Once upon a time, broad reviews of general computer controls were a cornerstone of IT audits. Now, Auditing Standard No. 5 may well close the book on that practice.
Testing of operating systems, information security, and “change management” in a company’s IT environment has evolved rapidly since such audits became commonplace 15 years ago. AS5, however, with its commitment to auditing internal controls based on risk of material misstatement to financial reports, gives managers new discretion to scale down the scope of their IT audits in 2007 and beyond. Expect them to use it, experts say.
