Continuous Assurance for the Digital Transformation of Internal Auditing

As a result of the increasing demand on the credibility of the financial information disclosure, internal auditing has been playing an increasingly important role in organizations. Currently, there is a need to ensure the compliance of organizational transactions in real time in order to increase the reliability of the information and to reduce risks. In this context, the concept of Continuous Assurance has emerged, allowing to reduce potential errors and risks and obtain useful information in real time, supporting more effectively the decision making and internal auditing. This paper aims to understand the importance and the use of Continuous Assurance services from the perspective of the internal auditor. So, the methodology used is qualitative and the questionnaire survey was used to collect data from interna auditors in Portugal. The main results demonstrate, among other findings, that the Continuous Assurance services are considered by the internal auditors as very important. Despite this, its implementation in the organizations does not follow the importance assigned to it, and is still far from being fully deployed. The dimension of the audit department is an influential factor in the use of some Continuous Assurance services.info:eu-repo/semantics/publishedVersio

Defrauding the Public Interest: A Critical Examination of Reengineered Audit Processes and the Likelihood of Detecting Fraud

In the past few years, most of the major international public accounting firms have reengineered their audit processes to improve the cost effectiveness of completing an audit and to focus on value-added services for clients. The reengineered audit processes generally focus on a client’s business processes and the information systems used by the client to generate financial information. In essence, the new audit approaches deemphasize direct testing of the underlying transactions and account balances. Such an approach emphasizes analytical procedures as the main source of substantive evidence. During this same time period, however, the profession (through the AICPA) explicitly acknowledged the profession’s responsibility for fraud detection. The main premise of this paper is that the increased emphasis on systems assessments is at odds with the profession’s position regarding fraud detection because most material frauds originate at the top levels of the organization, where controls and systems are least prevalent and effective. As such, the profession may be paying lip service to fraud detection, while at the same time changing the audit process in a manner that is less effective at detecting the most common frauds

Managing issues in risk assessment in auditing process

The paper intends to present some aspects of evaluating various dimensions of risks as they are necessary to be estimated in the auditing process. The definitions for audit are used to emphasize on the nature of the evidence data and the input information for conducting such an audit. Then, a short characterization of the evaluation of risk and a prioritization procedure are described.auditing process, risk assessment, prioritization procedure

Enterprise information security policy assessment - an extended framework for metrics development utilising the goal-question-metric approach

Effective enterprise information security policy management requires review and assessment activities to ensure information security policies are aligned with business goals and objectives. As security policy management involves the elements of policy development process and the security policy as output, the context for security policy assessment requires goal-based metrics for these two elements. However, the current security management assessment methods only provide checklist types of assessment that are predefined by industry best practices and do not allow for developing specific goal-based metrics. Utilizing theories drawn from literature, this paper proposes the Enterprise Information Security Policy Assessment approach that expands on the Goal-Question-Metric (GQM) approach. The proposed assessment approach is then applied in a case scenario example to illustrate a practical application. It is shown that the proposed framework addresses the requirement for developing assessment metrics and allows for the concurrent undertaking of process-based and product-based assessment. Recommendations for further research activities include the conduct of empirical research to validate the propositions and the practical application of the proposed assessment approach in case studies to provide opportunities to introduce further enhancements to the approach

Corporate Disclosure on Anti-Corruption Practice: A study of Social Responsible

This paper seeks to determine the extent of anti-corruption information disclosure in the sustainability reports originating from Gulf countries. Focus primarily on the fight against corruption, this study utilizes a deeply-rooted content analysis technique of corporate sustainability reporting, covering 66 Gulf Cooperation Council (GCC) firms during 2014. Strengthened by the application of institutional theory, insight into the results points to a state of limited maturity regarding the disclosure of anti-corruption procedures in the region. More specifically, the results highlight the compliance in the reporting of conduct code, while reporting information on whistle-blowing was significantly less in comparison. Firms in Qatar and UAE ultimately release better informed reports; inclusive of detailed information on internal anti-corruption practices

Uptake of inter-organizational IT systems in two Australian agricultural cooperatives: a match between business relationships and design features

In this paper we will advance a perspective that links business network analysis to interorganizational IT systems(IOS) uptake, starting with an analytic framework to characterize both different types of electronic business to business interactions (via the web) as well as the network of business relationships in which they are used. In order to see whether inter-organizational IT systems and business networks (mis)match they are compared on two dimensions: 'mode of interaction' (relational versus transactional) and 'nature of coordination' (emergent versus directive). The study analyses two Australian agricultural cooperatives 'Capgrains' and 'Bluegum'. The transactional focus and directive control of Capgrains' online ordering system did not match with the relational interaction and emergent coordination that was common in their network of business relationships, resulting in a mismatch and low level of use of the system. The Bluegum's group communication system much better matched with the business relationships in the cooperative and higher use of the IOS. Indicating a positive relation betweenmatch and uptake of the IOS

E-Commerce Audit Judgment Expertise: Does Expertise in System Change Management and Information Technology Auditing Mediate E-Commerce Audit Judgment Expertise?

A global survey of 203 E-commerce auditors was conducted to investigate the perceptions about the potential determinants of expertise in E-commerce audits. We hypothesize and find evidence indicating that information technology and communication expertise are positively related to expertise in E-commerce audit judgment. We also find that system change management expertise and information technology audit expertise mediate this relationship.E-commerce Audit Judgment, IT Audit, Structural Equations Modeling