Page 15 - Accounting Information Systems
P. 15

xiv     Contents








                                         Postimplementation Review 631
                                         TheRoleof Accountants 633
                                        COMMERCIAL PACKAGES 633
                                        TRENDS IN COMMERCIAL PACKAGES 633
                                         Advantages of Commercial Packages 635
                                         Disadvantages of Commercial Packages 635
                                        CHOOSING A PACKAGE 635
                                        MAINTENANCE AND SUPPORT 639
                                         User Support 639
                                         Knowledge Management and Group Memory 639
                                        SUMMARY 640
                                        APPENDIX 640

                            Part V      Computer Controls and Auditing 663


                     Chapter 15         IT Controls Part I: Sarbanes-Oxley
                                        and IT Governance 665

                                        OVERVIEW OF SOX SECTIONS 302 AND 404 666
                                         Relationship between IT Controls and Financial Reporting 666
                                         Audit Implications of Sections 302 and 404 667
                                        IT GOVERNANCE CONTROLS 671
                                        ORGANIZATIONAL STRUCTURE CONTROLS 671
                                         Segregation of Duties within the Centralized Firm 672
                                         The Distributed Model 674
                                         Creating a Corporate IT Function 675
                                         Audit Objectives Relating to Organizational Structure 676
                                         Audit Procedures Relating to Organizational Structure 676
                                        COMPUTER CENTER SECURITY AND CONTROLS 677
                                         Computer Center Controls 677
                                        DISASTER RECOVERY PLANNING 679
                                         Providing Second-Site Backup 680
                                         Identifying Critical Applications 681
                                         Performing Backup and Off-Site Storage Procedures 681
                                         Creating a Disaster Recovery Team 682
                                         Testing the DRP 683
                                         Audit Objective: Assessing Disaster Recovery Planning 683
                                         Audit Procedures for Assessing Disaster Recovery Planning 683
                                        OUTSOURCING THE IT FUNCTION 683
                                         Risks Inherent to IT Outsourcing 684
                                         Audit Implications of IT Outsourcing 685
                                        SUMMARY 687
                                        APPENDIX 687
   10   11   12   13   14   15   16   17   18   19   20