Skip to main content
Area of Focus Sessions

NAA2523. Understanding and Assessing Risks and Controls Within the IT Environment

Guidance on addressing the SAS No. 145, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, requirement for evaluating IT within the system of internal controls. We will focus on identifying risks arising from the use of IT and discuss how IT risks and controls impact the five components of the system of internal controls. We will walk through examples on how to assess the risks and controls in entities with complex applications, systems interfaces, data warehouses, and SOC reports, as well as entities with high volumes of transactions and complex financial reporting.

Learning Objectives:

  • Recognize SAS No. 145 requirements to document the use of IT in an entity’s control environment
  • Identify IT related risks within business processes and the mitigating controls
  • Identify how IT risks and controls impact the five components of the system of internal controls
  • Analyze examples on how to assess the IT risks and controls in entities with high volumes of transactions and complex financial reporting
Date/Time
CPE Credits
1.0
NASBA Field of Study
Auditing
Level
Update - (for participants with a background in the subject area who desire to keep current)
Prerequisites
For participants with a background in the subject area who desire to keep current
Advanced Preparation
None
Session Tags
NAA