Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.
-
Upload
julian-mathews -
Category
Documents
-
view
219 -
download
0
Transcript of Who Watches the Watchers Tyler Hamilton Marissa Kaprow Jeff Reifeiss.
Who Watches the Watchers
Tyler HamiltonMarissa Kaprow
Jeff Reifeiss
Why IT Fraud?• Businesses are becoming more and more technologically
dependant
• As auditors, it is our job to monitor, identify and control material weaknesses.
• Cybercrimes was already taken.
3 Focuses
• What are auditors required to know about IT?
• How do proper controls lead to fraud prevention?
• What are the effects of fraud on financial reporting?
Auditor Knowledge• Second standard of Fieldwork
• As businesses become more and more computer driven, IT knowledge is essential
• Audit quality depends upon the auditor’s ability to detect errors.
External Auditors• Generally have higher knowledge expectations than Internal
Auditors
• Why? Larger client base, diverse information systems
• IT Knowledge should include “knowledge of IT systems for financial accounting and reporting, including relevant current issues and developments, as well as detailed knowledge of various frameworks for evaluating controls and assessing risks in accounting and reporting systems as appropriate for the audit of historical financial information”
---IES8
GMQ Study• 2008 study, attempt to determine how self-efficacy impacts
perception of new technology and implementation
• 36 questions across a broad spectrum of IT topics
• 25% rated “Less than Adequate” overall
• Self-assessment leads to improvement
Internal Auditors• Due to in-house nature, internal auditors tend to focus on
business controls, and leave IT controls to IT staff.
• When it exists, IT knowledge is more focused than External Auditors, but less broad.
• Integrated audits- Business and IT aspects being audited separately but simultaneously, and reports joined in the reporting stage.
Flaws to Integrated Auditing• Inadequate scoping and execution
• Misunderstandings in accountability
• Poor identification and testing of automated controls
• $$$
Integrated Auditors• Internal auditors who expand their IT knowledge
• Able to understand and properly monitor automated controls
• Fully understand how data flows through their organizations information systems
• Failure to understand these things could lead to material oversights during audits.
Fraud and IT Controls• IT Controls provide and limit access to business critical
information
• Authorization & authentication provide ways of limiting this access
• Design of the system, which includes critical financial and business information should not rest solely on IT.
SAS 99 & AU 314
Opportunity• The ability or access to commit fraud
• IT controls offer an excellent line of defense
• Access controls
• Authentication
• Authorization
Perceived Pressure• The reasons behind the commission of fraud
• Mostly external
• Internal pressures can be countered
• Separation of duties
• Logs of overrides
Rationalization• The reasoning why the fraud is committed
• Most difficult to detect and counter due to the personal natures a persons moral and ethical code
• Company wide emphasis on the existence and importance of access controls
• Ethics training and policy
Importance of IT controls to accurate financial reporting
• Internal & external stakeholders require reliable financial information
• PCAOB definition of internal controls over financial performance:• “a process…to provide reasonable assurance regarding the reliability of
financial reporting.”
• IT controls must maintain integrity while remaining sufficiently flexible
Internal & External Uses for Financial Information
• Executive management• Craft strategies• Evaluate current strategies• Make corrective adjustments
• Operational management• Problem solving• Cost management• Employee evaluations
• BOD• Existing shareholders, potential shareholders & creditors
• Relevant & reliable financial statements• Rationally allocate capital
Ramifications of Insufficient IT-Related Internal Controls• IT control material weaknesses (MWs) threaten the
information value chain
• IT MWs lead to more IT MWs according to a study by Klamm & Watson (2011)
• Larger audit fees
• Weaker overall Control Environment
• Sarbanes-Oxley Act noncompliance• Required to select framework to assess internal control structure
• COSO (too broad), CobIT, ISO
Effect on Stakeholders• Shareholders• Loss of representational faithfulness
• Biased accruals/earnings management• Increased fraud risk
• Management• Less reliable financial and operational reports
• Unreliable cost management information• Precludes: ABC, TQM, Continuous Improvement, Six Sigma, etc.
Future Considerations
• IT controls will only become more paramount to success
• XBRL & Continuous Auditing (CA)• 2006 PwC survey found 50% of U.S. companies use CA techniques
and another 31% are implementing
• Enterprise Risk Management (ERM)
• Cloud Computing & Integrated Supply Chains
Computer Economics Survey 2011 to 2012
• IT spending moves out of recession, but weakly• 60% of companies increased their IT budgets
• 25% IT executives expect operational spending cuts
• Half of IT executives believe that budget is inadequate
• IT operational spending per user is at lowest in six years
SOURCE: http://www.myitview.com/it-management/5-it-spending-and-staffing-trends-for-2011-to-2012