Search results

The purpose of this paper is to introduce a new concept: the online collaborative audit system, and to design a prototype system at the national level for financial auditors, members of a supervisory body.

Conceptualization, modelling, analysis, imagination, scientific abstraction and review of legislation are the research methods used.

An online collaborative audit system is defined as an interorganizational system which uses the methods of collaborative intelligence among the stakeholders of the audit process (audit firms, auditees, supervision bodies) in a given geographical area (e.g. country) and which is based on the Internet. By assessing the design of the system, we could anticipate that an online collaborative system is feasible to implement. The main characteristics of an online collaborative audit system are geographical dispersion, collaboration between the stakeholders of the audit process, electronic management of the audit documents, online/continuous auditing and dynamic virtual teams, etc.

The system presented in this paper aims to cover the research gap which exists in this area and also to produce a change of paradigm in the sense that nowadays the technology allows us to move the audit results to an integrated national platform for audit stakeholders. In this way, the transparency of audit results increases and the role of audit becomes more predictive compared with the traditional way of performing an audit. Compared with the research in the field, the system presented in this paper is innovative in the sense that it not only allows online auditing but also gathers the national audit community in a virtual environment, which allows information sharing and improvement of information access.

The online collaborative system for audit, which promotes collaboration between a large number of auditors and which is based on the networks of the supervision bodies, could be implemented not only by Romania, on which this research is based, but also by other countries.

The online collaborative systems for audit, which promotes collaboration between a large number of auditors and which is based on the networks of the supervision bodies, could be implemented not only by Romania but also by other countries.

Modern information systems (MIS) have increased the variety of information systems which have been and can be designed to such an extent that auditors must finally recognise the Law of Requisite Variety. The auditability of MIS is a double‐edged proposition since the variety of the MIS must be matched by auditors if they want to be recognised as control agents. Thus, either MIS variety must be reduced to match the audit variety achievable or the audit variety must be increased to match the existing MIS variety. In other words, an intelligent interface is needed between auditors and MIS. Auditors require a language and a communication channel to evaluate the internal controls of the MIS as well as the information generated by the MIS.

The purpose of this article is to provide a selective and comprehensive literature review based on previous research within auditing and enterprise systems (ES). This is done to identify research gaps, propose directions for future research and guide researchers and practitioners on how to better synthesize these two areas. Interaction between ES and auditing is in need of more academic research and practical investigation, which may lead to the development of better solutions, guidelines and frameworks.

A total of 31 academic studies from 2000 to 2010 were included in this study. After reading these studies, different areas had been selected and were addressed in five categories: the future of audit in ES environment, modern audit tools and techniques, changes of auditors' role, differences in perceptions between financial auditors and IT auditors, ERP and compliance with regulations.

ES implementation results in audit process reengineering and increases the need of continuous monitoring of transactions. The presence of IT auditors becomes critical, while financial auditors are asked to enhance their skills in order to be able to conduct effective audit tests. Modern audit tools and techniques must be used so that internal control processes will be appropriate for an ES.

It is not an exhaustive list and some relevant publications might have been overlooked. Much literature has been scanned by reading the title only. In order to conduct a comprehensive review the topical focus was kept relatively narrow on auditing and ES.

Researchers and practitioners must take into consideration the interaction between ES and auditing in order to advance research in this area. Companies must understand the changes that occur in the audit procedure due to ES implementation, so that they will design efficient audit tests and auditors must enhance their knowledge in order to be able to conduct these tests effectively.

This study uncovers and classifies current research within auditing and ES (focusing mostly on ERP systems).

Financial statements are not as important to investors as they once were, as technology has changed the way companies create value today. While these changes pose serious threats to the economic viability of auditing, they also create new opportunities for auditors to pursue. Both the American Institute of Certified of Public Accountants and the Canadian Institute of Chartered Accountants (CICA) Task Force on Assurance Services have identified continuous auditing as a service that should be offered. Continuous auditing is significantly different from an annual financial statement audit. A latest research report produced by the CICA defines a continuous audit as: “a methodology that enables independent auditors to provide written assurance on a subject matter using a series of auditors’ reports issued simultaneously with, or a short period of time after, the occurrence of events underlying the subject matter.” However, continuous auditing would present significant technical hurdles. These technical hurdles could be overcome if certain conditions exist. Computer‐assisted audit tools (CAATs) are one of the conditions that must exist in order to conduct the continuous auditing. CAATs are defined as computer‐assisted tools that permit auditors to increase their productivity, as well as that of the audit function. Therefore, with the real‐time accounting and electronic data interchange popularizing, CAATs are becoming even more necessary. The demand for timely and forward‐looking information hints that the continuous audit will eventually replace the traditional audit report on year‐end results.

Information technology (IT) largely affected contemporary businesses, and accordingly, it imposes challenges on the auditing profession. Several studies investigated the impact of IT, in terms of the extent of use of IT audit techniques, but very studies are available on the perceived importance of the said issue in developing countries. This study aims to explore the impact of implementing IT on the auditing profession in a developing country, namely, Egypt.

This study uses both quantitative and qualitative data. A survey of 112 auditors, representing three of the Big 4 audit firms as well as ten local audit firms in Egypt, is used to gather preliminary data, and semi-structured interviews are conducted to gather details/qualitative-pertained information. A field-based questionnaire developed by Bierstaker and Lowe (2008) is used in this study. This questionnaire is used first in conducting a pre-test, and then, the questionnaire for testing the final results is developed based on the feedback received from the test sample.

The findings of this study reveal that auditors’ perception regarding client’s IT complexity is significantly affected by the use of IT specialists and the IT expertise of the auditors. Besides, they perceive that the new audit applications’ importance and the extent of their usage are significantly affected by the IT expertise of the auditors. The results also reveal that the auditors’ perception regarding the client’s IT is not affected by the control risk assessment. However, the auditors perceive that the client’s IT is significantly affected by electronic data retention policies. The results also indicated that the auditors’ perception regarding the importance of the new audit applications is not affected by the client’s type of industry. The auditors find that the uses of audit applications as well as their IT expertise are not significantly affected by the audit firm size. However, they perceive that the client’s IT complexity as well as the extent of using IT specialists are significantly affected by the audit firm size.

This study is subject to certain limitations. First, the sample size of this research is somehow small because it is based on the convenience sampling technique, and some of the respondents were not helpful in answering the surveys distributed for this research’s purpose. This can be attributed to the fear of the competitors that their opponent may want to gather information regarding their work to be able to succeed in the competition in the market so they become reluctant to provide any information about their firm. Even some people who were interested to participate were not having enough time because the surveys were distributed during the high season of their audit work and there was limited time for the research to be accomplished. Hence, it is difficult to generalize the results among all the audit firms in Egypt because this limits the scope of the analysis, and it can be a significant obstacle in finding a trend. However, this can be an opportunity for future research. Second, the questionnaire is long and people do not have enough time to complete it. This also affected the response rate. In addition to this, the language of the questionnaire was English, so some respondents from the local audit firms were finding difficulty in understanding some sophisticated IT terms.

This study makes some recommends/suggestions that can well be used to solve some practical problems regarding the issues concerned. This study focuses on accounting information system (AIS) training during the initial years of the auditors’ careers to help staff auditors when they become seniors to be more skilled with AIS expertise needed in today’s audit environment. Clear policy statements are important to direct employees so that IT auditors evaluate the adequacy of standards and comply with them. This study suggests increasing the use of AIS to enhance individual technical and analytical skill sets and to develop specialized teams capable of evaluating the effectiveness of computer systems during audit engagements. This study further recommends establishing Egyptian auditing standards in this electronic environment to guide the auditors while conducting their audit work.

Auditors should prioritize causes of risks and manage them with clear understanding of who receives them, how they are communicated and what action should be taken in a given community/society. So, they have to determine and evaluate all risks according to the client’s type of industry (manufacturing, non-financial services and financial). Auditors also have to continually receive feedback on the utility of continuous auditing (CA) in assessing risk. In particular, it is better for the auditor to determine how the audit results will be used in the enterprise risk management activity performed by the management. In addition, privacy has several implications to auditing, and so, it has to be reflected in the audit program and planning as well as the handling of assignment files and reports. Alike, retention of electronic evidence for a limited period of time may require the auditor to select samples several times during the audit period rather than just at year end.

As mentioned, this study is conducted within a developing country’s context. The use and importance of IT is reality of time. However, very few studies are devoted to explore the use/importance of IT in auditing in developing countries, and thus, this study carries a significance to have better understanding about it. Moreover, knowledge of how IT is used, the related risks and the ability to use IT as a resource in the performance of audit work is essential for auditor effectiveness at all levels including developing countries.

As businesses increasingly use electronic data processing (EDP) techniques to process their accounting systems, auditors must gather critical information more efficiently. Such tools and techniques as electronic data interchange, the Internet and other modern technological subjects signal the end of the traditional audit. Technology has made inputting information for transactions and events more simple ‐ and evaluating the related controls and results more critical. Accumulating sufficient evidence needed to construct an informed decision means understanding where to look for that evidence, what control procedures to consider and how to evaluate those procedures. The purpose of this article is to draw attention to these issues and the recently issued SAS No. 80, which offers auditors guidance to accumulate sufficient evidence to audit their computerized clients. We also address some issues auditors may face in evaluating the security control in their clients’ businesses.

In 2002, The Institute of Internal Auditors (IIA) observed the 25th anniversary of the publication of its first Systems, Auditability, & Control (SAC) study. This paper reviews the development of the SAC projects and their impact on Information Systems (IS) auditing in particular. Three different research methodologies were used for collecting the data for this research. First, a rigorous literature review was conducted. Second, an oral‐history methodology was used to collect data via interviews. Third, notes and minutes from many early committee meetings of IIA, including the SAC Committee, were studied. The early years (1954‐1977) saw a dearth of related literature. Thus individual accountants and auditors found it difficult to acquire or gather information on emerging issues. The Systems, Auditability, & Control (SAC) study published in 1977 was one of the major attempts to codify IS auditing knowledge. This study has been followed up by three other SAC projects in 1991, 1994, and 2001. These SAC projects have provided some of the best guidance for IS auditors over these last 25 years. From the beginning of IS auditing, there has been a continued acceleration of technology. In particular, the audit process has been impacted by the proliferation of microcomputers.

This paper seeks to identify change factors within the various elements of the IS audit universe aiming to give practitioners and management insight about the state of the IS audit profession and its future directions, especially within the United Arab Emirates (UAE) context.

Potential change factors that are taking place in IS audit were initially identified based on a literature review and the experience of the authors within the field. These changes were then categorized within one of the elements of the IS audit universe. To validate the IS audit change factors, a questionnaire was chosen as a data collection tool. The survey was sent to relevant practitioners in the subject matter within the UAE and was completed by 62 respondents.

The study concluded that the role of IS auditors in lessening in applications and infrastructures audits and is strengthening in the arena of IT management audits.

The implication of study for IS audit practitioners is that they need to be better equipped to conduct IT management audits and to contribute value to their organization as part of IT governance endeavors rather than focusing on infrastructure and application audits. On the other hand, the implication for management is that they should be aware of the capabilities of IS audit and set their biggest value expectations in the area of IT management assurance and governance.

The paper makes a contribution by identifying change factors within the various elements of the IS audit universe aiming to give practitioners insight about the state of the profession and its future directions.

The rapid escalation of technology and the use of computers in business practice result in more information technology (IT) auditing and internal control standards and guidelines to assist auditors in their roles and responsibilities. Several organizations, such as the American Institute of Certified Public Accountants (AICPA), the International Federation of Accountants and the Information Systems Audit and Control Association (ISACA), have issued standards in this area to be observed by their members in performing an IT audit. This paper traces the evolution of US IT auditing and internal control standards in financial statement audits and discusses their significance for the auditing profession. We primarily focus on the discussion of the IT audit standards issued by the AICPA and ISACA. As the use of computers in business data processing gets more widespread and the integration of IT in business processes gets more intricate, we expect to see more pronouncements of IT audit standards in the future. Auditors should well understand these pronouncements, standards and guidelines when performing an IT audit.

This paper aims to analyse the implementation challenges faced by internal audit departments of public sector organisations and central banks when implementing continuous auditing (CA) systems. CA aims to monitor internal control systems and risk levels on a continuous basis to support the audit process. This study identifies the implementation challenges of CA systems and proposes adequate countermeasures.

This study employs the design science information system research and the design science research process methodologies to ensure the rigor of this analysis. These research methodologies are adopted to tackle identified organisational problems and propose solutions. This methodological approach consists in the following phases: identification of the problems and motivation; definition of the objectives of the solution; research design and development; evaluation; communication.

This study detects several implementation challenges for public sector organisations and central banks and proposes adequate solutions. This study finds that these challenges are related to organisations’ complexity, institutional rigidity, potential threats to internal auditors’ independence and the issue of considering CA system as a “real time error correction” mechanism. The solutions involve the development of a business process focussed audit approach to enable internal auditors to analyse CA indicators, and the use of CA systems to support each phase of the audit process.

This study contributes to the scant strand of literature on internal auditing in central banks. Given the exceptional demand for guidance concerning internal auditing in the public sector and in central banks, this paper provides guidelines for these organisations to implement CA systems and to tackle implementation challenges. The analysis allows internal audit departments within central banks to better support their organisations in the achievement of their important regulatory and policy objectives.