 Copyright
Notice to Readers  What's New
Guide to Accounting Pronouncements and Sources, Sixth Edition
Significant Differences in GAAP in Canada, Chile, Mexico and the United States
Accounting and Reporting for Enterprises in the Development Stage
Accounting Bases Used in Canadian Government Budgeting
Accounting Changes — Background Information and Basis for Conclusions Section 1506
Accounting for Infrastructure in the Public Sector
Accounting for Tangible Capital Assets — Accrual Budgeting Issues
Accrual Budgeting by Canadian Federal, Provincial and Territorial Governments
Aligning Investment in Information Technology with Business Strategy: What CFOs Need to Consider (June 2005)
Application of Computer-assisted Audit Techniques, Second Edition
Assessing Risks & Controls of Investment Funds
Asset Retirement Obligations - Background Information and Basis for Conclusions Section 3110
Assurance Engagement Working Papers
Audit & Control Implications of XBRL
Audit Enquiry - Seeking More Reliable Evidence From Audit Enquiry
Audit Implications of EDI
Audit Implications of Electronic Document Management
Audit of a Small Entity
Audits of Non-profit Organizations
Canadian Performance Reporting
Cash Distributions — Amendments to Section 1540 — Background Information and Basis for Conclusions (September 2007)
Cash Flow and Other Per Share Information - Background Information and Basis for Conclusions Sections 1540 and 3500
Cash Flow Statements - Background Information and Basis for Conclusions - Section 1540
Comprehensive Income and Equity - Background Information and Basis for Conclusions Sections 1530 and 3251
Confirmation of Accounts Payable
Confirmation of Accounts Receivable
Continuous Auditing
Corporate Reporting to Stakeholders
Costing Government Services for Improved Performance Measurement & Accountability
Data Level Assurance
Differential Reporting - Background Information and Basis for Conclusions - Section 1300
Differential Reporting — Amendments to Section 3062 and AcG-15 — Background Information and Basis for Conclusions
Disclosures by Entities Subject to Rate Regulation - Background Information and Basis for Conclusions AcG-19
Disposal of Long-Lived Assets and Discontinued Operations - Background Information and Basis for Conclusions - Section 3475
 Electronic Audit Evidence
Foreword Study Group Executive Summary Definition and Characteristics Reliability of Electronic Audit Evidence Audit Approach Controls and Security Techniques Electronic Signatures Legal Implications Suggestions relating to Assurance Standards Chapter 1 — Introduction The Evolution of E-Business and its Impact on Audit Evidence Information Systems Integration Internal Integration External Integration Impact of Information System (IS) Integration Objective of This Report Chapter 2 — Definition and characteristics of electronic audit evidence Definition Attributes of Electronic Audit Evidence Digital Information Data Migration Logical Information Structure Metadata Differences Between Traditional Audit Evidence and Electronic Audit Evidence Introduction Source of Audit Evidence Altering or Modifying Audit Evidence Proof of Approval Completeness of the Information Reading the Information Information Format Availability of Audit Evidence Signatures Conclusion Chapter 3 — Impact of Integrated Systems on Documents Used as Audit Evidence Introduction Electronic Business Documents Documents Exchanged through Traditional Electronic Data Interchange (EDI) Systems Documents Exchanged in Cyberspace Electronic Contracts Electronic Procurement and Billing Systems Electronic Payment Instruments Electronic Funds Transfer (EFT) Electronic Data Interchange (EDI) Home Banking Credit Cards Electronic Cheques Electronic Cash and Small Payments Protocols and Electronic Payment Standards Enterprise Resource Planning (ERP) Systems Other Types of Internal Integrated Systems Digitized Documents Electronic Document Management (EDM) Systems Conclusion Chapter 4 — Audit Implications of Electronic Audit Evidence Introduction Proficiency Knowledge of the Entity's Business Sufficient Knowledge of Internal Control Information Systems Shared Systems Audit Approach Audit Risk Business Risk Entity's Strategy for Conducting Its Activities Electronically Total Dependence on the Information System (IS) Interdependence of Entity's Information System (IS) with Those of Business Partners Dependence on the Information System (IS) of Third Party Service Providers Data Confidentiality Legal Uncertainties Inherent Risk and Control Risk Loss of Data Integrity and Reliability Legal Invalidity Non-Authentication and Repudiation Failure of the Entity's Information System (IS) Failure of the Business Partners' Information System (IS) Failure of Outsourced Information System (IS) Unauthorized Access to Data Loss of Audit Trail Detection Risk Data in Electronic Form Data Retention and Accessibility Virtual Transactions Audit Approach Timing Quality and Reliability of Electronic Audit Evidence Appropriateness of Audit Evidence Reliability Criteria Other Considerations External Audit Evidence Electronic Confirmation Responses Detection of Misstatements and Illegal Acts Identification of Applicable Laws Service Organizations Shared Systems Documentation of Electronic Audit Evidence Chapter 5 — Controls Relevant to the Reliability of Electronic Audit Evidence Introduction General Controls Segregation of Incompatible Duties and Access Controls Retention, Archiving, Accessibility and Destruction of Electronic Documents and Other Data Encryption, Electronic Signatures and Digital Certificates Management and Audit Trails Information Technology (IT) Service Providers Business Partner Agreements Other Electronic Document Management Policies Information Classification Framework Data Trustees Controls Relating to Reliability Criteria for Electronic Information Introduction Controls Relating to Information Authentication What is Authentication? Why is Authentication Necessary? Authentication Control Techniques Controls Relating to Information Integrity What Is Integrity? Why Control Integrity? Integrity Control Techniques Nonrepudiation Controls What is Nonrepudiation? Why Control Nonrepudiation? Nonrepudiation Control Techniques Controls Relating to Information Authorization What is Authorization? Why Control Information Authorization? Authorization Control Techniques Other Considerations Relating to Information Controls Controls Relating to Data Availability What is Availability? Why Control Availability? Availability Control Techniques Controls Relating to Information Confidentiality What is Confidentiality? Why Control Confidentiality? Confidentiality Control Techniques Conclusion Chapter 6 — Electronic Signatures and Security Techniques Introduction Electronic Signatures Objectives of an Electronic Signature Different Types of Electronic Signatures Noncryptographic Security Techniques Introduction Password, Secret Code or Personal Identification Number Digitized Signature Smart Card and Authentication Token Biometric Identification Cryptographic Security Techniques Introduction Symmetric or Secret Key Cryptography Asymmetric or Public Key Cryptography Authentication Confidentiality Authentication and Confidentiality Limitations of these Techniques Combination of Secret Key and Public Key Cryptography Digital Signature Nonrepudiation and Integrity Confidentiality Signature Authentication Public Key Infrastructure Digital Certificate Management Cross Certification Key Management Encryption Keys and Signature Keys Key Pair Generation and Registration Encryption Key Backup Private Key Protection Key Updates and Replacement Key Revocation and Destruction Conclusion Hardware Security Modules Time Stamping Secure Socket Layer Single Sign-On and Privilege Management Infrastructure Firewalls Intrusion Detection System (IDS) Routers and Switches Virtual Private Network Security Infrastructure Chapter 7 — Computer-assisted Audit Techniques and Tools Introduction Scanners and Scripts Vulnerability Assessment and Intrusion Tests Control Procedure Databases Integrated Audit Functions Data Extraction and Analysis Software Real Time Audit Tools Embedded Audit Modules Concurrent Audit Tools Integrated Test Facility Intelligent Agents Web Audit Tools Conclusion Chapter 8 — Conclusions Relating to Assurance Standards Introduction Impact of Electronic Audit Evidence on Standards Existing Guidance on Electronic Audit Evidence Canadian, US and International Guidance Suggested Guidance on Electronic Audit Evidence Purpose of Suggested Changes Audit Evidence in an Electronic Environment Characteristics of Electronic Audit Evidence Defining Electronic Audit Evidence Attributes of Electronic Audit Evidence Differences Between Electronic Audit Evidence and Traditional Audit Evidence Nature of Audit Evidence Source of Audit Evidence Reliability of Electronic Audit Evidence Reliability Criteria Impact of Electronic Audit Evidence on the Audit Approach Methods of Obtaining Audit Evidence Audit Trail and Timing of Audit Procedures Electronic Confirmation Existing Guidance Relating to the Impact of Electronic Audit Evidence on Internal Control Canadian, International and US Guidance Suggested Guidance Relating to the Impact of Electronic Audit Evidence on Internal Control Internal Control Understanding Internal Control Audit Approach Assessment of the Components of Audit Risk Suggested Guidance on Documenting the Work Performed Chapter 9 — Legal Aspects of Electronic Documents Introduction Principal Laws Governing Electronic Documents and Signatures United Nations Commission on International Trade Law United States Europe Canada Federal Legislation Provincial Legislation Legal Recognition of Electronic Documents Legal Recognition of Electronic Signatures Admissibility of Electronic Signatures Admissibility of Electronic Documents in Evidence The Rule Against Hearsay Best Evidence and Original Evidence Rule Authenticity and Integrity Favourable Presumption Measures to Reduce the Risk of an Electronic Document Being Inadmissible Electronic Contracts Formation and Legal Validity of Contracts Presumption of Receipt of Electronic Documents Places of Sending and Receipt Electronic Agents Measures to Reduce the Legal Risks Associated with Electronic Contracts Retaining and Archiving Electronic Documents Retention and Archiving Policies Legal Uncertainties and Tools to Manage these Risks Legal Uncertainties Applicable Legislation Admissibility of Electronic Documents Admissibility of Electronic Signatures Electronic Contracts Tools to Reduce the Risks Reliability of Information Systems — Controls and Technologies Reliability of Electronic Signatures Retention and Archiving Policies Business Partner Agreements Appendix A — Examples of Audit Procedures in the Context of an Audit Involving Electronic Audit Evidence Audit Procedures Introduction Review of General Controls and Application Controls Review of Incompatible Functions and Access Controls Appendix B — Relevant Guidance on Electronic Audit Evidence in Canadian, International and US Standards Introduction Nature and Source of Audit Evidence Canadian Standard International Standard US Standard Reliability of Audit Evidence Canadian Standard International Standard US Standard Procedure Application Methods Canadian Standard International Standard US Standard Audit Approach Canadian Standard International Standard US Standard Timing of Audit Procedures Canadian Standard International Standard US Standard Appendix C — Summary of US and International Guidance Relating to the Impact of Electronic Audit Evidence on Internal Control Effect of Information Technology on Internal Control Professional Skills Obtaining a Sufficient Understanding of Internal Control Risk Assessment Audit Approach Tests of Application Controls and General Controls List of Acronyms and Abbreviations Glossary Bibliography List of Laws Electronic Filing and Reporting - Emerging Technologies and Their Implications
Electronic Filing of Information
Employee Future Benefits - Additional Disclosures - Background Information and Basis for Conclusions - Section 3461
Employee Future Benefits Implementation Guide, Second Edition (Updated November 2001)
Engagements to Audit Greenhouse Gas Emissions Information — Practice Guide
Financial Instrument Disclosures and Capital Disclosures - Background Information and Basis for Conclusions Sections 1535, 3862 and 3863 (July 2007)
Financial Instruments - Recognition and Measurement - Background Information and Basis for Conclusions Section 3855
Financial Instruments — Recognition and Measurement — Background Information and Basis For Conclusions Amendments to Section 3855 (December 2009)
Financial Reporting by Canadian School Boards
Financial Reporting by Investment Funds, Second Edition
Financial Reporting by Rate-regulated Enterprises
Financial Reporting by Small Business Enterprises
Financial Reporting in North America - Highlights of a Joint Study
The First Audit Engagement
Full Cost Accounting from an Environmental Perspective
General Standards of Financial Statement Presentation - Background Information and Basis for Conclusions - Section 1400
Generally Accepted Accounting Principles - Background Information and Basis for Conclusions - Section 1100
Going Concern - Amendments to Section 1400 - Background Information and Basis for Conclusions (June 2007)
Guide for Developing Quality Control Systems in Public Accounting
Hedges - Background Information and Basis for Conclusions Section 3865
The Impact of Technology on Financial and Business Reporting
Impairment of Long-Lived Assets - Background Information and Basis for Conclusions - Section 3063
Improving Disclosures About Financial Instruments (Amendments to Financial Instruments — Disclosures, Section 3862) (June 2009)
Income Taxes - Background Information and Basis for Conclusions - Section 3465
Indicators of Government Financial Condition
Intangible Assets — Background Information and Basis for Conclusions Section 3064 (September 2008)
Interactive Data — Building XBRL Into Accounting Information Systems
Interim Financial Statements - Background Information and Basis for Conclusions - CICA Handbook – Accounting Section 1751
Inventories - Background Information and Basis for Conclusions Section 3031 (June 2007)
Investment Companies - Background Information and Basis for Conclusions - AcG-18
Investment Companies - Amendments to AcG-15 and AcG-18 - Background Information and Basis for Conclusions (June 2007)
Liabilities and Equity - Background Information and Basis for Conclusions - Section 3860
Links between the Budget and the Estimates — Accrual budgeting Issues
Maintaining Quality Capital Markets Through Quality Information
Non-Monetary Transactions - Background Information and Basis for Conclusions Section 3831
Not-for-Profit Financial Reporting Guide
Not-for-Profit Organizations — Background Information and Basis for Conclusions 4400 Series (November 2008)
Professional Judgment and the Auditor
Rate-Regulated Operations — Amendments to Sections 1100 and 3465 and AcG-19 — Background Information and Basis for Conclusions (December 2007)
Reporting on Environmental Performance
The Role of Information Technology in Achieving Sustained Regulatory Compliance
Secure IT Infrastructure for E-commerce
Security for Wireless Systems (revised)
Segment Disclosures - Background Information and Basis for Conclusions - CICA Handbook Section 1701
Stakeholder Relationships, Social Capital and Business Value Creation
Understanding Disclosure Controls and Procedures: Helping CEOs and CFOs Respond to the Need for Better Disclosure
Use of Specialists in Assurance Engagements
Using Graphics in Corporate Reporting
| 
