The Role of Information Technology in Internal Audit - Essay Example

THE ROLE OF INFORMATION TECHNOLOGY IN INTERNAL AUDIT By Introduction In the 21st century, information technology has emerged to be one of the most influential innovations that seem to be transforming the way most things in the world are done. Generally, it has simplified things while making processes much faster and efficient as compared to ancient times. Internal audit has not been spared by this wave. Internal auditing remains one of the crucial parts of an organization’s governance, and in merging it with information technology; it has undergone significant improvements in conducting its audit functions. Computers are the most widely-applied information technology aspects in the [internal] auditing context as programmers have come up with software designed specifically for executing auditing functions. Overall, information technology has improved the functions existing in internal auditing and in very rare cases have it evidenced negative impacts. An internal auditor is mandated with more roles as compared to an external auditor since they have to keep track and record of all audit-related functions within an organization. Again, they are required to present opinions during decision-making, present audit reports as required by policies such as the Sarbanes-Oxley, ensure integrity and upholding of the entity’s ethical requirements, and most importantly present accurate and updated audit reports on time, or as required. In the light of these, the following study text will highlight the positive roles that information technology has impacted in the context of internal audit, which range from improving skills to better efficiency, saving time, increasing security and confidentiality, reduction in errors and the achievement of internationally-acceptable standards. In this instance in time, the use of information technology, and particularly computers, is no longer an option but a requirement in internal auditing. Compared to the days when computers did not exist, today’s internal auditors have been exposed to a wider variety of tasks as well as knowledge. Organizations today have added more tasks to the internal auditor and this requires of them to improve their skills so as to handle the growing bundle of tasks. This is however not a problem since computers, and especially with the availability of the internet, have made it easy for internal auditors to research databases for specific audit-related queries. First, the modern internal auditor has to be computer-literate and this is an extra skill as compared to the internal auditors who relied on pure human labor. Information technology, owing to its vastness in terms of knowledge, does not disappoint them as it provides most of, if not all of the required information. In this way, internal auditors learn new skills and apart from sharpening their professional skills, they also enhance their personal know-how in handling audit functions (Curtis et.al 2009, p. 79). In this way, for instance, they can increase their audit coverage by learning to integrate different functions and executing them in one go. This was not possible during the pre-internet era. The factor of having better-skilled internal auditors mean that the overall processes and outputs will be more efficient as aided by information technology. First of all, internal auditing will be done faster when information technology infrastructures such as computers are used to capture data. Electronic data capture is obviously faster as compared to manual handwriting. In addition, storage of captured data is much simpler because physical files which are stored on shelves or drawers are no longer necessary with information technology. This is because computers come with storage mechanisms which can store large amounts of data in very minimal spaces. As such, the filing processes are eliminated, leading to efficiency. Balancing auditing functions or generally putting things in order of presentation or final analyses has always been the hardest part of internal auditing. This is because errors or simple miscalculations may lead to management problems. However, computer systems easily arrange audit functions as programmed by the owner automatically (James, Priscilla, & Jay 2011, p.78). For instance, data may be arranged as per its capturing date, or in any chronological order as required by the internal auditor. In this way, tracing it is easier. Collectively, information technology has led to efficiency in internal auditing. Information technology has also impacted on the processes of internal auditing controls by introducing automation into the profession. Automation in this context means that data can be automatically captured and depending on the programming of the supporting systems, storing, reviewing, analysis, and general internal audit processes can be done immediately and simultaneously. In this way, continuous internal auditing is enabled. According to Switzer (2007, p.45), rather than provide the internal auditor with a “plain” spreadsheet, automated systems can provide real-time updates, analysis, or reports immediately new data is available. For example, when there is online expenditure in an organization, the auditor does not have to fill in the details, then manually make the deduction from an account so as to show the balance or acquired sales. Rather, an integrated computer system will capture the online transaction in terms of date, amount, and procuring department or personnel. In addition, it will reflect the deduction from the respective account and immediately present an updated report such as the account balance. This entire process will not require human operation and a detailed report can be presented immediately on the screen or as a printout. Similarly, automated systems can be used to compare reports from manual audits as a means of evaluating their accuracy. Traditionally, internal audit functions and controls necessary for decision-making were captured, stored, and processed at specific offices or at central locations. However, information technology has enabled a creation of a virtual environment in which confidential and critical information can be stored and processed on multiple platforms. This is because central computers can be connected to multiple distributed mini computers, handheld computers, personal computers, and local area network servers, meaning all processes from within an organization can be tapped at one point (Moorthy et. al 2011, p. 3523). In this case, an internal auditor accesses all the processes and functions that go on within their organization. If this function is combined with automation, the central computer systems can compile interconnected reports from all other computers and provide detailed reports to the internal auditor. From such reports, the internal auditor can present information to the management which would be very critical and important in making organizational decisions. The advantage of computer-generated reports are that they are accurate, fully-detailed, and there are no chances of misinterpretation as compared to human-generated reports. As such, it is sufficient to state that information technology simplifies the role of the internal auditor in enabling or assisting in decision-making within an organization. Automation and the efficiency provided by integrating information technology into internal auditing add up to saving time. Continuous auditing as enabled by automation means that the internal auditor does not have to be constantly capturing data, filling out files, doing manual calculations, and spending a lot of time preparing the required financial or other audit-related records. The traditional way of doing internal audit meant that the auditors had to be at their jobs full-time. However, the simplification that came with automation thus continuous auditing meant that they could spare some time for other creative and business analyses. The biggest advantage of continuous automated auditing according to Moorthy et. al (2011, p. 3526) is that it does not require a full-time auditor, as such; organizations can redeploy their internal auditors to execute additional duties without compromising on the accuracy or quality of their records. This nature of information technology-based internal auditing means that the auditors can expand their professional grounds and those organizations will not require full-time internal auditors. Therefore, this revelation proves that information technology reduces the need for routine tasks for internal auditors and allows them to do other organizational tasks without affecting the quality of their work. One of the most outstanding characteristic of information technology-based applications is that they can be recorded or traced when lost or destroyed. In internal audit, this characteristic has become overly important because it contributes to improved transparency when it comes to the analysis and presentation of records (Quick, Turley & Willekens 2007, p. 220). As highlighted earlier, automation will capture data and execute all the tasks independent of human operation. As such, it is unlikely that human interference can occur without the system indicating in the final records. The technology available today is made such that any tasks done on a computer (such as auditing or deleting files) can be trailed by information technology technicians. The technicians can be involved whenever there is suspicion that unethical conduct has occurred. In this way, internal auditors have no option but to observe the recommended policies and acceptable codes of conduct since the systems have the ability to highlight any traces of diversion. In short, information technology has made it hard for internal audit documentation and records to be altered or destroyed since recovery is possible. Therefore, the management in organizations can ask for follow-ups to generated records or reports after the final audits have been presented in order to ascertain their credibility. Concisely, this aspect of technology ensures that there is more transparency when it comes to auditing. Apart from ensuring transparency, the retractable nature of information technology-based internal audit systems makes it possible for highlighting of problems in reports or records. Asprovided by Cascarino (2012, p.67), all the processes leave trails which can be traced back and analyzed keenly. This means that an internal auditor has the ability to identify a problem with generated records and identify its root cause before compiling the final presentations. This technology is made possible in that depending on the software in use, entire in-depth auditing processes can be presented either on the screen or as print. In short, unlike in normal circumstances where data is fed and reports generated without indicating the processes applied, such circumstances may require analysis of the processes right from data capturing to storage, processing, analysis, and generation of records. Under such circumstances, manual follow-ups may be applied in identifying the root cause of specific problems. In the manual system, it was not possible to identify a specific problem. Rather, the audits would have to be redone all over. Apart from being tedious, such processes consumed time, and it was difficult to trace individual transactions or records. Therefore, it is sufficient to state that it is possible to identify and rectify the root causes of issues in internal audits by the use of information technology. Fraud or abuse of audit reports remains one of the most controversial issues in accounting. Information technology has, however intervened in a significant way by providing solutions that have reduced breaching of critical or confidential information. Outdated means of storing data or information in auditing were mainly filling and stacking on shelves. This meant that if one was able to access the internal auditor’s office, they could access the files and either alter or damage them. The only means of security were locking them up in safes or restricting office access to authorized personnel only. Today, thanks to information technology, accounting [auditing] records can remain safe through simple security measures. First of all, the internal audit has a specific assigned level of security in the computer system, same as everyone else in an organization. As such, the auditor cannot access another department’s records and vice versa. This is made possible by the creation of departmental accounts with security credentials which are only shared by authorized persons in an organization (Kim & Solomon 2010, p.78). This means that an auditor is the only person who can log into the internal audit account on a computer system and feed any instructions into the computer. This means that while data capturing may be done from multiple computers and shared through a network, they retain the priorities to alter the data or command the processing or generation of reports. In addition, the data captured is virtual unlike physical files which can have pages pulled out or destroyed. Virtual data is safe in that even during fires; computer hard drives can be recovered with the information still intact. Virtual data are, however prone to malware, virus, or malicious alteration. This has not been left to chance since anti-virus and anti-malware software has been devised to protect computer systems of all kinds (Kim & Solomon 2010, p.126). As such, data is safe when such software is installed. Malicious alteration is kept away from securing stored data using passwords or account restrictions. Inter-organizational conflicts have in some instances led to the invasion and theft of records from rival entities in the past. Such acts are bound to affect whole organizations, including the internal audit departments. When files or computers are stolen, confidential data may be lost, damaged, or used against an organization. Having realized this threat, information technology specialists designed the most recent type of storage known as “cloud”. In cloud storage systems, information is not stored on physical drives such as hard drives or compact disks. Rather, organizations are provided with virtual accounts where they log in and upload their information or data which is then stored in databases away from the organizations ((Kim & Solomon 2010, p.211). In this way, all organizational information and data (including internal audits) remain safe even in case of invasion or damage to computer systems. As highlighted by the new trends in security, automation, time saving, efficiency, and reduced routine tasks as provided by information technology, the overall internal audit has become cheaper to manage. Better put, it requires less resources to sustain. First of all, automation has made it possible for the internal auditors to save time and be redeployed to other organizational tasks. It is obviously time, as a resource, is not required in plenty as was the case before the intervention by information technology. Second, the security provided by information technology is cheaper as compared to buying safes for storing files since it meant that as more auditing was done, more safes would be bought. The concept is that once an organization acquired cloud storage, account restriction, or anti-virus software, the problem was solved once and for all. In short, maintaining computer-based security details is cheaper. The other aspect of information technology making internal audit to be cheaper to sustain is that physical files, shelves, safes, and storage rooms are no longer required. The cheapest solution is provided by computer systems in that a single computer can store millions of records within itself, therefore substituting large quantities of files requiring physical storage space. As such, the funds required for files, safes, and storage space can be directed to other organizational activities. Collectively, these factors point at information technology as having made the maintenance of internal audit cheaper (Ramamoorti &Weidenmier 2004, p.349). Finally, the globally-connected information technology system brings the internal audit under one context thus enabling sharing of ideas, policies, or related practices. Concisely, an internal auditor in the UK can share ideas or ask for help from another in the US or anywhere in the world just from the comfort of their offices. The internet as part of information technology covers the entire globe and communication from one point of the earth to the other takes milliseconds. In addition to sharing ideas or researching on queries, internal auditors can keep abreast with updates or regulations as defined by international accounting practices such as the Sarbanes-Oxley Act. This Act protects the public and shareholders from fraud and errors in the accounting sector by providing guidelines to be adhered to by organizations (Senft, Gallegos, & Davis 2012, p.26). Within organizations, this responsibility extends to the internal auditor who is mandated with the role of ensuring that the organization’s accounting practices adhere to acceptable standards. Information technology makes it possible for internal auditors to receive any new regulations or alterations to accounting practices in time. More importantly, internal auditors can learn about hazards that may be interfering with accounting systems and take the required prevention measures. All these factors would not be possible if information technology did not exist. In this way, their organizations remain relevant in business, avoid legal fines and penalties, remain secure, and collectively, they attain acceptable international accounting standards. Conclusion Information technology continues to influence many aspects of life in the 21st century, including accounting. It has come to a point where accounting can no longer execute its mandates effectively without incorporating information technology into its activities. According to the study for instance, computers have become mandatory tools in internal auditing. Following the integration of information technology into internal auditing, multiple improvements have been observed. They include advancement of internal auditors’ personal skills, efficiency such as faster data capturing and processing of records, automation which enables computers to do most of the internal audit tasks on their own, as well as enhance transparency in accounting practices. Security and confidentiality of data has also improved, reduction in routine auditing roles, enhanced decision-making processes, automatic reporting of accounting issues, and finally global integration between internal auditors. Evidently, all these roles have been enabled by the integration of information technology into the internal audit context of accounting without which it would not be where it stands today. Bibliography Cascarino, R 2012, Corporate Fraud and Internal Control, John Wiley & Sons. Curtis, M, Jenkins, J, Bedard, J, &Deis, D 2009, “Auditors’ Training and Proficiency in Information Systems: A Research Synthesis”, Journal of Information Systems 23(1): 79-96. James, L, Priscilla B, Jay, T 2011, "The impact of information technology on the audit process: an assessment of the state of the art and implications for the future", Managerial Auditing Journal 16 (3): 159 – 164. Kim, D, & Solomon, M 2010, Fundamentals of Information Systems Security.John & Bartlett Learning. Moorthy, M, Seetharaman, A, Mohamed, Z, Gopalan, M, & San, L 2011, “The impact of information technology on internal auditing”, African Journal of Business Management 5 (9): 3523-3539. Quick, R, Turley, S, & Willekens, M 2007, Auditing, Trust and Governance: Developing Regulation in Europe. Routledge, New York. Ramamoorti, S, Weidenmier, M 2004, “The Pervasive Impact of Information Technology on Internal Auditing”, Institute of Internal Auditors Research Foundation. Senft, S, Gallegos, F, & Davis, A 2012, Information Technology Control and Audit. CRC Press. Switzer, S 2007, Internal Audit Reports Post Sarbanes-Oxley: A Guide to Process-Driven Reporting. John Wiley & Sons. Read More