What Makes AI Different? Exploring Affordances and Constraints - The Case of Auditing

This study aims to gain a comprehensive understanding of the differences between classic IT and AI artefacts. To achieve this objective, the study employs a grounded theory literature review approach and analyses 81 papers related to the application of classic IT and AI artefacts in the auditing industry. Drawing on the Technology Affordances and Constraints Theory, we examine the actions that can be potentially enabled or restricted by using classic IT and AI artefacts. This analysis allows us to conceptualise and compare the affordances and constraints associated with these two types of artefacts. The study addresses the need for more research on AI from both social and technical perspectives. Our findings may facilitate practitioners in improving their business processes and promoting effective collaboration between humans and AI

IT adoption by internal auditors in public sector: A conceptual study

This study is initiated by the interest in understanding Information Technology (IT) adoption by government internal auditors. With the tremendous development of IT in public sectors such as e-government that has been developed to support National IT and transformation agenda, the auditors also are expected to equip not only with the knowledge of IT but also with the tools required to work with this situation.The objectives of this study are to investigate the current IT adoption among internal auditors and to identify the factors that influence IT adoption or non-adoption.This study is expected to discover the current IT adoption practices by government internal auditors.The items for the factor that influence the usage or non-usage of IT in performing the audit tasks also will be catalogued and it will then help to design the model of IT adoption and to guide the future study in exploring IT adoption by internal auditors in public sector

Computer-assisted audit tools and techniques use: Determinants for individual acceptance

During the last fifteen years, several studies on the research topic of Individual Technology Acceptance have been developed, and several new models have been proposed. All these models aim to understand and define determinant contributions for the acceptance of technologies and what the drivers leading to successful adoption are. This dissertation’s main emphasis is to gain an understanding of individual acceptance of Computer-assisted Audit Tools and Techniques (CAATTs) in the context of Portuguese Statutory Auditors. Previous research in other countries, utilizing several and distinct research universes, has informed this work and the definition of the main objectives of the present research. This dissertation has as its main objectives: 1) understanding the tasks in which CAATTs are used; 2) to identify the adoption drivers of CAATTs; 3) to explore the current usage of CAATTs among statutory auditors and 4) to develop a CAATTs adoption model. To reach the objectives two studies were conducted: a qualitative study, supported by interviews to experts, and a quantitative study operationalized by a questionnaire to 110 Portuguese statutory auditors. This latter study was the cornerstone, which allowed testing the CAATTs acceptance model. This dissertation presents significant contributions impacting the various stakeholders: individual Statutory Auditors, Statutory Auditors Firms, The Portuguese Institute of Statutory Auditors, Software houses and higher education.Nos últimos 15 anos, vários estudos de investigação foram desenvolvidos abordando a temática da aceitação individual de tecnologia, tendo sido apresentados novos modelos. Esses modelos têm como objetivo compreender e identificar os determinantes sobre a aceitação de tecnologias que levem a uma adoção bem-sucedida. A principal ênfase da tese é compreender a aceitação individual de “Tecnologias de Informação para Auditoria”, também designadas, em Português, por “Ferramentas Informáticas de Suporte à Auditoria” ou “Técnicas de Auditoria Assistidas por Computador” (CAATT), no contexto dos Revisores Oficiais de Contas em Portugal. Investigações anteriores realizadas em diferentes países, com distintos universos de investigação, inspiraram este trabalho na definição dos principais objetivos da presente pesquisa. A presente dissertação tem como principais objetivos compreender as tarefas em que as CAATT são utilizadas; identificar os fatores de adoção de CAATT; explorar o atual uso de CAATT entre Revisores Oficiais de Contas e desenvolver um modelo de adoção de CAATT. Para alcançar estes objetivos foram realizados dois estudos: um estudo qualitativo e exploratório, apoiado por entrevistas com peritos, e um estudo quantitativo operacionalizado através de um questionário a 110 Revisores Oficiais de Contas portugueses. Este estudo foi a pedra angular que permitiu testar o modelo de aceitação de CAATT. Esta dissertação apresenta contribuições significativas com impactos para os principais stakeholders: Revisores Oficiais de Contas, empresas, Ordem dos Revisores Oficiais de Contas, software houses e instituições de ensino superior

Adoption of generalised audit software (GAS) by external auditors in the UK

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.This research is motivated by the interest in understanding the usage of the Generalised Audit Software (GAS) by external auditors within public accounting firms. GAS is a tool used by auditors to automate various audit tasks. It helps auditors to analyse accounting data electronically where it is quite impossible to do so manually. GAS is claimed to be the most influential Computer Assisted Audit Tools and Technique (CAATTs) that can facilitate the audit objective. However, research has found that there is little evidence that auditors have extensively adopted GAS. Even greater benefits have been promoted since the existence of GAS, but auditors do not really seem to be interested in this tool. Most previous studies have focused on either internal auditors, large accounting firms, other countries or merely adopters of GAS. However, there is little evidence that the study of GAS has been conducted on external auditors, especially in small and medium sized accounting firms in the United Kingdom (UK). This study helps to fill this gap by exploring the use of GAS among them, and covers both adopters and non-adopters of GAS. Through an online survey using both close and open-ended questions, this issue has been investigated among registered statutory auditors. The primary aim of this study is to explore the current usage of GAS and to understand the factors that influence the use of GAS as well as the perceptions and expectations of using GAS. The views are gathered from both auditors who are already implementing GAS and those who are not using GAS. A framework was developed to identify a range of relevant factors which are important when considering the application of GAS. Responses from 205 statutory auditors across the UK were then mapped against the framework. Of the 14 variables used to test the factors that influence the use of GAS, only six of them are found to be significant from logistic regression analysis. These are firm size, experience of auditors in computerised auditing, organisational influence, client factor, audit engagement allocation and perceived usefulness. The findings show that the utilisations of GAS is unusually low among audit firms in the UK. Almost 73% of external auditors make no use of GAS, due to the limited perceived benefit of using GAS for auditing small clients. While some respondents recognised the advantages of GAS, they were put off by what they believed to be high implementation costs; the significant learning curve and adoption process; and lack of ease of use. Some auditors expressed their awareness of GAS, but most of them showed a preference for using traditional auditing methods instead. A few problems have also been identified in causing the limitation of GAS usage. This study contributes to the literature on suggestions to improve the use of GAS that can be used by small and medium sized public accounting firm, which is lacking in existing research related to this group. In sum, this study has deepened current understanding of the GAS usage among small and medium sized audit firms in the UK, and has provided useful insights for audit professionals, software developers, vendors, standards setters, academicians and researchers. This study has also opened up the possibilities for further study on GAS or related areas either in the UK or other places in the world.This study is funded by the Universiti Utara Malaysia and the Ministry of Higher Education of Malaysia

The Pervasive Impact of Information Technology on Internal Auditing

The impetus for this supplemental chapter titled The Pervasive Impact of Information Technology on Internal Auditing comes from The Institute of Internal Auditors Research Foundation (IIARF) monograph, Research Opportunities in Internal Auditing (2003), hereafter ROIA. ROIA combines theory and practice in conceptual frameworks to promote an understanding of the contemporary internal auditing environment. The goals of ROIA include stimulating academic research on significant internal auditing topics and serving as a “communication bridge” between academics and practicing professionals. ROIA provided us with internal auditing related subject matter content, including the most promising areas of information technology (IT) application in internal auditing. One significant topic that is only briefly mentioned in ROIA is the impact of IT on the internal audit function.3 IT is revolutionizing the nature and scope of worldwide communications, changing business processes, and erasing the traditional boundaries of the organization — internally between departments and externally with suppliers and customers. The resulting intra-enterprise coordination as well as inter-enterprise integration with external business partners through supply chain management and customer relationship management systems demonstrates the power of IT as both a driver and enabler of management processes and strategies. Indeed, internal auditors must recognize and leverage the powerful capabilities of computers and technology in collecting, generating, and evaluating information for managerial decision making related to strategy, risk management and controls, and, more broadly, for effective organizational governance. At the same time, internal auditors must recognize that IT, in itself, will not increase the function’s effectiveness. Rather internal auditors must first understand the audit objectives and select appropriate IT to achieve those objectives (i.e., the task-technology fit is essential). It is also imperative that internal auditors understand their organization’s appropriate leveraging of IT, and learn to harness additional IT to optimize internal audit performance.https://ecommons.udayton.edu/books/1037/thumbnail.jp

Process-mining-enabled audit of information systems: Methodology and an application

Current methodologies for Information Systems (ISs) audits suffer from some limitations that could question the effectiveness of such procedures in detecting deviations, frauds, or abuses. Process Mining (PM), a set of business-process-related diagnostic and improvement techniques, can tackle these weaknesses, but literature lacks contributions that address this possibility concretely. Thus, by framing PM as an Expert System (ES) engine, this paper presents a five-step PM-based methodology for IS audits and validates it through a case in a freight export port process managed by a Port Community System (PCS), an open electronic platform enabling information exchange among port stakeholders. The validation pointed out some advantages (e.g. depth of analysis, easier automation, less invasiveness) of our PM-enabled methodology over extant ESs and tools for IS audit. The substantive test and the check on the PCS processing controls and output controls allowed to identify four major non-conformances likely implying both legal and operational risks, and two unforeseen process deviations that were not known by the port authority, but that could improve the flexibility of the process. These outcomes set the stage for an export process reengineering, and for revising the boundaries in the process flow of the PCS

TRANSFERRING CONTINUOUS AUDITING TO THE DIGITAL AGE – THE KNOWLEDGE BASE AFTER THREE DECADES OF RESEARCH

Financial auditing is faced with an intensified regulatory framework and an increasing volume of ac-counting-relevant data. In order to address these challenges, information technology (IT) and corre-sponding information systems (IS) are implemented to improve the effectiveness and efficiency of audit services. In this context, continuous auditing (CA) is defined as an approach to deliver audit assurance in terms of an audit subject in real-time or almost real-time. Although CA is discussed in literature for more than thirty years, fully implemented CA systems are still exceptional cases in practice. The aim of this paper is to structure the relevant CA literature and to discuss insights in order to derive major challenges of CA adoption. To do so, we followed a structured literature review approach including backward search and forward search according to Webster and Watson (2002). Consequently, we trans-form insights and trends of CA research into a conceptual model by describing a scenario of a cloud-based service provider. Our results have a number of implications for both researchers and practition-ers. Foremost, we suggest researchers and practitioners to direct their attention on the changes of tra-ditional paradigms and focus on the digitization of the economy

Essays on Innovations in Public Sector Auditing

The current antecedents of innovation in the public sector, that is, the adoption of SDGs and the unprecedented technological advancements exert pressures on the Supreme audit institutions’(SAIs) current socio-technical system. This has led SAIs to adopt different strategies to maintain their relevance and improve the quality of their work and operations. This thesis investigated the different types of innovations currently happening in the SAIs environment and how SAIs are reacting to the demands of these changes. This exploratory work captured public sector audit innovation through the following three essays: The first essay focused on Digital Transformation (DT), investigated how SAIs approach, and interpret DT. In this regard, DT was investigated from a SAIs perspective. Due to it being a novel topic in public sector auditing research, a qualitative research method was adopted, this method was supported with expert interviews and archival and or document data. Key findings revealed that the definition of DT varies from SAI to SAI, and this variation resulted from the differences in the level of digital development in each country. SAIs applied reactive and, in some situations proactive change strategies were applied. In the reactive strategy, SAIs reacted to change induced by a situational demand while in the proactive strategy, they experiment with technologies in advance. Most of the SAIs applying proactive change strategy operates an innovation lab or an experimentation space(see Bojovic, Sabatier, and Coblence 2020; Bucher and Langley 2016; Cartel, Boxenbaum, and Aggeri 2019; Wulf 2000). As an impact on public sector auditing profession, the research addresses the popular narrative of SAI’s equating digitization or the use of digital technologies to Digital transformation. It reiterated the holistic nature of DT, by pointing at the risk involved when DT is tied solely to technology adoption strategy ignoring other aspects such as people, organizational structure, strategy, culture, etc.La trasformazione in corso dell'ambiente esterno delle Istituzioni Superiori di Controllo (ISC, Corte dei conti) sta modificando le esigenze di controllo e le aspettative dei vari stakeholders coinvolti. Infatti, questa trasformazione, innescato dai progressi tecnologici, dall'adozione degli Obiettivi di Sviluppo Sostenibile (OSS) e dalla trasparenza sta modificando il modo e gli strumenti con cui viene esercitata l’attività di controllo. Ciò ha portato le ISC a adottare diverse strategie ed a introdurre diverse innovazioni per mantenere la loro rilevanza e migliorare la qualità del loro servizio. Vari autori hanno evidenziato la necessità di indagare circa le implicazioni del cambio della strategia di controllo e dell’adozione delle varie innovazioni tecnologiche nelle ISC. Il lavoro di tesi contribuisce in questa direzione e indaga sulle varie innovazioni tecnologiche adottate dalle ISC e come questi Istituzioni hanno reagito alle pressioni esterne di cambiamento. La tesi adotta un approccio esplorativo e sviluppa tre diverse ricerche per rispondere alla domanda principale di ricerca. La prima ricerca si concentra sulla trasformazione digitale (TD), e indaga su come le ISC hanno affrontato e interpretato la TD. La metodologia utilizzata è di tipo qualitativo. Sono state effettuate varie interviste a esperti del settore a livello internazionale oltre all’analisi documentale degli archivi delle varie istituzioni analizzate. I risultati hanno mostrato una diversa interpretazione e percezione, tra le istituzioni oggetto dello studio, del concetto della TD, dovuta alle differenze di sviluppo digitale nei vari paesi analizzati. Inoltre, i risultati mostrano che le ISC hanno adottato strategie reattive di cambiamento e, in alcune situazioni, hanno adottato strategie proattive. Nel primo caso, che rappresenta la maggioranza dei casi analizzati, le ISC hanno reagito al bisogno ovvero quando si presenta una necessità di cambiamento. Mentre nel secondo caso, ovvero di strategia di cambiamento proattivo, le ISC hanno sperimentato le tecnologie in anticipo. La maggior parte delle Istituzioni che ha adottato strategie proattive di cambiamento gestisce un laboratorio di innovazione o uno spazio di sperimentazione (vedi Bojovic, Sabatier e Coblence 2020; Bucher e Langley 2016; Cartel, Boxenbaum e Aggeri 2019; Wulf 2000). Inoltre, la ricerca mostra come la digitalizzazione o l'uso delle tecnologie digitali vengono equiparati alla TD nelle ISC. Questo rischio di interpretazione del concetto si concretizza soprattutto, come mostrano i risultati, quando la TD viene legata esclusivamente alla strategia di adozione della tecnologia ignorando altri aspetti come le persone, la struttura organizzativa, la strategia, la cultura, ecc

Continuous auditing technologies and models

Continuous auditing is not a totally new concept, but it has not been widely implemented, and has existed mostly as a point of debate amongst the auditing fraternity. This may soon change, as continuous auditing has become a topic of great interest, especially in the last decade. This may be due to a combination of reasons. In the last decade, much of the confidence in auditors’ reports was lost due to corporate governance scandals. This also brought about a greater desire for faster, more reliable reporting on which to base decisions. This desire has been transposed into regulations such as the Sarbanes-Oxley act in the United States, which encourages real-time auditing activities, which would benefit from continuous auditing. A second, possible contributing factor to the heightened interest in continuous auditing is that much of the requisite technology has matured to a point where it can be successfully used to implement continuous auditing. It is the technologies which form the focus of this research. It is therefore, the primary objective of this research to investigate and identify the essential technologies, and identify and define their roles within a continuous auditing solution. To explore this area, three models of continuous auditing are compared according to the roles of the technologies within them. The roots of some auditing technologies which can be adapted to the paradigm of continuous auditing are explored, as well as new technologies, such as XML-based reporting languages. In order to fully explore these technologies, the concepts of data integrity and data quality are first defined and discussed, and some security measures which contribute to integrity are identified. An obstacle to implementing a continuous model is that even with the newly available technologies, the multitudes of systems which are used in organisations, produce data in a plethora of data formats. In performing an audit the continuous auditing system needs to first gather this data and then needs to be able to compare “apples with apples”. Therefore, the technologies which can be used to acquire and standardise the data are identified