P1: IML/FFX P2: IML/FFX QC: IML/FFX T1: IML
PublicAcc WL040/Bidgolio-Vol I WL040-Sample.cls June 19, 2003 16:55 Char Count= 0
IMPLEMENTATIONCONSIDERATIONS 151consulting. Continuing education IT programs offered
by state CPA societies include such topics as Web-based
financial reporting and analysis (XBRL), security, and
expanding a CPA firm’s services through use of new
technologies.
Many state CPA societies, as well as the AICPA, have IT
committees to serve members who specialize in that area
and members who want to increase their IT knowledge so
they can expand and enhance the services they offer and
can assist clients with their IT needs. For example, the
Florida Institute of CPAs (n.d.; personal communication,
Hue T. Reynolds, April 16, 2002; personal communication,
Stam W. Stathis, April 24, 2002) has an E-Commerce Sec-
tion that provides an Internet-based chat room for mem-
bers, online expert Q &A, and a member directory. The
institute is interested in helping its members expand their
use of the Internet beyond just e-mail. The institute and
its E-Commerce Section see IT as enabling members to
expand their services into e-business opportunities and
to share their IT expertise with clients who are seeking to
expand their services through use of IT.
The AICPA’s Information Technology Section is open
to all AICPA members and qualifying non-CPAs. Members
receive IT updates and a software news report (eight times
per year), as well as Technology Alerts on major tech-
nology news. The ability to network with a large group
of other CPAs involved with IT work is also a benefit of
joining. The section also sponsors the annual AICPA Tech
conference.
In 2000, the Information Technology Alliance (ITA)
merged into the AICPA to form the IT Alliance. ITA was
a 30-year old organization made up of value-added re-
sellers, accounting software vendors, chief information
officers (CIOs), chief technology officers (CTOs), and CPAs
involved with technology. The ITA members joined AICPA
members interested in IT consulting to form the new
AICPA section. The IT Alliance existed within the AICPA
along with the IT Section until they separated in April
2002 due to strategic decisions of both the ITA and AICPA.
The AICPA continues to be an institutional member of the
ITA, and the organizations will continue to work together
in some ways. The primary focus of each organization
varies somewhat in that the IT Section of the AICPA fo-
cuses more on assisting CPAs in using technology more
effectively, whereas the ITA focuses on assisting mem-
bers (which includes CPAs) in their roles as providers of
IT-based solutions for clients.Certified Information Technology Professional
In 2000, the AICPA began a new IT certification for CPAs.
The designation is known as the Certified Information
Technology Professional (CITP). The CITP designation
helps the public to view CPAs as IT professionals, im-
proves the quality of the IT services provided by CPAs,
and aids in the development of practices in the IT area. A
CITP is described by the AICPA as someone who serves in
an organization as the “bridge between management and
the technologist” (AICPA promotional literature). To be-
come a CITP, a person must be a member in good standing
of the AICPA, have a CPA license, pay a fee, submit a writ-
ten statement of intent to comply with the requirements
for reaccredidation and payment of the annual renewalfee, and generate at least 100 points through a combina-
tion of experience, lifelong learning (such as continuing
education seminars), and examination results.
The type of experience that qualifies and that is covered
on the CITP examination falls into the following eight cat-
egories:- Information technology strategic planning (18%)
- Information systems management (15%)
- Systems architecture (11%)
- Business applications and e-business (16%)
- Security, privacy, and contingency planning (11%)
- System development, acquisition, and project manage-
ment (13%) - Systems auditing/internal control (8%)
- Databases and database management (8%)
The percentages shown indicate the weight given
to that topic on the CITP examination. This 2-hour,
computer-based exam is administered twice per year and
consists of 100 objective questions. To pass, a member
must answer at least 75 questions correctly. The CITP Web
site provides considerable information on the eight topics,
including links to articles on specific technologies, uses,
and implementation. The CITP Web site is coordinated
with the Top Tech site sponsored by the AICPA that pro-
vides background information on technology issues (such
as security and disaster recovery), applications (such as
data mining and document management), types of tech-
nology (such as wireless and authentication), emerging
technologies (such as m-commerce and electronic evi-
dence), and case studies (best practices shared by practi-
tioners). The AICPA also offers training to help members
earn the CITP designation.Information Systems Audit and Control Association
Information systems (IS) audits have played an important
role in the public accounting profession. Weber (1999) de-
fined IS auditing as the process of collecting and evaluat-
ing evidence to determine whether an information system
safeguards assets, maintains data integrity, achieves orga-
nizational goals effectively, and consumes resources effi-
ciently. Sayana (2002) further stated that the purposes of
IS auditing are to evaluate the system, to provide assur-
ances that information in the system is being effectively
used, and to make suggestions on how to improve the sys-
tem. Bagranoff and Vendrzyk (2000) described IS audit
practice as “stand alone with very close ties [to financial
audit].” IS auditors support financial audits by providing
risk assessment services to point out weaknesses that may
impact the client’s financial statements or impact the busi-
ness as a whole. IS auditors also offer consulting services
such as penetration testing and security diagnostics based
on the system weaknesses they find in their audits. Most
organizations that support IS auditing are involved with
the overall improvement of auditing control objectives to
limit organizational risk.
The Information Systems Audit and Control Associ-
ation (ISACA, n.d.) is the most dominant organization
in regard to information systems auditing and has an