Audit and Assurance

Expand all | Collapse all

Linking/mapping CIA triad to Financial Statements Assertions

  • 1.  Linking/mapping CIA triad to Financial Statements Assertions

    Posted 12 Feb, 2020 01:34
    Good day

    I have over the years observed a case being constantly made about linking/mapping the three key principles (i.e. Confidentiality, Integrity and Availability) that should be guaranteed in any kind of secure system to Financial Statements assertions.  This is normally the case where IT auditors are supporting the audit of financial statements.

    Is this a justified call? Considering that the assertions are about classes of transactions, events, account balances and related disclosures for the period, while ITGC's for example, provides assurance that the IT environemnt guarantees confidentiality, intergrity and availability of systems?

    Also if possible, please share any work done to address this.

    Regards

    ------------------------------
    Jacob Motau
    Manager: Information Systems Audit
    ------------------------------


  • 2.  RE: Linking/mapping CIA triad to Financial Statements Assertions

    Posted 20 Feb, 2020 13:25
    Hello Jacob,

    For Financial Statements the key risk material misstatements to the Financial Statements.
    ISACA has many IT assurance programs as member to assist you.
    Please also review the following site for high level overview:
    https://pcaobus.org/Standards/Archived/PreReorgStandards/Pages/Auditing_Standard_12_Appendix_B.aspx


    ------------------------------
    Sal Rodriguez
    Director of Internal Audit
    CISA, CIA, CRMA, CCSA, CGAP, CICA, MBA, MS
    ------------------------------