Share
Explore BrainMass

This post addresses IT risk IT internal controls.

For effective control, management must also develop, enforce, and adhere to the control systems in place. We noted in previous weeks that companies can reduce the risk of compromising information captured in their AIS through control systems. As discussed in Hunton, Bryant and Bagranoff, in recent years, there is an increased emphasis in risk based audit model in contrast to control-based models. This is a very interesting shift.

In order to help us pursue this topic, let first consider the following question: Why is it important to identify and assess IT risk before developing IT internal controls?

Please search for a filing on Diagnostics Inc at http://sec.gov/edgar/searchedgar/companysearch.html, I also attached their k10 locate the most recent 10k report and share your thoughts on the independent auditor's assessment of the internal controls of the company.

Attachments

Solution Preview

It is always, always necessary to develop risk before designing controls, whether we're talking about IT or some other area of internal control within the company. Basically, you've got to ask yourself this question: Why are we designing the controls? What are we trying to protect? There is no way to answer this question in any type of thorough manner without first understanding where our weak areas are, and we can only do this if we complete a risk assessment. I will say that IT is particularly more vulnerable in this area because of the nature of IT. We are protecting sensitive company information, customer data that includes sensitive information, and other proprietary data that if compromised, can put our customers, our employees, and our operations at risk. To mitigate this risk, we complete a comprehensive risk assessment which allows us to ...

Solution Summary

This solution addresses the following exercise:

For effective control, management must also develop, enforce, and adhere to the control systems in place. We noted in previous weeks that companies can reduce the risk of compromising information captured in their AIS through control systems. As discussed in Hunton, Bryant and Bagranoff, in recent years, there is an increased emphasis in risk based audit model in contrast to control-based models. This is a very interesting shift.

In order to help us pursue this topic, let first consider the following question: Why is it important to identify and assess IT risk before developing IT internal controls?

Please search for a filing on Diagnostics Inc at http://sec.gov/edgar/searchedgar/companysearch.html, I also attached their k10 locate the most recent 10k report and share your thoughts on the independent auditor's assessment of the internal controls of the company.

$2.19