IT Controls in an Audit Video - ExamPrep.ai CPA Review

Lesson: IT Controls in an Audit

This lesson delves into the topic of IT controls in an audit, including common controls such as access controls, change management controls, data backup and recovery controls, and security controls. The discussion also focuses on an auditor's responsibilities when considering IT and internal controls, as well as the AICPA's guidance on using IT during audits. Furthermore, the lesson explores the concept of data analytics and its use in identifying risk areas, testing controls, and performing substantive tests in an audit. The final part of the lesson emphasizes the importance of data reliability, the acquisition of data, and factors that can reduce data reliability during the auditing process.

This video and the rest on this topic are available with any paid plan.

See Pricing

Video Transcript

Instructor: Nick Palazzolo

Nick Palazzolo is head instructor of ExamPrep.ai CPA Review. Nick's teaching style is engaging & upbeat, combining practical Big 4 tax & assurance expertise with years of 1-on-1 coaching. His lessons are concise and emphasize what you need to know to pass. Whether you're a recent grad or working full-time, we’re confident you can conquer your CPA exams with Nick’s review.

Cite this lesson

Link to this page

[[ citeExample ]]

Copy to clipboard

Copy URL to clipboard

Copy HTML to clipboard

Here are some common IT controls in an audit. We've got this whole section. It is internal controls. And if you hadn't noticed, it is also information technology controls. So while we do have these traditional accounting controls, we are going to talk about IT. We're going to talk about all the wonderful ways that IT is implemented. And as the months go on, the CPA exam loves to implement more and more when it comes to IT. We're going to talk about that and much more. Now, there are many different types of IT controls that can be present in an audit. Some common controls are going to include we've got access controls, change management controls, data backup and recovery controls, and security controls. Now, what are access controls? These controls restrict access. I mean, kind of simply put, passwords, user IDs, two-factor authentication. These are just access controls, limiting access to systems and to procedures, to programs. Change management controls, these controls ensure that changes to systems and data are made in a controlled and authorized manner, meaning you can't go in and edit a database without entering a password, getting approval from someone else. A message gets sent to someone's phone. They have to approve it. Change management controls typically include change control boards, change requests, and impact analyses. Really, I mean, these are aggressive, much more aggressive controls. Like I said, it could be something as simple as sending a message to your manager's phone. The manager has to then approve it so you can get in and edit the system. You have data backup and recovery controls. Now, these controls ensure that critical data can be recovered in the event of a system failure or data loss. We talk about this in our business environments

Unlock the full video transcript and subtitles support with the full course!

Get more from this lesson

View the Course View Pricing

Create an account Get started free. No credit card required.

Substantive Testing & Internal Controls

Module: 3 Concepts, 45 Videos

Internal Controls & Information Technology Controls: Design, Testing, & Deficiencies Overview

0:50

Internal Controls & Information Technology Controls: Design, Testing, & Deficiencies Objectives

1:37

Introduction to Internal Controls and Information Technology Controls

1:49