Controls for Information Technology, Reporting and Evaluation
Controls for Information Technology, Reporting and Evaluation Information technology (IT) controls are particular functions performed by employees and operating systems specifically designed to ensure business objectives and goals are met. Although IT controls are different than internal controls both are vital functions of an organization that are both reported and evaluated on a regular basis. IT control objectives are based on confidentiality, integrity, data available, and general management of IT functions of the organization. IT general and application controls are based on information technology environment, system operations, and program data, development, and changes. Internal Reporting
As of 2002, following the Sarbanes-Oxley Act, annual reports of internal controls is required by Securities Exchange Act. The report must state management’s responsibility for establishing and maintaining adequate internal control structure and procedures for financial reporting, as well as an assessment of the effectiveness of the internal control structure and procedures for financial reporting (Securities and Exchange Commission, 2008). Management is responsible for the security, accuracy, and reliability of the controls for management and reporting of company financial data. Control Objectives for Information Technology (COBIT) and Committee of Sponsoring Organizations (COSO) are two common types of frameworks of control that provide a structure to design information technology (IT) general and application controls. To comply with Sarbanes-Oxley organizations must identify and report areas where technology has a significant impact on the financial reporting process. Internal Controls
There are five main components of internal controls that are recognized by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) that are required in...