IT auditing activities of public sector auditors in Malaysia

Information technology (IT) has become an increasingly important tool for the Malaysian government to improve the delivery of its services. However, advances in information technology continuously render control procedures obsolete. Indispensably audit methodology has to evolve to keep abreast with the change in technology. This study investigates the IT practices of the public sector auditors in Malaysia. We examine IT evaluation based on IT audit objectives, organisational characteristics, competency of auditor and usage of Computer Assisted Audit Tools and techniques (CAATTs). Self-administered questionnaires were mailed to 400 public sector auditors providing a usable sample size of 73. The results show that application processing control and data integrity, privacy and security control were the most frequent evaluations performed by public sector auditors. The most frequent IT audit objective is the evaluation of compliance with policies, procedures and evaluation of internal control and these objectives are performed differently in different divisions. CAATTs have been used most frequently as a problem solving aid. Several appealing patterns emerged from the eight regression models. The findings provide important implications for research on IT and public sector auditing.   Key words: IT auditing, public sector auditing, public sector auditors.

[1]  Sunny Marche,et al.  E‐commerce impact on Canadian public sector audit practice , 2005 .

[2]  S. Snell Control Theory In Strategic Human Resource Management: The Mediating Effect Of Administrative Information , 1992 .

[3]  Mark Petterson The keys to effective IT auditing , 2005 .

[4]  She-I Chang,et al.  The Development of a Computer Auditing System Sufficient for Sarbanes-Oxley Section 404— A Study on the Purchasing and Expenditure Cycle of the ERP System , 2008, Inf. Syst. Manag..

[5]  James V. Hansen,et al.  Control and Audit of Electronic Data Interchange , 1989, MIS Q..

[6]  ‘Governance and electronic innovation’: A clash of paradigms , 1998 .

[7]  Rebecca J. Whitener The integrated auditor , 1992 .

[8]  Bonnie W. Morris,et al.  Determinants of Information Systems Audit Involvement in EDI Systems Development , 1996 .

[9]  Philip E. T. Lewis,et al.  Research Methods for Business Students , 2006 .

[10]  Andrew Greasley,et al.  Business information systems : technology, development and management , 2008 .

[12]  Jagdish Pathak,et al.  Internal Audit and E-commerce Controls , 2004 .

[13]  D. R. Hermanson,et al.  The Association of Perceived Disaster Recovery Plan Strength with Organizational Characteristics , 1998 .

[14]  Richard N. Burton Discussion of Information Technology-Related Activities of Internal Auditors , 2000, J. Inf. Syst..

[15]  Cynthia Jackson Discussion of Information Technology-Related Activities of Internal Auditors , 2000, J. Inf. Syst..

[16]  Ralph E. Viator,et al.  Computer Auditor Reliance on Automated and Non-Automated Controls As a Function of Training and Experience , 1998 .

[17]  Sally Wright,et al.  Are Financial Auditors Overconfident in Their Ability to Assess Risks Associated with Enterprise Resource Planning Systems? , 2004, J. Inf. Syst..

[18]  Janet L. Colbert,et al.  A Comparison of Internal Controls: COBIT®, SAC, COSO and SAS 55/78 , 2005 .

[19]  Robert M. Davison,et al.  From government to e-government: a transition model , 2005, Inf. Technol. People.

[20]  Dana R. Hermanson,et al.  Information Technology-Related Activities of Internal Auditors , 2000, J. Inf. Syst..

[21]  Graham Curtis Business information systems - analysis, design and practice , 1989 .

[22]  M. J. Moon The Evolution of E-Government among Municipalities: Rhetoric or Reality? , 2002 .

[23]  Sunny Marche,et al.  E-Government and E-Governance: The Future Isn't What It Used To Be , 2009 .

[24]  Jean C. Bedard,et al.  The effect of training on auditors' acceptance of an electronic work system , 2003, Int. J. Account. Inf. Syst..

[25]  James A. Hall Information Systems Auditing and Assurance , 1999 .

[26]  Alan Reinstein,et al.  The impact of emerging information technology on auditing , 1998 .

[27]  Brian T. Pentland,et al.  Will auditors take over the world? Program, technique and the verification of everything , 2000 .

[28]  Stuart Maguire,et al.  Identifying risks during information system development: managing the process , 2002, Inf. Manag. Comput. Secur..

[29]  I. Solomon,et al.  Experimental judgment and decision research in auditing: the first 25 years of AOS , 2003 .

[30]  Ahmad A. Abu-Musa Information technology and its implications for internal auditing: An empirical study of Saudi organizations , 2008 .

[31]  John D'Ambra,et al.  Understanding the use of an electronic process guide , 2002, Inf. Softw. Technol..

[32]  Robert L. Braun,et al.  Computer‐assisted audit tools and techniques: analysis and perspectives , 2003 .

[33]  Jagdish Pathak,et al.  Audit Resource Planning Success in B2B E-Commerce: Development and Testing of a Measurement Scale , 2008, Inf. Syst. Manag..

[34]  John Tongren,et al.  A Preliminary Survey of Cobit Use , 1997 .