The impact of information technology (IT) must be carefully considered in an evaluation of internal control over financial reporting. There are unique risks to be considered, including the identification and definition of IT/cyber controls and the use of frameworks to facilitate risk evaluation. Sarbanes-Oxley (SOX) compliance teams should take into account these considerations early in the planning and organization phases of the ERM project, for example.
NOTE: Typically, IT/cyber controls impact applications and data in the technology environment(s). As a general rule, these controls impact the achievement of financial statement assertions germane to the reliability of financial reporting.
In your initial post, please discuss why it is important to consider information technology (IT) when evaluating internal control over financial reporting.
Respond substantively to at least two other students’ posts. Comment on the recommendation(s) would you make to compliance teams for defining IT/cyber risks and controls that either exist though technology or impact the integrity of processing or data.*please remember to include at least one credible scholarly reference with your initial post!