I attended a recent SOX conference in Chicago, IL. the theme of the conference was linkages between business process auditors and IT auditors. Two of the key points raised at the conference are discussed below. Everyone agreed on one thing, for successful SOX compliance, there have to be strong linkages between IT and business. IT systems impact the financial statements since most financial applications form part of the IT environment. IT controls need to be included in an audit from the start as part of the top down approach.

Moving on to the second main point of discussion in the conference. In the Sarbanes Oxley compliance process, IT auditors and business process auditor need to have a strong relationship. Financial auditors should consider IT audits in their assessments of business risks and assertions. The benefit of this is that financial auditors can reduce their business process testing, and rely more on ITGC and application controls. This can help in cost and time savings in the long run since IT controls testing normally require a smaller sample size than business process controls testing.

Related Posts

Testing Remediated Controls at Year End
Knowledge Obtained During Previous Audits
Third Party Controls for SOX
Reasonable Assurance Vs Absolute Assurance SOX