How do IT governance and IT controls intersect with financial reporting ethics?

• A. IT controls only affect operational systems and do not influence financial reporting integrity.
• B. IT controls affect data integrity and access to financial systems; governance ensures IT risks are identified, addressed, and monitored in an integrated manner.
• C. IT governance is separate from financial ethics and unrelated to reporting.
• D. IT controls are optional and can be bypassed with manual processes.

Answer: (B)

IT governance and IT controls shape the reliability and ethics of financial reporting by ensuring data integrity and controlled access throughout financial systems. Governance provides the framework to identify IT-related risks that could affect reporting, embed appropriate policies, and monitor compliance in an integrated way with financial objectives. IT controls—covering data input, processing, and output; access restrictions; separation of duties; change management; and audit trails—protect the accuracy, completeness, and timeliness of financial data and make it harder for errors or intentional manipulation to occur. When these controls are aligned with governance, financial reporting reflects the true state of affairs, with clear accountability and traceability that support ethical behavior. Weak controls or fragmented governance create opportunities for errors or fraud and undermine reporting integrity. For example, limiting who can post to the general ledger, requiring approvals for changes to financial systems, and maintaining activity logs all reinforce ethical reporting and enable independent verification. The view that IT controls are only about operations, or that governance is separate from reporting, misses how tightly integrated IT risk management is with accurate and ethical financial statements.