Information Technology Auditing; Necessity or Opportunity

Document Type : Research Paper

Authors

1 Department of Accounting, Islamic Azad University, Sahneh Branch, Kermanshah, Iran

2 Islamic Azad University (IAU) - Department of Accounting and Management (Hamedan Branch)

Abstract

Purpose: Considering the role and importance of information technology in organizations, the purpose of this research is to explain the audit framework in the field of information technology and review of the results of researches conducted in this field.
Methodology: In this research, while reviewing the theoretical foundations of auditing in the field of information technology in foreign and domestic researches, the processes and the theoretical framework presented in order to ensure the adequacy of the controls applied on the information systems and confirm the proper effectiveness of this system has been discussed.
Findings: The findings of the research indicate that due to the rapid emergence of information technology and the demand for faster access to financial information, Familiarity of internal and external auditors to the risks of software and hardware related to information systems and their training and awareness is mandatory.
Conclusion: The best way to conduct a comprehensive and reliable audit in the field of information technology is to create an audit team with a diverse mix of experienced auditors and trained with sufficient skills. This can be developed through the continuous cooperation of audit committees and internal auditors with departments related to information technology and senior management.
Contribution: One of the best globally accepted procedures is COBIT and this topic has been addressed in a very limited way in internal researches, therefore the present research can provide useful information to auditors and interested parties and lead to more attention to the issue of information technology audit.

Keywords

Main Subjects


Braga, G. 2016. How COBIT 5 Improves the Work Process Capability of Auditors, Assurance Professionals and Assessors. ISACA Journal, 1: 1-4. 
Coderre, D. G. 1993. Automating the audit function. Internal Auditor, 50(5): 18-21.
Debreceny, R., Lee, S. L., Neo, W., & Toh, J. S. 2005. Employing generalized audit software in the financial services sector: Challenges and opportunities. Managerial Auditing Journal, 20(6): 605-618.
Fadzil, F. H., Haron, H., & Jantan, M. 2005. Internal auditing practices and internal control system. Managerial Auditing Journal, 20(8): 844-866.
Hadden, L. B., DeZoort, F. T., & Hermanson, D. R. 2003. IT risk oversight: The roles of audit committees, internal auditors, and external auditors. Internal Auditing-Boston-Warren Gorham and Lamont Incorporated, 18(6): 28-30.
Harrison, M. J., & Datta, P. 2007. An empirical assessment of user perceptions of feature versus application level usage. Communications of the Association for Information Systems, 20(1): 21.
Hunton, J. E., Wright, A. M., & Wright, S. 2004. Are financial auditors overconfident in their ability to assess risks associated with enterprise resource planning systems? (Retracted). Journal of Information Systems, 18(2): 7-28.
Jackson, R. A. 2004. Get the most out of audit tools: several practitioners share their approaches to maximizing the potential of automated tools. Plus, respondents to Internal Auditor's 10th annual product and usage survey reveal their top software picks. Internal Auditor, 61(4): 36-45.
Jackson, R. A. 2005. Role play: internal auditors differ in their opinions on just what part they should play in the implementation of their organization's enterprise risk management. Internal Auditor, 62(2): 44-51.
Jayalakshmy, R., Seetharaman, A., & Khong, T. W. 2005. The changing role of the auditors. Managerial Auditing Journal, 20(3): 249-271.
Jones, M. C., & Young, R. 2006. ERP usage in practice: an empirical investigation. Information Resources Management Journal (IRMJ), 19(1): 23-42.
Lorenzo, M. J. P. 2001. La auditoria interna orientada a los processes. Partida Doble July/August, pp. 78-85.
Mirzaee, F. 2021. Evaluation of the challenging factors of information communication security from the perspective of auditors based on the COBIT 5 model. New research approaches in management and accounting, 54(3): 16-37. (In Persian)
Moorthy, M. K., Mohamed, A. S. Z., Gopalan, M., & San, L. H. 2011. The impact of information technology on internal auditing. African Journal of Business Management, 5(9): 3523-3539.
Negahdari, M. 2021. Information technology control and audit framework in Qubit. Management and accounting studies, 7(4):94-105. (In Persian)
Pathak, J. 2005. Risk management, internal controls and organizational vulnerabilities. 20:569-577.
Roufaiel, N. S., & Dorweiler, V. 1994. White‐collar Computer Crimes. Managerial Auditing Journal. 9(3): 3-12.
Soroush, A. 2013. Auditing and control of information technology: a brief comparison between COBIT 4.1 and COBIT5. Auditor magazine, (66): 1-1 (1). (In Persian).
Staciokas, R., & Rupsys, R. 2005. Internal audit and its role in organizational government.Organizacijø Vadyba: Sisteminiai Tyrimai, (33): 169-180.
The Institute of internal Auditors (IIA). 2005. Global Technology Audit Guide (GTAG). Information technology controls. https://na.theiia.org/standards-guidance/recommended guidance/practice-guides/Pages/GTAG1.aspx
The Institute of internal Auditors (IIA). 2011. Global Technology Audit Guide (GTAG4). Management of IT Auditing. https://chapters.theiia.org/montreal/ChapterDocuments/GTAG%204%20%20Management%20of%20IT%20Auditing%20%282nd%20ed.%29.pdf.
Tive, H.2019. Information technology audit with COBIT framework. 6th national conference of applied researches in management, accounting and healthy economy in banking, stock exchange and insurance, Tehran, https://civilica.com/doc/1122127. (In Persian)
Tucker, G. H. 2001. IT and the audit. Journal of Accountancy, 192(3): 41-44.
Yang, D. C., & Guan, L. 2004. The evolution of IT auditing and internal control standards in financial statement audits. Managerial Auditing Journal, 19(4): 544-555.
Yeboah, T. 2013. A Proposed Information Technology Audit Framework For Microfinance Kumasi, 2:1-7.
Rezaee, Z., Elam, R., & Sharbatoghlie, A. 2001. Continuous auditing: the audit of the future. Managerial Auditing Journal. 16 (3): 150-158.
Zeki Önal, M. 2018. Data Governance from the Actuary and Risk Management Perspectives. ISACA Journal, 4: 1-4.