[The following paragraph was effective for fiscal years ending on or after November 15, 2007. It was amended, effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004.

Return to the current version.]

36.       The auditor also should understand how IT affects the company's flow of transactions. The auditor should apply paragraphs .16 through .20, .30 through .32, and .77 through .79, of AU sec. 319, Consideration of Internal Control in a Financial Statement Audit , which discuss the effect of information technology on internal control over financial reporting and the risks to assess.

Note: The identification of risks and controls within IT is not a separate evaluation. Instead, it is an integral part of the top-down approach used to identify significant accounts and disclosures and their relevant assertions, and the controls to test, as well as to assess risk and allocate audit effort as described by this standard.