SAS 145 adds new documentation requirements for IT controls, both general and information processing. In this video, I explain the difference between general and information processing controls and what you need to do with respect to them when performing audit risk assessment procedures. I tell you which IT controls to look for and give examples of auditing these controls.

0:00 Introduction
0:50 SAS145
1:25 Documentation of control activities
3:44 Scalable IT documentation based on complexity
4:46 Complex IT systems
5:45 Simple IT systems
7:03 Risks from the use of IT
8:23 Controls of information processing
10:52 General IT controls
18:14 Pre-SAS 145 IT documentation
18:50 QuickBooks example
20:20 Summary of IT control documentation

#cpahalltalk

Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.