An examination of audit task complexity & audit risk in the context of information technology architecture intricacy & stability: a survey & case study based research of medium & large Australian organisations in the area of information systems audit

Purpose: This thesis leverages Audit Judgement and Decision-Making, Behavioural Sciences, Information Technology, and Informing Science research, to build on extant Audit Task Complexity and Audit Risk research. The purpose of this work was to determine empirically, in the context of information systems audit, if Audit Task Complexity and Audit Risk are each associated with Information Technology Architecture intricacy and stability. Design, methodology, and approach: Departing from experimental methods generally adopted in relevant extant research, this study adopted survey and case study research methods to test the hypotheses with real-world data collected from medium to large Australian organisations. Senior information systems auditors and key information technology personnel pertaining to 30 participating organisations, each completed self-administered questionnaire survey instruments. The researcher completed the same survey questionnaire instruments for 21 case studies, the data for which was derived from information systems audit working papers obtained from a second-tier accounting firm. Partial Least Squares path modelling was used for hypothesis testing as this is best suited for non-parametric and relatively small datasets. Findings: From hypothesis testing, the results suggest that: 1. The extent of information systems audit findings reported to Management is positively associated with the extent of Information Technology Infrastructure component quantity; and 2. The Risk of Material Systems Failure is positively associated with the extent of Information Technology Infrastructure component diversity and inter-dependency. Research value: Information technology environments in a number of organisations today can present a challenge to even the most experienced information systems auditors. This research contributes to the body of knowledge pertaining to information systems audit practitioners by identifying those Information Technology Architecture and Infrastructure elements that can present a challenge to practitioners in respect of Audit Task Complexity and Audit Risk. A better understanding of these areas would invariably benefit the profession. Research exclusions and limitations: Information Technology Architectures comprise many business information systems. This study excludes Personal Information Systems as these systems are generally not audited by information systems auditors and hence will not have any impact on research results. Shadow Information Technology is also excluded as metrics around these environments cannot be captured effectively or reliably; this exclusion is expected to have minimal impact on results. Measurement limitations exist around a number of variables exist due to the availability, reliability, and extent of resources required to obtain the relevant data

The Effects of Audit Methodology and Audit Experience on the Development of Auditors? Knowledge of the Client?s Business

This dissertation examines how differences between the strategic-systems audit approach and the traditional, transaction-based audit approach affect the content and complexity of client business knowledge in long-term memory, how these mental representations develop with experience, and how the representations affect risk assessment. Knowledge of the client?s business is essential to conducting an effective and efficient audit, but researchers have devoted little attention to how this knowledge is represented in memory and what effect it has on audit judgment. Moreover, proponents of the strategic-systems approach argue that this approach leads to the formation of a more-complex client business model and results in better audit judgments than the transaction-based approach. The study?s results contradict these claims, with the strategic-systems auditors having less-complex models than their TBA counterparts. Also, no experience-related differences were found in the client models, and risk assessments were only weakly affected by content and complexity differences between client models. After a variety of supplemental analyses, it was concluded that there is no evidence from this dissertation to suggest that the SSA methodology does not result in an auditor possessing an enhanced knowledge of the client?s business compared to that possessed by an auditor employing a traditional audit approach

Auditors' Performance in Risk and Control judgments : An Empirical Study

Onder meer ingegeven door relatief recente boekhoudschandalen is het onderwerp ‘kwaliteit van de accountantscontrole’ hoog op de maatschappelijke agenda komen te staan. Medio jaren negentig hebben de grote accountantskantoren tevens een belangrijke vernieuwing van hun controlemethodologie doorgevoerd. In deze studie wordt onderzocht in hoeverre algemene, industriespecifieke en taakspecifieke ervaring bijdragen aan de kwaliteit van het accountantsoordeel wanneer zij controletaken uitvoeren op basis van de vernieuwde controlemethodologie. Aan 85 accountants, werkzaam bij de grote vier Nederlandse accountantskantoren, werd een casus van een bedrijf in de bouwindustrie voorgelegd. Zij werden gevraagd om voor deze specifieke setting de belangrijkste bedrijfsrisico’s en beheersingsmaatregelen te onderkennen en na te gaan wat de impact hiervan is op jaarrekeningrisico’s (het risico dat een bepaalde post in de jaarrekening een materiële fout bevat). De onderzoeksresultaten suggereren dat industriespecifieke ervaring inderdaad – hoewel slechts tot een bepaald ervaringsniveau - bijdraagt aan de kwaliteit van het accountantsoordeel voor wat betreft het onderkennen van bedrijfsrisico’s en beheersingsmaatregelen. Ten aanzien van deze controletaak werd geen significante positieve bijdrage van algemene ervaring en taakspecifieke ervaring aan de kwaliteit van het accountantsoordeel gevonden. Bij het inschatten van de impact van bedrijfsrisico’s en beheersingsmaatregelen op jaarrekeningrisico’s daarentegen is het juist taakspecifieke ervaring die bijdraagt aan de kwaliteit van oordeelsvorming. Het vaker uitvoeren van deze controletaak leidt dus op den duur tot een kwalitatief beter accountantsoordeel. Het management van accountantskantoren is op basis van deze studie beter in staat om de juiste persoon van een controleteam toe te wijzen aan een bepaalde controletaak.Groot, T.L.C.M. [Promotor]Egten RA, C.A. [Promotor]van Dassen RA, R.J.M. [Promotor