This post addresses IT risk IT internal controls.
For effective control, management must also develop, enforce, and adhere to the control systems in place. We noted in previous weeks that companies can reduce the risk of compromising information captured in their AIS through control systems. As discussed in Hunton, Bryant and Bagranoff, in recent years, there is an increased emphasis in risk based audit model in contrast to control-based models. This is a very interesting shift.
In order to help us pursue this topic, let first consider the following question: Why is it important to identify and assess IT risk before developing IT internal controls?
Please search for a filing on Diagnostics Inc at http://sec.gov/edgar/searchedgar/companysearch.html, I also attached their k10 locate the most recent 10k report and share your thoughts on the independent auditor’s assessment of the internal controls of the company.