Auditing Information Systems and Controls

Corporate America is faced with a challenge today, a challenge unprecedented in our history. It has become a national imperative that corporations create audit programs and infrastructures to achieve audit readiness and guarantee the accuracy of corporate records. Executives should not and can not depend entirely on external audit reviews and recommendations. They must create internal audit programs and infrastructures to regain credibility and the confidence of shareholders. Meeting this challenge is critical to the survival and success of many business enterprises.


The federal government and leaders of our country are serious today in facing the challenges of corporate behavior and the dangers that have evolved, evidenced by the passing of the Sarbanes Oxley Act of 2002. The Act requires the certification by CEOs and CFOs regarding the accuracy of their financial statements and requires independent outside audit attestation of the operating effectiveness of controls and control structure over financial reporting. It imposes associated penalties for failure to comply. Pro-active corporations must establish the discipline of rigorous audit readiness programs and must ensure their continued successful execution. It is essential that internal audit committees take measures to install checks and balances and self-policing practices to ensure integrity within their corporations. This is not optional. CEOs today are legally responsible for the correctness of their financial statements.


IT Governance: The Only Thing Worse Than No Control Is The Illusion of Control focuses on a unique organizational structure and the mechanics of establishing an effective internal independent audit organization. It proposes the structure of an independent internal auditing group headed by a Chief Governance Officer (CGO) or Chief Accounting Executive (CAE) who reports directly to an audit committee, comprised of Board of Director members, who themselves must be totally independent. Independence is the most critical element in the success of this new audit approach and can not be emphasized enough. This will require an organizational change in most corporations and a revolutionary approach. Old paradigms in which the audit organization reported to the CEO or CFO will be discarded. These internal audit groups must serve as the eyes and ears for the public and Board of Directors. They will provide early warnings of inappropriate, fraudulent or ineffective practices and will report noncompliance with accepted basic control fundamentals and ethical behavior; they must do so without fear of reprisal.


Not only is it the responsibility of the Audit Committee to provide direction, but it is essential that every executive officer and their staffs be on board and be fully supportive of the internal audit infrastructure. It is the synergy of these organizations working together that is required to prepare us for successful audits and to improve busin...