Oxley %ct 0##0 presented both immediate and far-reaching compliance issues for companies,
especially in the areas of internal-control pro(isions of '#0 and 4#4. Juidance by the 6ublic "ompany%ccounting O(ersight &oard states that the nature and characteristics of a companyXs use of informationtechnology in its information system affect the companyXs internal control o(er financial reporting/.Go*e(er, this (ague guidance has audits ha(e had to pay special attention to the information technologycomponent of Sarbanes-Oxley.
The IT en(ironment must be re(ie*ed as part of the re(ie*ing of the larger control en(ironment
Some auditors ha(e found guidance through the use of "O&IT. Other guidance such as %I"6%FsS%S D#, Systrust and $ebtrust can be used for Sarbanes Oxley in a broader context
% key IT component of Sarbanes Oxley is mapping financial reporting control ob5ecti(es to ITcontrol ob5ecti(es. %n example is that authori)ation and safeguarding of assets relates to ITcontrol ob5ecti(e V ensuring information security, confidentiality and pri(acy
There are se(eral assertions related to IT controls including existence, occurrence, measurement,
completeness, accuracy, presentation and disclosure Through the examination of the IT control en(ironment, controls that donFt mitigate risks and
control *eaknesses *ill likely no longer exist after the examination There are the indirect benefit from Sarbanes Oxley of elimination of control redundancies, ser(ice
impro(ements or the identification of (alue-added pro5ects beyond compliance reuirements
Annotation #12
Author Title ofArticle
Perioical/!ebsite
"ol / $o /%ition
&ear'ublishe
Pages (ateaccesse
)ocation*ata base*!ebsite* lin+
7aeger,7aclyn
Sur(ey9 ITRisk, IHRSTop Internal
%uditorsF$orries
"ompliance$eek
ol. D
Issue DD
0#1# '! May '1,0#11
http9@@*eb.ebscohost.com.proxy.lib.u*aterloo.ca@ehost@detailA(idB10ChidB1DCsidBca14f>4e-d!0f-4eDc-b4D-af4104#f!424#sessionmgr1CbdataB7npdJL>$h(c'NtbJl0S
)0>*T1)aPRlQdbBbthC
%B0!01
Annotation
This article discusses ho* IT has become e(en more important and has recei(ed more attention fromInternal %uditors. One of the top risk listed in the 0#1# Internal audit "apabilities and eeds Sur(ey *asability to assess IT risk, *hich also topped 0#1#.
01
http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=12&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=52682551http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=12&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=52682551http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=12&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=52682551http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=12&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=52682551http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=12&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=52682551http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=12&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=52682551http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=12&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=52682551http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=12&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=52682551http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=12&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=52682551http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=12&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=52682551http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=12&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=52682551http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=12&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=52682551http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=12&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=52682551http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=12&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=52682551http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=12&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=52682551http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=12&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=52682551http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=12&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=52682551http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=12&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=52682551http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=12&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=52682551http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/detail?vid=12&hid=17&sid=ca14f94e-d82f-4e7c-b475-a5f41240f864@sessionmgr15&bdata=JnNpdGU9ZWhvc3QtbGl2ZSZzY29wZT1zaXRl#db=bth&AN=526825518/11/2019 ACC 626 Term Paper KiengIv
24/31
8/11/2019 ACC 626 Term Paper KiengIv
25/31
8/11/2019 ACC 626 Term Paper KiengIv
26/31
!ebsite* lin+
Guang, Shi-Ming
Gung $ei-Gis
en, ;a(id".
"hang, I-"heng
7iang, ;ino
&uilding thee(aluationmodel of theIT generalcontrol for"6%s underenterprise
riskmanagement
;ecisionSupportSystems
ol. #
Issue #
0#11 >0-D#1 7une 1,0#11
http9@@*eb.ebscohost.com.proxy.lib.u*aterloo.ca@ehost@detailA(idB14ChidB1DCsidBca14f>4e-d!0f-4eDc-b4D-af4104#f!424#sessionmgr1CbdataB7npdJL>$h(c'NtbJl0S)0>*T1)aPRlQdbBbthC
%BD14DD>
Annotation
This paper e(aluates the Information Technology Jeneral "ontrol
8/11/2019 ACC 626 Term Paper KiengIv
27/31
InformationTechnologyRisks
oxy.lib.u*aterloo.ca@ehost@pdf(ie*er@pdf(ie*erAsidB0fe1fd#'-'a4'-4b'd-
a'f-4#db'4e4#c24#sessionmgr4C(idBDChidB1D
Annotation
This article discusses the (arious IT risk that a company can be exposed to.
% sur(ey by "omputer "rime and Security sho*s that 42 of unauthori)ed access by insiders Hinancial fraud and theft of information is the most costly crime and reuires insider kno*ledge
3mployees can also damage the organi)ation through unintentional means such as deletingimportant files, opening emails *ith (iruses, etc
To mitigate the risk of intentional and unintentional damage, organi)ations need effecti(e accessmanagement
This risk is increased if there are a large databases *ith sensiti(e information
Segregation of duties built into non-IT processes need to be implemented into the IT en(ironment
$hen e(aluating access control determine *hether or not systems allo*s common pass*ordssuch as usernames, spousesF or petsF names, etc and other pass*ord security settings
%uthori)ation of access should be examined as *ell. Security admin should not authori)e access.%ccess should be authori)ed by information o*ners.
3xternal attacks ha(e increased. Spam, *orms and (iruses are the most common type. The potential damage caused by external attacks include direct costs but also lost of reputation
Social engineering takes ad(antage of holes in peopleFs common sense
To protect against the threat of social engineering organi)ations need to educate employeesabout *hat kind of information they disclose
Organi)ations need to ensure that the right information is a(ailable to the right people at the righttime at the right place
One of the main *ays to ensure data accuracy is (alid is through field (alidation and inputcontrols
Annotation #17
Author Title ofArticle
Perioical/!ebsite
"ol / $o /%ition
&ear'ublishe
Pages (ateaccesse
)ocation*ata base*!ebsite* lin+
Germanson,;ana R.
I(ance(ich,;aniel M.
;isasterReco(ery6lanning9$hat Section4#4 %udits
Management"onsulting
;ecember 0##D #-0 7une 1,0#11
http9@@content.ebscohost.com.proxy.lib.u*aterloo.ca@pdf1>00@pdf@0##
0
http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=2fe1fd03-3a43-4b3d-a36f-406db34e405c@sessionmgr4&vid=7&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=2fe1fd03-3a43-4b3d-a36f-406db34e405c@sessionmgr4&vid=7&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=2fe1fd03-3a43-4b3d-a36f-406db34e405c@sessionmgr4&vid=7&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=2fe1fd03-3a43-4b3d-a36f-406db34e405c@sessionmgr4&vid=7&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=2fe1fd03-3a43-4b3d-a36f-406db34e405c@sessionmgr4&vid=7&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=2fe1fd03-3a43-4b3d-a36f-406db34e405c@sessionmgr4&vid=7&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=2fe1fd03-3a43-4b3d-a36f-406db34e405c@sessionmgr4&vid=7&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=2fe1fd03-3a43-4b3d-a36f-406db34e405c@sessionmgr4&vid=7&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=2fe1fd03-3a43-4b3d-a36f-406db34e405c@sessionmgr4&vid=7&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=2fe1fd03-3a43-4b3d-a36f-406db34e405c@sessionmgr4&vid=7&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=2fe1fd03-3a43-4b3d-a36f-406db34e405c@sessionmgr4&vid=7&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=2fe1fd03-3a43-4b3d-a36f-406db34e405c@sessionmgr4&vid=7&hid=17http://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=2fe1fd03-3a43-4b3d-a36f-406db34e405c@sessionmgr4&vid=7&hid=17http://web.ebscohost.com.proxy.lib.uwaterloo.ca/ehost/pdfviewer/pdfviewer?sid=2fe1fd03-3a43-4b3d-a36f-406db34e405c@sessionmgr4&vid=7&hid=17http://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIA8/11/2019 ACC 626 Term Paper KiengIv
28/31
I(ance(ish,Susan G.
Re(eal D@"6%@#1;ec#D@0!#>>#.pdfATB6C6B%CKB0!#>>#CSBRC;BbthC3b
sco"ontentBdJ7yMPb4kSep!4yO(sO:"mr#meK>Sry4Sbe$x$PSC"ontent"ustomerBdJ7yM6J(tkub7Rue6fgeyx44;tfI%
Annotation
This article discusses ho* SOP 4#4 re(eals material *eaknesses in disaster reco(ery planning th, 0## there *ere 1 public companies *ithmaterial *eaknesses in internal control o(er financial reporting that *ere ;R6 related
Out of the 1# companies there *ere 1# cases *here the deficiency in(ol(ed a lack of ;R6 orbackup and reco(ery plan
There *ere companies that had issues *ith storage of backups *here backups *ere onsiterather than offsite
"6%s are also encouraged to help companies implement and build effecti(e ;R6s
"ompanies that outsource IT should be a*are that ;R6 may fall outside of S%S D#
Updated since First Submission
Annotation #1.
Author Title ofArticle
Perioical/!ebsite
"ol / $o /%ition
&ear'ublishe
Pages (ateaccesse
)ocation*ata base*!ebsite* lin+
7ar(in, ;iane
&ierstaker,7ames
:o*e, 7ordan
%nIn(estigationof HactorsInuencing
the Lse of
"omputer-Related
%udit6rocedure
7OLR%:OHIHORM%TIO SST3M
0' 0##> 1-00 7une 0',0#11
http9@@***.bus.iastate.edu@d5an(rin@acct4!4!4@readings@#20#100-'.pdf
Annotation
In this article, discusses ho* computer-related audit procedures are used and ho* control risk and auditfirm si)e influence those procedures.
0
http://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://www.bus.iastate.edu/djanvrin/acct484584/readings/05%201_22-3.pdfhttp://www.bus.iastate.edu/djanvrin/acct484584/readings/05%201_22-3.pdfhttp://www.bus.iastate.edu/djanvrin/acct484584/readings/05%201_22-3.pdfhttp://www.bus.iastate.edu/djanvrin/acct484584/readings/05%201_22-3.pdfhttp://www.bus.iastate.edu/djanvrin/acct484584/readings/05%201_22-3.pdfhttp://www.bus.iastate.edu/djanvrin/acct484584/readings/05%201_22-3.pdfhttp://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://content.ebscohost.com.proxy.lib.uwaterloo.ca/pdf19_22/pdf/2007/CPA/01Dec07/28099606.pdf?T=P&P=AN&K=28099606&S=R&D=bth&EbscoContent=dGJyMNXb4kSepq84yOvsOLCmr0meqK9Srqy4SbeWxWXS&ContentCustomer=dGJyMPGvtk6uqbJRuePfgeyx44Dt6fIAhttp://www.bus.iastate.edu/djanvrin/acct484584/readings/05%201_22-3.pdfhttp://www.bus.iastate.edu/djanvrin/acct484584/readings/05%201_22-3.pdfhttp://www.bus.iastate.edu/djanvrin/acct484584/readings/05%201_22-3.pdf8/11/2019 ACC 626 Term Paper KiengIv
29/31
S%S >4 informs auditors that assessing control risk as maximum and relying only on substanti(eis not effecti(e
%uditors should rely on computer-related audit procedures including the use of IT specialists*hen planning the audit
%udit firm si)e impacts *hether or not computer-related audit procedures are used becausegenerally larger firms ha(e clients *ith more complex computer systems
4'2 of participants in this study assessed control risk belo* maximum *hen examining clients*ith complex IT en(ironments
2 of the sampled engagements used IT specialists
:ess than half of the participants used "%%Ts for substanti(e testing
Annotation #1
Author Title ofArticle
Perioical/!ebsite
"ol / $o /%ition
&ear'ublishe
Pages (ateaccesse
)ocation*ata base*!ebsite* lin+
Sayana,
%nantha S.
Lsing "%%Ts
to Support IS%udit
Information
Systems"ontrol7ournal
1 0##' 1-' 7une 0',
0#11
http9@@***.isa
ca.org@7ournal@6ast-Issues@0##'@olume-1@;ocuments@5pdf#'1-Lsing"%%TstoSupportIS%u.pdf
Annotation
This article describes the *hy there is a need for audit soft*are, ho* audit soft*are benefits theassurance engagement and ho* to use "%%Ts.
There is a need for audit soft*are *hen the task is far too difficult to perform manually and it ismore efficient and@or more effecti(e to perform using audit soft*are
The auditor must design the procedures and tests. This includes understanding the businessrules of the function and ho* the application functions.
%udit soft*are can perform 1##2 audit *hich gi(es more (alidity to the conclusion gi(en
$hen first implementing an audit soft*are there can be many issues
Annotation #20
Author Title ofArticle
Perioical/!ebsite
"ol / $o /%ition
&ear'ublishe
Pages (ateaccesse
)ocation*ata base*!ebsite* lin+
&e(eridge,7ohn
CITI"/0"01T
TI1)2$*. 66T.
6o*er6oint6resentation
0D
http://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdf8/11/2019 ACC 626 Term Paper KiengIv
30/31
Annotation
These slides describe *hat "O&IT is, *ho should use "O&IT, ho* "O&IT can help auditors and ho* touse it effecti(ely.
%uthoritati(e, up-to-date, international set of generally accepted IT control ob5ecti(es and controlpractices for day-to-day use by business managers and auditors/
IT go(ernance is structure of relationships and processes to direct and control the enterprise inorder to achieve the enterprise(s goals by adding value while balancing risk versus return over ITand its processes3
If you use computer generated information, need to assess reliability
"O&IT focuses on information ha(ing integrity and being secure and a(ailable/
"O&IT pro(ides auditors an excellent *ay to structure re(ie* and audit *ork
The goals of internal controls are The design, implementation, and proper exercise of a systemof internal controls should pro(ide 8reasonable assurance8 that managementXs goals are attained,control ob5ecti(es are addressed, legal obligations are met, and undesired e(ents do not occur/
"O&IT is aligned *ith "OSO, "O"O, "adbury and King
Annotation #21
Author Title ofArticle
Perioical/!ebsite
"ol / $o /%ition
&ear'ublishe
Pages (ateaccesse
)ocation*ata base*!ebsite* lin+
;enyer,"harles
ickell,"hristopherJ.
%nIntroductionto S%S D#
%udits
&enefits :a*7ournal
ol. 0#
o. 1
0##D !-! 7une 0',0#11
http9@@***.csb.unc*.edu@people@I(ance(ich;@classes@MS
%20#1@3xtra20#Readings20#on20#Topics@S%S20#D#@Intro20#to20#S%S20#D#20#%udits.pdf
Annotation
This article offers an o(er(ie* of the S%S D# audit used to report on the processing of transactions byser(ice organi)ations,/ *hich can be done by completing either a S%S D# Type I or Type II audit. % S%SD# Type I is kno*n as reporting on controls placed in operation,/ *hile a S%S D# Type II is kno*n asreporting on controls placed in operation/ and tests of operating effecti(eness/
Recent legal legislation such as GI6%%, Jramm-:each-&ililey %ct and Sarbanes-Oxley %ct ha(eincreased corporate accountability and the creation of internal controls throughout organi)ations
Type I S%S D# report *ould issue an unualified opinion for a point in time and Type II report*ould be o(er a time period
0!
http://www.csb.uncw.edu/people/IvancevichD/classes/MSA%20516/Extra%20Readings%20on%20Topics/SAS%2070/Intro%20to%20SAS%2070%20Audits.pdfhttp://www.csb.uncw.edu/people/IvancevichD/classes/MSA%20516/Extra%20Readings%20on%20Topics/SAS%2070/Intro%20to%20SAS%2070%20Audits.pdfhttp://www.csb.uncw.edu/people/IvancevichD/classes/MSA%20516/Extra%20Readings%20on%20Topics/SAS%2070/Intro%20to%20SAS%2070%20Audits.pdfhttp://www.csb.uncw.edu/people/IvancevichD/classes/MSA%20516/Extra%20Readings%20on%20Topics/SAS%2070/Intro%20to%20SAS%2070%20Audits.pdfhttp://www.csb.uncw.edu/people/IvancevichD/classes/MSA%20516/Extra%20Readings%20on%20Topics/SAS%2070/Intro%20to%20SAS%2070%20Audits.pdfhttp://www.csb.uncw.edu/people/IvancevichD/classes/MSA%20516/Extra%20Readings%20on%20Topics/SAS%2070/Intro%20to%20SAS%2070%20Audits.pdfhttp://www.csb.uncw.edu/people/IvancevichD/classes/MSA%20516/Extra%20Readings%20on%20Topics/SAS%2070/Intro%20to%20SAS%2070%20Audits.pdfhttp://www.csb.uncw.edu/people/IvancevichD/classes/MSA%20516/Extra%20Readings%20on%20Topics/SAS%2070/Intro%20to%20SAS%2070%20Audits.pdfhttp://www.csb.uncw.edu/people/IvancevichD/classes/MSA%20516/Extra%20Readings%20on%20Topics/SAS%2070/Intro%20to%20SAS%2070%20Audits.pdfhttp://www.csb.uncw.edu/people/IvancevichD/classes/MSA%20516/Extra%20Readings%20on%20Topics/SAS%2070/Intro%20to%20SAS%2070%20Audits.pdfhttp://www.csb.uncw.edu/people/IvancevichD/classes/MSA%20516/Extra%20Readings%20on%20Topics/SAS%2070/Intro%20to%20SAS%2070%20Audits.pdfhttp://www.csb.uncw.edu/people/IvancevichD/classes/MSA%20516/Extra%20Readings%20on%20Topics/SAS%2070/Intro%20to%20SAS%2070%20Audits.pdfhttp://www.csb.uncw.edu/people/IvancevichD/classes/MSA%20516/Extra%20Readings%20on%20Topics/SAS%2070/Intro%20to%20SAS%2070%20Audits.pdfhttp://www.csb.uncw.edu/people/IvancevichD/classes/MSA%20516/Extra%20Readings%20on%20Topics/SAS%2070/Intro%20to%20SAS%2070%20Audits.pdfhttp://www.csb.uncw.edu/people/IvancevichD/classes/MSA%20516/Extra%20Readings%20on%20Topics/SAS%2070/Intro%20to%20SAS%2070%20Audits.pdfhttp://www.csb.uncw.edu/people/IvancevichD/classes/MSA%20516/Extra%20Readings%20on%20Topics/SAS%2070/Intro%20to%20SAS%2070%20Audits.pdfhttp://www.csb.uncw.edu/people/IvancevichD/classes/MSA%20516/Extra%20Readings%20on%20Topics/SAS%2070/Intro%20to%20SAS%2070%20Audits.pdf8/11/2019 ACC 626 Term Paper KiengIv
31/31
The benefits an unualified opinion from a S%S D# ser(ice report solidifies that the ser(iceorgani)ation has effecti(e controls in place
%uditors ha(e implemented an exhausti(e list of policies, procedures, and related controls thatmust be examined for this type of engagement./
S%S D# reports incorporate general and application controls but also expand into operational andhuman resource issues *hich makes the report more useful if the scope of the engagement is
larger Type II report reuires a minimum six month testing period and is tested through testing of
controls *hile Type I consists of inuiry and obser(ation of controls S%S D# reports uses a combination of many different standards such as "O&IT, "OSO, ISO
1DD>>, and many others.
Annotation #22
Author Title ofArticle
Perioical/!ebsite
"ol / $o /%ition
&ear'ublishe
Pages (ateaccesse
)ocation*ata base*!ebsite* lin+
Singleton,Tommie
The "OSOModel9 Go*IT %uditors"an Lse It to3(aluate the3ffecti(enessof Internal"ontrols
IS%"%$ebsite
1 0## 7une 0',0#11
http9@@***.isaca.org@7ournal@6ast-Issues@0##'@olume-1@;ocuments@5pdf#'1-Lsing"%%TstoSupportIS%u.pdf
Annotation
In this article, IS%"% describes ho* auditors can apply "OSO model in performing auditors. It breaks the
"OSO model into fi(e categori)es V "ontrol 3n(ironment, Risk %ssessment, Information and"ommunication, "ontrol %cti(ities and Monitoring
"ontrol 3n(ironment9 This part of the "OSO model allo*s auditors to help comply *ith S%S 1#>.S%S 1#> reuires auditors to understand the entities en(ironment and to assess the risk ofmaterial misstatement
Risk %ssessment9 This part of the "OSO model helps auditors assess risk *ithin the entityFssystem of controls by identifying factors that increase risk such as changes in the operatingen(ironment.
Information and "ommunication9 This part of the model addresses that financial reportinginformation should not only be rele(ant but also timely.
"ontrol %cti(ities9 This part breaks control acti(ities into three categories V general, applicationand physical.
Monitoring9 This part discusses ho* controls should be monitored, assessed and re(ie*ed.
http://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdfhttp://www.isaca.org/Journal/Past-Issues/2003/Volume-1/Documents/jpdf031-UsingCAATstoSupportISAu.pdf