Wu and Hahn’s control‐complexity/control‐point orientation for computer information system (CIS) audits: an empirical test in an electronic data interchange (EDI) environment

The purpose of this study is to investigate the approach required to conduct an efficient and effective audit of EDI systems. An audit approach proposed by Wu and Hahn (1989) is employed to examine, at a conceptual level, IS managers’ and CIS auditors’ perceptions of the audit approach necessary to evaluate internal controls in EDI systems. Wu and Hahn’s approach is based on a broader control concept and uses a control‐complexity/control‐point orientation to evaluate organisations’ internal control systems in dynamic computerised environments. Findings based on data from a sample of IS managers and CIS auditors showed general agreement with the audit approach proposed by Wu and Hahn and moderate consensus between the IS managers and CIS auditors regarding this approach.

[1]  C. D. Wrigley,et al.  Electronic Data Interchange , 2002, Encyclopedia of Information Systems.

[2]  Leslie D. Turner,et al.  The relative efficiency of boards of accountancy: A measure of the profession's enforcement and disciplinary processes , 1991 .

[3]  Ron Weber,et al.  EDP Auditing: Conceptual Foundations and Practice , 1988 .

[4]  Pauline Ratnasingham,et al.  Internet-based EDI trust and security , 1998, Inf. Manag. Comput. Secur..

[5]  A. N. Oppenheim Questionnaire Design and Attitude Measurement , 1966 .

[6]  E. Larson,et al.  How Much Is Too Much?: Advising Patients About Safe Levels of Alcohol Consumption , 1993 .

[7]  Elaine Waples,et al.  Control of electronic data interchange systems , 1989 .

[8]  M. C. Parfett What is EDI? : a guide to electronic data , 1992 .

[9]  Jeff Gibbs,et al.  Audit and Control Implications of the OSI Seven-Layer Model in an EDI Environment , 1991 .

[10]  Sally Chan EDI for managers and auditors , 1993 .

[11]  R. Wallace,et al.  Nonresponse bias in mail accounting surveys: A pedagogical note , 1988 .

[12]  F. Machlup,et al.  The Study of Information: Interdisciplinary Messages , 1984 .

[13]  L. Cronbach,et al.  Construct validity in psychological tests. , 1955, Psychological bulletin.

[14]  Angie Pantages,et al.  Coopers & Lybrand , 1993 .

[15]  Michael Gibbins,et al.  Regression And Other Statistical Implications For Research On Judgment Using Intercorrelated Data Sources , 1982 .

[16]  Anna Carlin Cisa Audit Concerns in Electronic Data Interchange , 1990 .

[17]  Ron Weber,et al.  Some Characteristics of the Free Recall of Computer Controls by EDP Auditors , 1980 .

[18]  Eliot R. Smith,et al.  Research methods in social relations , 1962 .

[19]  Gordon B. Davis,et al.  Auditing advanced EDP systems : a survey of practice and development of a theory , 1983 .

[20]  Robert Libby,et al.  Modeling the determinants of audit expertise , 1994 .

[21]  R. Wallace Intranational and international consensus on the importance of disclosure items in financial reports: A Nigerian case study , 1988 .

[22]  Robert J. Thierauf,et al.  Electronic Data Interchange in Finance and Accounting , 1990 .

[23]  D. D. Vaus,et al.  Surveys in Social Research , 1991 .

[24]  James V. Hansen,et al.  Evaluating software controls for electronic data interchange , 1991 .

[25]  R. Wallace,et al.  Nonresponse bias in mail accounting surveys: A pedagogical extension , 1990 .

[26]  Donald R. Cooper,et al.  Business Research Methods , 1980 .

[27]  D. Neu The social construction of positive choices , 1992 .

[28]  P. Stein,et al.  Strategy that includes serial noninvasive leg tests for diagnosis of thromboembolic disease in patients with suspected acute pulmonary embolism based on data from PIOPED. Prospective Investigation of Pulmonary Embolism Diagnosis. , 1995, Archives of internal medicine.