1 Some examples include: AICPA, SAS No. 104-111; IIA, Attribute and Performance Standard #1220.A3; ISACA Audit Standard S11.
2 The steps provided herein are not based on any standard, guideline, or specific model but rather the author’s attempt to provide steps consistent with risk assessment best practices in general. For example, there are some commonalities between this six-step process and the eight risk components of the COSO ERM model described in 1.1.2 below.
3 Some risks will already be at an acceptable level of risk and therefore will not need to be mitigated further.
4 Robert R. Moeller, “COSO Enterprise Risk Management: Understanding the New Integrated ERM Framework”, 2007, John Wiley & Sons: Hoboken, NJ, page 52.
5 Robert R. Moeller, “COSO Enterprise Risk Management: Understanding the New Integrated ERM Framework”, 2007, John Wiley & Sons: Hoboken, NJ, page 53.
6 For business and industry, those risks are most likely the charge of the entity’s internal audit function.
7 Originally in AS2.
8 Originally in SAS No. 94.
9 See Dimension 3, internal controls and ITGC for more on the controls that could mitigate IR associated with applications.
10 Middleware is software written to coordinate communications of some kind between two systems. In this document, middleware is software used to transfer data between two systems, platforms, or databases. It is customized for the two different systems by a vendor, consultant, or in-house IT. It ...