Controls for Information Technology and Reporting and Evaluation Essay

Controls for Information Technology and Reporting and Evaluation - Essay Example ove-mentioned company implements real-time compliance tools to obtain company-wide data through one and only one source of information, which is its database. These tools notify the management about any compliance problems, and tend to provide accurate and timely information, making the company more open to the varying business requirements. These tools also help the management to prepare reliable financial statements. Apart from the real-time compliance tools, my company implements all the five components of internal control: control environment, risk assessment, information and communication systems, control activities, and monitoring. To evaluate the internal controls, it is first important to understand the definition of internal control; organize a project team to conduct the evaluation; evaluate internal control at the entity level; understand and evaluate internal control at the process, transaction, or application level; and, evaluate overall effectiveness, identify matters for improvement, and establish monitoring system. The criteria against which the internal controls of my company are to be evaluated is the Sarbanes-Oxley Act of 2002, which requires that the management must include an internal control reporting assessment with its annual report. My company uses AICPA/CICA Trust Services framework in their IT-based work, as an information systems auditor, to evaluate internal controls over information technology. Section 404 of the Sarbanes-Oxley Act of 2002 requires that I, as a manager of internal controls, should include a statement of my responsibility for implementing and maintaining proper internal controls, along with a report that should summarize how effective these internal controls have been through the year, in the company’s annual report. The Act also requires me to submit a report that summarizes the framework that I use to evaluate the internal controls, along with a statement or report that states that an external auditor has issued