Search results

The pressure is on organizations to go beyond automating their internal audit activities and develop and integrate internal auditing into business processes of the enterprise. This paper aims to propose a “full power” continuous auditing (CA) model with three key components: electronic audit evidence functions; intra‐process auditing; and inter‐process auditing.

This paper follows a design science approach by identifying relevant problems from the current literature, defining the objectives of the study, designing and developing the “full power” CA model, and evaluating the model. The model supports business process‐centric auditing and enhances the business monitoring capacities of organizations enabling the fulfillment of increasingly stringent compliance requirements with internal policies as well as external regulations.

This work has attempted to fill the gap between the enterprise solutions offered by enterprise system providers and a structured approach to auditing within enterprise environments by proposing the IIPCA model which combines the automated controls inherent in the systems with continuous audits based on electronic audit evidence. The approach provides for auditing both within and between processes ensuring comprehensiveness of the audit process.

The paper makes a contribution by proposing a “full power” continuous auditing model on the principle of continuous monitoring and with predefined building block components; facilitating the integration of continuous auditing within business information processing in an enterprise using different building blocks; and giving practitioners insight on the adoption of the CA in the enterprise and how it will enhance their audit effectiveness, and audit efficiency.

Technological advances (e.g. e‐commerce and the Internet) have changed business practices and the process of recording and storing business transactions. Extensible Business Reporting Language (XBRL) will soon be built into accounting and reporting software which would allow on‐line real‐time preparation, publication, examination, and extraction of financial information. Thus, outside, independent auditors should use continuous, electronic auditing when most financial information exists only in electronic form under real‐time accounting systems. Continuous auditing and its implications for independent auditors, including internal control considerations and audit procedures, are described and analyzed.

The digital economy has significantly altered the way business is conducted and financial information is communicated. A rapidly growing number of organizations are conducting business and publishing business and financial reports online and in real-time. Real-time financial reporting is likely to necessitate continuous auditing to provide continuous assurance about the quality and credibility of the information presented. The audit process has, by necessity, evolved from a conventional manual audit to computer-based auditing and is now confronted with creating continuous electronic audits. Rapidly emerging information technology and demands for more timely communication of information to business stakeholders requires auditors to invent new ways to continuously monitor, gather, and analyze audit evidence. Continuous auditing is defined here as “a comprehensive electronic audit process that enables auditors to provide some degree of assurance on continuous information simultaneously with, or shortly after, the disclosure of the information.” This paper is based on a review of related literature, innovative continuous auditing applications, and the experiences of the authors. An approach for building continuous audit capacity is presented and audit data warehouses and data marts are described. Ever improving technology suggests that the real-time exchange of sensitive financial data will place constant pressure on auditors to update audit techniques. Most of the new techniques that will be required will involve creation of new software and audit models. Future research should focus on how continuous auditing could be constantly improved in various auditing domains including assurance, attestation, and audit services.

A question is posed; have audit and control of information in a high security environment, such as law enforcement, improved or not in the transition from manual to electronic processes? This paper attempts to elucidate this question by a thorough examination of information collection, control of processing and audit in manual processes used by the Queensland Police Service, Australia, during the period 1940‐1980. It assesses those processes against current electronic systems essentially introduced to policing in the decades of the 1980s and 1990s. The results of this assessment show that electronic systems provide for faster communications with centrally controlled and updated information readily available for use by large number of users connected across significant geographical locations. It is clearly evident that the price paid for this is a lack of ability and/or reluctance to provide improved audit and control processes. Thus, the claim can be made that audit and control processes may be considered to have been downgraded in the electronic world where standard commercial systems are used.

An important issue in online auditing is how to improve the reliability of online auditing in order to reduce the overall audit risk. In this paper, a reliability assessment and early-warning method of online auditing based on RC (rank centroid), AHP (analytic hierarchy process) and GM (1,1) is proposed from the perspective of information technology (IT) audit risk control.

The paper begins by structuring the AHP hierarchy to the reliability assessment of online auditing used in China. Then, RC is used to rank the importance of the assessment criteria. Pairwise comparisons of criteria are made based on the rank results of RC, and this leads to a matrix of comparisons. Next, the comparison matrices are translated into weights, and the reliability assessment and early-warning model of online auditing is constructed using the GM (1,1) model. A case illustration is given to analyze the application of this method.

Research results show that the reliability of the evaluation method designed in this paper is rigorous and effective. The reliability assessment and early-warning method of online auditing based on RC/AHP/GM (1,1) can assess and give an effective early warning of reliability changes in an online auditing system, which can meet the needs of current online auditing projects.

The results of this study have good potential for widespread future implementation of online auditing projects.

An effective reliability assessment and early-warning method of online auditing is proposed from the perspective of IT audit risk control in this study.

The purpose of this article is to provide a selective and comprehensive literature review based on previous research within auditing and enterprise systems (ES). This is done to identify research gaps, propose directions for future research and guide researchers and practitioners on how to better synthesize these two areas. Interaction between ES and auditing is in need of more academic research and practical investigation, which may lead to the development of better solutions, guidelines and frameworks.

A total of 31 academic studies from 2000 to 2010 were included in this study. After reading these studies, different areas had been selected and were addressed in five categories: the future of audit in ES environment, modern audit tools and techniques, changes of auditors' role, differences in perceptions between financial auditors and IT auditors, ERP and compliance with regulations.

ES implementation results in audit process reengineering and increases the need of continuous monitoring of transactions. The presence of IT auditors becomes critical, while financial auditors are asked to enhance their skills in order to be able to conduct effective audit tests. Modern audit tools and techniques must be used so that internal control processes will be appropriate for an ES.

It is not an exhaustive list and some relevant publications might have been overlooked. Much literature has been scanned by reading the title only. In order to conduct a comprehensive review the topical focus was kept relatively narrow on auditing and ES.

Researchers and practitioners must take into consideration the interaction between ES and auditing in order to advance research in this area. Companies must understand the changes that occur in the audit procedure due to ES implementation, so that they will design efficient audit tests and auditors must enhance their knowledge in order to be able to conduct these tests effectively.

This study uncovers and classifies current research within auditing and ES (focusing mostly on ERP systems).

The purpose of this paper is to explore the impact of technological change on the internal audit practices and skills requirements for internal auditors in an e-business environment.

Generalist internal auditors and specialist information technology (IT) internal auditors were surveyed online in ten countries, including the USA and the UK which, together, provided the majority of responses.

The results suggest a need for advanced IT-audit techniques in conducting the internal audit function, thereby increasing IT audit skill demands on generalist internal auditors. However, the results show a low confidence among internal auditors about their IT training and a continuing reliance upon IT audit specialists, rather than their own training/retraining.

The responses obtained in this study provide insight into both the status quo of the internal audit function, and to the changes that are needed to prepare generalist internal auditors for work in an e-business environment and, while the scale of the study limits the extent to which the findings may be generalized, they are consistent with the literature concerning the changing business environment and with the literature on resistance to change, suggesting that the issues revealed should be of concern.

The results reported in this paper are useful to internal auditing educators and regulators in their consideration of the skills needed by generalist internal auditors in e-business environment.

This study sheds light on a significantly growing area which remains relatively unexplored in the auditing-related literature, e-business audit. The study provides empirical evidence on challenges facing internal auditors in an e-business environment, thereby serving as a wake-up call, to both internal auditors and the professional bodies representing them, to defend their jurisdictional space against rival professional groups.

Finance, accountancy, auditing.

Supports information systems audit (ISA), auditing practises and controls, corporate governance and internal controls and financial management modules, business administration and MBA programmes.

The case study focuses on the implementation of ISA and information technology in the highly responsible task of executing financial audits The case emphasises on the fact that the advantages of ISA can only be reaped when they are amalgamated with an auditor's scrutiny, sharp eye, extensive knowledge of auditing systems and accounting principles and a rich experience of the auditing function. The suggested synergy also facilitates a reduction of around 60 per cent, in the cost of executing the audits and the man-hours required to complete the audit, as in the case of Jain Chowdhary & Company.

The case helps students to comprehend the relevance of audit trail. It emphasises on the importance of identifying the source of information and tracking raw data backward. It familiarises the students with the complexities involved in a real audit and emphasises on the role of logic, intelligence, diligence, patience and farsightedness while performing the auditing function. It is important for them to understand how White collar crimes take place in real business economy. This case, hence exposes students to these nuances and can make a student, from a non-commerce background, understand the key elements of efficient auditing. (Elaborate teaching objectives are appended in the teaching note.)

Teaching note.

Consistent with the requirements of online auditing performance assessments, the purpose of this paper is to propose an influence factors analysis method using analytic hierarchy process (AHP) and grey incidence analysis (GIA) to analyze the importance degree of influence factors on online auditing performance quantitatively.

A grey incidence model is developed to analyze the influence factors of online auditing performance based on the characteristics of online auditing. Then, the AHP is used to compute the weights of each assessment criterion of online auditing, and the performance of online auditing are computed. Finally, representing the performance assessment results computed by AHP and values of each assessment criterion as two sequences, GIA is used to analyze the importance degree of influence factors of online auditing performance quantitatively.

The main, secondary and minor influence factors of performance assessment of the online auditing project are identified. For online auditing projects, costs incurred are not the main influence factors of performance. Online auditing projects with higher benefits, higher quality and better design are the really effective ones. Besides, there is no direct relationship between the value of the weight of each criterion and the value of the degree of grey incidence.

The results of this study provide useful decision information to implement online auditing projects.

An effective method for analyzing the importance degree of influence factors of online auditing performance quantitatively is provided in this study.

As businesses increasingly use electronic data processing (EDP) techniques to process their accounting systems, auditors must gather critical information more efficiently. Such tools and techniques as electronic data interchange, the Internet and other modern technological subjects signal the end of the traditional audit. Technology has made inputting information for transactions and events more simple ‐ and evaluating the related controls and results more critical. Accumulating sufficient evidence needed to construct an informed decision means understanding where to look for that evidence, what control procedures to consider and how to evaluate those procedures. The purpose of this article is to draw attention to these issues and the recently issued SAS No. 80, which offers auditors guidance to accumulate sufficient evidence to audit their computerized clients. We also address some issues auditors may face in evaluating the security control in their clients’ businesses.