Summary of Systems Development,Program Changes, and Application Controls.

Summary

SOX legislation requires management to design, implement, and certify controls over financial reporting. Similarly, external auditors are required to attest to management’s assessment of controls. This chapter dealt with the business risks, IT controls, and test of controls pertaining to three areas of specific concern to SOX: systems development, program change procedures, and computer applications.

The integrity of financial data is directly dependent on the accuracy of the applications that process them. Likewise, the integrity of those applications depends on the quality of the systems development process that produced them and on the program change procedures through which they were modified. Lack of control over these areas, or inconsistency in their function, can result in unintentional application errors and program fraud.

The systems development and maintenance controls and the test of controls described in this chapter apply both to management’s SOX-compliance objectives and the auditor’s attest responsibility. To test specific application controls, auditors (internal and external) use several CAATT techniques, including the test data method, the integrated test facility, and parallel simulation. This chapter concluded with a discussion of two popular CAATTs (embedded audit module and generalized audit software) used for substantive testing.

Comments

Popular posts from this blog

The Conversion Cycle:The Traditional Manufacturing Environment

The Revenue Cycle:Manual Systems

Nassi-Shneiderman charts