Information Technology Audit Research Articles

Methodology applied to computer audit with artificial intelligence: a systematic review

This systematic review focused on evaluating the impact of the machine learning operations (MLOps) methodology on anomaly detection and the integration of artificial intelligence (AI) projects in computer auditing. Data collection was carried out by searching for articles in databases, such as Scopus and PubMed, covering the period from 2018 to 2024. The rigorous application of the preferred reporting items for systematic reviews and metaanalyses (PRISMA) methodology allowed 88 significant records to be selected from an initial set of 1,389, highlighting the completeness of the selection phase. Both quantitative and qualitative analysis of the data obtained revealed emerging trends in the research and provided key insights into the implementation of MLOps in AI projects, especially in response to increasing complexity, whereby the adoption of the MLOps methodology stands out as a crucial component to optimize anomaly detection and improve integration in the context of information technology auditing. This systematic approach not only consolidates current knowledge but also stands as an essential guide for researchers and practitioners, and the information derived from this systematic review provides valuable guidance for future practices and decisions at the intersection of AI and information technology auditing.

OPTIMIZATION OF DIGITAL TECHNOLOGY AND ETHICS IN FRAUD PREVENTION

This study aims to empirically test the effects of information technology audits and professional ethics have a positive effect on fraud prevention efforts in financial services companies. To support this study, the method used by the researcher is a descriptive and verification analysis method with a quantitative approach to 40 auditors from 12 financial services companies. Data were collected by distributing questionnaires via Google Form with data analysis carried out using the multiple linear regression method with the help of SPSS software version 2.3. The results of the analysis show that information technology audits and professional ethics both have a significant positive effect on fraud prevention efforts. This finding emphasizes the importance of integration between information technology, audit practices, and professional ethics in maintaining the security and integrity of the company from potential fraud. This study provides an important contribution to understanding how these factors interact in the context of fraud prevention in companies.

The effect of high-quality information technology on audit quality

Information Technology (IT) is changing the working environment and working process of clients and auditors. High-quality IT can enhance data accuracy, completeness and security, and automate data collection procedures. These attributes are important to auditors as their work highly relies on the quality of data. Using data from 2005 to 2013, this study provides empirical evidence showing that high-quality IT significantly enhances audit quality and reduces audit efforts. This study contributes to the stream of literature on IT quality and audit efficiency and can help managers understand how IT investments improve their data quality and audit quality.

Audit firm informatization and audit quality during COVID-19

PurposeCOVID-19 has forced audit firms to change the way they operate. One change has been to rely more on information technology (IT) and IT human capital to overcome COVID-19-related challenges. We refer to audit firms’ use of these two resources as audit firm informatization (AFI). It is important to understand whether AFI helps audit firms address challenges created by the pandemic. Thus, this study examines the impact of AFI on audit quality during the COVID-19 pandemic in China with a focus on IT human capital.Design/methodology/approachWe use a mixed-methods approach. First, we perform multivariate regression analyses on archival data. Specifically, we investigate the relationship between IT human capital and audit quality and the two mechanisms (i.e. improved efficiency and reduced audit risk) underlying the relationship. We also investigate how this relationship is moderated by features of clients, audit firms and individual auditors. Then we use interviews to corroborate the results of our regression analyses.FindingsOur analyses of archival data show that IT human capital positively affects audit quality through improved efficiency and reduced audit risk and that this positive impact is more pronounced for clients in non-manufacturing industries, those with a more opaque information environment, audit firms with greater industry coverage and individual auditors with less experience. Our interview data indicate that audit firms with more advanced AFI and a higher level of IT human capital in particular are less disrupted by the pandemic and are better able to use IT to address challenges associated with COVID-19. Furthermore, the results confirm that improved efficiency and reduced audit risk are the mechanisms through which AFI enhances audit quality. Finally, we identify issues associated with the use of IT.Originality/valueThis study is the first to investigate how IT human capital (and by extension AFI) influences audit quality in the context of the COVID-19 pandemic. Our findings should be of interest to practitioners and setters of auditing standards.

Evaluation of the Utilization of Web-based Library Application Information Systems using Whitebox and Blackbox Testing Methods

The library information system is a computerized process for integrated data management. This research was conducted in the library located at SMAN 12 Bandung, Jl. Sekejati No. 36, Sukapura. The importance of performance measurement. The validity of implementation from the perspective of effectiveness and efficiency of web-based libraries is the main thing in the aim of managing library digitalization. This research was carried out using the Whitebox and Blackbox Testing integration method. The purpose of the research is to conduct an Information Technology Audit with the validity of measuring the effectiveness and efficiency of application functions. The research results show that the technical analysis of FlowGraph Whitebox is based on source code and flowcharts running on Cyclomatic Complexity which counts the number of nodes and edges in FlowGraph. Research implications support the assessment of the concrete validity of the method used. This can be seen from the research results that the performance of the Web-based Widyantara Library application at SMAN 12 Bandung is considered satisfactory with a good level of validity, this is proven by the test results using the white box testing method. Meanwhile, based on the analysis of the black box testing method on application functionality, the test results are said to be good with a validity percentage reaching 100%. Validity according to application design is proven by testing 10 application scenarios.

Assessing the Integration of ChatGPT in IT Audits that Support Financial Statement Audits

Artificial intelligence (AI) has brought significant changes in many fields, including the audit sector. Generative AI, a type of AI, leverages deep learning models to generate human-like content like images and words. ChatGPT, a type of generative AI, is a language model capable of revolutionizing information technology (IT) audits in support of financial statement (FS) audits. This paper highlights and examines advantages and disadvantages of incorporating ChatGPT into IT audits that support FS audits. ChatGPT offers benefits such as efficiency, precision, and speed, which are vital in the IT audit process. However, it also comes with challenges that need to be addressed. This paper contributes to the growing body of knowledge related to the use of ChatGPT in IT audits that support FS audits. The paper further provides insights into how audit firms can effectively adopt ChatGPT to improve the quality, efficiency, and effectiveness of their IT and FS audits.

The determinants of IT audit usage in Saudi Arabia with specific reference to computer audit assisted tools

Purpose The purpose of this study is to investigate the determinants and the intention to use information technology (IT) audit technologies. Design/methodology/approach The research model explores the external and internal factors that influence IT audit usage in Saudi Arabia. The external factors include IT audit education, professional support provided by professional accounting and auditing bodies, external pressure and social factors. The internal factors include the firm’s organizational support, complexity of accounting information systems, IT audit competency, adoption risk, ease of use and readiness. These factors affect the intention to use IT audits, represented by the perceived benefits and intention to use IT audits, which in turn affect IT audit usage. The study uses structural equation modelling to estimate a sample size of 261 respondents. Findings The findings suggest that internal factors significantly influence both IT audit usage and intention to use IT audits. However, the external factors exhibit insignificant associations with IT audit usage. The findings also indicate that IT auditors in Saudi Arabia heavily rely on Microsoft Excel, Microsoft Word and email/Outlook as essential IT audit tools. However, the findings reveal that there is still a role for specialized IT audit tools such as generalized audit software and Audit Command Language but this usage is marginal. Practical implications The present study provides significant insights for auditors, companies’ boards, professional bodies and policymakers to enhance the development and usage of IT audits. The study revealed the absence of supportive external factors that policymakers and professional bodies should exercise in this regard. The findings also indicate that IT audit education and capacity programmes are required to promote competency and adoption of IT audit technologies. Originality/value The study contributes to IT auditing by identifying significant factors influencing IT audit adoption. It underlines the relevance of internal and external determinants and perceived benefits as drivers of IT audit adoption. The current study provides an original piece of research that highlights a comprehensive investigation of the determinates of IT audit usage in a developing country that is shifting towards artificial intelligence and IT advancements.

The impact of information technology capability on audit report lag and audit fees: empirical evidence from the COVID-19 pandemic

Purpose This study aims to examine the impact of client information technology (IT) capabilities on audit report lag and audit fees in Jordanian companies listed on the Amman Stock Exchange (ASE) during the COVID-19 pandemic. Design/methodology/approach This study analysed financial and non-financial data from 72 Jordanian public shareholding companies listed on the ASE between 2014 and 2021. Using fixed- and random-effects models, the authors examined the impact of client IT capabilities on audit report lag and audit fees. The authors also examined how the COVID-19 pandemic might affect audit report lag and audit fees. The analysis incorporated various control variables specific to the Jordanian context to ensure accuracy. Findings Empirical evidence indicates that client IT capabilities do not significantly impact audit report lag and audit fees. In contrast, the COVID-19 pandemic has positively impacted audit report lag and audit fees, leading to an increase in audit report lag of 60 to 67 days and an increase in audit fees of approximately 15%. It is worth noting that these effects are more pronounced when influenced by factors including return on assets, company losses and audits conducted by the Big 4 firms. Research limitations/implications The scope of this study, which focuses on Jordanian firms, may limit the generalisability of the findings to other contexts. Reliance on aggregate IT infrastructure and software assets as proxies for IT capabilities might not fully capture their multifaceted nature, overlooking the qualitative aspects crucial for audit outcomes. Furthermore, excluding external factors such as governmental regulations underscores the need for future research to explore the nuanced interplay between IT capabilities, internal control systems and regulatory environments, enriching our understanding of audit practices. Originality/value This study contributes to auditing literature by examining the interplay between IT capabilities and audit processes during the COVID-19 pandemic in Jordan. This study highlights the unexpected finding that IT capabilities have minimal impact on audit report lags and fees, opening new avenues for research on how pandemics and similar crises can reshape auditing practices and influence regulatory policies in an evolving economic environment.

AUDIT TATA KELOLA TEKNOLOGI INFORMASI PADA SEKERTARIAT DAERAH OGAN ILIR MENGGUNAKAN FRAMEWORK COBIT 5 DOMAIN DSS(DELIVER,SERVICE, AND SUPPORT)

The Regional Secretariat is an institution or organization that assists the Regent in formulating policies and coordinating administration regarding the implementation of Regional Apparatus duties and administrative services. People not only pay attention to quantity, but also quality. The same is true for other agencies or organizations. One way that can be done is to carry out an Information Technology Audit using the COBIT 5 Framework. By following the stages and criteria set by COBIT. These stages will produce a parameter for the level of management of information technology called Capability Level. Where these parameters will later be used as a benchmark by comparing them with the targets to be achieved. The difference between the target to be achieved and the curent situation is called Gap Analysis

The Role of IT (Information Technology) Audit in Digital Transformation: Opportunities and Challenges

The study explores into the ramifications of digital transformation on IT audit practices, scrutinizing both the opportunities and challenges faced by organizations globally. Its objective is to bolster the efficacy of IT audit by identifying pivotal insights and furnishing recommendations for adaptation. By thoroughly examining existing literature and synthesizing key findings, the study endeavors to shed light on how organizations can harness IT audit to optimize the advantages of digital transformation while mitigating associated risks. Conducting an exhaustive literature review, the research probes the impact of digital transformation on IT audit, drawing from esteemed sources to dissect the evolving role, avenues for improvement, and obstacles encountered. The results underscore the imperative of recalibrating IT audit practices to effectively contend with burgeoning technological demands. The literature illuminates a significant metamorphosis in IT audit prompted by the adoption of digital technologies. While prospects include advancements in data analytics, automation, and strategic advisory roles, challenges loom large in the form of cybersecurity risks and resource constraints. Ultimately, the study underscores the exigency for IT audit to adapt to technological advancements while navigating intricate challenges to sustain its effectiveness. In conclusion, digital transformation necessitates a proactive reorientation of IT audit practices to confront emerging risks head-on. Leveraging data analytics and strategic roles bolsters effectiveness, yet addressing cybersecurity and resource constraints mandates proactive measures and strategic investments. Organizations can optimize the value of digital transformation by fortifying IT audit through proactive initiatives and nurturing talent development.

Information Technology Security Audit at the YDSF National Zakat Institution Using the ISO 27001 Framework

In this era of cyber crimes, data security is an important aspect that needs special attention from an organization. This is reinforced by the ratification of Law Number 27 of 2022 on personal data security. The National Zakat Amil Institute (LAZNAS) Yayasan Dana Sosial al Falah (YDSF) as an institution with a legal entity and having data on more than 100,000 donors and partners, it also has an obligation to protect the personal data of donors and partners. The focus of this research is to evaluate and audit information technology at the LAZNAS YDSF, especially regarding the security aspect of information technology. Evaluations and audits were carried out using the ISO 27001 framework as a standardization of information technology security at the international level. In this study, information technology audits were conducted using quantitative methods. The assessment was carried out on seven main clauses that are priorities for the LAZNAS YDSF based on management priorities: compliance clauses, risk management, policies, assets, physical and environmental management, access control, and incident management. Data were collected using a questionnaire distributed to all the LAZNAS YDSF managers and employees. Fifty-five respondents, ranging from management to staff, were involved in filling out the questionnaire, ranging from management to staff. Based on the recapitulation of answers from respondents, it was found that the risk management and access control clauses had good results, with scores of 2,727 and 2,796. The compliance and incident management clauses have scores of 2.381 and 2.53, respectively; therefore, improvement efforts need to be made. By evaluating and auditing information technology that refers to the ISO 27001 standard, it is hoped that LAZNAS YDSF can protect and maintain the confidentiality, integrity, and availability of information, and manage and control information security risks.

Information Technology Audit in Optimizing Resources and Utilization of Financial Information Systems

Information Technology Audit in Optimizing Resources and Utilization of Financial Information Systems

Strategic Evaluation of Financial Information Systems through Information Technology Auditing

People-based cooperatives encounter digital hurdles to providing effective services. Wiguna Mertha Cooperative needs IT audits to ensure good operations, security, and corporate goals. Enterprise information technology audits are conducted using qualitative and quantitative methodologies in this research. IT audit goal mapping helps firms align business goals with corporate goals, vision, purpose, and IT procedures. PEG aligns IT investments and activities with company strategy, evaluates IT maturity, and prioritizes improvements. Interviews, questionnaires, observations, and documentation were used to analyze 5 cooperative employees' responses. Objective mapping for five corporate goals and maturity level analysis for four COBIT domains: EDM, APO, BAI, and DSS. The results revealed good maturity, with EDM averaging 3.85, APO 3.87, BAI 3.88, and DSS 3.53. Risk management, business resource optimization, IT data up keep, and IT service availability and capacity management are recommended improvements.

Be an Expert: A Critical Thinking Approach to Responding to High-Profile Cybersecurity Breaches

ABSTRACT This case examines three high-profile cybersecurity breaches to illustrate how organizations respond to these situations. Students explore breaches involving Capital One, Equifax, and Target and apply critical thinking to examine attack details, breach prevention, and breach responses by assuming the roles of security consultants, chief information officers, and internal auditors. The case objectives include (1) summarizing how organizations respond to cybersecurity breaches, (2) evaluating threats to organizations’ cybersecurity infrastructure, and (3) justifying how accountants and auditors may respond to cybersecurity breaches. This case is designed for undergraduate- or graduate-level accounting information systems, auditing, information technology (IT) auditing, internal auditing, and fraud examination classes and can be extended for intermediate or advanced financial accounting courses. This case provides instructor flexibility, as the class can be split into three groups with each group assigned as the expert on one breach or one or more breaches can be assigned to all students.

ASSESSING THE IMPACT OF INTERNAL AUDIT ON ORGANIZATIONAL SUCCESS

Aim of the study: This research aims to assess the relationship between internal audit and organizational success in the form of corporate goal achievement. Design/Methodology: Under the quantitative research approach, the descriptive research design has been adopted. The reliability, correlation and the regression analysis techniques have been used for data analysis. Multivariate analysis techniques are used to extract a small number of latent variables from a large number of observed variables. Findings: The results suggest that the compliance audit, operational audit, and financial audit, as well as the information technology audit, have a direct impact on organizational success. In a simple way, the internal audit has a direct impact on organizational success. Practical Implications: This research work will help the policy makers in the Saudi Authority for intellectual property (SAIP) to make effective policies that increase the effectiveness of the internal audit. This work also contributes to the available literature showing the relationship between the success of the organization and the internal audit. Originality/value: This study is one of the early and the fewest research works conducted by the Saudi Authority for intellectual property (SAIP), and it is also one of the early studies conducted by using primary data analysis. Keywords: Organizational Success, SAIP, Audit, Internal Audit, Operational Audits, Financial Audit Paper Type: Research Article

Systematic Literature Review on Auditing Information Technology Risk Management Using the COBIT Framework

Information technology has an important role in carrying out company management activities. It is important that information technology is managed properly so that no risks arise that could endanger the company. Companies can implement information technology risk management through risk management audits. An audit on information technology risk management can help evaluate companies by identifying information technology risks and minimizing information technology risks. Such audits can be carried out with the help of the COBIT framework. This study intends to conduct a systematic literature review on risk management audits related to information technology using the COBIT framework. Literature search from IEEXplore, ScienceDirect and Garuda Kemdikbud database sources. Papers were selected based on inclusion criteria. Inclusion criteria include paper language is Indonesian and English, paper is published between 2019-2023, the paper describes COBIT in IT risk management audits, and paper is available as full text. The results obtained were 24 papers. There are two criteria for assessing paper quality, namely the paper contains the COBIT framework used for IT risk management audits and the paper contains the COBIT domain used. The results of the analysis of research questions indicate that COBIT 5 is a guide used by many researchers in information technology audits for risk management. COBIT 5 provides a complete and comprehensive risk governance guide for measuring enterprise IT risk management. Implementation of COBIT 5 in IT risk management audits to assist in risk assessment and risk management in order to minimize and prevent IT risks that may occur. Domain APO12 (Manage Risk) and EDM03 (Ensure Risk Optimization) as a reference in conducting IT risk management.

Factors associated with the intention to use information technology in audit in Iraq

PurposeThis study aims to investigate the factors associated with the intention to use information technology in audit (ITIA) in Iraq.Design/methodology/approachThe study uses a quantitative approach based on a questionnaire survey of 186 respondents. The study population includes respondents who are board members, senior executives, internal auditors and information technology (IT) assistants in various Iraqi organizations from different sectors. Structural equation modeling has been used to estimate the results.FindingsThe findings exhibit that most auditors in Iraq use basic IT software. However, among several specialized and advanced IT audit software packages, only generalized audit software is used by about 20%. The results also indicate that social factors significantly and positively impact auditors’ and practitioners’ perceptions of ITIA use. Moreover, the results reveal that companies and auditors who use or audit complex accounting systems perceive higher benefits and intent to adopt ITIA. However, the results report that organizational support, professional support, competency and IT education have an insignificant effect on ITIA adoption.Originality/valueThe originality of the present research lies in several aspects. First, the research study focuses specifically on Iraq, which is an emerging and less developed country influenced by social and economic. This research context provides a unique perspective and contributes to the understanding of ITIA adoption in less developed countries. The study investigates how external factors, including social and external pressure and the support of government professional bodies, affect the adoption of ITIA. Further, it assesses the influence of firms’ specific factors such as management support, level of competency and complexity of accounting information systems. Second, the study uses a quantitative approach with a questionnaire survey from various Iraqi organizations and sectors. The specific sample composition adds originality by capturing insights from different levels of organizational hierarchy and diverse professional backgrounds. Third, the findings shed light on the current IT usage in auditing practices in Iraq, highlighting that most auditors use basic IT software and the limited adoption of specialized IT audit software packages. Finally, the study’s originality is also reflected in its contribution to expanding knowledge on the perceived benefits and challenges associated with ITIA adoption in less developed countries. By emphasizing the need for broader awareness of emerging technology-enabled auditing software and considering the unique characteristics of less developed countries, the research provides valuable insights and implications for practitioners, policymakers and researchers.

Building Higher-Order Thinking Skills Through Assessment of User Account Access

Abstract Given the fast-paced growth of innovative technologies and soft skill development required by the accounting profession, students need to enhance their knowledge of business systems, risk, information technology (IT) controls, IT auditing, emerging technology, and higher-order thinking skills (HOTS). This instructional case provides the opportunity for students to (1) understand foundational knowledge and perform testing on IT controls, (2) perform data analytics within Excel and CaseWare Analytics’ IDEA, and (3) analyze and evaluate IT testing results to formulate appropriate conclusions. As students complete each part of the case, they build on their information technology knowledge and analytical and evaluative HOTS. This case is best suited for faculty teaching undergraduate or graduate-level students in accounting information system (AIS), IT audit, or internal auditing courses.

The Importance of COSO Framework Compliance in Information Technology Auditing and Enterprise Resource Management

This article examines the significance of the COSO framework in managing risks and establishing effective control environments for organizations' IT systems. It delves into the five essential components of both the COSO frameworks for internal control and enterprise resource management. Furthermore, it outlines the principles that define each of the COSO frameworks for internal control and enterprise resource management components and elaborates on their impact on the COSO framework objectives. The authors also shed light on the paramount concerns of an auditor during an IT audit. In conclusion, the article provides several recommendations for integrating COSO framework compliance into an organization's information technology plan. This articles a valuable resource for auditors, administrators, and management seeking to develop an IT strategy that aligns with their business strategy and safeguards their information systems and data.

Measurement of Capability Level Using Cobit 5 Framework (Case Study PT Permodalan Nasional Madani)

The development of information technology brings every company to take advantage of the technology they have. The utilization of information technology must be supported by good information technology governance. PT Permodalan Nasional Madani (PNM) is an Indonesian State-Owned Enterprise (BUMN) that is engaged in financial services. PT Permodalan Nasional Madani aims to assist the development of micro, small, medium, and cooperative enterprises. PT Permodalan Nasional Madani uses the PNM Digi application system in running the company. With the existing problems, PT Permodalan Nasional Madani needs to evaluate its IT governance by conducting an information technology audit. In conducting the audit, a framework is needed, namely COBIT 5 to measure the level of capability possessed by the company. This audit is carried out using the information technology audit stages that focus on 4 to 5 COBIT 5 processes that are priority improvements. The results of this audit will be in the form of an audit report containing findings, measurement results of capabilities, impacts if not corrected, level of gaps, and recommendations for improvement to recommendations for increasing levels for PT Permodalan Nasional Madani.