Implementing the IT-Related Aspects of Risk-Based Auditing Standards

By Schroeder, Dan; Singleton, Tommie | The CPA Journal, July 2010 | Go to article overview

Implementing the IT-Related Aspects of Risk-Based Auditing Standards


Schroeder, Dan, Singleton, Tommie, The CPA Journal


Information technology (IT) requires special consideration in the practical application of risk-based auditing, as defined under both the AICPA riskbased audit standards, Statements on Auditing Standards (SAS) 104-111, and the Public Company Accounting Board (PCAOB) Auditing Standard (AS) 5. Both SAS 104-111 and AS5 emphasize the need to establish tight linkage between audit procedures and a thorough assessment of financial statement and assertion level risk. Both standards reference the role of IT as a potentially significant source of inherent audit risk.

The risk-based audit standards adopted by the AICPA in 2006, along with AS5 released in 2007, emphasize a top-down, risk-based approach to the financial audit. The AICPA IT Executive Committee (ITEC), which includes the authors, has developed a white paper and other materials to complement those standards; these tools have been extremely well received by auditors. Their experience has affirmed the following benefits of risk-based auditing:

* The IT risk assessment procedures are necessary to completely identify and understand how IT affects financial statement assertions and the level of risk.

* By gaining an understanding of an entity's controls that exist to mitigate IT-related risks, an auditor may be able to incorporate tests of IT controls into further audit procedures (FAP) and thus improve the overall efficiency of their audit procedures.

* IT risk assessment procedures often improve the auditor's understanding of how computer-aided audit tools and techniques (CAATT) can be applied to improve the efficiency of substantive audit procedures.

* IT risk assessment procedures can usually be leveraged to provide valuable recommendations to management.

This overall approach for IT considerations in risk-based auditing, discussed in more detail below, is summarized in Exhibit 1.

Planning Risk Assessment Procedures: Need for an IT Specialist

Because risk-based auditing requires an auditor to understand the entity being audited, including its internal controls, the audit plan must consider how an auditor will gain this understanding. In many cases, especially in smaller entities that have a low level of IT sophistication, the role of IT for financial purposes is not complex and there is little or no dependency on IT for financial purposes - i.e., IT presents a relatively low level of risk of material misstatement. When IT does play a significant role for financial purposes, an audit plan must define how the auditor will gain an understanding of the role of IT for financial audit purposes related to material transactions, financial reporting, and material disclosures. The following are some common objectives for ITrelated audit risk assessment procedures:

* Identify how IT contributes to the risk of material misstatement - i.e., identify inherent risk - at the assertion and financial statement level. An audit plan will often specify one or more transaction classes relevant for consideration (e.g., accounts payable, or inventory and cost of goods sold, when both are material and IT plays a significant role in computation of amounts or account balances).

* Determine whether controls exist, that, if operating effectively, would provide reasonable, but not absolute, assurance that the inherent risks would be prevented or detected (i.e., assess control risk).

* Design and execute further IT-related audit procedures, as appropriate.

As IT related to financial reporting grows more sophisticated - creating greater dependence on IT for transactions and processes - the need for an IT audit specialist becomes greater (see the SAS 108 narrative in the ITEC white paper). The benefit of employing professionals possessing IT audit skills can be a significant aspect of many audit engagements in determining the impact of IT to the audit, understanding the IT controls, and designing and performing tests of IT controls and substantive procedures (e. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

Implementing the IT-Related Aspects of Risk-Based Auditing Standards
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Author Advanced search

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.