ITAC Publications

• Application of Computer-assisted audit techniques - Second Edition (2007)
• Audit Implications of Electronic Document Management (1997)
• Audit Implications of EDI (1996)

Research Reports and Research Studies:

• Interactive Data - Building XBRL into Accounting Information Systems (2007)
• Secure IT Infrastructure for E-commerce (2005)
• Electronic Filing and Reporting: Emerging Technologies and Their Implications (2005)
• Electronic Audit Evidence (2003)

• The Impact of Technology on Financial and Business Reporting (1999) 

   

Guidance Publications:

• Privacy Compliance: A Guide for Organizations & Assurance Practitioners (Revised 2004)
• Information Technology Control Guidelines, 3rd Edition (1998)

Risk Management and Governance Publications:

• 20 Questions Directors Should Ask About Information Technology Security (2010)
• 20 Questions Directors Should Ask About IT Projects (2007)
• 20 Questions Directors Should Ask About the Information Technology Aspects of Business Continuity Planning (2005) 
• 20 Questions Directors Should Ask About Information Technology Outsourcing (2005) 
• 20 Questions Directors Should Ask About IT (Revised 2004)

White Papers:

• IT Strategic Planning for SMEs (2010) - NEW explores the need for an IT strategic plan, as well as of its nature and benefits, for small and medium-sized business owners and management. The paper, which describes the plan's content and its development process, includes three case studies of organizations that implemented IT strategic plans. These real-world scenarios offer insights into the benefits of developing IT strategic plans using a time-proven approach, as well as the potential pitfalls of ignoring key success factors. (French is available here).
• Data Centric Security (2009) - NEW Data that was once static and stored in one place now moves freely from platform to platform throughout the organization and beyond. This paper suggests that a data-centric policy should be the focus for management, auditors and others involved in securing data in this new mobile environment. The French version of the white paper is available here.
• Role of Information Technology in Sustained Regulatory Compliance (2006)  focuses on the importance of automated control activities and the role of IT in enabling reliance on those control activities to help organizations achieve sustained compliance and on how to leverage for other business purposes the corporate knowledge collected and maintained for compliance purposes.
• Audit & Control Implications of XBRL (Revised 2005) increases awareness of XBRL by explaining its purpose and its function, and highlights the audit and control issues that need to be considered once XBRL is implemented for financial and business reporting.
• Aligning Investment in Information Technology with Business Strategy: What CFOs Need to Consider (2005)  identifies the issues CFOs need to consider when they evaluate their organization's ability to effectively manage IT investments.
• IT Control Assessments in the Context of CEO/CFO Certification (2004) examines the importance of information technology controls in the context of recent regulatory changes, including the Sarbanes-Oxley legislation in the United States and the related Investor Confidence rules of the Canadian Securities Administrators.
• Security for Wireless Systems (Revised 2004)   focuses on the main issues that need to be considered when wireless networks and devices like cell phones and Personal Digital Assistants are used for transmission of data.
• Using an Ethical Hacking Technique to Assess Information Security Risk (2003)   explores an ethical hacking technique – referred to in the IT community as Penetration Testing – that organizations are increasingly using to evaluate the effectiveness of information security measures.
• Information Technology Outsourcing (2003)  presents a perspective on the matters that an organization addresses when considering IT outsourcing as an option. It is intended to provide topics for the consideration of business managers and auditors when they make or examine outsourcing decisions.

ITAC Briefs: 

• Cloud Computing: A Primer.  In this ITAC Brief, we explore some key areas within the topic of cloud computing.  We begin with the generally accepted definition of cloud computing, identify its value proposition, explore the audit and control implications of cloud, and close off with a list of further cloud computing resources.
• IFRS and Spreadsheets: A High-Risk Combination. This 4-Page Brief walks the reader through some of the challenges of using spreadsheets, or similar ad-hoc solutions, to manage the conversion from Canadian GAAP to IFRS. The Brief explores some high-profile incidents associated with "spreadsheet failure". Most important of all, it provides some key controls that users can implement when using spreadsheets. These controls were extracted from the PwC publication The Use of Spreadsheets: Considerations for Section 404 of the Sarbanes-Oxley Act. (The French translation of the publication is available here.)