（2003）Sarbanes-Oxley Act of 2002 (PL 107-204) and Impact on the IT Auditor.pdfVIP

76-10-01 EDP AUDITING SARBANES–OXLEY ACT OF 2002 (PL 107-204) AND IMPACT ON THE IT AUDITOR Frederick Gallegos, CISA, CGFM, CDE I N S I D E Major Points from the Sarbanes–Oxley Act of 2002; Criminal Intent; Legal Implications for External Auditors; The Sarbanes–Oxley Act Forces Organizations to Implement Strong Internal Controls; Potential Impact on the IT Audit Profession; The Potential Costs of Such Implementations INTRODUCTION The world of financial auditing has changed dramatically during the past decade and will continue to change rapidly as more and more companies rely on information technology to achieve their business objectives. Certainly, the passage of the Sar- banes–Oxley Act of 2002 (Public Law 107-204) will have a major impact on the internal and external auditor. Also, the IT auditor will play an integral role in assuring compliance with this act. It is no longer acceptable for auditors to audit around the computer, as was once the case. With the increase in fraud and ceaseless corporate scandals over the past two years, it is now even more imperative than ever before that auditors have a full understanding of both manual and automated internal control processes. The assessment of both the manual and P A Y O F F I D E A automated internal controls of any sys- The Sarbanes–Oxley Act of 2002 (Public Law 107-204)