Journal of Accountancy Large Logo

Search Results

Systems Audit & Internal Control

Sort by: Show:
Page  1

1. How to use COSO to assess IT controls  

BY John White, CPA/CITP, Ph.D.
Maintaining proper controls over information technology is a constant concern for businesses as they try to use technological advances to drive efficiency and growth.Principle 11 in the newly updated internal control framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) provides guidelines for assessing the effectiveness of controls over IT (see the sidebar, “COSO’s Principle 11”).

2. Cloud Security Alliance endorses AICPA SOC report   WebExclusive

BY Jeff Drew
The AICPA’s framework for assessing the reliability of a cloud provider’s technology and systems controls has won the endorsement of the Cloud Security Alliance (CSA), a not-for-profit coalition with members including Google, Microsoft, Ernst & Young, Deloitte, and PwC. The AICPA is a CSA affiliate member. In a position paper released Monday, the CSA threw its support behind one of the AICPA’s three Service Organization Control (SOC) reports.

3. COSO sheds light on managing cloud risks   WebExclusive

BY Ken Tysiac
Management should begin control-related activities before an organization contracts with a cloud-computing service provider (CSP), according to guidance provided in a new thought paper released Wednesday by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The paper, Enterprise Risk Management for Cloud Computing, provides a thorough examination of how to follow COSO’s Enterprise Risk Management (ERM)—Integrated Framework to assess and manage the risks presented by cloud computing.

4. Proposed Changes to Privacy, Security Guidance Available   WebExclusive

The AICPA released two proposals that would alter guidance for CPAs providing attestation services, advisory services or both that address IT-enabled systems including electronic commerce systems and privacy programs. The guidance relates to providing services with respect to system security, availability, processing integrity, confidentiality and privacy.

5. Join the Hunt   CPEDirect

BY Mark W. Lehman
You’ve used a database to search your client’s data for a red flag that might indicate fraud. You imported the data into a database and created relationships between table fields. Then you carefully created a filter to search for red flags. Finding nothing, you conclude that there is no evidence of fraud.
Page  1
CPE Direct articles Web-exclusive content
AICPA Logo Copyright © 2013 American Institute of Certified Public Accountants. All rights reserved.
Reliable. Resourceful. Respected. (Tagline)