History of information technology auditing
   HOME

TheInfoList



OR:

Information Technology Auditing (IT auditing) began as Electronic Data Process (EDP) Auditing and developed largely as a result of the rise in technology in accounting systems, the need for IT control, and the impact of
computers A computer is a machine that can be programmed to carry out sequences of arithmetic or logical operations (computation) automatically. Modern digital electronic computers can perform generic sets of operations known as programs. These programs ...
on the ability to perform attestation services. The last few years have been an exciting time in the world of IT auditing as a result of the
accounting Accounting, also known as accountancy, is the measurement, processing, and communication of financial and non financial information about economic entities such as businesses and corporations. Accounting, which has been called the "languag ...
scandals and increased regulation. IT auditing has had a relatively short yet rich history when compared to auditing as a whole and remains an ever-changing field. The introduction of
computer technology Computing is any goal-oriented activity requiring, benefiting from, or creating computing machinery. It includes the study and experimentation of algorithmic processes, and development of both hardware and software. Computing has scientific, e ...
into accounting systems changed the way
data In the pursuit of knowledge, data (; ) is a collection of discrete values that convey information, describing quantity, quality, fact, statistics, other basic units of meaning, or simply sequences of symbols that may be further interpreted ...
was stored, retrieved and controlled. It is believed that the first use of a computerized accounting system was at
General Electric General Electric Company (GE) is an American multinational conglomerate founded in 1892, and incorporated in New York state and headquartered in Boston. The company operated in sectors including healthcare, aviation, power, renewable energ ...
in 1954. During the time period of 1954 to the mid-1960s, the auditing profession was still
auditing An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon.” Auditing ...
around the computer. At this time only
mainframe computer A mainframe computer, informally called a mainframe or big iron, is a computer used primarily by large organizations for critical applications like bulk data processing for tasks such as censuses, industry and consumer statistics, enterpris ...
s were used and few people had the skills and abilities to program computers. This began to change in the mid-1960s with the introduction of new, smaller and less expensive machines. This increased the use of computers in businesses and with it came the need for
auditors An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon.” Auditing ...
to become familiar with EDP concepts in
business Business is the practice of making one's living or making money by producing or Trade, buying and selling Product (business), products (such as goods and Service (economics), services). It is also "any activity or enterprise entered into for pr ...
. Along with the increase in computer use, came the rise of different types of accounting systems. The industry soon realized that they needed to develop their own
software Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work. At the lowest programming level, executable code consists ...
and the first of the generalized audit software (GAS) was developed. In 1968, the American Institute of Certified Public Accountants (AICPA) had the Big Eight (now the
Big Four Big Four or Big 4 may refer to: Groups of companies * Big Four accounting firms: Deloitte, Ernst & Young, KPMG, PwC * Big Four (airlines) in the U.S. in the 20th century: American, Eastern, TWA, United * Big Four (banking), several groupings ...
) accounting firms participate in the development of EDP auditing. The result of this was the release of ''Auditing & EDP''. The book included how to document EDP audits and examples of how to process internal control reviews. Around this time EDP auditors formed the Electronic Data Processing Auditors Association (EDPAA). The goal of the association was to produce guidelines, procedures and standards for EDP audits. In 1977, the first edition of ''Control Objectives'' was published. This publication is now known as Control Objectives for Information and related Technology (CobiT). CobiT is the set of generally accepted IT control objectives for IT auditors. In 1994, EDPAA changed its name to Information Systems Audit and Control Association (
ISACA ISACA is an international professional association focused on IT (information technology) governance. On its IRS filings, it is known as the Information Systems Audit and Control Association, although ISACA now goes by its acronym only.
). The period from the late 1960s through today has seen rapid changes in technology from the
microcomputer A microcomputer is a small, relatively inexpensive computer having a central processing unit (CPU) made out of a microprocessor. The computer also includes memory and input/output (I/O) circuitry together mounted on a printed circuit board (PC ...
and
networking Network, networking and networked may refer to: Science and technology * Network theory, the study of graphs as a representation of relations between discrete objects * Network science, an academic field that studies complex networks Mathematics ...
to the
internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
and with these changes came some major events that change IT auditing forever. The formation and rise in popularity of the Internet and
E-commerce E-commerce (electronic commerce) is the activity of electronically buying or selling of products on online services or over the Internet. E-commerce draws on technologies such as mobile commerce, electronic funds transfer, supply chain manageme ...
have had significant influences on the growth of IT audit. The Internet influences the lives of most of the world and is a place of increased business, entertainment and crime. IT auditing helps organizations and individuals on the Internet find security while helping commerce and communications to flourish.


Major Events

There are five major events in U.S. history which have had significant impact on the growth of IT auditing. These are the Equity Funding scandal, the development of the Internet and E-commerce, the 1998 IT failure at
AT&T Corporation AT&T Corporation, originally the American Telephone and Telegraph Company, is the subsidiary of AT&T Inc. that provides voice, video, data, and Internet telecommunications and professional services to businesses, consumers, and government agen ...
, the
Enron Enron Corporation was an American energy, commodities, and services company based in Houston, Texas. It was founded by Kenneth Lay in 1985 as a merger between Lay's Houston Natural Gas and InterNorth, both relatively small regional companies. ...
and Arthur Andersen LLP scandal, and the
September 11, 2001 Attacks The September 11 attacks, commonly known as 9/11, were four coordinated suicide terrorist attacks carried out by al-Qaeda against the United States on Tuesday, September 11, 2001. That morning, nineteen terrorists hijacked four commercial ...
. These events have not only heightened the need for more reliable, accurate, and secure systems but have brought a much needed focus to the importance of the accounting profession. Accountants certify the accuracy of public company financial statements and add confidence to
financial markets A financial market is a market in which people trade financial securities and derivatives at low transaction costs. Some of the securities include stocks and bonds, raw materials and precious metals, which are known in the financial markets ...
. The heightened focus on the industry has brought improved control and higher standards for all working in accounting, especially those involved in IT auditing.


Equity Funding Corporation of America

The first known case of misuse of
information technology Information technology (IT) is the use of computers to create, process, store, retrieve, and exchange all kinds of data . and information. IT forms part of information and communications technology (ICT). An information technology system (I ...
occurred at Equity Funding Corporation of America. Beginning in 1964 and continuing on until 1973, managers for the company booked false
insurance policies In insurance, the insurance policy is a contract (generally a standard form contract) between the insurer and the policyholder, which determines the claims which the insurer is legally required to pay. In exchange for an initial payment, known as ...
to show greater profits, thus boosting the price of the
stock In finance, stock (also capital stock) consists of all the shares by which ownership of a corporation or company is divided.Longman Business English Dictionary: "stock - ''especially AmE'' one of the shares into which ownership of a company ...
of the company. If it wasn't for a
whistle blower A whistleblower (also written as whistle-blower or whistle blower) is a person, often an employee, who reveals information about activity within a private or public organization that is deemed illegal, immoral, illicit, unsafe or fraudulent. Whi ...
, the fraud may have never been caught. After the
fraud In law, fraud is intentional deception to secure unfair or unlawful gain, or to deprive a victim of a legal right. Fraud can violate civil law (e.g., a fraud victim may sue the fraud perpetrator to avoid the fraud or recover monetary compens ...
was discovered, it took the auditing firm
Touche Ross Touché, Touche, Latouche, La Touche, or de la Touche may refer to: Sports * Touché (fencing), French for "touched", a term used to acknowledge a hit Arts and entertainment * ''Touché'' (Hush album), by Australian band Hush, 1977 * ''Touch ...
two years to confirm that the insurance policies were not real. This was one of the first cases where auditors had to audit through the computer rather than around the computer.


AT&T

In 1998 AT&T suffered an IT failure that impacted worldwide
commerce Commerce is the large-scale organized system of activities, functions, procedures and institutions directly and indirectly related to the exchange (buying and selling) of goods and services among two or more parties within local, regional, nation ...
and
communication Communication (from la, communicare, meaning "to share" or "to be in relation with") is usually defined as the transmission of information. The term may also refer to the message communicated through such transmissions or the field of inquir ...
. A major switch failed due to software and procedural errors and left many
credit card A credit card is a payment card issued to users (cardholders) to enable the cardholder to pay a merchant for goods and services based on the cardholder's accrued debt (i.e., promise to the card issuer to pay them for the amounts plus the o ...
users unable to access funds for upwards this brought to the forefront our reliance in IT services and reminds us of the need for assurance in our computer systems.


Enron and Arthur Andersen

The Enron and Arthur Andersen LLP scandal led to the demise of a foremost Accounting firm, an investor loss of more than 60 billion dollars and the largest
bankruptcy Bankruptcy is a legal process through which people or other entities who cannot repay debts to creditors may seek relief from some or all of their debts. In most jurisdictions, bankruptcy is imposed by a court order, often initiated by the debtor ...
in U.S. history. Although found guilty of obstruction of justice for their role in the collapse of the energy giant in the US District Court for the Southern District of Texas (and affirmed by the 5th Circuit in 2004), the conviction was overturned by the US Supreme Court in
Arthur Andersen LLP v. United States ''Arthur Andersen LLP v. United States'', 544 U.S. 696 (2005), was a United States Supreme Court case in which the Court unanimously overturned accounting firm Arthur Andersen's conviction of obstruction of justice in the fraudulent activities and ...
. This scandal had a significant impact on the Sarbanes-Oxley Act and was a major self-regulation violation.


See also

*
Government Accountability Office The U.S. Government Accountability Office (GAO) is a legislative branch government agency that provides auditing, evaluative, and investigative services for the United States Congress. It is the supreme audit institution of the federal govern ...
* Information technology audit main page


References

* Senft, Sandra; Manson, Danial P. PhD; Gonzales, Carol; Gallegos, Frederick (2004). Information Technology Control and Audit (2nd Ed.). Auerbach Publications. {{ISBN, 0-8493-2032-1


External links


Spiraling Upward-History of Internal Auditing and the Institute of Internal Auditors

Systems Auditability and Control-A History





Electronic the Institute of Internal Auditors

Systems Auditability and Control-A History





Electronic Privacy Information Center-Computer Security Act of 1987



AICPA-Summary of Sarbanes Oxley Act of 2002

Financial Privacy: The Gramm Leach Bliley Act

Reference Library: Regulation

California Financial Information Privacy Act

Financial Accounting Standards Board
Information technology auditing Information technology audit