ENRON Scandal Case Study: IT Audits, Controls, and Business Impact

Verified

Added on 2021/06/14

AI Summary

This case study analyzes the IT audit and control deficiencies that contributed to the ENRON scandal. It explores organizational and managerial risks, audit methodologies, and the importance of IT controls in maintaining data integrity and managing risks. The study also covers disaster recovery, business continuity planning, security controls, and the relationship between IT audits and financial reporting. Emerging industrial trends in IT auditing and the responsibilities of IT auditors are discussed, emphasizing the ethical, professional, and legal obligations crucial for preventing similar corporate failures. The analysis highlights the significance of robust IT controls, adherence to ISACA guidelines, and proactive risk management in ensuring business transparency and sound decision-making.

IT AUDITS AND CONTROL

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Contents
1. Introduction...................................................................................................................................2
2. Organizational and managerial risks in conducting IT audits and control activities......................2
3. Audit Methodologies.....................................................................................................................2
Design review Auditing.....................................................................................................................3
Post implementation in the regulatory environment..........................................................................4
4. IT controls.....................................................................................................................................4
Impact on business operations and managing risks............................................................................5
Measuring effectiveness of the system..............................................................................................5
5. Disaster Recovery and Business continuity plan...........................................................................5
Organizational Security Control........................................................................................................5
Authorization security control...........................................................................................................5
Operational Security control..............................................................................................................5
6. Requirements of IT Audits............................................................................................................6
Relationship with financial Reporting system...................................................................................6
7. Emerging industrial trends in IT auditing and control...................................................................6
Impact on business operation and decision making capabilities........................................................6
8. Responsibilities of an IT auditor....................................................................................................6
Professional Responsibilities.............................................................................................................6
Ethical Responsibilities.....................................................................................................................7
Legal Responsibilities........................................................................................................................7
9. Conclusion.....................................................................................................................................7
10. References:................................................................................................................................7

1. Introduction
The ENRON scandal was occurred in America due to the bankruptcy of Enron organization.
Arthur and Andersen was two main guilty of this act. The ENRON scandal give rise to new
policies structure to overcome the problem of fraud. The main cause of this scandal is the no
clear auditing report for the stakeholders of the company. The unethical practices of the
employees give rise to the modification and manipulation of balance sheet to hide the
situation of Debt. The limitation of the accounting system is the major cause of this act. The
manipulation in the balance sheet is effectively done because the accounting structure of the
company depends on the market value. The IT audit committee was designed by the
organization to develop internal audit reports and controls.
2. Organizational and managerial risks in conducting IT audits and control
activities
The undergoing of IT audits ad control in the Enron Corporation is deployed with the
numerous organizational and managerial risks. The major risks which is associated with the
IT audit is the recognition of the revenue generated by the organization. The market trading is
comply with the variation in the market price. The trading of the company depends on the
mark to market accounting principles for estimating future cash flow. The top executives
should take active participation in defining the roles and responsibilities of the audit program.
The risk management program should be designed for system security and recoverability
program. The ISACA guidelines and programs should be used for managing IT audits to find
out the organization and managerial risks associated with the enterprise.
3. Audit Methodologies
Understanding of the business plan: The internal auditing program was arranged for
accessing the corporate operations for achieving the ENRON organization goal to resolve the
future bankruptcy problem. The Service level agreement (SLA) should be designed on the
basis of ISACA guidelines to get an clear idea about the problems in the financial
management and support system organized for the enterprise.

Recognition of the key risks areas: There are three key risks areas which can be cope up with
the systematic flow of organization operation which are categorised as internal audit
programmes, functional operational plan, management of auditing committee.
Assessment of the Audit controls and process: The analysis of the documentation and trend
analysis are the major parts for assessing the audit control. The auditing testing tools are used
for checking the difference in the balance sheet.
Communication and monitoring program: The internal audit reports should provide the
opportunities to the individual department to rectify their concern areas. The review of the
auditing program should be arranged regularly.
Design review Auditing
The design review auditing depends on ISO 13485 standards. It constitutes of seven step
process:
Step 1: Process Identification: It focuses on arranging interview with the ENRON company
owner to reveal the problem.
Step 2: Initiation of the project: Approving of the internal funds for taking corrective action
plan according to the trend analysis.
Step 3: Development of Design history files: The identification of resources and process to
develop a design process.
Step 4: Identification of resources: The program should be developed for identifying the
resources and process.
Step 5: The team development plan helps in reviewing the distribution of roles and
responsibilities
Step 6: Identification of design and development process: The ISO standard should be
followed for troubleshooting the policies and procedures (Pavel, and Encontro, 2012)
Step 7: Monitoring of the design process which is undertaken for improving the performance
of the business organization (Saarni, 2015).
Post implementation in the regulatory environment

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

It focuses on
 Concurrency in the auditing division
 Reviewing of system environment on the basis of software license, and anti-virus kit
 Regular submission of the status report
 Preparing minutes of meetings
 Acceptance of the business deliverables
 Development of the contingency plan
 Determining the data centre flowchart for the audit control verification and validation
 Checklist of the control program
 Implementation of the internal control unit
 Trial run of the system
 Reviewing process for protocol implemented
 Support of financial service and remote accessing
 Generation of system ID and password
 Managing data conversion unit
 Control policy for input strategy
 Modification of the software
 Documentation of the audit report for trend analysis
 Use of FLEXCUBE system
 Hardware support for Flexcube environment
 Training program for data centre operators and system administrator to check of
auditing reports on the deployed system.
4. IT controls
IT controls is the framework for achieiving integrity confidentiality and and avaialibity of
data for propoer functioning of the system. There are two types of IT controls which are
categorised as IT controls for general policies and IT controls for application management.
The IT control policies built the environment of retrieving accurate data and information for
processing of the system. Control objectives for information technology (COBIT) are used
for managing the Enron corporation business requirement for effective control policies.

Impact on business operations and managing risks
The IT controls are used for managing the internal and external risks associated with the
business organization. The valuation of the business can be calculated by analysing the cash
flow into the business enterprise. The IT control policies helps in resolving the risks
associated with the business financial framework.
Measuring effectiveness of the system
The effectiveness of the system can be measured by analysing the increase in profit of the
organization. The increasing cash flow for the business organization means that IT audit
program is successful for handling business operation.
5. Disaster Recovery and Business continuity plan
Periodically disaster recovery plan should be formulated for the ENRON organization by
implementing IT audits on the information system of the enterprise for measuring the linkage
of the operational policies with the governance model (Li, 2010). The evaluation of the
system helps in maintaining data integrity and accuracy for resolving the financial risks of the
enterprise.
Organizational Security Control
The threats of cyber security attacks can be checked by implementing security control
policies for measuring the effectiveness of the system administrator in predicting the attack
proactively and takes its relative countermeasures (Moorthy, Mohamed, Gopalan, and San,
2011). The proactive action plan helps in resolving the issues of bankruptcy.
Authorization security control
The division of roles and responsibilities is deployed for checking the robust access control to
uniquely identifying the authorization mechanism in order to achieve data protection and
relevant access right (Progestic International Inc, 2015).
Operational Security control
The operational security controls should be deployed for managing the security policies for
physical data management program, process orientation program, technical controls, and
legal compliance controls (Ghosh, 2011).

6. Requirements of IT Audits
The efficiency and integrity of the ENRON organization can be improved by deploying the
Audit control policies in the financial services of the enterprise (Bing, Huang, Li, and Zhu,
2014). The ability of attestation function for the enterprise can be effectively improved for
the enterprise.
Relationship with financial Reporting system
The integral approach of the IT audit policies and procedures are used for managing financial
reporting system by analysing the cash inflow in the business enterprise and its associated
trend analysis.
7. Emerging industrial trends in IT auditing and control
The emerging industrial trends in IT auditing and control policies are helpful in managing
business to business operation and business to business and customer relationship. The value
chain should be evolved for managing the transparency in the business operation.
Impact on business operation and decision making capabilities
The IT audit program is used for managing the business operation and capabilities of the
manager for increasing the decision making capabilities. The ISACA guidelines and
programs should be used for managing IT audits to find out the organization and managerial
risks associated with the enterprise. It helps in providing greater visibility to the emerging
techonlogies for the welfare of the enterprise financial services and management program
(Bubilek, 2015).
8. Responsibilities of an IT auditor
The IT auditor is responsible for collecting the data and analysing it for the occurrence of
fraud in the organization curriculum policies (Cunnigham, and Harris, 2015). The trend
analysis should be developed based on the IT auditor report for analysing the cash inflow of
the enterprise.
Professional Responsibilities
The management of assets, liabilities, expenditure, and capital stocks are the professional
responsibilities of the IT auditor.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Ethical Responsibilities
The ethial code of conduct should b followed by the IT auditors during the development of
the financial services for the enterprise, The quality and integrated audits should be provided
to take effective decision in the welfare of the enterprise.
Legal Responsibilities
The liabilities of the organization should be made clear so that no issues and legal obligation
raise with the enterprise functionality program (Asthana, 2015). The IT auditor should have a
knowledge anout the ISACA guidelines for auditing program to give standard audit services
to the ENRON enterprise.
9. Conclusion
The IT controls are used for managing the internal and external risks associated with the
business organization. The valuation of the business can be calculated by analysing the cash
flow into the business enterprise.
10. References:
Asthana, A. (2015). The effect of Enron, Andersen, and Sarbanes, on the US market for Audit
service. 1st ed. Retrieved from
https://www.emeraldinsight.com/doi/abs/10.1108/10309610910975306?
fullSc=1&journalCode=arj
Bing, J., Huang, C., Li, A., and Zhu, X. (2014). Audit quality research report. 1st ed.
Retrieved from
https://www.rsa.anu.edu.au/media/319746/audit_quality_research_intern_report_smal
ler.pdf
Bubilek, O. (2015). Importance of internal audits and internal control in an organization. 1st
ed. Retrieved
fromhttps://www.theseus.fi/bitstream/handle/10024/129916/Bubilek_Olga.pdf?
sequence=1&isAllowed=y

Cunnigham, G., and Harris, J. (2015). Enron and Arthur Andersen: The Case of the crooked
E and the Fallen A. 1st ed. Retrieved from
http://citeseerx.ist.psu.edu/viewdoc/download?
doi=10.1.1.214.2234&rep=rep1&type=pdf
Ghosh, A. (2011). Dissertation report on A case study of Enron’s Failure. 1st ed. Retrieved
from https://www.slideshare.net/arpan_rkl/dissertation-report-on-a-case-analysis-on-
enron-failure
Li, Y. (2010). The Case analysis of the Scandal of Enron. 1st ed. Retrieved from
http://citeseerx.ist.psu.edu/viewdoc/download?
doi=10.1.1.663.9418&rep=rep1&type=pdf
Moorthy, K., Mohamed, S., Gopalan, M., and San, L. (2011). The impact of information
technology on internal auditing. 1st ed. Retrieved from
http://www.academicjournals.org/article/article1380899273_Moorthy%20et
%20al.pdf
Pavel, T., and Encontro, M. (2012). The Enron Scandal. 1st ed. Retrieved from
http://www.math.chalmers.se/~rootzen/finrisk/GR7_TobiasPavel_MyleneEncontro_E
NRON.pdf
Progestic International Inc.. (2015). Audit of information technology. 1st ed. Retrieved from
http://www.nserc-crsng.gc.ca/_doc/Reports-Rapports/Audits-Verifications/IT05Full-
IT05Detaille_eng.pdf
Saarni, J. (2015). Financial Fraud- Importance of an internal control system. 1st ed.
Retrieved from http://citeseerx.ist.psu.edu/viewdoc/download?
doi=10.1.1.882.1361&rep=rep1&type=pdf