|
Assessing Information Technology General Control Risk: An Instructional Case
Carolyn Strand Norman, Virginia Commonwealth University
Mark D. Payne, Ernst & Young LLP
Valaria P. Vendrzyk, University of Richmond
ABSTRACT. The purpose of this case is to help students better understand an organization’s Information Technology General Controls (ITGCs) and assess ITGC risk within the context of an integrated audit. Students identify specific strengths and weaknesses within five ITGC areas, provide a risk assessment for each area, and then evaluate the organization’s overall level of ITGC risk. In organizations where information technology (IT) is pervasive, understanding internal controls over financial reporting requires both management and auditors to review controls embedded in the organization’s information systems. Although ITGCs are a fundamental category of internal controls and provide an overall foundation for relying on any financial information produced by the information systems, their relation to financial statement reporting is indirect and not well understood.
Full-Text is no longer available online. Please contact the author(s) for more information about this manuscript.
Back to Session Listing
|