- History of information technology auditing
Information Technology Auditing (IT auditing) began as Electronic Data Process (EDP) Auditing and developed largely as a result of the rise in technology in accounting systems, the need for IT control, and the impact ofcomputers on the ability to perform attestation services. The last few years have been an exciting time in the world of IT auditing as a result of theaccounting scandals and increased regulation. IT auditing has had a relatively short yet rich history when compared to auditing as a whole and remains an ever changing field.BeginningThe introduction of
computer technology into accounting systems changed the waydata was stored, retrieved and controlled. It is believed that the first use of a computerized accounting system was atGeneral Electric in 1954. During the time period of 1954 to the mid-1960s, the auditing profession was stillauditing around the computer. At this time onlymainframe computer s were used and few people had the skills and abilities to program computers. This began to change in the mid-1960s with the introduction of new, smaller and less expensive machines. This increased the use of computers in businesses and with it came the need forauditors to become familiar with EDP concepts inbusiness . Along with the increase in computer use, came the rise of different types of accounting systems. The industry soon realized that they needed to develop their ownsoftware and the first of the generalized audit software (GAS) was developed. In 1968, theAmerican Institute of Certified Public Accountants (AICPA) had the Big Eight (now theBig Four ) accounting firms participate in the development of EDP auditing. The result of this was the release of "Auditing & EDP". The book included how to document EDP audits and examples of how to process internal control reviews.Around this time EDP auditors formed the Electronic Data Processing Auditors Association (EDPAA). The goal of the association was to produce guidelines, procedures and standards for EDP audits. In 1977, the first edition of "Control Objectives" was published. This publication is now known as Control Objectives for Information and related Technology (CobiT). CobiT is the set of generally accepted IT control objectives for IT auditors. In 1994, EDPAA changed its name to Information Systems Audit and Control Association (ISACA). The period from the late 1960s through today has seen rapid changes in technology from the
microcomputer and networking to theinternet and with these changes came some major events that change IT auditing forever.The formation and rise in popularity of the Internet and
E-commerce have had significant influences on the growth of IT audit. The Internet influences the lives of most of the world and is a place of increased business, entertainment and crime. IT auditing helps organizations and individuals on the Internet find security while helping commerce and communications to flourish.Major Events
There are five major events in U.S. history which have had significant impact on the growth of IT auditing. These are the Equity Funding scandal, the development of the Internet and E-commerce, the 1998 IT failure at
AT&T , theEnron and Arthur Andersen LLP scandal, and theSeptember 11, 2001 Attacks .These events have not only heightened the need for more reliable, accurate, and secure systems but have brought a much needed focus to the importance of the accounting profession. Accountants certify the accuracy of public company
financial statements and add confidence tofinancial markets . The heightened focus on the industry has brought improved control and higher standards for all working in accounting, especially those involved in IT auditing.Equity Funding Corporation of America
The first known case of misuse of
information technology occurred at Equity Funding Corporation of America. Beginning in 1964 and continuing on until 1973, managers for the company booked falseinsurance policies to show greaterprofits , thus boosting the price of thestock of the company. If it wasn't for awhistle blower , the fraud may have never been caught. After thefraud was discovered, it took the auditing firm Touche Ross two years to confirm that the insurance policies were not real. This was one of the first cases where auditors had to audit through the computer rather than around the computer.AT&T
In 1998 AT&T suffered an IT failure that impacted worldwide
commerce andcommunication . A major switch failed due to software and procedural errors and left manycredit card users unable to access funds for upwards of 18 hours. Events such as this bring to the forefront our reliance in IT services and remind us of the need for assurance in our computer systems.Enron and Arthur Andersen
The Enron and Arthur Andersen LLP scandal led to the demise of a foremost Accounting firm, an
investor loss of more than 60 billion dollars and the largestbankruptcy in U.S. history. Arthur Andersen was recently found guilty ofobstruction of justice for their role in the collapse of the energy giant. This scandal had a significant impact on theSarbanes-Oxley Act and was a major self-regulation violation.September 11th Terrorist Attacks
The terrorist attacks of
September 11, 2001 left the Americans feeling vulnerable and afraid. The economic market began to fall and all realized that one of the most powerful nations in the world was susceptible to attack. September 11th paved the way for TheHomeland Security Act and the increased regulation and security of the electronic infrastructure.Future
IT auditing is the future of the accounting profession. We no longer live in a world where company dynamics and financial state can be determined without the use of computers. The rapid rise in information technology cannot be denied and must be utilized in order to succeed. IT auditing adds security, reliability and accuracy to the information systems integral to our lives. Without IT auditing we would be unable to safely shop on the internet or control our identities. The role IT auditors play maybe unknown to most but it impacts the lives of all. As history continues we will continue to see the rise of this up and coming profession.
References
* Senft, Sandra; Manson, Danial P. PhD; Gonzales, Carol; Gallegos, Frederick (2004). Information Technology Control and Audit (2nd Ed.). Auerbach Publications. ISBN 0-8493-2032-1
ee also
*
Information technology audit main pageExternal links
* [http://www.isaca.org Information Systems Audit and Control Association]
* [http://www.pcaobus.org Public Company Accounting Oversight Board (PCAOB)]
* [http://www.deloitte.com Deloitte and Touche]
* [http://www.itgi.org IT Governance Institute]
* [http://www.gao.gov Government Auditing Standards]
* [http://www.findarticles.com/p/articles/mi_m4153/is_n3_v48/ai_10819174 Spiraling Upward-History of Internal Auditing and the Institute of Internal Auditors]
* [http://www.theiia.org Systems Auditability and Control-A History]
* [http://www.cavebear.com/nsf-dns/pa_history.htm History of the Privacy Act of 1974]
* [http://legal.web.aol.com/resources/legislation/comfraud.html Computer Fraud Abuse Act]
* [http://www.epic.org/crypto/csa/ Electronic Privacy Information Center-Computer Security Act of 1987]
* [http://www.ftc.gov/foia/privacy_act.htm Federal Trade Commission-Privacy Act of 1974]
* [http://legal.web.aol.com/resources/legislation.ecpa.html Electronic Communications Privacy Act]
* [http://www.aicpa.org AICPA-Summary of Sarbanes Oxley Act of 2002]
* [http://www.issa.org Information Systems Security Association (ISSA)]
* [http://www.ftc.gov/privacy/glbact Financial Privacy: The Gramm Leach Bliley Act]
* [http://www.theiia.org/itaudit/?fuseaction=catref&catid=44 Reference Library: Regulation]
* [http://www.privacyrights.org/ar/SB1Infor.htm California Financial Information Privacy Act]
* [http://www.fasb.org Financial Accounting Standards Board]
Wikimedia Foundation. 2010.