Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, Computer Forensics, External Audit, Fraud, GCC, ICS, Internal Audit, IT Audit, ITAC, ITGC, SOD, SOF
Computer usage in information processing systems frequently eliminates generally accepted accounting control principles regarding adequate SOF and SOD. In particular, manual system organization incompatibles are normally reassigned to distinct departments or personnel. Computerized information systems, however, have a tendency to consolidate incompatible functions and duties within the IT department. As a result, IT personnel are potentially in a position to commit irregular and/or illegal acts, if compensating controls do not exist.
SOF and SOD are considered organizational controls that may prevent, deter, and/or detect irregular and illegal acts. An entity’s IT management is responsible for sustaining an adequate Internal Control Structure (ICS) to safeguard information system assets. One of the factors an ICS relies on is maintaining adequate SOF between the various IT department units as well as other non-IT groups.
“View Part I of the Irregularities and Illegal Acts Agreed-Upon Procedures Assessments series here“