Search results

The purpose of this paper is to shed light on the particular information needs of external auditors performing information technology (IT) audits at service providers in cross-organizational settings and to promote a software-based approach towards their satisfaction. The approach is intended to supplement the manual approaches currently adopted by auditors to procure information in such settings.

The authors analyzed data collected by means of a series of 16 interviews and four think-aloud sessions with experienced professionals.

Information procurement is perceived as tedious by auditors and largely relies on repeat interviews and perusal of documents. Given the growing complexity of cross-organizational settings, manual approaches to information procurement are reaching their limits. A considerable portion of the information required is often stored by service providers using software that is inaccessible to auditors. The authors argue that a software-based approach providing an interface for auditors to access relevant information held by such software presents an avenue worth exploring.

The authors outline how the information stored by service providers using software can be made accessible with reasonable effort. Complementing manual approaches to information procurement with an audit interface would reduce workload and increase quality.

The concept of an audit interface represents a novel and promising approach to meeting the information needs of auditors performing IT audits in cross-organizational settings more effectively. Both auditors and service providers would benefit from its implementation.

As technology integration in auditing continues to grow, it is important to understand how auditors perceive connections between use of generalized audit software (GAS) and audit benefits.

The DeLone and McLean information systems success model (2003) is adapted with audit-related uses of GAS as antecedents to information quality. Survey data on 188 current users of GAS, who are financial and IT auditors, is analyzed with partial least squares method.

For financial auditors, detecting material misstatements antecedent is the only significant indicator of information quality for GAS. For IT auditors, detecting control deficiencies and fraud significantly impacts information quality. Information quality influences use for both auditors; however, it only influences satisfaction with GAS for financial auditors. System quality impacts GAS satisfaction for only IT auditors and has no impact on GAS use for either type of auditor. Service quality influences use of GAS for financial, but not IT auditors. For both groups, service quality has no impact on satisfaction with GAS, and GAS use and satisfaction with GAS positively increases their perceptions of audit benefits.

Financial and IT auditors who use GAS are both focused on matching GAS use with their primary audit objectives. Results suggest that as GAS use increases, system quality may be important to satisfaction. Training should first focus on the usefulness of GAS to the audit to increase extent of use. Lastly, the more auditors use GAS and are satisfied with it, the greater their perception GAS contributing directly to benefit the audit.

The purpose of this paper is to explore the impact of technological change on the internal audit practices and skills requirements for internal auditors in an e-business environment.

Generalist internal auditors and specialist information technology (IT) internal auditors were surveyed online in ten countries, including the USA and the UK which, together, provided the majority of responses.

The results suggest a need for advanced IT-audit techniques in conducting the internal audit function, thereby increasing IT audit skill demands on generalist internal auditors. However, the results show a low confidence among internal auditors about their IT training and a continuing reliance upon IT audit specialists, rather than their own training/retraining.

The responses obtained in this study provide insight into both the status quo of the internal audit function, and to the changes that are needed to prepare generalist internal auditors for work in an e-business environment and, while the scale of the study limits the extent to which the findings may be generalized, they are consistent with the literature concerning the changing business environment and with the literature on resistance to change, suggesting that the issues revealed should be of concern.

The results reported in this paper are useful to internal auditing educators and regulators in their consideration of the skills needed by generalist internal auditors in e-business environment.

This study sheds light on a significantly growing area which remains relatively unexplored in the auditing-related literature, e-business audit. The study provides empirical evidence on challenges facing internal auditors in an e-business environment, thereby serving as a wake-up call, to both internal auditors and the professional bodies representing them, to defend their jurisdictional space against rival professional groups.

This synthesis covers academic research on the use of valuation, tax, information technology (IT), and forensic specialists on audit engagements. The importance and role of specialists on audit engagements have recently increased, and specialist use has garnered significant attention from regulators and academics. Given the PCAOB’s (2017b) recent proposal to revise auditing standards regarding specialists’ involvement, it is important to review the specialist literature as a whole. By integrating research across these four domains, I identify commonalities and differences related to: (1) factors associated with the use of specialists on audit engagements (including the nature, timing, and extent of use); (2) factors impacting auditors’ interactions with specialists (including specialists contracted by the auditor or management); and (3) outcomes associated with the use of specialists. This integrated analysis of the specialist literatures shows variation in the use of specialists, and various factors affecting both if and how they are involved and whether auditors use specialists internal or external to the audit firm. Additionally, research has sometimes (but not always) linked specialist involvement to higher audit quality. The commonalities and areas of variation identified are informative to audit research and practice, particularly as regulators and audit firms look to improve the quality of audits using specialists. Throughout the synthesis, I also provide a number of directions for future research.

The purpose of this article is to provide a selective and comprehensive literature review based on previous research within auditing and enterprise systems (ES). This is done to identify research gaps, propose directions for future research and guide researchers and practitioners on how to better synthesize these two areas. Interaction between ES and auditing is in need of more academic research and practical investigation, which may lead to the development of better solutions, guidelines and frameworks.

A total of 31 academic studies from 2000 to 2010 were included in this study. After reading these studies, different areas had been selected and were addressed in five categories: the future of audit in ES environment, modern audit tools and techniques, changes of auditors' role, differences in perceptions between financial auditors and IT auditors, ERP and compliance with regulations.

ES implementation results in audit process reengineering and increases the need of continuous monitoring of transactions. The presence of IT auditors becomes critical, while financial auditors are asked to enhance their skills in order to be able to conduct effective audit tests. Modern audit tools and techniques must be used so that internal control processes will be appropriate for an ES.

It is not an exhaustive list and some relevant publications might have been overlooked. Much literature has been scanned by reading the title only. In order to conduct a comprehensive review the topical focus was kept relatively narrow on auditing and ES.

Researchers and practitioners must take into consideration the interaction between ES and auditing in order to advance research in this area. Companies must understand the changes that occur in the audit procedure due to ES implementation, so that they will design efficient audit tests and auditors must enhance their knowledge in order to be able to conduct these tests effectively.

This study uncovers and classifies current research within auditing and ES (focusing mostly on ERP systems).

In 2001, the US moved to regulate internal control reporting by management and auditors. While some jurisdictions have followed the lead of the US, many others have not. An important question, therefore, is the relevance of internal control to stakeholders. The more specific issue of the benefits of US-style regulation of internal control reporting is also topical. We review studies on the determinants of internal control quality and its economic consequences for stakeholders including investors, creditors, managers, auditors and financial analysts. We extend previous reviews by focusing on US studies published since 2013 as well as all non-US studies investigating IC quality including countries regulating IC disclosure as well as unregulated settings and both developed and developing economies. In doing so, we identify research questions where evidence remains mixed and new directions in which there are research opportunities.

Three main insights arise from our analysis. First, evidence on the economic consequences of internal control quality suggests that the quality of internal control can have a significant effect on decision making by users of financial information. Second, the results of research on the empirical association between ownership structure, certain board characteristics and internal control quality is generally mixed. Empirical evidence concerning the association between audit committee characteristics and internal control quality generally supports a positive and significant association. Finally, while studies in non-US jurisdictions are increasing, opportunities remain to explore the determinants and consequences of internal control in other jurisdictions. Our review provides evidence for policy makers of whether there are benefits from requiring management and auditors to report on internal control over financial reporting.

This paper aims to analyse the relationship between the senior management and the information technology (IT) auditing undertaken in Italian banks, focusing specifically on the internal IT auditing. The purpose of this paper is to investigate senior executives’ expectations regarding IT auditing, the techniques IT auditors apply to meet these expectations, the degree to which senior managers are satisfied with the auditing and the expectation gap.

We conducted 22 interviews with senior managers and IT auditors of seven Italian banks, comprising large and small financial institutions, to gain data for our analysis.

We found that overall, the IT auditors’ contributions satisfy senior managers, even though they still see room for improvement. They expect more support for the IT governance processes, specifically for the alignment between IT investments and business needs and between IT risk management and the value that IT resources provide. In addition, they want IT auditors to focus more strongly on IT security. To meet these expectations, IT auditors would have to improve their technical and non-technical skills. These skills will allow them to expand their activities, to be more proactive and to take on effective roles in IT governance processes.

This study contributes to the existing literature by providing insights into the internal audit function’s evolving role and into banks’ IT audit activities. It also provides a valuable insight into senior management’s expectations regarding the role IT audit activities should play to support the profession and the banking policymakers, thus providing a better understanding of IT audit activities and improving these activities’ role.

The purpose of this study is to explore the social and collective foundations of the auditor’s judgment and specifically highlights that the dialogical dimension of auditors’ judgment is founded on both their interactions with their auditees and their interactions with their colleagues.

This qualitative study is based on interviews with 22 audit partners, conducted between March 2013 and October 2016, in France.

The research points out the complexity of auditor judgment. Confronted with issues such as equivocal and ambiguous circumstances, auditors must question the relevance of the meanings elaborated to act according to the situation (self-criticism or doubt) and must be wise and not be overconfident toward the information provided by the manager (wisdom). Last but not least, the findings also suggest that contrary advice helps auditors to improve an alternative point of view and hence reach a consensus.

The research uses a K. Weick sensemaking approach and contributes theoretically to gaining deeper understanding of the social dimension in audit judgment, by showing that professional judgment is an interactive and social practice.

Various forms of IT sourcing used by audit clients create issues of concern for external auditors. This article investigates the nature and basic characteristics of service‐oriented architecture (SOA), a modern information system architecture strategy, to ascertain whether the use of SOA by a service consumer audit client would have an impact on the activities typically performed by the external auditor. It was found that SOA presents a complete shift in the way IT application functionality is constructed and integrated and inevitably effects changes in the accounting system and the related internal controls of the SOA service consumer. As a result SOA has a significant impact on the activities performed during the audit process and introduces various SOA‐related aspects that need to be considered by the external auditor of a SOA service consumer.

This paper aims to uncover the practices of different privacy auditors to reveal the extent of any similarities in such practices. The purpose is to investigate the drivers of practices used by privacy auditors and to identify potential for improvements in the practice of privacy auditing so that privacy audits may better serve stakeholders.

Six semi-structured interviews with seven privacy auditors and regulators and an analyst across Australia, Canada, New Zealand and the USA are used as the basis for our analysis.

The study shows that some privacy auditors view privacy as an organizational issue, which means that all staff within an organization should understand the privacy issues that are relevant to the organization and to its customers. Because this practice goes beyond a mere compliance approach to privacy auditing, it indicates that there is a way to avoid the approach of merely applying standards from national data privacy laws which is an approach that has been subject to criticism because it is not applicable to the current situation of global applications and cross-border data. The interview themes demonstrate that privacy audits face significant challenges, such as the lack of a privacy auditing profession and the difficulty of raising the awareness of organizations and individuals regarding information privacy rights and duties.

Privacy auditing is mostly unexplored by academic research and little is known about the drivers behind the practice of privacy auditing. This study is the first to document the views of privacy auditors regarding the practices that they use. It also presents novel results regarding the drivers of the practice of privacy auditing and the interests of the beneficiaries of privacy audits. It builds on research that argues for the existence of best practices for privacy (Toy, 2013; Toy and Hay, 2015) and it extends this argument by providing reasons why privacy auditors may benefit from the use of best practices for privacy.