Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.

20
Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss

Transcript of Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.

Page 1: Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.

Who Watches the Watchers

Tyler HamiltonMarissa Kaprow

Jeff Reifeiss

Page 2: Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.

Why IT Fraud?• Businesses are becoming more and more technologically

dependant

• As auditors, it is our job to monitor, identify and control material weaknesses.

• Cybercrimes was already taken.

Page 3: Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.

3 Focuses

• What are auditors required to know about IT?

• How do proper controls lead to fraud prevention?

• What are the effects of fraud on financial reporting?

Page 4: Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.

Auditor Knowledge• Second standard of Fieldwork

• As businesses become more and more computer driven, IT knowledge is essential

• Audit quality depends upon the auditor’s ability to detect errors.

Page 5: Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.

External Auditors• Generally have higher knowledge expectations than Internal

Auditors

• Why? Larger client base, diverse information systems

• IT Knowledge should include “knowledge of IT systems for financial accounting and reporting, including relevant current issues and developments, as well as detailed knowledge of various frameworks for evaluating controls and assessing risks in accounting and reporting systems as appropriate for the audit of historical financial information”

---IES8

Page 6: Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.

GMQ Study• 2008 study, attempt to determine how self-efficacy impacts

perception of new technology and implementation

• 36 questions across a broad spectrum of IT topics

• 25% rated “Less than Adequate” overall

• Self-assessment leads to improvement

Page 7: Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.

Internal Auditors• Due to in-house nature, internal auditors tend to focus on

business controls, and leave IT controls to IT staff.

• When it exists, IT knowledge is more focused than External Auditors, but less broad.

• Integrated audits- Business and IT aspects being audited separately but simultaneously, and reports joined in the reporting stage.

Page 8: Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.

Flaws to Integrated Auditing• Inadequate scoping and execution

• Misunderstandings in accountability

• Poor identification and testing of automated controls

• $$$

Page 9: Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.

Integrated Auditors• Internal auditors who expand their IT knowledge

• Able to understand and properly monitor automated controls

• Fully understand how data flows through their organizations information systems

• Failure to understand these things could lead to material oversights during audits.

Page 10: Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.

Fraud and IT Controls• IT Controls provide and limit access to business critical

information

• Authorization & authentication provide ways of limiting this access

• Design of the system, which includes critical financial and business information should not rest solely on IT.

Page 11: Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.

SAS 99 & AU 314

Page 12: Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.

Opportunity• The ability or access to commit fraud

• IT controls offer an excellent line of defense

• Access controls

• Authentication

• Authorization

Page 13: Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.

Perceived Pressure• The reasons behind the commission of fraud

• Mostly external

• Internal pressures can be countered

• Separation of duties

• Logs of overrides

Page 14: Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.

Rationalization• The reasoning why the fraud is committed

• Most difficult to detect and counter due to the personal natures a persons moral and ethical code

• Company wide emphasis on the existence and importance of access controls

• Ethics training and policy

Page 15: Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.

Importance of IT controls to accurate financial reporting

• Internal & external stakeholders require reliable financial information

• PCAOB definition of internal controls over financial performance:• “a process…to provide reasonable assurance regarding the reliability of

financial reporting.”

• IT controls must maintain integrity while remaining sufficiently flexible

Page 16: Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.

Internal & External Uses for Financial Information

• Executive management• Craft strategies• Evaluate current strategies• Make corrective adjustments

• Operational management• Problem solving• Cost management• Employee evaluations

• BOD• Existing shareholders, potential shareholders & creditors

• Relevant & reliable financial statements• Rationally allocate capital

Page 17: Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.

Ramifications of Insufficient IT-Related Internal Controls• IT control material weaknesses (MWs) threaten the

information value chain

• IT MWs lead to more IT MWs according to a study by Klamm & Watson (2011)

• Larger audit fees

• Weaker overall Control Environment

• Sarbanes-Oxley Act noncompliance• Required to select framework to assess internal control structure

• COSO (too broad), CobIT, ISO

Page 18: Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.

Effect on Stakeholders• Shareholders• Loss of representational faithfulness

• Biased accruals/earnings management• Increased fraud risk

• Management• Less reliable financial and operational reports

• Unreliable cost management information• Precludes: ABC, TQM, Continuous Improvement, Six Sigma, etc.

Page 19: Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.

Future Considerations

• IT controls will only become more paramount to success

• XBRL & Continuous Auditing (CA)• 2006 PwC survey found 50% of U.S. companies use CA techniques

and another 31% are implementing

• Enterprise Risk Management (ERM)

• Cloud Computing & Integrated Supply Chains

Page 20: Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.

Computer Economics Survey 2011 to 2012

• IT spending moves out of recession, but weakly• 60% of companies increased their IT budgets

• 25% IT executives expect operational spending cuts

• Half of IT executives believe that budget is inadequate

• IT operational spending per user is at lowest in six years

SOURCE: http://www.myitview.com/it-management/5-it-spending-and-staffing-trends-for-2011-to-2012