SDB 3123 IT RISK AND AUDITING

GROUP ASSIGNMENT 1

GROUP NAME:

GROUP MEMBERS:

FATIN IZZYAN BINTI MOHD 22424

NASRUDDIN
THAM MEI YEE 22425
CHOW YEE HOU 22420
ROFITHAH BINTI OMAR 22427

The modern electronic audit have required to make drastic and universal changes
(Eilifsen, Knechel, and Wallage 2001) which evolved from the manual processes to computer
based processes of auditing. The uprising of technologies was directed to the modifications in the
auditings standards and methodologies. Nowadays, numerous firms have implemented the
auditing standards and methodologies of Sarbanes-Oxly Act, IT infrastructure library (ITIL) and
COSO Internal Control Standards. The standards and methodologies intended to increase the
efficiency of auditing methods while conducted constant qualities, assurance and integrity to the
auditees, the organizations have established a new audit standards and methodology of auditing
(Berberich, 2005). Thus, this report will explain about Sarbanes-Oxly Act, ITIL and COSO
Internal Control Standards.
The Sarbanes-Oxley Act, which is more commonly called SOX. It contains 11 titles and
each of it contains various numbers of sections (Caminong, 2011). The Sarbanes-Oxley Act was
enacted in 2002 in a reaction of a number of corporate accounting scandals such as Enron, Tyco
and WorldCom. It applies to all United States public listed companies in order to maintain a
system of internal controls. Although this act does not apply to private, foreign and non-profit
organization, many volunteers to comply in order to prove that they meet international standards.

First of all, under Sarbanes-Oxley Act, the officers of the company are required to sign
financial statement for accuracy. This holds them personally accountable for any misrepresented
data. Apart from that, an increase fines and prison sentence for individuals who attempts to
defraud investors or misrepresent actual figures. The companies must also provide a description
of its internal controls allowing the investors to gain insight into the company procedures.
Besides that, the companies are responsible for hiring an external independent accounting firm to
audit the accuracy of their financial reports.

The financial reports are now required to have a section dedicated to the auditors opinion
on the accuracy of the figures presented in the financial reports. The companies are mandated to
report all off balance sheet transactions on their reports. The Securities and Exchange
Commission or (SEC) has now given more power to look into companies that are suspected of
fraud. The SEC is now doing random reviews of companies to ensure they are complying with
the Sarbanes-Oxley Act. The reports are then published and allow the public to view it. The
Sarbanes-Oxley Act is credited for reduced corporate fraud and increasing investor protections.

The next is about IT Information Library (ITIL) which is a methodology used in IT

service management. It brings benefits to company like to improve customer relationship and
satisfaction, deliver better quality and reliability in service, optimise service delivery in supply
chain addition with able manage business risk and service disturbance. ITIL achieve it by
improving how IT delivers and supports business service value by adopting the ITIL framework
which provides a flexible and organised guideline (New to ITIL? Start here!, 2016). It will guide
the five different processes which are service strategy, service design, service operation and
service improvement (Meier, 2012).

In service strategy, ITIL will guide to access the current situation and customer
requirements to form a strategy that able IT align with core business. It will follow by service
design phase which need to plan and design what IT is needed to be provided to support the
business. Continue with ITIL service transition where changes of service lifecycle can be
managed from the risk of new changes and retired services. Problem management, incident
management and Access Management come into a service operation will after it to deliver the
service at the agreed level (New to ITIL? Start here!, 2016). Moreover, service improvement will
be taken to determine the opportunity of improvement and its impact. Key performance
indicators (KPI) are used to identify each process and its critical success factors in the service are
through (Continual Service Improvement, 2016). This is to meet the satisfaction of customer
align correctly with IT used. ITIL does not have fixed rules that allow organizations to just
according individual cases which IT department can apply its principles.

In an internal control standard system, there are five components that are known to be
effective which has gained world acceptance. These five components were initially presented by
the Committee of Sponsoring Organizations of the Treadway Commission (COSO). They believe
that these standards could effectually and capably develop and uphold internal control systems.
This could be an enrichment of getting engaged with the entitys objectives and adaptation to
business and operating environments successfully (Everson, et al., 2013). There are five
integrated components that are used accordingly which is starting from control environment.
This becomes the initial component in which it provides the foundation for implementing
internal control across the organization (Everson, et al., 2013).

In general, it refers to the standard atmosphere in which employees carry out their roles
and functions. It includes such elements like ethical values, organizational culture and structure
established by the management. The next component relates to the achievement of management
objectives in which to recognize and evaluate the possible risks (Newens & Khoshmashrab,
2016). There are four aspects that could be taken cares of which are company objectives,
objectives at the process-level, identification of risk and analysis and change management (Cruz,
2016). In third component that is control activities. These are the steps identified to establish the
impact of the risks using policies and procedures.

All levels of the entity at different levels within business processes and over the
technology environment will need to get involved (KPMG, 2013). For the organization and
employees, to carry out their roles and functions excellently, information and communication is
used as to ensure information is easily taken and linked to appropriate personnel (Newens &
Khoshmashrab, 2016). Finally, the last component in internal control is monitoring activities as
to assess whether these five components are working as intended (KPMG, 2013). It is achieved
through on-going monitoring and periodic evaluations. To sum up, these standards and
methodology functions for thorough internal control within the company through engaged
leadership, collective values and culture itself (Cruz, 2016).

As a conclusion, the appropriate methodologies and standards of auditing play an

important part for the purposes of firms governance (Goodson, Mory, & Lapointe, 2012). When
applied the best standards or methods that supportable with the firms objective, it drive to the
details plan towards firms policies, program and practice (Brushett, et al., 2013). Ask for it, the
comprehensive standards for developing the firms and enlightening the auditing processes
(Goodson, Mory, & Lapointe, 2012) in innovation of the technologies in this era in order to
strive for contract on the auditing values. (Brushett, et al., 2013)

REFERENCES
Berberich, G. P. (2005). The Effects of Audit Methodology and Audit Experience on the
Development of Auditors Knowledge of the Clients Business. Retrieved from Collections
Canada: http://www.collectionscanada.gc.ca/obj/s4/f2/dsk3/OWTU/TC-OWTU-650.pdf

Brushett, W., Crowley, P., Hannaford, G., Kinney, J., Kriegler, A., & Weiss, P. (2013). Enhancing
Audit Quality: Conclusions and Recommendations. Retrieved from Canadian Public
Accountability Board : http://www.cpab-ccrc.ca/Documents/Topics/EAQ/EAQ%20Final
%20Report_EN_FNL_tag.pdf

Caminong, R. (2011, September 21). Sarbanes-Oxley act. Retrieved February 05, 2017, from
http://www.slideshare.net/RizzeCaminong/sarbanesoxley-act-9354519

Continual Service Improvement. (22 December, 2016). Retrieved from BMC:

http://www.bmc.com/guides/itil-continual-service-improvement.html

Cruz, S. (2016, October 28). KnowledgeLeader. Retrieved from What Are The Five Components
of the COSO Framework?: http://info.knowledgeleader.com/bid/161685/what-are-the-
five-components-of-the-coso-framework

Eilifsen, A., W. R. Knechel, and P. Wallage (2001). Application of the Business Risk Audit
Model: A field study. Accounting Horizons 15(3): 193-207.

Everson, M., Soske, S., Martens, F., Beston, C., Harris, C., Garcia, A., Perraglia, S. (2013, May).
Internal Control-Integrated Framework Executive Summary. Retrieved from The Institute
of Internal Auditors North America: https://na.theiia.org/standards-
guidance/topics/Documents/Executive_Summary.pdf

Goodson, S., Mory, K., & Lapointe, J. (2012, January). Supplemental Guidance: The Role of
Auditing in Public Sector Governance. Retrieved from https://na.theiia.org/standards-
guidance/Public%20Documents/Public_Sector_Governance1_1_.pdf

KPMG. (2013). KPMG. Retrieved from COSO Internal Control - Integrated Framework:
https://home.kpmg.com/content/dam/kpmg/pdf/2016/05/2750-New-COSO-2013-
Framework-WHITEPAPER-V4.pdf
Meier, J. (29 January, 2012). ITIL Stages, Processes, and Sub-Processes. Retrieved from
Microsoft Developer: https://blogs.msdn.microsoft.com/jmeier/2012/01/29/itil-stages-
processes-and-sub-processes/

New to ITIL? Start here! (12 Jun, 2016). Retrieved from BMC: http://www.bmc.com/guides/itil-
introduction.html

Newens, H., & Khoshmashrab, M. (2016, June). Internal Control Standards COSO Framework
2013. Retrieved from County of Yolo: http://www.yolocounty.org/home/showdocument?
id=3254

Staff, I. (2015, January 13). Sarbanes-Oxley Act of 2002 - SOX. Retrieved February 05, 2017,
from http://www.investopedia.com/terms/s/sarbanesoxleyact.asp

S. (n.d.). What is the Sarbanes-Oxley Act? Retrieved February 05, 2017, from http://www.sox-
online.com/what-is-the-sarbanes-oxley-act/