Add to collection(s) Add to saved
  1. Business
  2. Finance

The Antecedents of Internal Auditors* Adoption of

advertisement 
The Antecedents of Internal Auditors’
Adoption of Continuous Auditing Technology:
Exploring UTAUT in an Organizational Context
Ray Henrickson CA●IT, CA●CISA
VP Information Systems and Technology Audit
The Bank of Nova Scotia
1
Background
• System environment
– Complex, integrated systems
• Millions of financial transactions a day
• +1,000 systems
• Thousands of changes per year
– Total prohibition to access PROD
– Comprehensive and mature user controls
– Extensive use of end user computing for MIS
• Audit environment
– Limited audit resources
– Deep and varied technical and business skills
– Extensive collaboration with IT and business units
2
CA in My Environment
• Work with IT and business areas to develop
and implement continuous “auditing” that is
executed by them
– Transaction level – online payments verification
– System level – cyclical verification of changes
– Process level – cyclical end point security scans
• Each of the determinants is important but not
equally at the same time
• Key moderator = risk
3
Why “This puzzling lag …”
• Why isn’t continuous auditing the norm?
• Doesn’t answer the question directly
• Tested several hypotheses related to the
adoption of CA through analysis of
relationships among select determinants and
moderators based on Unified Theory of
Acceptance and Use of Technology (UTAUT)
4
Two Sets of Conclusions
• Likelihood of adoption is greater if:
– The technology is easy to use
– Superior instructs to implement
– The auditor chooses to obey
• No relationship with:
– Usefulness and performance expectations
– Availability of supporting tools or organization
5
Revised Conclusion
• Likelihood of adoption is greater if:
– The technology is easy to use
– Few organizational or technical infrastructure
barriers
• No relationship with :
– usefulness and performance expectations
– Influence of superiors
– Willingness to implement
6
Additional Observations
• #1 Benefit of CA was accuracy, not timeliness
• #1 Focus of CA was for fraud
7
To This Practitioner …
• Both conclusions appear reasonable and well
supported with analysis although unexpected
• Not able to concur or disagree because not
enough context provided
8
Issue – Survey Population
• Institute of Management Accountants
– Not auditors
• Low response rate
– 2.33 %
• Limited respondent detail
–
–
–
–
–
–
–
Industry/business sector
Size/maturity of audit department
Uses for continuous auditing techniques
Why continuous auditing needed
One time or programmatic implementation
Decision to stop continuous auditing
Influence of risk assessment
9
Issue – Jargon
• Continuous what?
– Continuous auditing
– Continuous control assessment
– Continuous risk assessment
– Continuous monitoring
• What is “continuous”?
– Frequency of execution – short audit cycle
– Timeliness of execution – real or near real time
– Point of execution – close to evidence creation
10
Issue - Methods
• Type of technique
– Embedded audit module
– Independent review of data files/copies
– Analysis of reports
• Type of technology
–
–
–
–
–
Desktop technology – Access, Excel
Audit software – ACL, IDEA
Custom developed applications
Embedded functionality of vendor package
Special purpose analytical software
11
Issue –Control Variable
• Replace UTAUT control variables Gender, Age
and Experience with Annual Sales
• Implied bias towards financial transaction
integrity
• Could consider audit-related variables such as:
– Internal Audit annual budget
– Size of Audit Department
– Volume/complexity of transactions
12
But, Is the Premise Valid?
• Implies new use of stand alone automated checking
of transaction qualities
• Reflects a “gotcha” objective – fraud, malice, error
• Implied bias towards financial transaction integrity
– Is there a definition issue?
– Is there an expectation gap?
– Is research too narrowly focused
13
Today’s Reality
• Many mature or modern systems now include
embedded control functionality that can be
optionally enabled
–
–
–
–
MIS – performance metrics
Reports of discrepancies
Posting to suspense accounts
Built in checks – auto balancing
• There may be greater deployment of
continuous auditing in organizations than
recognized in literature
14
Alternate Premise
• Relate to how and how often the enterprise
checks or verifies its automated events,
transactions, or data in order to proved an
opinion on its desired qualities
– Maybe CA is not needed
– Maybe CA is useful only for specific cases
– Maybe CA is already pervasive
15
Future Research
• Follow up to see if the respondents realized
their plans for future implementation
• Where have CA techniques been most
successfully applied and why
• Why CA initiatives fail to continue
16
Value of the Work
• Most suitable for IS Assurance academics
• Might be useful for standard setting or
professional practice bodies such as IIA,
ISACA, CICA, AICPA
• Limited practical application
17
Related documents
COVER LETTER SAMPLE
COVER LETTER SAMPLE
Job Title: IT Audit Senior
Job Title: IT Audit Senior
Hungary - Internal Audit Manual -_NE201106
Hungary - Internal Audit Manual -_NE201106
Continuous Auditing - Global Institute of Internal Auditors
Continuous Auditing - Global Institute of Internal Auditors
AF4224
AF4224
Getting to Know Internal Auditing - The Institute of Internal Auditors
Getting to Know Internal Auditing - The Institute of Internal Auditors
Workshop 2: Lean Auditing
Workshop 2: Lean Auditing
Organizational Need Assessment Questionnaire
Organizational Need Assessment Questionnaire
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
9097254011425660468
9097254011425660468
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
Oman College of Management & Technology COURSE SYLLABUS
Oman College of Management & Technology COURSE SYLLABUS
Download
advertisement