- History of information technology auditing
Information TechnologyAuditing (IT auditing) began as Electronic Data Process (EDP) Auditing and developed largely as a result of the rise in technology in accounting systems, the need for IT control, and the impact of computerson the ability to perform attestation services. The last few years have been an exciting time in the world of IT auditing as a result of the accountingscandals and increased regulation. IT auditing has had a relatively short yet rich history when compared to auditing as a whole and remains an ever changing field.Beginning
The introduction of
computer technologyinto accounting systems changed the way datawas stored, retrieved and controlled. It is believed that the first use of a computerized accounting system was at General Electricin 1954. During the time period of 1954 to the mid-1960s, the auditing profession was still auditingaround the computer. At this time only mainframe computers were used and few people had the skills and abilities to program computers. This began to change in the mid-1960s with the introduction of new, smaller and less expensive machines. This increased the use of computers in businesses and with it came the need for auditorsto become familiar with EDP concepts in business. Along with the increase in computer use, came the rise of different types of accounting systems. The industry soon realized that they needed to develop their own softwareand the first of the generalized audit software (GAS) was developed. In 1968, the American Institute of Certified Public Accountants(AICPA) had the Big Eight (now the Big Four) accounting firms participate in the development of EDP auditing. The result of this was the release of "Auditing & EDP". The book included how to document EDP audits and examples of how to process internal control reviews.
Around this time EDP auditors formed the Electronic Data Processing Auditors Association (EDPAA). The goal of the association was to produce guidelines, procedures and standards for EDP audits. In 1977, the first edition of "Control Objectives" was published. This publication is now known as Control Objectives for Information and related Technology (CobiT). CobiT is the set of generally accepted IT control objectives for IT auditors. In 1994, EDPAA changed its name to Information Systems Audit and Control Association (ISACA). The period from the late 1960s through today has seen rapid changes in technology from the
microcomputerand networking to the internetand with these changes came some major events that change IT auditing forever.
The formation and rise in popularity of the Internet and
E-commercehave had significant influences on the growth of IT audit. The Internet influences the lives of most of the world and is a place of increased business, entertainment and crime. IT auditing helps organizations and individuals on the Internet find security while helping commerce and communications to flourish.
There are five major events in U.S. history which have had significant impact on the growth of IT auditing. These are the Equity Funding scandal, the development of the Internet and E-commerce, the 1998 IT failure at
AT&T, the Enronand Arthur Andersen LLP scandal, and the September 11, 2001 Attacks.
These events have not only heightened the need for more reliable, accurate, and secure systems but have brought a much needed focus to the importance of the accounting profession. Accountants certify the accuracy of public company
financial statementsand add confidence to financial markets. The heightened focus on the industry has brought improved control and higher standards for all working in accounting, especially those involved in IT auditing.
Equity Funding Corporation of America
The first known case of misuse of
information technologyoccurred at Equity Funding Corporation of America. Beginning in 1964 and continuing on until 1973, managers for the company booked false insurance policiesto show greater profits, thus boosting the price of the stockof the company. If it wasn't for a whistle blower, the fraud may have never been caught. After the fraudwas discovered, it took the auditing firm Touche Ross two years to confirm that the insurance policies were not real. This was one of the first cases where auditors had to audit through the computer rather than around the computer.
In 1998 AT&T suffered an IT failure that impacted worldwide
commerceand communication. A major switch failed due to software and procedural errors and left many credit cardusers unable to access funds for upwards of 18 hours. Events such as this bring to the forefront our reliance in IT services and remind us of the need for assurance in our computer systems.
Enron and Arthur Andersen
The Enron and Arthur Andersen LLP scandal led to the demise of a foremost Accounting firm, an
investorloss of more than 60 billion dollars and the largest bankruptcyin U.S. history. Arthur Andersen was recently found guilty of obstruction of justicefor their role in the collapse of the energy giant. This scandal had a significant impact on the Sarbanes-Oxley Actand was a major self-regulation violation.
September 11th Terrorist Attacks
The terrorist attacks of
September 11, 2001left the Americans feeling vulnerable and afraid. The economic market began to fall and all realized that one of the most powerful nations in the world was susceptible to attack. September 11th paved the way for The Homeland Security Actand the increased regulation and security of the electronic infrastructure.
IT auditing is the future of the accounting profession. We no longer live in a world where company dynamics and financial state can be determined without the use of computers. The rapid rise in information technology cannot be denied and must be utilized in order to succeed. IT auditing adds security, reliability and accuracy to the information systems integral to our lives. Without IT auditing we would be unable to safely shop on the internet or control our identities. The role IT auditors play maybe unknown to most but it impacts the lives of all. As history continues we will continue to see the rise of this up and coming profession.
* Senft, Sandra; Manson, Danial P. PhD; Gonzales, Carol; Gallegos, Frederick (2004). Information Technology Control and Audit (2nd Ed.). Auerbach Publications. ISBN 0-8493-2032-1
Information technology auditmain page
* [http://www.isaca.org Information Systems Audit and Control Association]
* [http://www.pcaobus.org Public Company Accounting Oversight Board (PCAOB)]
* [http://www.deloitte.com Deloitte and Touche]
* [http://www.itgi.org IT Governance Institute]
* [http://www.gao.gov Government Auditing Standards]
* [http://www.findarticles.com/p/articles/mi_m4153/is_n3_v48/ai_10819174 Spiraling Upward-History of Internal Auditing and the Institute of Internal Auditors]
* [http://www.theiia.org Systems Auditability and Control-A History]
* [http://www.cavebear.com/nsf-dns/pa_history.htm History of the Privacy Act of 1974]
* [http://legal.web.aol.com/resources/legislation/comfraud.html Computer Fraud Abuse Act]
* [http://www.epic.org/crypto/csa/ Electronic Privacy Information Center-Computer Security Act of 1987]
* [http://www.ftc.gov/foia/privacy_act.htm Federal Trade Commission-Privacy Act of 1974]
* [http://legal.web.aol.com/resources/legislation.ecpa.html Electronic Communications Privacy Act]
* [http://www.aicpa.org AICPA-Summary of Sarbanes Oxley Act of 2002]
* [http://www.issa.org Information Systems Security Association (ISSA)]
* [http://www.ftc.gov/privacy/glbact Financial Privacy: The Gramm Leach Bliley Act]
* [http://www.theiia.org/itaudit/?fuseaction=catref&catid=44 Reference Library: Regulation]
* [http://www.privacyrights.org/ar/SB1Infor.htm California Financial Information Privacy Act]
* [http://www.fasb.org Financial Accounting Standards Board]
Wikimedia Foundation. 2010.