NAA2523. Understanding and Assessing Risks and Controls Within the IT Environment

Guidance on addressing the SAS No. 145, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, requirement for evaluating IT within the system of internal controls. We will focus on identifying risks arising from the use of IT and discuss how IT risks and controls impact the five components of the system of internal controls. We will walk through examples on how to assess the risks and controls in entities with complex applications, systems interfaces, data warehouses, and SOC reports, as well as entities with high volumes of transactions and complex financial reporting.

Learning Objectives:

• Recognize SAS No. 145 requirements to document the use of IT in an entity’s control environment
• Identify IT related risks within business processes and the mitigating controls
• Identify how IT risks and controls impact the five components of the system of internal controls
• Analyze examples on how to assess the IT risks and controls in entities with high volumes of transactions and complex financial reporting