The evolution of IT auditing and internal control standards in financial statement audits: The case of the United States

The rapid escalation of technology and the use of computers in business practice result in more information technology (IT) auditing and internal control standards and guidelines to assist auditors in their roles and responsibilities. Several organizations, such as the American Institute of Certified Public Accountants (AICPA), the International Federation of Accountants and the Information Systems Audit and Control Association (ISACA), have issued standards in this area to be observed by their members in performing an IT audit. This paper traces the evolution of US IT auditing and internal control standards in financial statement audits and discusses their significance for the auditing profession. We primarily focus on the discussion of the IT audit standards issued by the AICPA and ISACA. As the use of computers in business data processing gets more widespread and the integration of IT in business processes gets more intricate, we expect to see more pronouncements of IT audit standards in the future. Auditors should well understand these pronouncements, standards and guidelines when performing an IT audit.