حسابرسی فناوری اطلاعات؛ فرصت یا ضرورت

نوع مقاله : مقاله پژوهشی

نویسندگان

1 گروه حسابداری، دانشگاه آزاد اسلامی واحد صحنه، کرمانشاه، ایران

2 دانشگاه آزاد اسلامی، واحد همدان،گروه حسابداری و مدیریت، همدان

10.22051/jaasci.2023.30006.1576

چکیده

هدف: با توجه به نقش و اهمیت فناوری اطلاعات در سازمان‌ها، هدف این پژوهش تبیین و تشریح چارچوب حسابرسی در حوزه فناوری اطلاعات و مرور نتایج پژوهش های انجام شده در این زمینه است.
روش: در این پژوهش ضمن مرور مبانی نظری حسابرسی حوزه فناوری اطلاعات، فرایند ها و چارچوب نظری ارائه شده به منظور اطمینان از کفایت کنترل‌های اعمال شده بر روی سیستم‌های اطلاعاتی و تائید اثربخشی مناسب این سیستم‌ها مورد بحث و بررسی قرار گرفته است.
یافته‌ها: یافته های پژوهش حاکی از آنست که با توجه به ظهور پرشتاب فناوری اطلاعات و تقاضا برای دسترسی سریعتر به اطلاعات مالی، ابداع رویکردهای نوین در حسابرسی را برای نظارت مستمر و جمع‌آوری و تحلیل شواهد حسابرسی ضروری بوده و آشنایی حسابرسان داخلی و بیرونی با سیستم‌های اطلاعاتی و آموزش و آگاهی بخشی آنها الزامی می‌باشد.
نتیجه گیری: بهترین راه‌کار برای انجام یک حسابرسی جامع و مطمئن در حوزه فناوری اطلاعات ایجاد یک تیم حسابرسی با ترکیبی متنوع از حسابرسان باتجربه، آموزش دیده با مهارت‌های کافی است. این کار را می‌توان از طریق همکاری مستمر کمیته‌های حسابرسی و حسابرسان داخلی با دپارتمان‌های مربوط به فناوری اطلاعات و مدیریت ارشد توسعه بخشید.
دانش افزایی: یکی از بهترین رویه های پذیرفته شده جهانی "اهداف کنترل اطلاعات و فناوری-های مربوطه" یا کوبیت (COBIT) می باشد و در پژوهشهای داخلی به شکل بسیار محدود به این موضوع پرداخته شده است، در نتیجه پژوهش حاضر می تواند اطلاعات مفیدی در اختیار حسابرسان و علاقمندان قرارداده و منجر به توجه بیشتر به موضوع حسابرسی فناوری اطلاعات گردد.

کلیدواژه‌ها

موضوعات


عنوان مقاله [English]

Information Technology Auditing; Necessity or Opportunity

نویسندگان [English]

  • Yahya Shiri 1
  • mahdi Mahdavikhou 2
1 Department of Accounting, Islamic Azad University, Sahneh Branch, Kermanshah, Iran
2 Islamic Azad University (IAU) - Department of Accounting and Management (Hamedan Branch)
چکیده [English]

Purpose: Considering the role and importance of information technology in organizations, the purpose of this research is to explain the audit framework in the field of information technology and review of the results of researches conducted in this field.
Methodology: In this research, while reviewing the theoretical foundations of auditing in the field of information technology in foreign and domestic researches, the processes and the theoretical framework presented in order to ensure the adequacy of the controls applied on the information systems and confirm the proper effectiveness of this system has been discussed.
Findings: The findings of the research indicate that due to the rapid emergence of information technology and the demand for faster access to financial information, Familiarity of internal and external auditors to the risks of software and hardware related to information systems and their training and awareness is mandatory.
Conclusion: The best way to conduct a comprehensive and reliable audit in the field of information technology is to create an audit team with a diverse mix of experienced auditors and trained with sufficient skills. This can be developed through the continuous cooperation of audit committees and internal auditors with departments related to information technology and senior management.
Contribution: One of the best globally accepted procedures is COBIT and this topic has been addressed in a very limited way in internal researches, therefore the present research can provide useful information to auditors and interested parties and lead to more attention to the issue of information technology audit.

کلیدواژه‌ها [English]

  • information systems
  • computerized information
  • information technology auditing
Braga, G. 2016. How COBIT 5 Improves the Work Process Capability of Auditors, Assurance Professionals and Assessors. ISACA Journal, 1: 1-4. 
Coderre, D. G. 1993. Automating the audit function. Internal Auditor, 50(5): 18-21.
Debreceny, R., Lee, S. L., Neo, W., & Toh, J. S. 2005. Employing generalized audit software in the financial services sector: Challenges and opportunities. Managerial Auditing Journal, 20(6): 605-618.
Fadzil, F. H., Haron, H., & Jantan, M. 2005. Internal auditing practices and internal control system. Managerial Auditing Journal, 20(8): 844-866.
Hadden, L. B., DeZoort, F. T., & Hermanson, D. R. 2003. IT risk oversight: The roles of audit committees, internal auditors, and external auditors. Internal Auditing-Boston-Warren Gorham and Lamont Incorporated, 18(6): 28-30.
Harrison, M. J., & Datta, P. 2007. An empirical assessment of user perceptions of feature versus application level usage. Communications of the Association for Information Systems, 20(1): 21.
Hunton, J. E., Wright, A. M., & Wright, S. 2004. Are financial auditors overconfident in their ability to assess risks associated with enterprise resource planning systems? (Retracted). Journal of Information Systems, 18(2): 7-28.
Jackson, R. A. 2004. Get the most out of audit tools: several practitioners share their approaches to maximizing the potential of automated tools. Plus, respondents to Internal Auditor's 10th annual product and usage survey reveal their top software picks. Internal Auditor, 61(4): 36-45.
Jackson, R. A. 2005. Role play: internal auditors differ in their opinions on just what part they should play in the implementation of their organization's enterprise risk management. Internal Auditor, 62(2): 44-51.
Jayalakshmy, R., Seetharaman, A., & Khong, T. W. 2005. The changing role of the auditors. Managerial Auditing Journal, 20(3): 249-271.
Jones, M. C., & Young, R. 2006. ERP usage in practice: an empirical investigation. Information Resources Management Journal (IRMJ), 19(1): 23-42.
Lorenzo, M. J. P. 2001. La auditoria interna orientada a los processes. Partida Doble July/August, pp. 78-85.
Mirzaee, F. 2021. Evaluation of the challenging factors of information communication security from the perspective of auditors based on the COBIT 5 model. New research approaches in management and accounting, 54(3): 16-37. (In Persian)
Moorthy, M. K., Mohamed, A. S. Z., Gopalan, M., & San, L. H. 2011. The impact of information technology on internal auditing. African Journal of Business Management, 5(9): 3523-3539.
Negahdari, M. 2021. Information technology control and audit framework in Qubit. Management and accounting studies, 7(4):94-105. (In Persian)
Pathak, J. 2005. Risk management, internal controls and organizational vulnerabilities. 20:569-577.
Roufaiel, N. S., & Dorweiler, V. 1994. White‐collar Computer Crimes. Managerial Auditing Journal. 9(3): 3-12.
Soroush, A. 2013. Auditing and control of information technology: a brief comparison between COBIT 4.1 and COBIT5. Auditor magazine, (66): 1-1 (1). (In Persian).
Staciokas, R., & Rupsys, R. 2005. Internal audit and its role in organizational government.Organizacijø Vadyba: Sisteminiai Tyrimai, (33): 169-180.
The Institute of internal Auditors (IIA). 2005. Global Technology Audit Guide (GTAG). Information technology controls. https://na.theiia.org/standards-guidance/recommended guidance/practice-guides/Pages/GTAG1.aspx
The Institute of internal Auditors (IIA). 2011. Global Technology Audit Guide (GTAG4). Management of IT Auditing. https://chapters.theiia.org/montreal/ChapterDocuments/GTAG%204%20%20Management%20of%20IT%20Auditing%20%282nd%20ed.%29.pdf.
Tive, H.2019. Information technology audit with COBIT framework. 6th national conference of applied researches in management, accounting and healthy economy in banking, stock exchange and insurance, Tehran, https://civilica.com/doc/1122127. (In Persian)
Tucker, G. H. 2001. IT and the audit. Journal of Accountancy, 192(3): 41-44.
Yang, D. C., & Guan, L. 2004. The evolution of IT auditing and internal control standards in financial statement audits. Managerial Auditing Journal, 19(4): 544-555.
Yeboah, T. 2013. A Proposed Information Technology Audit Framework For Microfinance Kumasi, 2:1-7.
Rezaee, Z., Elam, R., & Sharbatoghlie, A. 2001. Continuous auditing: the audit of the future. Managerial Auditing Journal. 16 (3): 150-158.
Zeki Önal, M. 2018. Data Governance from the Actuary and Risk Management Perspectives. ISACA Journal, 4: 1-4.