Controls for Information Technology The success of a business is determined by how effective its managers are in managing risk Therefore acquiring effective risk management helps to protect the company from losses because of poor accounting practices as well as fraudulent activities Using good controls protect managers from liabilities that may arise when certifying financial statements used in annual reports because when these reports are issued they are also a reflection of the company s internal controls The internal control process begins with management and the attitude that management portrays through the company Manager duties include implementing the policies and procedures used within the company these policies and procedures are also used to build the structure which is found within the internal control environment Internal Control Reporting Options An audit report has three general functions used to report a company s financial statements These reports indicate whether the financial statements are presented in conformity with generally accepted accounting principles Auditors use their reports to highlight any unusual aspects of the audit examination and the reports can be used to communicate useful information to decision makers that may not appear on the face of the financial statements Internal reporting options are important in keeping regulators investors and employees informed and the format should be understandable for managers and investors Two options are available to the auditor for reports on the company s financial statements and internal control over financial reporting One option is to have two separate reports the fairness of the company s financial statements and the report on internal control over financial reporting When using this option each report should refer to the basic responsibility and opinion expressed in the other report If the second option is preferred in presenting the two reports the reports should be combined The combined report expresses an unqualified opinion on the financial statements management s assessment of the effectiveness of internal control over financial reporting should also be included and the effectiveness of internal control over financial reporting Louwers Ramsey Sinason Strawser 2007 Vulnerabilities and Threats Automated information systems have become a vital component in the everyday operations of modern businesses This has allowed more work to be done with fewer people and a higher level of detail to be integrated into the work through the advanced abilities of computers It is important for companies to take the necessary precautions needed in protecting their systems and choosing the proper internal controls for information technology and reporting This includes evaluating the effectiveness of the internal controls by asking the following questions Is the design and operation of the internal control system up to date with technological advancements effectiveness Is the internal control system and reporting in compliance with Sarbanes Oxley Act of 2002 Does the current system identify existing controls that are inefficient redundant and costly Is the internal control system and reporting increasing productivity and overall organization The answers to these questions should be reviewed by management to ensure that the parameters of the information technology is regulated and controlled Internal Controls for IT Organizations understand the importance of information technology IT and with this knowledge they can drive their shareholders value Companies must realize the importance of the dependency on the processes of the IT department Many companies use COBIT which is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements technical issues and business risks COBIT enables clear policy development and good practice for IT control throughout organizations COBIT emphasizes regulatory compliance helps organizations to increase the value attained from IT enables alignment and simplifies implementation of the COBIT framework ISACA 2011 Conclusion References Management should make it a priority to identify controls within the company It is also important for companies to have proper controls in place to monitor their internal controls for information technology and reporting Without the necessary controls in place and company can experience dramatic financial hardships due to fraud and errors Louwers T Ramsay R Sinason D Strawser J 2007 Auditing Assurance Services A Look Beneath the Surface 2nd ed New York New York McGraw Hill Irwin ISACA 2011 COBIT Framework for IT Governance and Control Retrieved from http www isaca org Knowledge Center COBIT Pages Overview aspx