Why Auditing Has Evolved From Traditional Auditing

Why It Auditing Evolved From Traditional Auditingwhy Is It Auditing C

Why IT auditing evolved from traditional auditing? Why is IT auditing considered an integral part of the audit function? Which U.S. federal law was developed/passed in reaction to major financial frauds, such as, Enron? Explain the details of the law and cite at least 3 relevant sections of the law related to the Enron case. What is IT auditing and describe the two broad groups of IT auditing? Explain why there should be alignment between IT and the objectives and goals of the organization. Explain, in detail, what information assurance is. List and describe each pillar.

Paper For Above instruction

The evolution of IT auditing from traditional auditing is a response to the increasing reliance on information technology systems in business operations. Traditional auditing focused primarily on financial statements and physical records, while IT auditing emphasizes evaluating the controls, security, and integrity of information systems that underpin organizational functions. As organizations integrated complex IT infrastructures, auditors recognized the need to assess technological environments to ensure data accuracy, confidentiality, and compliance, prompting the evolution of IT auditing as a specialized discipline (Gold et al., 2016).

IT auditing has become an integral component of the overall audit process because modern organizations depend heavily on information technology for daily operations, decision-making, and strategic planning. IT controls can significantly impact financial reporting, operational efficiency, and regulatory compliance. Consequently, auditors must evaluate not just financial records but also IT systems that support those records. This integration enhances audit effectiveness and provides stakeholders with assurance regarding organizational technology environments (CISA, 2014).

The Sarbanes-Oxley Act (SOX), enacted in 2002 in the United States, was developed in reaction to major financial scandals, including the Enron collapse, to improve corporate governance and restore investor confidence. The law increased transparency by imposing strict regulatory requirements on public companies and their auditors. Notably, Section 404 of SOX mandates management and external auditors to assess and report on the effectiveness of internal controls over financial reporting. Section 302 requires senior officers to certify the accuracy of financial statements, while Section 906 establishes criminal penalties for fraudulent financial activity, directly targeting accountability issues that led to Enron’s downfall (Lynch, 2004).

IT auditing encompasses the evaluation of an organization's information systems, including security, controls, and compliance with policies and regulations. It ensures that information technology supports organizational objectives effectively. IT auditing is broadly categorized into two groups: general controls and application controls. General controls encompass the overall IT environment, including access controls, security management, and disaster recovery. Application controls focus on specific business applications, ensuring data accuracy, completeness, and authorization within individual systems (ISO/IEC, 2018).

Aligning IT with organizational objectives is crucial because technology investments should directly support strategic goals to maximize value and minimize risks. Misalignment can lead to redundant or ineffective systems, increased vulnerabilities, and failure to achieve desired outcomes. Effective alignment ensures that IT initiatives promote operational efficiency, competitive advantage, and compliance with regulations (Harmon & Giaglis, 2002).

Information assurance involves ensuring that information is available, authentic, confidential, and has integrity to support organizational needs. It operates on four pillars: confidentiality, integrity, availability, and authentication. Confidentiality safeguards sensitive data from unauthorized access. Integrity ensures the accuracy and consistency of information over its lifecycle. Availability guarantees that information and systems are accessible when needed. Authentication verifies the identity of users and devices accessing data, ensuring only authorized entities can interact with critical systems (Stallings, 2017).

In conclusion, the progression from traditional to IT auditing reflects the modern need to safeguard complex technological environments integral to organizational success. The enactment of laws like SOX addresses the regulatory gaps exposed by scandals like Enron, emphasizing the importance of internal controls and accountability. Effective information assurance and alignment of IT with organizational goals are imperative for maintaining operational resilience, competitive advantage, and stakeholder trust.

References

• Gold, M., Hofmeyr, H., & Mula, J. (2016). Auditing information systems. Wiley.
• Certified Information Systems Auditor (CISA). (2014). Information Systems Auditing. ISACA.
• Lynch, C. (2004). The Sarbanes-Oxley Act of 2002: A comprehensive guide. Accounting Today.
• ISO/IEC 27001:2018. (2018). Information security management systems — Requirements. International Organization for Standardization.
• Harmon, P., & Giaglis, G. (2002). Strategic alignment of information technology: A framework and case study. MIS Quarterly, 26(4), 439-471.
• Stallings, W. (2017). Cryptography and network security: Principles and practice. Pearson Education.