Information Technology, Internal Control, and Financial Statement Audits
Information Technology, Internal Control,and Financial Statement Audits
By Thomas A. Ratcliffe and Paul Munter
In Brief
ASB Tackles IT System Control Risk
Modern data processing systems pose new, risk-laden challenges to the traditional audit process. Whereas it was once possible to conduct a financial statement audit by assessing and monitoring the controls over paper-based transaction and accounting systems, businesses have increasingly turned to electronic transaction and accounting systems. SAS 94 offers guidance on collecting sufficient, competent evidence in an electronic processing environment. It pays particular attention to identifying circumstances when the system of control over electronic processing must be accessed.
Becognizing that it is increasingly difficult for auditors to rely on traditional (paper) audit evidence to acquire sufficient competent evidence, the Auditing Standards Board (ASB) issued SAS 94, The Effect of Information Technology on the Auditor’s Consideration of Internal Control in a Financial Statement Audit, in May 2001. SAS 94 is effective for audits of financial statements for periods beginning on or after June 1, 2001. Early application is permitted.
SAS 94 amends SAS 55, Consideration of Internal Control in a Financial Statement Audit, as previously amended by SAS No. 78, Consideration of Internal Control in a Financial Statement Audit: An Amendment to Statement on Auditing Standards No. 55. Specifically, SAS 94 addresses the effect of information technology (IT) on internal controls and on the auditor’s understanding of internal controls, including the required assessment of control risk.
Background
In December 1996, the ASB issued SAS 80, entitled Amendment to Statement on Auditing Standards No. 31, Evidential Matter, in order to address questions about the validity, completeness, and integrity of electronic evidence. When entities transmit, process, maintain, or access information electronically, it may
By Thomas A. Ratcliffe and Paul Munter
In Brief
ASB Tackles IT System Control Risk
Modern data processing systems pose new, risk-laden challenges to the traditional audit process. Whereas it was once possible to conduct a financial statement audit by assessing and monitoring the controls over paper-based transaction and accounting systems, businesses have increasingly turned to electronic transaction and accounting systems. SAS 94 offers guidance on collecting sufficient, competent evidence in an electronic processing environment. It pays particular attention to identifying circumstances when the system of control over electronic processing must be accessed.
Becognizing that it is increasingly difficult for auditors to rely on traditional (paper) audit evidence to acquire sufficient competent evidence, the Auditing Standards Board (ASB) issued SAS 94, The Effect of Information Technology on the Auditor’s Consideration of Internal Control in a Financial Statement Audit, in May 2001. SAS 94 is effective for audits of financial statements for periods beginning on or after June 1, 2001. Early application is permitted.
SAS 94 amends SAS 55, Consideration of Internal Control in a Financial Statement Audit, as previously amended by SAS No. 78, Consideration of Internal Control in a Financial Statement Audit: An Amendment to Statement on Auditing Standards No. 55. Specifically, SAS 94 addresses the effect of information technology (IT) on internal controls and on the auditor’s understanding of internal controls, including the required assessment of control risk.
Background
In December 1996, the ASB issued SAS 80, entitled Amendment to Statement on Auditing Standards No. 31, Evidential Matter, in order to address questions about the validity, completeness, and integrity of electronic evidence. When entities transmit, process, maintain, or access information electronically, it may