Arthur Andersen, then one of the world’s largest auditing firms,
                  had performed Enron’s financial audits, effectively signing off on

                  their fraudulent practices as legitimate. The firm was later
                  convicted of obstruction of justice and, although the conviction was
                  later overturned by the Supreme Court, quickly collapsed due to
                  the loss of credibility they suffered in the wake of the Enron
                  scandal and other allegations of fraudulent behavior.




               Auditing Standards

               When conducting an audit or assessment, the team performing the
               review should be clear about the standard that they are using to assess
               the organization. The standard provides the description of control

               objectives that should be met, and then the audit or assessment is
               designed to ensure that the organization properly implemented
               controls to meet those objectives.

               One common framework for conducting audits and assessments is the
               Control Objectives for Information and related Technologies
               (COBIT). COBIT describes the common requirements that

               organizations should have in place surrounding their information
               systems.

               The International Organization for Standardization (ISO) also
               publishes a set of standards related to information security. ISO 27001
               describes a standard approach for setting up an information security
               management system, while ISO 27002 goes into more detail on the
               specifics of information security controls. These internationally

               recognized standards are widely used within the security field, and
               organizations may choose to become officially certified as compliant
               with ISO 27001.