The Development of a Computer Auditing System Sufficient for Sarbanes-Oxley Section 404— A Study on the Purchasing and Expenditure Cycle of the ERP System

Abstract After Section 404 of the Sarbanes-Oxley Act (SOX 404) was released, developing a computer auditing system became more important for management and auditors. In this study, the researchers aim to: (1) explore the crucial control items of the purchasing and expenditure cycle in meeting the conditions of SOX 404; (2) develop a computer auditing system based on the recognized control items and requirements of SOX 404; and (3) validate the applicability of the system by using an ISO/IEC 9126 model in meeting organizational needs (ISO, 2001). The Gowin's Vee research strategy developed by Novak & Gowin (1984) was used in the study. In theory, researchers have identified eight operational procedures and 34 critical control items for the purchasing and expenditure cycle. The prototype computer auditing system of this study was then developed. On the experimental side, the researchers conducted two case studies based on the ISO/IEC 9126 software assessment criteria, the result of which showed that the system can provide company internal auditing personnel and their external auditors with a simple, continuous, timely, and analytical tool, which may promptly and effectively help in detecting problem control issues. We believe this study can contribute to the development of a sufficient and manageable computer auditing system, and provide prospective researchers and businesses with future directions in this subject area.

[1]  Joseph D. Novak,et al.  Learning How to Learn , 1984 .

[2]  Kam C. Chan,et al.  Earnings Management and Return-Earnings Association of Firms Reporting Material Internal Control Weaknesses Under Section 404 of the Sarbanes-Oxley Act , 2005 .

[3]  Prasad Bingi,et al.  Critical Issues Affecting an ERP Implementation , 1999, Inf. Syst. Manag..

[4]  George H. Bodnar,et al.  Accounting and Information Systems , 1993 .

[5]  C A Nelson,et al.  Learning to Learn , 2017, Encyclopedia of Machine Learning and Data Mining.

[6]  William F. Messier,et al.  Auditing & Assurance Services: A Systematic Approach , 1999 .

[7]  Amar Ramdane-Cherif,et al.  ISO quality standards for measuring architectures , 2004, J. Syst. Softw..

[8]  Ho-Won Jung,et al.  Validating the external quality subcharacteristics of software products according to ISO/IEC 9126 , 2007, Comput. Stand. Interfaces.

[9]  Mark C. Paulk,et al.  Software Product Evaluation , 2001 .

[10]  Nigel Bevan,et al.  Quality in use: Meeting user needs for quality , 1999, J. Syst. Softw..

[11]  Michael Rosemann,et al.  Special Issue on the AMCIS 2001 Workshops: Integrating Enterprise Systems in the University Curriculum , 2002, Commun. Assoc. Inf. Syst..

[12]  William F. Messier,et al.  Auditing and Assurance Services: A Systematic Approach , 2002 .

[13]  Roger Frost,et al.  International Organization for Standardization (ISO) , 2004 .

[14]  C. H. Lawshe A QUANTITATIVE APPROACH TO CONTENT VALIDITY , 1975 .

[15]  Randal J. Elder Mark S. Beasley Alvin A. Arens Auditing and Assurance Services: An Integrated Approach , 2002 .

[16]  Joey F. George,et al.  Essentials of Systems Analysis and Design , 2000 .