Will companies and their auditors ever agree on how to test information technology systems for Sarbanes-Oxley compliance? The Institute of Internal Auditors hopes its new guidelines on IT controls will help.
Since companies began complying with the Sarbanes-Oxley Act, one common complaint about auditor scrutiny has been loud and clear: external auditors have spent too much time on technology systems that seem unrelated to financial statements.
It's an issue that has been confusing for both sides. The problem: Information technology has an often indirect relationship with the final results in financial statements, and there's little standard guidance to tell companies how to determine the strength and security of IT-specific internal controls.
advertisement
With its newly released guidance, the Institute of Internal Auditors is hoping to end much of the anxiety and confusion surrounding the testing of IT controls. The methodology will help companies streamline their preparation for testing, help them defend themselves better when questioned by external auditors, and even possibly save money on compliance costs, according to the IIA.
See full Article.
Posts
