There is little doubt that, over the last five years, an increasing emphasis has been placed on the evaluation of internal controls embedded in computerized systems and information technology (IT).

As a result, auditors have a growing responsibility to understand and evaluate internal controls. Internal controls have been a part of certain laws such as, in the US, the securities acts of 1932 and 1933 and the Foreign Corrupt Practices Act of 1977. Auditing standards from the American Institute of Certified Public Accountants (AICPA) have required an assessment of control risk (e.g., the “audit formula”) for years. Beginning in the 1960s, the evaluation of controls became more complicated as computerized accounting systems became prevalent.