Essay about Itgc Case Study

Words: 6284
Pages: 26

ISSUES IN ACCOUNTING EDUCATION Vol. 24, No. 1 February 2009 pp. 63–76

Assessing Information Technology General Control Risk: An Instructional Case
Carolyn Strand Norman, Mark D. Payne, and Valaria P. Vendrzyk
ABSTRACT: Information Technology General Controls (ITGCs), a fundamental category of internal controls, provide an overall foundation for reliance on any information produced by a system. Since the relation between ITGCs and the information produced by an organization’s various application programs is indirect, understanding how ITGCs interact and affect an auditor’s risk assessment is often challenging for students. This case helps students assess overall ITGC risk within an organization’s information systems. Students identify
…show more content…
IT Management IT management’s key concepts include IT’s position within the organization, whether IT goals are aligned with the organization’s strategic goals, the use of an IT steering committee, and whether the IT department’s structure promotes proper segregation of duties to protect the organization’s assets. Your primary concerns are:
● ● ● ●

Does FFC have an IT strategic plan? To whom does the Chief Information Officer (CIO) report? What key responsibility areas report to the CIO? Does FFC have an IT steering committee? Is so, who are the members?

Issues in Accounting Education, February 2009

Assessing Information Technology General Control Risk: An Instructional Case


Systems Development The key concepts within systems development include the existence of a new systems implementation methodology, project management, pre- and post-implementation reviews, quality control, adequate testing, and demonstrated compliance with the selected implementation methodology. Based on this understanding, your team’s primary concerns are:
● ● ● ●

Does FFC design, develop, and implement systems in a logical fashion? Does the organization consider internal controls as an integral part of systems design or does it retrofit them after implementation? To what extent is FFC’s Internal Audit department involved in systems