8/10/2019 Discussion of 'Factors Associated With IT Audits by
the Internal (2)
1/2
Discussion
Discussion of 'Factors Associated with IT Audits by the
InternalAudit Function'
Doug TsangKPMG, Canada
1. Introduction
This research paper examined the statistical relationship
between the proportions of time that InternalAudit Functions (IAFs)
spent on IT audits ( level of IT audits ) and factors such as
internal audit staff'straining (quali cations), experience and the
size of the organization.
2. Comments
The research approach to the topic is quantitative as it
examined the statistical relationship betweenthe level of IT audits
and various variables noted above. The authors have not
incorporated otherqualitative factors into the research. For
example, the analysis did not include risk as a variable
factor.This will be discussed in more detail below:
a) De nition of IT auditsThe proportion of IAF's time spent on
IT audit may depend on how IT audits are de ned. IT auditswould
typically include the following areas: IT general controls IT
application controls Computer Assisted Audit Techniques
(CAATs).
However, auditing IT application controls or using CAATs
normally forms an integral part of operational or nancial audits.
It is not clear in the research whether the time spent in these
areas wascaptured as IT audits in the CBOK (2006) survey. If these
are not classi ed as IT audits, the proportionof time spent on IT
audits reported in the paper may not provide a complete
picture.Additionally auditing IT application controls or using
CAATs form an integral part of operational or
nancial audits. These are often performed by the operational or
nancial auditors rather than ITauditors. Thus, it is not clear
whether this will have any impact on the model.
b) Other variable factors riskThe authors have not included risk
to either an Explanatory Variable or a Control Variable. It is
commonfor the IA function to spend more time auditing high risk
areas , regardless whether or not there is an ITcomponent in the
area.
c) Other variable factors complexity of IT systemsThe authors
have not included the complexity of IT systems used in the
organization as an ExplanatoryVariable or a Control Variable. It
seems plausible that IAFs in organizations using more complex
IT
International Journal of Accounting Information Systems 11
(2010) 155 156
1467-0895/$ see front matter 2010 Elsevier Inc. All rights
reserved.doi: 10.1016/j.accinf.2010.07.006
Contents lists available at ScienceDirect
International Journal of Accounting
Information Systems
http://dx.doi.org/10.1016/j.accinf.2010.07.006http://dx.doi.org/10.1016/j.accinf.2010.07.006http://dx.doi.org/10.1016/j.accinf.2010.07.006http://dx.doi.org/10.1016/j.accinf.2010.07.006http://www.sciencedirect.com/science/journal/14670895http://www.sciencedirect.com/science/journal/14670895http://dx.doi.org/10.1016/j.accinf.2010.07.006http://dx.doi.org/10.1016/j.accinf.2010.07.006
