INTERNAL CONTROL IN AN ICT ENVIRONMENT PROBLEMS AND SOLUTIONS
CHAPTER ONE
INTRODUCTION
1.1 BACKGROUND STUDY
The Sarbanes Oxley Act (SOX) has been in effect in the United States since 2002 as a result of numerous well-publicized recent audit failures involving significant firms around the world, particularly in the United States. An international standard for corporate governance and control has been established by this ACT.
They shall (Section 302) ensure that the financial reporting and auditing processes of publicly traded firms are as accurate as possible by certifying (Section 302) the accuracy of financial reports. Because of this, financial records that are based on erroneous and unreliable data are of no use. Elmaleh, thank you ( 2012). In the wake of the financial crisis and a litany of scandals involving the public sector, better training and increased audit process transparency are now imperative (ACCA, 2010).
Section 404 of the Sarbanes-Oxley Act (SOX) mandates that publicly traded corporations have effective internal controls in place for financial reporting. UK’s Turnbull Report 1999 gave principle-based guidelines for developing robust internal control systems, which were later incorporated into the combined code, amended in 2005.
I.T. has become an integral part of many organizations’ strategic and operational plans and business processes.
As a result, IT governance has become an integral aspect of enterprise governance, just as IT has become an integral part of the business. When the importance of IT governance was recognized in 1996, an IT governance framework, Control Objectives for Information and Related Technology (COBIT), was developed. COBIT provides a set of generally accepted IT control objectives to assist entities with maximizing the benefits derived from IT and developing appropriate IT governance and control (IFAC, 2006).
COBIT, on the other hand, concentrates solely on information technology, whereas COSO and the Turnbull report focus on the attainment of business objectives at the overall company level. Other countries, such as Canada, the European Union, Hong Kong, South Africa, and others, have seen comparable advancements in internal controls.
If an organization is to thrive in today’s competitive business climates, it must know how to ‘take advantage of opportunities and resist dangers, in many instances through the efficient application of controls, and therefore improve its performance’.
As a result, an organization’s governance system cannot function well without adequate internal control. As a result, implementing effective internal controls is essential if a company is to take advantage of new opportunities while also guarding against potential dangers. Understanding, managing, and monitoring risk by the governing body, management, and other employees is essential to maximizing the organization’s opportunities and minimizing its risks. (Li,\s2012).
Aside from preventing and detecting fraud, internal controls are designed to reflect the soundness of an organization’s entire accounting environment and the reliability of its financial and operational records. Failures in data security can have a wide range of ramifications for a business.
The maximum penalty for a single incident is $15 million. It’s not uncommon for legal, IT recovery, and other expenditures to exceed that. Increased regulatory supervision can be the result of breaking data security rules. Then there’s the reputational impact” (Drew, 2012).
As a key function of management, internal audit plays a crucial role in making the most of opportunities and thwarting risks. As a whole, internal auditing is a form of economic control that focuses on all aspects of a company’s operations relevant to management. The use of information and communication technology (ICT) in accounting and management information systems is now practically mandatory.
It is consequently necessary to go beyond the financial records or accounting information to gain an overall picture of the company’s operations (Chun, 1997). Tests and an understanding of the system are necessary ‘to substantiate their opinions and/or provide guidance to management on internal controls
1.2 STATEMENT OF THE PROBLEM
In order to do their jobs effectively, certified public accountants must rely on the information, abilities, and experience they’ve gained both during their education and in the field. These decisions must also be based on ethical principles and the need to protect the general welfare.
Finding and evaluating audit risk is a critical step in any audit. The audit plan must take these dangers into account. Making inquiries of management and internal auditors, as well as others within the company, is a major focus of audit risk identification techniques (Jones, 2009). In order to verify management claims, these auditing methods are designed to identify risks, fraud, and errors by testing internal controls within the company.
According to Pine (2011), auditors must take into account the extent to which prescribed controls have been implemented appropriately when considering the extent to which they can rely on accounting application controls. A modern accounting information system cannot function without the inclusion of ICT (Information and Computer Technology).
In audit engagements, paper-based audit evidence is being replaced with electronic evidence. Due to the high amount of vulnerabilities and threats, it is an understatement to say that ICT is a high-risk field. However, the role of auditors in spotting fraud has been recognized by regulatory norms and the law in recent years. Therefore, auditing computerized accounting systems has become a difficult task.
The importance of auditors demonstrating significant ICT competence and understanding the impact of current ICT issues on the audit of a client’s financial statements cannot be overstated. This is true for both the client and the auditor, who can both use ICT to gather and process accounting data and report the resulting accounting information in the client’s financial statements.
Providers of audit services are increasingly concerned about the proficiency of their auditors in the field of information technology. The auditor’s ICT skills are not up to the task of successfully completing an engagement. The most pressing issue for auditors is how to bridge the gap between their expectations for ICT skills and the current state of affairs.
1.3 PURPOSE OF THE RESEARCH
An audit risk assessment is necessary in order to assess the level of threat to the audit report’s credibility posed by computerized accounting information systems.
To find out if the regulatory environment’s IT competency requirements necessitate a revolution in the training of future accountants and auditors?
Recognize whether or not an ICT-based workplace is plagued by issues with internal control.
An ICT environment’s internal controls difficulties must be solved.
IS THE STUDY’S RESEARCH MATTERS?
Accountants and auditors will be given advice on how to improve internal control in an ICT environment from the findings of this study. In addition, the findings of this study will provide new avenues of communication for aspiring accountants and scholars in the relevant academic and professional fields, and they will serve as a resource for current and future students.
1.7 THE RESEARCH OBJECTIVES
The scope of the investigation is restricted to Nigerian bottling business PLC and brewery accountants and auditors.
THE STUDY HAD ITS LIMITATIONS
The researcher must always contend with the following limitation while conducting an examination of this nature.
The study’s time allocation was inadequate.
In most cases, a study of this sort requires some financial investment, thus this was a restricting issue as well.
Aside from a lack of access to the complete population, low response from the responder was also a problem for the study.
The policies of the organizations themselves also had an impact on the scope of the research.
Do You Have New or Fresh Topic? Send Us Your Topic
INTERNAL CONTROL IN AN ICT ENVIRONMENT PROBLEMS AND SOLUTIONS
INSTRUCTIONS AFTER PAYMENT
- 1.Your Full name
- 2. Your Active Email Address
- 3. Your Phone Number
- 4. Amount Paid
- 5. Project Topic
- 6. Location you made payment from