Navigating the Standards for Information Technology Controls

Abstract

Auditors are faced with the challenge of understanding an auditee's IT processing and control environment. Further complicating the situation are various guidelines and standards whose application depends on the nature of the entity: a publicly traded company, a privately held company, or a government agency. In addition, the entity may have operations outside of the United States. Auditing and assurance services for entities in these different situations are regulated by different standards-setting bodies, and understanding these different requirements in the context of information systems processing and controls is critical.