Vendor Tool EvaluationThe Sarbanes-Oxley Act (SOX) of the U.S. Congress established the PCAOB (Public Company Accounting Oversight Board) in 2002 to oversee Certified Public Accounting (CPA) firms that are engaged to audit or participate in the audit of public companies financial statements. The PCAOB has since adopted the Generally Accepted Auditing Standards (GAAS) to govern and evaluate the auditor's work when engaged to audit public companies. GAAS consists of three standards:
Reference: www.pcaobus.org Reference: www.aicpa.org Misleading IT Auditing Tools Vendors Claims: Some vendors make the claim that their IT auditing tools and platforms are "SOX compliant." The notion that a tool or a platform is "SOX compliant" is categorically misleading because auditors use IT auditing tools and platforms to aid in testing, engagement management and evidence gathering during the planning phase and performance of their fieldwork. We evaluate IT auditing tools (FREE OF CHARGE) to determine their relevance and effectiveness for use in the IT audit practice. We determine where in the Framework for Auditing Financial Statements in the CLOUD Ecosystem a specific IT auditing or audit management tool or platform can be used to (a) plan the IT audit engagement (b) manage the audit engagement (c) perform test of controls (d) conduct statistical analysis and (d) gather and report audit evidence. The Framework for Auditing Financial Statements in the CLOUD Ecosystem was developed in conformity with AICPA SAS 104-111, SOX 404, AICPA SSAE 16 SOC 1, AICPA AT 101 SOC 2, SOC 3, COBIT, COSO, and PCAOB AS5, PCI-DSS standatds. Tools that are determined to be fit for use are listed under the Certified Tools menu along with a description of the specific utility each tool provides in the audit process. Vendors of IT auditing tool and platform are welcome to request evaluation of their tools and platforms. Follow this link to request tool evaluation. Benefits to IT Auditing Tool Manufacturers:
|
SaaS Testing |
API Testing
|
PaaS Testing |
IaaS Testing
|