Lesson: IT Controls in an Audit

Instructor: Nick Palazzolo

This lesson delves into the topic of IT controls in an audit, including common controls such as access controls, change management controls, data backup and recovery controls, and security controls. The discussion also focuses on an auditor's responsibilities when considering IT and internal controls, as well as the AICPA's guidance on using IT during audits. Furthermore, the lesson explores the concept of data analytics and its use in identifying risk areas, testing controls, and performing substantive tests in an audit. The final part of the lesson emphasizes the importance of data reliability, the acquisition of data, and factors that can reduce data reliability during the auditing process.

Updated: June 22, 2023 Create an account

"Examprep.ai helped me pass all 4 CPA exams on the first try. I highly recommend. I especially like the feedback and ratings the software provides so I know where to focus my time."

Daniel H., CPA

"I can't recommend ExamPrep.ai enough. Nick's lessons turned concepts I struggled with into strengths. I was able to pass FAR right before other exams expired!"

Andrew K, CPA

"I just want to say thank you for the great lesson videos. I couldn't stay awake through lectures of another course. After watching all your FAR lessons I was finally able to pass!"

Alyssa M., CPA Candidate

Recommended Lessons

Internal Controls & Information Technology Controls: Design, Testing, & Deficiencies Overview

Internal Controls & Information Technology Controls: Design, Testing, & Deficiencies Objectives

Introduction to Internal Controls and Information Technology Controls

Examples of Internal Controls

The Internal Control Process

Transcript

Instructor: Nick Palazzolo

Nick Palazzolo is head instructor of ExamPrep.ai CPA Review. Nick's teaching style is engaging & upbeat, combining practical Big 4 tax & assurance expertise with years of 1-on-1 coaching. His lessons are concise and emphasize what you need to know to pass. Whether you're a recent grad or working full-time, we’re confident you can conquer your CPA exams with Nick’s review.

Cite this lesson

Link to this page

[[ citeExample ]]

Copy to clipboard

Copy URL to clipboard

Copy HTML to clipboard

Here are some common IT controls in an audit. We've got this whole section. It is internal controls. And if you hadn't noticed, it is also information technology controls. So while we do have these traditional accounting controls, we are going to talk about IT. We're going to talk about all the wonderful ways that IT is implemented. And as the months go on, the CPA exam loves to implement more and more when it comes to IT. We're going to talk about that and much more. Now, there are many different types of IT controls that can be present in an audit. Some common controls are going to include we've got access controls, change management controls, data backup and recovery controls, and security controls. Now, what are access controls? These controls restrict access. I mean, kind of simply put, passwords, user IDs, two-factor authentication. These are just access controls, limiting access to systems and to procedures, to programs. Change management controls, these controls ensure that changes to systems and data are made in a controlled and authorized manner, meaning you can't go in and edit a database without entering a password, getting approval from someone else. A message gets sent to someone's phone. They have to approve it. Change management controls typically include change control boards, change requests, and impact analyses. Really, I mean, these are aggressive, much more aggressive controls. Like I said, it could be something as simple as sending a message to your manager's phone. The manager has to then approve it so you can get in and edit the system. You have data backup and recovery controls. Now, these controls ensure that critical data can be recovered in the event of a system failure or data loss. We talk about this in our business environments

To unlock this lesson, sign up for a free account.

Get more from this lesson

Create an account 7-day free trial. No credit card required.

Substantive Testing & Internal Controls

Module: 3 Concepts, 45 Lessons

Internal Controls & Information Technology Controls: Design, Testing, & Deficiencies Overview

0:50

Internal Controls & Information Technology Controls: Design, Testing, & Deficiencies Objectives

1:37

Introduction to Internal Controls and Information Technology Controls

1:49

Examples of Internal Controls