Controls for Information Technology The success of a business is determined by how effective its managers are in managing risk. Therefore, acquiring effective risk management helps to protect the company from losses because of poor accounting practices as well as fraudulent activities. Using good controls protectmanagers from liabilities that may arise when certifying financial statements used in annual reports because when these reports are issued, they are also a reflection of the company’s internalcontrols. The internal control process begins with management and the attitude that management portrays through the company. Manager duties include implementing the policies and proceduresused within the company, these policies and procedures are also used to build the structure whichis found within the internal control environment. Internal Control Reporting Options An audit report has three general functions used to report a company’s financial statements. These reports indicate whether the financial statements are presented in conformity with generally accepted accounting principles. Auditors use their reports to highlight any unusual aspects of the audit examination, and the reports can be used to communicate useful information to decision makers that may not appear on the face of the financial statements. Internal reporting options are important in keeping regulators, investors, and employees informed, and the format should be understandable for managers and investors. Two options are available to the auditor for reports on the company’s financial statements and internal control over financial reporting. One option is to have two separate reports; the fairness of the company’s financial statements and the report on internal control over financial reporting. When using this option each report should refer to the basic responsibility and opinion expressed in the other report. If the second option is preferred in presenting the two reports, the reports should be combined. The combinedreport expresses an unqualified opinion on the financial statements, management’s assessment ofthe effectiveness of internal control over financial reporting should also be included, and the effectiveness of internal control over financial reporting (Louwers, Ramsey, Sinason, & Strawser, 2007). Vulnerabilities and Threats Automated information systems have become a vital component in the everyday operations of modern businesses. This has allowed more work to be done with fewer people and a higher level of detail to be integrated into the work through the advanced abilities of computers. It is important for companies to take the necessary precautions needed in protecting their systems andchoosing the proper internal controls for information technology and reporting. This includes evaluating the effectiveness of the internal controls by asking the following questions: * Is the design and operation of the internal control system up-to-date with technological advancements? * Is the internal control system and reporting in compliance with Sarbanes-Oxley Act of 2002? * Does the current system identify existing controls that are inefficient, redundant, and costly? * Is the internal control system and reporting increasing productivity and overall organization effectiveness? The answers to these questions should be reviewed by management to ensure that the parametersof the information technology is regulated and controlled. Internal Controls for IT Organizations understand the importance of information technology (IT) and with this knowledge; they can drive their shareholders’ value. Companies must realize the importance of the dependency on the processes of the IT department. Many companies use COBIT, which is anIT governance framework and supporting toolset that allows managers to bridge the gap betweencontrol requirements technical issues and business risks. COBIT enables clear policy development and good practice for IT control throughout organizations. COBIT emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework (ISACA, 2011). Conclusion Management should make it a priority to identify controls within the company. It is also important for companies to have proper controls in place to monitor their internal controls for information technology and reporting. Without the necessary controls in place and company can experience dramatic financial hardships due to fraud and errors. References Louwers, T., Ramsay, R., Sinason, D., & Strawser, J. (2007). Auditing & Assurance Services: A Look Beneath the Surface. (2nd ed.). New York, New York: McGraw-Hill/Irwin. ISACA, 2011. COBIT Framework for IT Governance and Control. Retrieved from