Search results

This study aims to investigate the factors associated with the intention to use information technology in audit (ITIA) in Iraq.

The study uses a quantitative approach based on a questionnaire survey of 186 respondents. The study population includes respondents who are board members, senior executives, internal auditors and information technology (IT) assistants in various Iraqi organizations from different sectors. Structural equation modeling has been used to estimate the results.

The findings exhibit that most auditors in Iraq use basic IT software. However, among several specialized and advanced IT audit software packages, only generalized audit software is used by about 20%. The results also indicate that social factors significantly and positively impact auditors’ and practitioners’ perceptions of ITIA use. Moreover, the results reveal that companies and auditors who use or audit complex accounting systems perceive higher benefits and intent to adopt ITIA. However, the results report that organizational support, professional support, competency and IT education have an insignificant effect on ITIA adoption.

The originality of the present research lies in several aspects. First, the research study focuses specifically on Iraq, which is an emerging and less developed country influenced by social and economic. This research context provides a unique perspective and contributes to the understanding of ITIA adoption in less developed countries. The study investigates how external factors, including social and external pressure and the support of government professional bodies, affect the adoption of ITIA. Further, it assesses the influence of firms’ specific factors such as management support, level of competency and complexity of accounting information systems. Second, the study uses a quantitative approach with a questionnaire survey from various Iraqi organizations and sectors. The specific sample composition adds originality by capturing insights from different levels of organizational hierarchy and diverse professional backgrounds. Third, the findings shed light on the current IT usage in auditing practices in Iraq, highlighting that most auditors use basic IT software and the limited adoption of specialized IT audit software packages. Finally, the study’s originality is also reflected in its contribution to expanding knowledge on the perceived benefits and challenges associated with ITIA adoption in less developed countries. By emphasizing the need for broader awareness of emerging technology-enabled auditing software and considering the unique characteristics of less developed countries, the research provides valuable insights and implications for practitioners, policymakers and researchers.

This paper aims to uncover the practices of different privacy auditors to reveal the extent of any similarities in such practices. The purpose is to investigate the drivers of practices used by privacy auditors and to identify potential for improvements in the practice of privacy auditing so that privacy audits may better serve stakeholders.

Six semi-structured interviews with seven privacy auditors and regulators and an analyst across Australia, Canada, New Zealand and the USA are used as the basis for our analysis.

The study shows that some privacy auditors view privacy as an organizational issue, which means that all staff within an organization should understand the privacy issues that are relevant to the organization and to its customers. Because this practice goes beyond a mere compliance approach to privacy auditing, it indicates that there is a way to avoid the approach of merely applying standards from national data privacy laws which is an approach that has been subject to criticism because it is not applicable to the current situation of global applications and cross-border data. The interview themes demonstrate that privacy audits face significant challenges, such as the lack of a privacy auditing profession and the difficulty of raising the awareness of organizations and individuals regarding information privacy rights and duties.

Privacy auditing is mostly unexplored by academic research and little is known about the drivers behind the practice of privacy auditing. This study is the first to document the views of privacy auditors regarding the practices that they use. It also presents novel results regarding the drivers of the practice of privacy auditing and the interests of the beneficiaries of privacy audits. It builds on research that argues for the existence of best practices for privacy (Toy, 2013; Toy and Hay, 2015) and it extends this argument by providing reasons why privacy auditors may benefit from the use of best practices for privacy.

The purpose of the study is to explore the factors associated with the extent of security/cybersecurity audit by the internal audit function (IAF) of the firm. Specifically, the authors focused on whether IAF/CAE (certified audit executive [CAE]) characteristics, board involvement related to governance, role of the audit committee (or equivalent) and the chief risk officer (CRO) and IAF tasked with enterprise risk management (ERM) are associated with the extent to which the firm engages in security/cybersecurity audit.

For analysis, the paper uses responses of 970 CAEs as compiled in the Common Body of Knowledge database (CBOK, 2015) developed by the Institute of Internal Auditors Research Foundation (IIARF).

The results of the study suggest that the extent of security/cybersecurity audit by IAF is significantly and positively associated with IAF competence related to governance, risk and control. Board support regarding governance is also significant and positive. However, the Audit Committee (AC) or equivalent and the CRO role are not significant across the regions studied. Comprehensive risk assessment done by IAF and IAF quality have a significant and positive effect on security/cybersecurity audit. Unexpectedly, CAEs with security certification and IAFs tasked with ERM do not have a significant effect on security/cybersecurity audit; however, other certifications such as CISA or CPA have a marginal or mixed effect on the extent of security/cybersecurity audit.

This study is the first to describe IAF involvement in security/cybersecurity audit. It provides insights into the specific IAF/CAE characteristics and corporate governance characteristics that can lead IAF to contribute significantly to security/cybersecurity audit. The findings add to the results of prior studies on the IAF involvement in different IT-related aspects such as IT audit and XBRL implementation and on the role of the board and the audit committee (or its equivalent) in ERM and the detection and correction of security breaches.

This study examines the perceptions of interested stakeholders on the factors affecting the use of data analytics (DA) in financial statement audits. Response letters submitted by stakeholders of the auditing services to the International Auditing and Assurance Standards Board's (IAASB) Data Analytics Working Group (DAWG) served as sources for analysis.

The modified information technology audit model was used as a framework to perform a direct content analysis of all the 50 response letters submitted to the DAWG.

The analysis showed that a range of attributes, such as the usefulness of DA in auditing, authoritative guidance (auditing standards), data reliability and quality, auditors' skills, clients' factors and costs, were the factors perceived by stakeholders to be affecting the use of DA in external auditing.

This study is subjected to the limitations inherent to all content analysis studies. Nonetheless, the findings offer additional insights about potential factors affecting the adoption of DA in audit practices.

The data noted in the published statements highlighted the perceptions of a range of stakeholders with regards to the factors affecting the use of DA in auditing.

Practising internal and external auditors regularly find that crucial concepts governing how they operate are the twin terms of independence and objectivity. Part of the problem is that the two terms are often equated. The impact can be conflict with the auditee, misunderstanding with other stakeholders, impairment of efficiency and effectiveness, and role conflict within the internal audit department. The Institute of Internal Auditors is reviewing some of the cherished notions of internal audit in the light of pressures and developments in the business environment. It has already produced a new definition of internal auditing, which, as before, includes the terms independence and objectivity. Consistently, it decided to re‐evaluate these two terms, and established an international research team. This was the briefing submission from the UK, which was highly influential in determining the final product, not yet in the public domain. It considers professional statements and standards, research and developments in both internal and external auditing.

The purpose of this paper is to analyze the hurdles, compared with that in the United States, for the implementation of Continuous Auditing in China. As a timely, cost-saving and efficient auditing method, continuous auditing is being increasingly adopted throughout the world. However, while it is increasingly applied in the USA, continuous auditing is still in its infancy in China.

This paper compares and contrasts China and the USA in three important dimensions that determine the “economic architecture” of assurance: the business environment, the audit profession and technology.

The authors find that excessive government intervention in business, the lack of competition, independence of auditors, the support from management and the continuous auditing-specific regulations, as well as the technology gap between these two countries, are the main barriers for the implementation of continuous auditing in China.

The findings of this paper provide better understanding of the drivers of continuous auditing adoption in the USA and the barriers toward doing so in China.

The term “continuous auditing” has never been formally introduced until the release of the draft of the Internal Control Audit Guide in 2011.

The paper highlights how technology by itself is not deterministic, but given the extraordinary rise in the Chinese economy in both its size and its sophistication, it has be to assumed that its “leapfrog” into parity if not outright leadership in continuous assurance is still a matter of “when” and not of “if”.

As technology integration in auditing continues to grow, it is important to understand how auditors perceive connections between use of generalized audit software (GAS) and audit benefits.

The DeLone and McLean information systems success model (2003) is adapted with audit-related uses of GAS as antecedents to information quality. Survey data on 188 current users of GAS, who are financial and IT auditors, is analyzed with partial least squares method.

For financial auditors, detecting material misstatements antecedent is the only significant indicator of information quality for GAS. For IT auditors, detecting control deficiencies and fraud significantly impacts information quality. Information quality influences use for both auditors; however, it only influences satisfaction with GAS for financial auditors. System quality impacts GAS satisfaction for only IT auditors and has no impact on GAS use for either type of auditor. Service quality influences use of GAS for financial, but not IT auditors. For both groups, service quality has no impact on satisfaction with GAS, and GAS use and satisfaction with GAS positively increases their perceptions of audit benefits.

Financial and IT auditors who use GAS are both focused on matching GAS use with their primary audit objectives. Results suggest that as GAS use increases, system quality may be important to satisfaction. Training should first focus on the usefulness of GAS to the audit to increase extent of use. Lastly, the more auditors use GAS and are satisfied with it, the greater their perception GAS contributing directly to benefit the audit.

This paper seeks to identify change factors within the various elements of the IS audit universe aiming to give practitioners and management insight about the state of the IS audit profession and its future directions, especially within the United Arab Emirates (UAE) context.

Potential change factors that are taking place in IS audit were initially identified based on a literature review and the experience of the authors within the field. These changes were then categorized within one of the elements of the IS audit universe. To validate the IS audit change factors, a questionnaire was chosen as a data collection tool. The survey was sent to relevant practitioners in the subject matter within the UAE and was completed by 62 respondents.

The study concluded that the role of IS auditors in lessening in applications and infrastructures audits and is strengthening in the arena of IT management audits.

The implication of study for IS audit practitioners is that they need to be better equipped to conduct IT management audits and to contribute value to their organization as part of IT governance endeavors rather than focusing on infrastructure and application audits. On the other hand, the implication for management is that they should be aware of the capabilities of IS audit and set their biggest value expectations in the area of IT management assurance and governance.

The paper makes a contribution by identifying change factors within the various elements of the IS audit universe aiming to give practitioners insight about the state of the profession and its future directions.

The purpose of this paper is to explore the impact of technological change on the internal audit practices and skills requirements for internal auditors in an e-business environment.

Generalist internal auditors and specialist information technology (IT) internal auditors were surveyed online in ten countries, including the USA and the UK which, together, provided the majority of responses.

The results suggest a need for advanced IT-audit techniques in conducting the internal audit function, thereby increasing IT audit skill demands on generalist internal auditors. However, the results show a low confidence among internal auditors about their IT training and a continuing reliance upon IT audit specialists, rather than their own training/retraining.

The responses obtained in this study provide insight into both the status quo of the internal audit function, and to the changes that are needed to prepare generalist internal auditors for work in an e-business environment and, while the scale of the study limits the extent to which the findings may be generalized, they are consistent with the literature concerning the changing business environment and with the literature on resistance to change, suggesting that the issues revealed should be of concern.

The results reported in this paper are useful to internal auditing educators and regulators in their consideration of the skills needed by generalist internal auditors in e-business environment.

This study sheds light on a significantly growing area which remains relatively unexplored in the auditing-related literature, e-business audit. The study provides empirical evidence on challenges facing internal auditors in an e-business environment, thereby serving as a wake-up call, to both internal auditors and the professional bodies representing them, to defend their jurisdictional space against rival professional groups.

The point of exit in this research is that there should be an internal audit department in a national government department in South Africa to render a top‐class internal auditing service that is cost‐effective and affordable, preferred by clients, continuously complies with the standards of professional practice of internal auditing and best practice and have a positive impact on the national government department’s bottom line. The empirical research has highlighted several factors, including the ignorance of key role players and lack of professional proficiency on the part of internal auditors, as factors that impede the establishment and operation of an internal auditing function in the public sector in South Africa. It is recommended, that audit committees in the public sector should launch a joint marketing action, directed at key role players, to promote the potential value of a top‐class internal auditing service in the public sector, as well as the factors that impede it.