An exploratory study into audit challenges in IT governance : a Delphi approach

Information technology (IT) has been playing a powerful role in creating a competitive advantage for organisations over the past decades. This role has become proportionally greater over time as expectations for IT investments to drive business opportunities keep on rising. However, this reliance on IT has also raised concerns about regulatory compliance, governance and security. IT governance (ITG) audit leverages the skills of IS/IT auditors to ensure that IT initiatives are in line with the business strategies. ITG audit emerged as part of performance audit to provide an assessment of the effective implementation of ITG. This research attempts to empirically examine the ITG audit challenges in the Australian public sector. Based on literature research and Delphi research, this paper provides insights regarding the impact of, and required effort to address these challenges. The authors also present the ten major ITG audit challenges facing Australian public sector organisations today.

A Delphi study into the audit challenges of IT governance in the Australian public sector

Information technology (IT) has been playing a powerful role in creating a competitive advantage for organisations over the past decades. This role has become proportionally greater over time as expectations for IT investments to drive business opportunities keep on rising. However, this reliance on IT has also raised concerns about regulatory compliance, governance and security. IT governance (ITG) audit leverages the skills of IS/IT auditors to ensure that IT initiatives are in line with the business strategies. ITG audit emerged as part of performance audit to provide an assessment of the effective implementation of ITG. This research attempts to empirically examine the ITG audit challenges in the public sector. Based on literature and Delphi research, this paper provides insights regarding the impact of, and required effort to address these challenges. The authors also present the ten major ITG audit challenges facing Australian public sector organisations today.

External auditors’ perceptions of cloud computing adoption in Australia

Adopting a multi-theoretical approach, I examine external auditors’ perceptions of the reasons why organizations do or do not adopt cloud computing. I interview forensic accountants and IT experts about the adoption, acceptance, institutional motives, and risks of cloud computing. Although the medium to large accounting firms where the external auditors worked almost exclusively used private clouds, both private and public cloud services were gaining a foothold among many of their clients. Despite the advantages of cloud computing, data confidentiality and the involvement of foreign jurisdictions remain a concern, particularly if the data are moved outside Australia. Additionally, some organizations seem to understand neither the technology itself nor their own requirements, which may lead to poorly negotiated contracts and service agreements. To minimize the risks associated with cloud computing, many organizations turn to hybrid solutions or private clouds that include national or dedicated data centers. To the best of my knowledge, this is the first empirical study that reports on cloud computing adoption from the perspectives of external auditors.

Auditor communication in an evolving environment : going beyond SAS 600 auditors' reports on financial statements

In 1993 the Auditing Practices Board issued an expanded audit report, SAS 600 Auditors’ Reports on Financial Statements, in an attempt to educate users and to clarify certain matters pertaining to the audit function. This paper investigates the extent to which the new audit report, SAS 600, has been successful in aligning the views of auditors, preparers and users about issues dealt with in the expanded audit report, and the extent to which the three groups considered that it would be useful for additional matters, including corporate governance, to be reported upon by the auditor. Our findings suggest that SAS 600 has been successful in clarifying the purpose of the audit and the respective responsibilities of auditors and directors. However, to meet the expectations of users and to add more value, the audit report needs to provide more information about the findings of the audit.

A study of the informal interactions between audit committees and internal auditors in Australia

This paper finds evidence for the growing importance of informal interactions between the internal audit function and the audit committee (AC) in Australia – a relatively unexplored topic in the literature – using a survey of Chief Audit Executives (CAEs). It also describes the nature of these informal interactions. The most innovative elements of this paper are the findings that certain personal characteristics of CAEs, the specific knowledge and expertise of the AC chair, as well as some of the AC chair’s personal characteristics are associated with the existence (and increase) of informal interactions.

Knowledge Sharing within IT Projects

Even though today’s corporations recognize that they need to understand modern project management techniques (Schwalbe, 2002, p2), many researchers continue to provide evidence of poor IT project success. With Kotnour, (2000) finding that project performance is positively associated with project knowledge, a better understanding of how to effectively manage knowledge in IT projects should have considerable practical significance for increasing the chances of project success. Using a combined qualitative/quantitative method of data collection in multiple case studies spanning four continents, and comprising a variety of organizational types, the focus of this current research centered on the question of why individuals working within IT project teams might be motivated towards, or inhibited from, sharing their knowledge and experience in their activities, procedures, and processes. The research concluded with the development of a new theoretical model of knowledge sharing behavior, ‘The Alignment Model of Motivational Focus’. This model suggests that an individual’s propensity to share knowledge and experience is a function of perceived personal benefits and costs associated with the activity, balanced against the individual’s alignment to a group of ‘institutional’ factors. These factors are identified as alignments to the project team, to the organization, and dependent on the circumstances, to either the professional discipline or community of practice, to which the individual belongs.