Dear IT-Section Members:

A number of professional and marketplace developments have converged to increase interest in IT as it relates to the financial statement audit, resulting in growing recognition of the important role that IT plays as a contributor to risk, a means of supporting and facilitating internal control, and a driver of audit efficiency and innovation. The passage of Sarbanes Oxley and the issuance of SAS Nos. 104-111, require the auditor to pay more attention to the control environment, including the role of IT. The challenge is to balance the need to understand and thoroughly assess an entity’s use of IT with the Risk Assessment Standards’ (SAS Nos. 104-111) mandate that the auditor focus on risk and reduce reliance on substantive procedure.

To help members better understand the impact of IT on financial reporting and the audit, and walk the fine line between the need to thoroughly assess the IT environment with the risk imperative of SAS Nos. 104-111, the IT Executive Committee has developed two educational initiatives with the financial auditor in mind.

IT General Controls for Financial Auditors

Our five-part web seminar IT General Controls for Financial Auditors continues in August and September with the final two installments:

IT General Controls for Financial Auditors (Part 4): Logical Access Controls

Presented by Bruce Sussman, CPA, CISA, CISSP and Susan Ramey, CPA

Wednesday, August. 27, 2008; 2:00-3:30 p.m., ET (11:00 a.m., PT)

In IT General Controls for Financial Auditors: Logical Access Controls, Bruce Sussman and Susan Ramey introduce the concept of Logical Access Controls. Citing pertinent audit standards, they explain why logical access controls are relevant to the auditor and what aspects of logical security should be evaluated within the context of the financial statement audit.

IT General Controls for Financial Auditors (Part 5): IT from the Audit Partner’s Perspective

Presented by John Barile, CPA, CISA, CBCP 

Thursday, September 11, 2008; 2:00-3:30 p.m., ET (11:00 a.m., PT)

In IT from the Audit Partner’s Perspective, John Barile, CPA, CISA, CBCP closes out our 5-part series on general controls with a discussion about the relevance of IT to the audit, and how assessing and gaining confidence in a entity’s IT General Controls:

§         Frees the auditor up to focus on the areas of greatest risk;

§         Allows the auditor to place greater reliance on the business systems that process business and financial data;

§         Validates the use of Computer Assisted Auditing Tools and Techniques to perform comprehensive transaction testing, and automated journal testing; and

§         Lays the groundwork for more advanced audit strategies including continuous controls monitoring.

If you were unable to attend any of the first three presentations in this series, archived versions have been posted and are available for viewing at www.aicpa.org/itinfocasts.

AICPA Training School: IT Considerations in Risk-Based Financial Statement Audits

October 27-30, AICPA Boardroom, New York City

This 3 1/2 day AICPA Training School is intended to provide financial managers and external and internal audit professionals with a solid understanding of how IT impacts financial reporting and the audit. Attendees will better understand the critical IT considerations at each phase of the audit, learn to communicate more effectively with clients and key IT contractors and staff, and discover how to leverage technology and risk-based procedures to increase audit efficiency. They will also receive 31 credits of CPE, and have an opportunity to interact with fellow practitioners in an intimate, collaborative atmosphere. There are fewer than 50 seats available, so register today! IT Section members receive an additional $50 discount at registration checkout.

As always, let us know how we’re doing in creating and delivering topical information that helps you become more proficient in your use and understanding of IT.

Sincerely,

David Cieslak, CPA.CITP, GSEC

Chair, IT Executive Committee

P.S. It is not necessary for you to have participated in Parts 1-4 to register for Part 5 of “IT General Controls for Financial Auditors.” And remember, all parts are archived on the IT Center.