The Trusted Professional, Feb. 2014
Information technology has taken a starring role in the risk assessment process that accompanies the planning, execution and conclusion of the audit, now that the capturing, processing, storing and reporting of information have become almost exclusively computerized. Given how central its use is, it’s always a good idea to review the basics and understand just what the audit standards say with respect to IT.
Fortunately, the requirements for auditors, as detailed in Statement on Auditing Standard (SAS) 109, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, are very clear. According to the SAS, “the use of IT also affects the fundamental manner in which transactions are initiated, authorized, recorded, processed, and reported.” Accordingly, auditors are required to comply with SAS 109’s basic premise: “The auditor must obtain a sufficient understanding of the entity and its environment, including its internal control, to assess the risk of material misstatement of the financial statements whether due to error or fraud, and to design the nature, timing and extent of further audit procedures.” What SAS 109 says to auditors is that by reviewing these areas of risk, they can produce a higher quality audit, defend their audit process and provide additional value to clients in the form of recommendations and support, not only during the audit, but throughout the year.
Recent Comments