Читать книгу Wiley Practitioner's Guide to GAAS 2020 - Joanne M. Flood - Страница 239

Information technology (IT) affects the way in which transactions are initiated, recorded, processed, and reported. IT controls consist of automated controls (e.g., controls embedded in computer programs) and manual controls. Manual controls may be independent of IT, may use information produced by IT, or may be limited to (1) monitoring the effective function of IT and of automated controls and (2) handling exceptions. An entity’s mix of controls varies with the nature and complexity of its use of IT. IT enables an entity to:

1 Consistently apply predefined business rules and perform complex calculations in processing large volumes of transactions or data.

2 Enhance the timeliness, availability, and accuracy of information.

3 Facilitate the additional analysis of information.

4 Enhance the ability to monitor the performance of activities and the policies and procedures.

5 Reduce the risk that controls will be circumvented.

6 Enhance the ability to achieve effective segregation of duties by implementing security controls.

IT also poses specific risks to an entity’s internal control, including:

1 Reliance on systems or programs that are inaccurately processing data, processing inaccurate data, or both

2 Unauthorized access to data that may result in destruction of data or improper changes to data, including the recording of unauthorized or nonexistent transactions or inaccurate recording of transactions

3 Unauthorized changes to data in master files

4 Unauthorized changes to systems or programs

5 Failure to make necessary changes to systems or programs

6 Inappropriate manual intervention

7 Potential loss of data