Research Opportunities in Information Technology and Internal Auditing

This paper presents research opportunities in the area of information technology (IT) within the context of the internal audit function. Given the pervasive use of IT in organizations and the new requirements of the Sarbanes‐Oxley Act of 2002, internal audit functions must use appropriate technology to increase their efficiency and effectiveness. We develop IT and internal audit research questions for three governance‐related activities performed by the internal audit function‐risk assessment, control assurance, and compliance assessment of security and privacy.

[1]  Edward Blocher,et al.  The role of analytical procedures in detecting management fraud , 1993 .

[2]  Marcia L. Weidenmier,et al.  CHAPTER 9 THE PERVASIVE IMPACT OF INFORMATION TECHNOLOGY ON INTERNAL AUDITING , 2004 .

[3]  Ryan B. Lee,et al.  The Effect of Corporate Governance on the Use of Enterprise Risk Management: Evidence from Canada , 2003 .

[4]  Kim Hargraves Privacy: Assessing the Risk , 2003 .

[5]  Albert Marcella,et al.  Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes , 2002 .

[6]  Paul Rouse,et al.  An Application of Data Envelopment Analysis to the Evaluation of Audit Risk , 2002 .

[7]  Ganesh Krishnamoorthy,et al.  A Cascaded Inference Model for Evaluation of the Internal Audit Report , 2001, Decis. Sci..

[8]  Karen S. Cravens,et al.  The Reputation Index:: Measuring and Managing Corporate Reputation , 2003 .

[9]  Heather M. Hermanson An Analysis of the Demand for Reporting on Internal Control , 2000 .

[10]  R. Mason Four ethical issues of the information age , 1986 .

[11]  Benjamin B. Bae,et al.  Implementation of ERP Systems: Accounting and Auditing Implications , 2004 .

[12]  D. O'Leary,et al.  Enterprise Resource Planning Systems Systems , Life Cycle , Electronic Commerce , and Risk , 2002 .

[13]  Akhilesh Chandra,et al.  Toward a Biometric Security Layer in Accounting Systems , 2003, J. Inf. Syst..

[14]  Frederic G Withington Technology forecast , 1985 .

[15]  Carl J. Pacini,et al.  The Law and CPA WebTrust , 1999 .

[16]  Cynthia Waller Vallario,et al.  Segregation of duties in ERP: an automated assessment tool enables internal auditors at MeadWestvaco to enhance their SOD control reviews throughout the enterprise , 2003 .

[17]  Mark F. Zimbelman The Effects of Sas No. 82 on Auditors' Attention to Fraud Risk Factors and Audit Planning Decisions , 1997 .

[18]  David McNamee,et al.  Risk Management: Changing the Internal Auditor's Paradigm , 1998 .

[19]  Sally Wright,et al.  Are Financial Auditors Overconfident in Their Ability to Assess Risks Associated with Enterprise Resource Planning Systems? , 2004, J. Inf. Syst..

[20]  Dana R. Hermanson,et al.  Information Technology-Related Activities of Internal Auditors , 2000, J. Inf. Syst..

[21]  Ashish Garg,et al.  The Financial Impact of IT Security Breaches: What Do Investors Think? , 2003, Inf. Secur. J. A Glob. Perspect..

[22]  Severin V. Grabski,et al.  A Comparison of Judgement, Skills, and Prompting Effects Between Auditors and Systems Analysts , 1987, MIS Q..

[23]  Sridhar Ramamoorti,et al.  Research Opportunities in Internal Auditing , 2003 .

[24]  Karim Jamal,et al.  Enforced Standards Versus Evolution by General Acceptance: A Comparative Study of E-Commerce Privacy Disclosure and Practice in the United States and the United Kingdom , 2004 .

[25]  K. Weick The social psychology of organizing , 1969 .

[26]  Sridhar Ramamoorti,et al.  Using Neural Networks for Risk Assessment in Internal Auditing: A Feasibility Study , 1998 .

[27]  Paul J. Sobel,et al.  Aligning Corporate Governance with Enterprise Risk Management , 2004 .

[28]  Maurice Gosselin,et al.  Getting Inside the Black Box: A Field Study of Practices in “Effective” Audit Committees , 2004 .

[29]  Arnold Schneider,et al.  Factors Affecting Internal Auditors' Consideration of Fraudulent Financial Reporting during Analytical Procedures , 2001 .

[30]  Rick Elam,et al.  Continuous Auditing: Building Automated Auditing Capability , 2002 .

[31]  Daniel E. O'Leary,et al.  Discussion of Information System Assurance for Enterprise Resource Planning Systems: Unique Risk Considerations , 2002, J. Inf. Syst..

[32]  Ganesh Krishnamoorthy,et al.  A Multistage Approach to External Auditors' Evaluation of the Internal Audit Function , 2002 .

[33]  Jerry A. Miccolis,et al.  Enterprise Risk Management: Trends and Emerging Practices , 2001 .

[34]  Dana R. Hermanson,et al.  Disclosures in Audit Committee Charters and Reports , 2002 .

[35]  Sally Wright,et al.  Information System Assurance for Enterprise Resource Planning Systems: Unique Risk Considerations , 2002, J. Inf. Syst..

[36]  Theodore J. Mock,et al.  Are Audit Program Plans Risk‐Adjusted? , 1999 .

[37]  Glenn E. Sumners,et al.  The Relative Importance of Management Fraud Risk Factors , 2001 .

[38]  D. R. Hermanson,et al.  The Association of Perceived Disaster Recovery Plan Strength with Organizational Characteristics , 1998 .

[39]  N. Dean Meyer Systemic is Governance: An Introduction , 2004, Inf. Syst. Manag..

[40]  R. Spinello Privacy Rights in the Information Economy , 1998 .