36. The auditor also should understand how IT affects the company's flow of transactions. The auditor should apply paragraphs .16 through .20, .30 through .32, and .77 through .79, of AU sec. 319, Consideration of Internal Control in a Financial Statement Audit , which discuss the effect of information technology on internal control over financial reporting and the risks to assess.
Note: The identification of risks and controls within IT is not a separate evaluation. Instead, it is an integral part of the top-down approach used to identify significant accounts and disclosures and their relevant assertions, and the controls to test, as well as to assess risk and allocate audit effort as described by this standard.