Role of Information Technology on Internal Audit - Essay Example

Role of Information Technology (IT) on Internal Audit Role of Information Technology on Internal Audit According to Garitte, among the technological developments witnessed in the preceding 150 years, information technology eclipsed all of its predecessors (Garitte, 2000). Garitte goes on to state that the development and successive change of information technology have been enormous that statisticians are not in a position to define the benefits and impacts on the economy accurately (Garitte, 2000). Garitte’s analysis depicts the influence that informational technology has had on daily living and in this effect it has extended and plays a monumental role in internal audit. Further, information technology is predicted to have an impact on all organizations irrespective of its objectives in the future going by the growth and influence it has gained in daily life. The role and impact of information technology are widespread forming the main basis for the paper that aims to have an in-depth understanding of the role of information technology in internal audit. Moorthy et al. define internal audit as processes aimed at evaluating the effectiveness of operation’s internal controls through gathering information on the operation of a unit, identification of points of inefficiencies or errors, and determination of system controls designed to detect or prevent such occurrences (Moorthy, May 4 2011, p. 3523). Information technology, further referred to as IT in the paper, involves the application of telecommunications equipment and computers in storing, retrieving, transmitting, and manipulation of data, mostly in the context of businesses and other enterprises. The main impact that information technology has had on internal audit is increasing the complexity of internal audit. The effect has been a requirement for firms to have internal auditors undergoing training in information technology and incorporating information technology specialists in the audit process to allow for effective handling of IT risks and controls during the audit process. The use of IS auditors has also been necessitated by IT to supplement the expertise of auditors in the evaluation of effectiveness and design of a company’s IS controls. This is alluded to in SAS 94 where an auditor is tasked with the need to have specialized skills for assessing IS’s impact on the audit, understanding the controls in the company, and conducting substantive tests (Tucker, 2001). The use of IS auditors requires the assessment of some factors including complexity and usage of the system, system changes and improvements, data sharing, e-commerce involvement, and availability of audit evidence in electronic form. The Auditing Standards Board (ASB) envisaged the role of IT in internal audit in the wording of SAS 94 stating that IT provides efficiency and effectiveness of internal audit in a firm through improving timeliness, accuracy, and availability of information, facilitates additional analysis, enhance monitoring, and reduce circumvention of control risks. However, SAS 94 also provides risks from the IT use in internal control including reliance on systems processing data inaccurately, potential data loss, and authorised changes to master data affecting the effectiveness of internal audit (Curtis, 2009, 83). Information technology has played a monumental role in providing for continuous internal audits of a firm’s financial statements. Prior to the advent and use of information technology in auditing, internal auditing would be commenced at year-end after the compilation of the annual financial statements requiring time and making it a tedious and time consuming tasks. However, IT has allowed for internal audit of small data sets progressively until all the data has been collected and audited for the year aiding in earlier noting and correction of errors and providing timeliness that would never have been achieved without IT use in auditing. IT aids in the automation of certain internal control procedures including the need for ensuring unauthorized access of data and changes to the master data. IT provides for the use of passwords, encryptions, and other access control measures to avoid the unauthorized access and change of data. Internal audit personnel are freed to perform other audit procedures depicting the high role IT plays in improving the internal audit function in a business. IT inform of the internet has been monumental in augmenting the performance of internal audit in a professional manner and in accordance with universally accepted guidelines. Internet allows for sharing of regulatory requirements, audit practices, and standards through the websites of regulatory bodies, email, blogs, and online publications among other ways. IT has enabled internal audit personnel to test and analyze operational and financial transactions comprehensively within a short period in an automation basis. IT has played a role in internal audit allowing for the outsourcing of internal audit functions to firms that have the necessary competence, skills, and personnel to perform these functions efficiently. Outsourcing of internal control functions has been made possible through the ability to send tons of information through the internet and cloud systems. Outsourcing of internal audit functions such as risk management, financial audit, internal controls, and system audits is a common occurrence in both public and private organizations (Salehi & Husini, 2011, 6175). Instant communication enables by IT improvements in terms of communication channels including internet, websites, file transfer, video conferencing, and mobile communication allows for the one-on-one communication of outsourcing firm to its internal audit service provider to enable changes, clarifications, and feedback on operations, systems, and controls. Effective communication allows for success of outsourcing of internal audit functions demonstrating the other role of IT on internal audit. IT has enabled internal auditors to use audit software in the performance of internal audit functions in an organization. Audit software including ACL and IDEA perform several audit tasks and are in handy in fraud detection allowing for improved audit efficiency. The effect has been an ability to speed up internal audit operations and ensure the controls and measures are ingrained in the software for easy control and automation. However, limitations in implementation and use of the audit software arose including cost implications, audit software failure in meeting internal audit needs, and resistance to train auditors. Success in the implementation of audit software is achieved through interactive training and monitoring of the learning process requiring management support of the internal audit function for success and achieves benefits from the use of audit software. Customization of the audit software to allow for fraud-auditing techniques implementation is the other factor IT in the form of software development plays a role in internal audit. The use of complex audit software has been beneficial and played an important role in the ability of internal audit to promote effective and efficient audits. GAS offers several functions that aid internal auditors in the detection of common fraud by employees. Eight categories of fraud detection tests by GAS are identified for execution on audit data including completeness and integrity, duplicates, cross-tabulation, data profile, gaps, ratio analysis, Benford’s law analysis, and ratio analysis (Coderre 2001, 8). The other role played by IT in internal audit include providing IT based applications and Computer Assisted Audit Tools (CAATs) that have enabled internal auditors to have increased efficiency in their work. Computer Assisted Audit Tools and Techniques (CAATTs) result in benefits to the audit process including increasing audit coverage, strengthening audit independence from information system functions, augment integration of audit skills, increase audit cost effectiveness, and foster credibility. The use of CAATs by internal auditors is evident in all the three phases of financial and performance auditing planning, execution, and reporting. The planning phase of internal auditing benefits from the use of audit universe software and risk analysis software aiding in the selection of the audit area, risk identification, and determination of preliminary objectives. The conduct/execution stage allows for the utilization of CAATTs mainly in IT controls testing. Performance auditing on 100% of the audit population is facilitated by the used of GAS providing better understanding of data and reduces the need for extrapolation. GAS also allows audit execution in terms of recalculation of totals, confirmations, unusual exceptions and transactions identification. Execution also makes use of GAS in the examination of control effectiveness at the organization for example identification of incorrectly entered, lack of authorization, or missing data transactions. Analysis of business processes and identification of controls can be done by the internal auditor through the use of flowcharting software. The Internal auditors are also tasked with the provision of consulting services including assessment, facilitation, and remediation services. IT, especially CAATTs, aids in the provision of consulting services mainly facilitation resulting in value creation for the firm. GAS enables the identification of underperforming operation areas. The use of data mining techniques from data warehouses allows internal auditors to create what-if scenarios and make conclusions that come in handy in recommending for changes to the management. The use of word processing, presentation, and graphics software is a common phenomenon in the reporting stage of internal audit. The use of CAATTs in the on planning and execution stages derives the internal auditor’s benefits in the reporting stage owing to thorough data analysis and production of complete and accurate reports. Reporting in internal audit can be improved by technology through streamlining and linking report writing and tracking of issues allowing for improved efficiency compared to manual reporting (Pathak, 2005, 58). Streamlining writing and issues is possible through the creation of a direct technology between findings in the audit process and the final report. Information technology allows for the reduction in time for report writing and provides consistency in tracking issues. Automation of tracking and reporting tasks in an audit with open and closed issues denoted will allow for better faster reporting allowing the internal audit team to have more time to work on other priority issues that benefit the organization adding more value to the internal audit department. IT provides internal audit personnel with “Internal Auditing Self-Assessment Tool”, allowing for analysis of the internal audit processes proficiency, level of technology used in the organization, and the impact of the technology on the organization. The use of file interrogation, decision support, automated risk analysis, and neural networks is picking up in internal audit. The effect is that concerns are emerging on the ability of internal auditors to audit new technology owing to increased complexity and the need to have more training and capabilities in information systems and technology. The role of information technology in internal audit is well demonstrated by the banking sector that makes frequent use of CAATs with the mostly deployed CAAT being GAS. The main GAS examples are Audit Command Language (ACL), Panduit Plus, and Interactive Data Extraction and Analysis (IDEA) allowing for data investigation easily and effectively. However, there is a need for understanding the application technology for the auditors to have an understanding of the risk factors that directly impact the audit procedures. The determination of misstatements and performance of substantive tests in banks statements is made possible through the use of GAS. The use of GAS by banks for internal auditing is due to the high computerization of bank functions and high risks faced by banks showing IT allows for internal audit functionality. The emergence of virtual office courtesy of IT further complicates the internal audit of firms. Virtual offices will significant impact on the internal audit because of increased complexity in the assessment of security and internal controls calling for the need for new audit procedures, skills, and tools. IT, in this case, plays a role in improving the skill set of the internal auditors and requires the need for development of new procedures and tools for success in internal audit. Despite the numerous positive ways that IT has played in the performance of the audit functions, its role has led to the augmented complexity of the internal audit function. A number of studies illustrate this complexity including Bell et al. (1998) that showed audit differences owing to failures in information systems of audit clients. Messier et al. (2004) all point to increased control problems in computerized environments. Errors in IT such as spreadsheets depict the huge impact it can have on financial statements when errors on other advanced technologies occur. Canada et al. (2006) findings showed 24% of companies having material misstatements under the Section 404 of SOX had IT issues in their fillings. It is evident from these studies that IT has played a role in augmenting the complexity of internal audit tasks and increased concern over risks of material misstatements. The other risks that have been perpetrated by the use of information technology in internal audit are discontinuation of a firm’s operations, network breakdown, and it has great influence on business control and monitoring functions (Moorthy et al., May 4, 2011, 3527). IT also plays a role in the management of audits, which entails the provision of effective audit force, direction of resources for maximum benefit to the organization, law, policies, and regulations compliance on auditing (Le Grand, 2001). Management of an adequate amount of competent staff, there is a need for the internal audit firm to have a database detailing skills of the personnel (Kan, 2013, 99). The database allows for tracking changes on skills, current skills, training requirements, and trainings attended by the audit staff. The software on the management of the audit allows scheduling and planning of audits with weaknesses requiring training and outsourcing being uncovered. I T allows internal auditors to benchmark themselves against internal audit functions of other organizations as a measure of determining areas that require improvement. Internal audit management also benefits from the use of audit management and administration software allowing for audit inventory, scheduling and planning, assignment of audit work to team members according to their skill set, audit tracking in terms of expenses, time, and client satisfaction with the internal audit. The use of electronic hypertext systems (EHT) environment has allowed for the replacement of cumbersome work papers in audit execution. EHS allows for easy management, organization, link, and locate text, graphs, and spreadsheets, and other sources for better management of the working papers and easy access and location allows for better focus, direction, and efficiency of the internal audit function courtesy of IT. Technology allows for improving the quality of audits through taking measures to ensure all steps have been followed in the audit. The use of Lock-out features is a case in point; ensuring audits are not closed before all the required steps have been undertaken inclusively of open review questions. The internal audit team have a platform to raise issues in the audit process and address them and ensure all the procedures have been undertaken to the satisfactory levels required providing for success of the process and improving the quality of the audits. The internal audit function also benefits from the IT role of provision of mechanisms like groupware software exemplified by Lotus Notes that provides a mechanism for the internal audit team to work on the internal audit at different sites. Sharing and collaboration of documents is possible for the audit team with the use of the groupware software. Groupware software provides for database replication that allows members of the audit team to view a similar document at different sites at the same time. The effect is the elimination of conflict on the control of reference library and work papers, since each of the internal audit team members have access to them seven days a week, 24 hours a day. Groupware also provides a medium for the replication of server- based information on PCs belonging to team members allowing for work continuance despite internet disconnection improving working hours and places for the internal audit team. Flexibility in work time and place offered by the groupware software forms the base for productivity and augmented efficiency of the internal audit (Lotto, November, 2014, 15). The need for real-time reporting by organizations is also made possible through the use of groupware, which allows for management monitoring of internal audit engagement in real-time. Technology has also allowed for the co-sourcing of the internal audit function in an organization. Co-sourcing involves maintenance of control and responsibility for internal audit functions but calling on audit firms that have more resources, expertise, and capabilities to carry out on demand internal audit functions in a business (Moeller, 2004, 184). Co-sourcing allows for the redeployment of valuable resources on other facets of the business to allow for more value creation without negatively affecting the internal audit function of the organization. The business is in a position to leverage on its strengths for more value creation through the use of outside skills. Leveraging on the different roles of technology in internal audit cannot be possible without the support of management and the leadership in the organization. A commitment to ensuring the latest technology and advanced software and programs for the internal audit team is a step towards achieving strategic position for IT use in internal audit. A strong leadership commitment to the use of IT in internal audit aids in setting the tone and commitment by all employees for the success of internal audit technological advancement. Knowledge management is the other role of IT in internal audit through allowing for the storage of internal audit reports and materials, organization financial statements for preceding years, and other information generated from multiple sources. Knowledge management allows for streamlining acquisition, retention, and sharing of knowledge resources within the internal audit department and the organization. From the above analysis, evidence show that IT plays a monumental role in internal audit and that in the future, internal and external audit will have much dependence on IT. James et al. (2001) posits that internal audit will mainly be paperless owing to the shift by audit clients to paperless audits. The dependence on audit software will also increase in the future with the advent of technologies like electronic data interchange (EDI), electronic file transfer (EFT) and image processing. The use of these technologies will result in the disappearance of traditional audit trails. The disappearance of audit paper trails will result in the need for close monitoring in the future to ensure errors are noted in good time and corrected to avoid the deterioration of audit efficiency with the increased use of automation and information technology use. The benefits accessed by internal audit from the roles of IT include more efficient auditing, enforcement of quality and internal audit standards, time saving, resource efficiency use, better planning, adequate analysis, 100% audit data audit, and effectiveness of the internal audit among other benefits. IT has and will continue to change the face of auditing for the better owing to increased efficiency, timeliness, continuous auditing, and effectiveness of the internal audit process. References Bell, T. B., Knechel, W. R., Payne, J. L., & Willingham, J. J. (1998). An empirical investigation of the relationship between the computerization of accounting systems and the incidence and size of audit differences. Auditing: A Journal of Practice & Theory 17 (1): 13–38. Canada, J., Kuhn, J. R., & Sutton, G. (2006). The pervasive nature of IT controls: An examination of material weaknesses in IT controls and audit fees. Working paper, University of Central Florida. Coderre, D.G., (2001). Fraud Toolkit for ACL. Vancouver, Canada: ACL Services. Curtis, M.B., Gregory, J., Bedard, J.C., & Deis, D.R. (2009). Auditors training and proficiency in information systems: A research synthesis. Journal of Information Systems. 23, 79-96. Garitte, J.P., (2000) ―Riding the Storm of Technology- Safely. Director’s Monthly. James, B., Burnaby, P., Thibodeau, J. (2001). The impact of information Technology on the audit process: an assessment of the state of the art and implications for the future URL: http://www.emeraldinsight.com/Insight/Articles/0382201 206.html Kan, E. (2013). Audit and Assurance - Principles and Practices in Singapore. CCH Asia Pte Ltd. Le Grand, C., (2001). Information Technology in Auditing. Altamonte Springs, FL: The Institute of Internal Auditors Research Foundation. Lotto, J. (November, 2014). Examining the impact of information technology on internal auditing effectiveness in Tanzanian organizations. Times Journals of Social Sciences, Vol. 2(3), p. 13-23. Messier, W., Eilifsen L., & Austen A. (2004). Auditor detected misstatements and the effect of information technology. International Journal of Auditing 8 (3): 223–235 Moeller, R. R. (2004). Sarbanes-Oxley and the new internal auditing rules. Hoboken, N.J., J. Wiley & Sons. Moorthy, M., Seetharaman, M., Meyyappan, G., & Lee, S. (May 4, 2011). African Journal of Business Management, Vol. 5(9), p. 3523-3539. Pathak, J. (2005). Information technology auditing an evolving agenda. Berlin, Springer Salehi, M. & Husini, R. (2011). A study of the effect of information technology on internal auditing: Some Iranian evidence. African Journal of Business Management. 5, 6169-6179. Read More