Discussion of 'Factors Associated With IT Audits by the Internal (2)

Embed Size (px)

Citation preview

  • 8/10/2019 Discussion of 'Factors Associated With IT Audits by the Internal (2)

    1/2

    Discussion

    Discussion of 'Factors Associated with IT Audits by the InternalAudit Function'

    Doug TsangKPMG, Canada

    1. Introduction

    This research paper examined the statistical relationship between the proportions of time that InternalAudit Functions (IAFs) spent on IT audits ( level of IT audits ) and factors such as internal audit staff'straining (quali cations), experience and the size of the organization.

    2. Comments

    The research approach to the topic is quantitative as it examined the statistical relationship betweenthe level of IT audits and various variables noted above. The authors have not incorporated otherqualitative factors into the research. For example, the analysis did not include risk as a variable factor.This will be discussed in more detail below:

    a) De nition of IT auditsThe proportion of IAF's time spent on IT audit may depend on how IT audits are de ned. IT auditswould typically include the following areas: IT general controls IT application controls Computer Assisted Audit Techniques (CAATs).

    However, auditing IT application controls or using CAATs normally forms an integral part of operational or nancial audits. It is not clear in the research whether the time spent in these areas wascaptured as IT audits in the CBOK (2006) survey. If these are not classi ed as IT audits, the proportionof time spent on IT audits reported in the paper may not provide a complete picture.Additionally auditing IT application controls or using CAATs form an integral part of operational or

    nancial audits. These are often performed by the operational or nancial auditors rather than ITauditors. Thus, it is not clear whether this will have any impact on the model.

    b) Other variable factors riskThe authors have not included risk to either an Explanatory Variable or a Control Variable. It is commonfor the IA function to spend more time auditing high risk areas , regardless whether or not there is an ITcomponent in the area.

    c) Other variable factors complexity of IT systemsThe authors have not included the complexity of IT systems used in the organization as an ExplanatoryVariable or a Control Variable. It seems plausible that IAFs in organizations using more complex IT

    International Journal of Accounting Information Systems 11 (2010) 155 156

    1467-0895/$ see front matter 2010 Elsevier Inc. All rights reserved.doi: 10.1016/j.accinf.2010.07.006

    Contents lists available at ScienceDirect

    International Journal of Accounting

    Information Systems

    http://dx.doi.org/10.1016/j.accinf.2010.07.006http://dx.doi.org/10.1016/j.accinf.2010.07.006http://dx.doi.org/10.1016/j.accinf.2010.07.006http://dx.doi.org/10.1016/j.accinf.2010.07.006http://www.sciencedirect.com/science/journal/14670895http://www.sciencedirect.com/science/journal/14670895http://dx.doi.org/10.1016/j.accinf.2010.07.006http://dx.doi.org/10.1016/j.accinf.2010.07.006
  • 8/10/2019 Discussion of 'Factors Associated With IT Audits by the Internal (2)

    2/2

    systems will spend more time on IT audits. It would be interesting to see whether the size of theorganization (as measured by the number of full-time employees) can be used as a proxy for thecomplexity of organization's IT systems.

    156 D. Tsang / International Journal of Accounting Information Systems 11 (2010) 155 156