Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: daixieit

ACC824, Fall 2022

Part I (30 points):

One of the most important topics that we have covered this semester is IT Audit Concluding.  It incorporates all the work that we did on IT Governance, Risks, Controls, and IT Audit.

Stitch Fix (SFIX) is a startup that has disclosed several material weaknesses in the company’s Financial Statements for 2019. (See Item 9A)

https://investors.stitchfix.com/static-files/96389147-1dbe-444a-b2cf-880a1bf7f99f

Required:  

1)  What are the material weaknesses that are disclosed?

2)  For each control failure thoroughly discuss:

A) The potential risks associate with the control failure

B) What do you think that the IT Auditors found that lead them to this conclusion?  Feel free make assumptions based on the discussions that we have had in class. 

C) Walk through the Concluding flowchart and discuss the steps that the IT Auditor must have taken to make the quite serious decision that a Material Weakness has occurred. 

3)  Were these Material Weaknesses correct by the 2020 year-end?  If so, for each, tell me

      Specifically what actions you think the company must have taken to satisfy Deloitte?  Base

      your answers on what we have learned about controls in this course.  

https://investors.stitchfix.com/static-files/f87e29e9-7e85-479a-8bc7-f235fcfef6db

Part II (30 points):

In the materials for Tuesday of Week 11 I posted two reports by KPMG on material weaknesses.  One is for IPOs and the other is for non-IPO companies.  Read these two reports.

1) Tell me about the issues and processes areas for each type of company (IPO vs. Non-IPO).  Where are they similar and where are they different?  

2) Do you think the causes of material weaknesses and the determinations by the auditors should be similar or different for these two types of companies?  Why?

Part III (40 points):

I asked your teams to talk about emerging technologies and their value, risks, and potential controls for their risks.  I only gave you about ten minutes to present your findings and every team did a terrific job.  I am so happy with the work that you did!

Now, let’s delve a little deeper because the time constraint forced each team to leave material out of the presentations.  

Required:

Choose 2 of the technologies - your assigned technology and one from another team.  If you were assigned to discuss RPA, DO NOT choose the other RPA presentation.  The same applies to Blockchain and AI.

Tell me what you have chosen and for each:

1) Identify three risks.  Be sure that these risks are grounded in the material that we have covered this semester.  If you would like, you can choose risks that were not covered in the presentations.

Tie these risks back to our discussion of risks, threats, vulnerabilities, etc. and     

discuss.  Explain why these risks are important to financial statement reporting and/or    

operations. 

2) Identify controls for these risks.  Be sure to thoroughly explain why the controls are important.  For example, it is not sufficient to say that the company should obtain SOC 2 reports.  What is it about these reports that will give the company comfort that these risks have been addressed?  What is covered by SOC 2 reports?

If you find it easier to talk about a particular company in an industry, that is fine.  It is not

required that you do research on a particular company, and I prefer that you do not.  If

picking a company helps you to focus your thoughts, that is fine.

Remember, each time has provided a bibliography with their slide deck.  That is a good

starting resource.

All course slides, including the group presentation slides are available on D2L.  Depending on your choices, not all topics or content will be relevant.  I cannot answer questions about acceptable length of answers.  Make your answers as thorough as you feel necessary.

Good luck!