Volume 15 Issue 04, April 2025
Impact factor: 2019: 4.679 2020: 5.015 2021: 5.436, 2022: 5.242, 2023:
6.995, 2024 7.75
http://www.internationaljournal.co.in/index.php/jasass
16
CONTROL TOOLS IN INFORMATION TECHNOLOGY
Yuldasheva Saodat Khalmurzaevna
PhD and associate professor at International School of Finance
Technology and Science, department of “Accounting”
Abstract:
The article is devoted to current issues of the risk-oriented approach of international
audit standards. The article contains explanations and examples, the study of which reveals the
features of conducting a risk-oriented audit. The author pays special attention to the procedures
for risk assessment in audit.
Key words:
risk assessment, information technology, material misstatements, audit risks,
controls, inherent risk.
Introduction
International Standards on Auditing (ISA) are an important part of the audit sphere of any
country that has a significant number of foreign companies on its territory and/or foreign
investors are interested in domestic companies.
It is the international auditing standards that allow for the formation of a unified approach in the
process of auditing companies from different countries, which enables investors and other
interested parties to quickly and most accurately conduct a comparative analysis. In general,
ISAs make the audit process unified in terms of its objectives, methodology, techniques used,
level of responsibility of auditors and audited entities, and so on.
The requirements of ISA 315 regulate the list of information or the area of knowledge of an
audit specialist about the company and actions in the event of detection of possible risks.
Effective and correct processing of information by IT means is possible provided that the
following means are used.
General controls in information technology
.
They can carry out their work in any applications. They are based not only on computer
programs, but also on operations carried out "manually".
Applied control tools
.
Application controls in IT are related to specific software that is used at the business process
level. Application controls can be preventive or detective and are designed to ensure the integrity
of accounting records.
Typical application controls relate to the procedures used to initiate, record, process, and
summarize transactions or other financial data. These controls ensure that transactions are
authorized to be made and that they are completely and accurately recorded and processed.
Examples include input validation with the ability to correct input and numerical sequence
validation with the ability to manually correct based on deviation reports.
Business process level controls.
The essence of such processes is reduced to a certain algorithm of operations, the purpose of
which is to achieve a planned result in a specific period of time. Business process management is
aimed at operations that are repeated day after day - transaction processing.
There is a generally accepted classification of control tools implemented at the business process
level. The first type: preventive tools. The second type: detective tools. Compensatory tools of
Volume 15 Issue 04, April 2025
Impact factor: 2019: 4.679 2020: 5.015 2021: 5.436, 2022: 5.242, 2023:
6.995, 2024 7.75
http://www.internationaljournal.co.in/index.php/jasass
17
control belong to the third type. They are also called targeted tools. An integrated approach and,
accordingly, the use of all three types of control tools ensures the minimization of errors. In turn,
detective control allows you to identify errors only after they occur. The consequence is the
development of a set of measures to correct the consequences that have occurred. Compensatory
tools of control are used if it is impossible to use other tools. It is also important to note the
guiding elements of control. Their main task is to determine the "trajectory" of achieving the set
goals.
The nature of controls at the business process level depends on the application. Differentiation of
duties and transaction approval levels, as well as automated controls, are the main components of
the company's management system. In turn, automation implies the automatic assignment of
business account numbers, preparation and verification of bank settlements, and reconciliation of
actual results with the approved budget. Let's take a closer look at the benefits and risks of
manual control.
In case of using both automatic and manual control means, it is important to appoint a person
responsible for these operations..
For example, a product shipment operation. Several specialists are involved in this process: a
warehouse manager, a warehouse manager, IT specialists, and an accountant. It is also important
to note the guiding elements of management. Their main task is to determine the "trajectory" for
achieving the set goals. Thus, if a discrepancy is detected between the actually shipped goods
and the quantity according to the documents, responsibility will extend to all of the above
positions.
Accordingly, it will be almost impossible to determine the culprit of the error. This means that it
is necessary to appoint one specialist to the position of the responsible person, who will control
the entire process of shipping the goods and be responsible for it.
The term "business risk" is interpreted differently in educational literature. However, the authors
agree that this definition includes the concept of the risks of material misstatement of financial
statements. At the same time, there is a risk of entrepreneurial activity. Its frequent causes are
abrupt changes in the external environment, as well as the inability of entrepreneurs to accept
these changes and "adapt" to new trends and requirements. Factors that have a significant impact
on the changes that occur can be:
- launch of a new product on the market that is not in demand by buyers;
- damaged reputation of the enterprise;
- actions of competitors.
In a situation where the auditor truly understands the existing and potential business risks, the
probability of identifying such risks increases. The important fact is that the auditor does not
assume responsibility for identifying and incorrectly assessing absolutely all possible business
risks.
The sufficiency of information or the scope of knowledge of the subject relates only to subjective
professional opinion. The auditor's knowledge is lower than that of the entity's management in
the area of the entity's management.
The auditor must record the main points of understanding obtained on each aspect of the subject
and its environment. Professional judgment should be used in documenting these matters.
The documentation
will include:
Volume 15 Issue 04, April 2025
Impact factor: 2019: 4.679 2020: 5.015 2021: 5.436, 2022: 5.242, 2023:
6.995, 2024 7.75
http://www.internationaljournal.co.in/index.php/jasass
18
1. Discuss with the audit team the sensitivity of the entity's financial statements to material
misstatement, whether due to error or fraud, and the significant decisions made.
2. Key aspects to understanding the topic related to:
– Any aspect of the subject described above and its environment;
– All elements of the system related to internal control;
– Sources of information that enable a complete picture to be formed of what is happening;
3. Risks of material misstatement at the financial statement and assertion levels.
4. Identified significant risks and assessment of appropriate controls.
Conclusion
When drafting documents, there must be written confirmation of the acceptance by the
management of the company of the subject of responsibility for the organization and
implementation of the internal control system. Thus, there is no need to prepare new
documentation every year. If possible, documents for the previous year are updated to reflect
changes and new information.
Reference
1.
Vasiltsova N.T. Audit of financial statements according to international standards // Actual
problems of socio-economic development of Russia. 2020. No. 1. Pp. 11-13.
2.
Gorodilov M.A. Limits of application of international auditing standards // Economic
environment. 2021. No. 2 (36). Pp. 27-32. DOI 10.36683 / 2306-1758 / 2021-2-36 / 27-32
3.
Zaslavskaya I.V., Smagina I.V. Accounting. Moscow: MISI MGSU, 2019. 120 p. URL:
https://www.iprbookshop.ru/95515.html
4.
Kirichenko E.A., Selyutina S.V., Smagina M.N. International standards of audit. Tambov:
Publishing house of FGBOU VPO "TSTU", 2014. 136 p.
5.
Kirichenko E.A., Smagina M.N. Audit of industrial enterprise. Part 1. Tambov: Publishing
house of FGBOU VO "TSTU", 2017.
6.
Kirichenko E.A., Smagina M.N. Audit of industrial enterprise. Part 2. Tambov: Publishing
house of FGBOU VO "TSTU", 2017.
7.
Kirichenko E.A., Smagina M.N. Practical audit. Tambov. Publishing House of FSBEI HE
"TSTU", 2019.
8.
International Standard on Auditing 230 "Audit Documentation"
9.
International Standard on Auditing 300 "Planning an Audit of Financial Statements"
10.
International Standard on Auditing 315 (Revised) "Identifying and Assessing the Risks of
Material Misstatement through Understanding the Entity and Its Environment"
11.
International Standard on Auditing 200 "The Independent Auditor's Primary Objectives and
Conducting an Audit in Accordance with International Standards on Auditing"
12.
International Standard on Auditing 330 "Audit Procedures Responsive to Assessed Risks"
13.
International Standard on Auditing 700 (Revised) "Forming an Opinion and Reporting on
Financial Statements"
14.
International Standard on Auditing 701 "Communicating Key Audit Matters in the Auditor's
Report"
15.
Mikhailova K.O., Asfandiyarova R.A. ISA 230 "Audit Documentation" Content and
Implementation Problems in Russia // Modern Approaches to the Transformation of Concepts of
State Regulation and Management in Socio-Economic Systems: Collection of Scientific Papers
of the 10th International Scientific and Practical Conference Dedicated to the Year of Science
Volume 15 Issue 04, April 2025
Impact factor: 2019: 4.679 2020: 5.015 2021: 5.436, 2022: 5.242, 2023:
6.995, 2024 7.75
http://www.internationaljournal.co.in/index.php/jasass
19
and Technology in the Russian Federation. Kursk: Kursk Branch of the Financial University
under the Government of the Russian Federation, 2021. Pp. 248-252.
16.
Rybin M.V., Vasiltsova N.T. Identification and Assessment of Risks According to
International Auditing Standards // Actual Problems of Socio-Economic Development of Russia.
2020. No. 3. Pp. 25-30
17.
Yuldashev Sherzod Zairjanovich. ENGLISH AND SUBJECT INTEGRATION IN
MATHEMATICS AND GEOGRAPHY. Zbiór artykułów naukowych recenzowanych. 201 pp
18.
Yuldasheva Saodat Khalmurzayevna, Yuldashev Sherzod Zairjanovich (2023/12/22).
OPPORTUNITIES
FOR
DEVELOPING
PROFESSIONAL
COMPETENCIES
OF
PHARMACEUTICAL INSTITUTE STUDENTS IN THE PROCESS OF LEARNING A
FOREIGN LANGUAGE. Best Journal of Innovation in Science, Research and Development,
148-153 pp
19.
Yuldasheva Saodat Khalmurzayevna, Yuldashev Sherzod Zairjanovich (2024/01/19)
Conformation Of the Foreign Language Competence of Pharmacy and Industrial Pharmacy
Students (IPER). Best Journal of Innovation in Science, Research and Development, 304-312 pp
20.
Yuldasheva Saodat Khalmurzayevna, Yuldashev Sherzod Zairjanovich (2024/01/19)
Investigating Non-English Major Students’ (Iper) Needs, Attitudes, And English Language
Learning Ways. INTERNATIONAL JOURNAL OF EUROPEAN RESEARCH OUTPUT, 170-
193 pp
21.
Yuldasheva Saodat Khalmurzayevna, Yuldashev Sherzod Zairjanovich (2024/3/19) Teaching
English Grammar to Iper Students within Internet Resources, Best Journal of Innovation in
Science, Research and Development, 462-472 pp
22.
ZAIRJANOVICH, Y. S., ANATOLIEVNA, T. M., & BOTIROVICH, T. B. (2025).
MODERN METHODS USED FOR ENGLISH LANGUAGE TEACHING IN UZBEK PUBLIC
INSTITUTES. SHOKH LIBRARY.
23.
Khalmurzaevna, Y. S. (2024). MAIN DIRECTIONS AND IMPROVEMENTS OF
INTERNAL AUDIT BASED ON INTERNATIONAL EXPERIENCE. Ethiopian International
Journal of Multidisciplinary Research, 11(12), 647-654.
24.
Khalmurzaevna, Y. S. (2024). THE IMPORTANCE AND EVALUATION OF INTERNAL
AUDIT FOR THE EXTERNAL AUDIT PROCEDURE. Ethiopian International Journal of
Multidisciplinary Research, 11(12), 637-646.
25.
Khalmurzayevna, Y. S., Nuriddinovich, F. S., & Karimovich, S. S. (2024). Ict in Teaching
Economics. Gospodarka i Innowacje., 47, 122-129.
26.
Юлдашева, С. Х., & Файзиев, Ш. Н. (2024). Составление Модифицированного Отчета
и Аудиторского Заключения По Финансовой Отчетности. Gospodarka i Innowacje., (45),
417-423.
