Controls for Information Technology and Reporting Evaluation
Week 6
Controls for Information Technology
Risk is a necessary undertaking for any business. Success in business is determined by effectively managing the risk. Effective risk management helps to protect the company from losses because of poor accounting practices and fraud. Good controls also protect company management from the liability when they certify the financial statements issued in the annual report because they are also certifying the internal controls. The internal control process begins with management and the attitude that management portrays through the company. From this attitude, management gives direction, and the direction becomes policies and …show more content…
Options for Internal Controls Three different internal control schemes have been developed by various international bodies to assist organizations in developing and maintaining adequate internal controls for their automated information systems and information technology infrastructure. The Control Objectives for Information Related Technology (COBIT) have been produced by the IT governance institute, and are considered the standard for Information technology security and controls. The International Standards Organization has released ISO 17799, which extends British standard BS 7799 for the protection of information assets. The final widely recognized organization that has produced a standard for automated information systems controls is the Committee of Sponsoring Organizations (COSO) (Raval & Fichadia, 2007). COBIT approaches IT controls from a process perspective. This control structure identifies 34 high-level control objectives that have been divided among five different key frameworks. The control objectives cover acquiring infrastructure applications and software systems, the installation of software and infrastructure, and the management of both users’ access, and changes to the system (Raval & Fichadia, 2007). ISO 17799 is an extension of the British standard, BS 7799. Both standards divide the control aspects into two different categories, the management of data and the management of operations (Raval &