Information technology (IT) has become increasingly sophisticated and complex, escalating the ongoing change within Kudler Fine Foods. As IT information is adopted within the organization, automation controls many processes within the Kudler’s environment. As Kudler has become more virtualized, a need for increased trust and assurance in the relationships with consumers, partners and suppliers. The swell of e-commerce business has created new ways of conducting an audit. Statement on Auditing Standard 94 (SAS 94) requires that the auditor understands the technological aspect of the organization in order to grasp the internal controls and the assessment of control risks for a proper audit analysis. The following contains information to the types of audits, audit process recommendations, conducting of audits and events that could prevent reliance on auditing through the computer.
Audits
Types of Audits
Kudler Fine Foods has integrated new IT in major system processes. Due to new IT, Kudler Fine Foods is now required to include IT in the financial statement audit per SAS 94. The company should also audit the new IT processes in an independent external audit for assurance in data availability, data security and data integrity. The four main types of IT audits are: Attestation, Finding and Recommendation, SAS 70, and SAS 94. As noted, SAS 94 is a requirement for organizations processing electronic data. The financial auditor considers IT as an overall part of internal control by understanding the design of the relevant controls and evaluating the effectiveness of the controls (Greene 2009). The SAS 94 audit will be conducted at the time of the financial audit and is the majority of IT audits performed (Hunton, 2004).
Kudler Fine Foods has two options for independent IT auditing of the internal processes: Attestation and Finding and Recommendation. In an attestation audit, Kudler would make an assertion about a
References: Apex. (2009). Accounts Payable Audit. Retrieved on April 19, 2009 from http://www.apexanalytix.com/Goods_and_Services/Audit/Accounts_Payable_Audit.aspx Chiappetta, Larson, Wild Application Security in Internal Control. Retrieved April 19, 2009, from http://www.nysscpa.org/committees/emergingtech/sarbanes_act.htm Hunton, J. E. (2004). Core concepts of Information Technology auditing. In (Ed.), Information Technology auditing (pp. 341-372). Retrieved from University of Phoenix eBook Collection Database. Hunton, J. E. (2004). Core concepts of Information Technology auditing. In. (Ed), Conducting the IT audit (pp. 207-227). Retrieved from Retrieved from University of Phoenix eBook Collection Database ISACA ISACA. (2008). Reporting Document G20. Retrieved on April 19, 2009 from http://www.isaca.org/Content/ContentGroups/Standards2/Standards,_Guidelines,_Procedures_for_IS_Auditing/IS_Auditing_Guideline_G20_Reporting1.htm ISACA