An exploratory study into audit challenges in IT governance : a Delphi approach

Information technology (IT) has been playing a powerful role in creating a competitive advantage for organisations over the past decades. This role has become proportionally greater over time as expectations for IT investments to drive business opportunities keep on rising. However, this reliance on IT has also raised concerns about regulatory compliance, governance and security. IT governance (ITG) audit leverages the skills of IS/IT auditors to ensure that IT initiatives are in line with the business strategies. ITG audit emerged as part of performance audit to provide an assessment of the effective implementation of ITG. This research attempts to empirically examine the ITG audit challenges in the Australian public sector. Based on literature research and Delphi research, this paper provides insights regarding the impact of, and required effort to address these challenges. The authors also present the ten major ITG audit challenges facing Australian public sector organisations today.

A Delphi study into the audit challenges of IT governance in the Australian public sector

Information technology (IT) has been playing a powerful role in creating a competitive advantage for organisations over the past decades. This role has become proportionally greater over time as expectations for IT investments to drive business opportunities keep on rising. However, this reliance on IT has also raised concerns about regulatory compliance, governance and security. IT governance (ITG) audit leverages the skills of IS/IT auditors to ensure that IT initiatives are in line with the business strategies. ITG audit emerged as part of performance audit to provide an assessment of the effective implementation of ITG. This research attempts to empirically examine the ITG audit challenges in the public sector. Based on literature and Delphi research, this paper provides insights regarding the impact of, and required effort to address these challenges. The authors also present the ten major ITG audit challenges facing Australian public sector organisations today.

External auditors’ perceptions of cloud computing adoption in Australia

Adopting a multi-theoretical approach, I examine external auditors’ perceptions of the reasons why organizations do or do not adopt cloud computing. I interview forensic accountants and IT experts about the adoption, acceptance, institutional motives, and risks of cloud computing. Although the medium to large accounting firms where the external auditors worked almost exclusively used private clouds, both private and public cloud services were gaining a foothold among many of their clients. Despite the advantages of cloud computing, data confidentiality and the involvement of foreign jurisdictions remain a concern, particularly if the data are moved outside Australia. Additionally, some organizations seem to understand neither the technology itself nor their own requirements, which may lead to poorly negotiated contracts and service agreements. To minimize the risks associated with cloud computing, many organizations turn to hybrid solutions or private clouds that include national or dedicated data centers. To the best of my knowledge, this is the first empirical study that reports on cloud computing adoption from the perspectives of external auditors.

Auditor communication in an evolving environment : going beyond SAS 600 auditors' reports on financial statements

In 1993 the Auditing Practices Board issued an expanded audit report, SAS 600 Auditors’ Reports on Financial Statements, in an attempt to educate users and to clarify certain matters pertaining to the audit function. This paper investigates the extent to which the new audit report, SAS 600, has been successful in aligning the views of auditors, preparers and users about issues dealt with in the expanded audit report, and the extent to which the three groups considered that it would be useful for additional matters, including corporate governance, to be reported upon by the auditor. Our findings suggest that SAS 600 has been successful in clarifying the purpose of the audit and the respective responsibilities of auditors and directors. However, to meet the expectations of users and to add more value, the audit report needs to provide more information about the findings of the audit.

A study of the informal interactions between audit committees and internal auditors in Australia

This paper finds evidence for the growing importance of informal interactions between the internal audit function and the audit committee (AC) in Australia – a relatively unexplored topic in the literature – using a survey of Chief Audit Executives (CAEs). It also describes the nature of these informal interactions. The most innovative elements of this paper are the findings that certain personal characteristics of CAEs, the specific knowledge and expertise of the AC chair, as well as some of the AC chair’s personal characteristics are associated with the existence (and increase) of informal interactions.

Letter to H.H. Collier of the Auditor’s Office in Austin, Texas from D.W. Fitch, publisher of the Houston Star Newspaper

Letter to H.H. Collier of the Auditor’s Office in Austin, Texas from D.W. Fitch (3 pages, handwritten), publisher of the Houston Star Newspaper. The letter is about newspaper business and personal matters. It is stated that Henry might go to Austin. This letter has been torn and taped. This does not affect the text, Feb. 28, 1841.

Audit committee characteristics, internal auditors' contribution to financial statement audits and audit fees : Malaysian evidence

This paper provides empirical evidence on the impact of audit committee characteristics on the extent of internal auditor’s contribution to financial statement audits in an emerging economy. Using a cross-sectional regression model, based on Felix, Gramling and Maletta’s (2001) study, it provides evidence of a positive relationship between internal auditor contribution to financial statement audits and three dimensions of audit committee characteristics: the proportion of independent audit committee members; the extent of audit committee members’ knowledge and experience in auditing, accounting, and finance; and the extent of audit committee review of IA proposal related to program, budget and coordination. A second model examines a relationship between internal audit contribution to financial statement audits and audit fees. However, the results did not yield a significant relationship between the two variables. These results are based on a unique data set comprised of publicly available data matched with survey data from chief internal auditors or financial controllers of 90 firms listed on the Kuala Lumpur Stock Exchange (KLSE).

Anomalies in the oversight of Australian auditors

This commentary identifies and comments on anomalies in the oversight of Australian auditors and audit firms. Regulatory and professional oversight and inspection of Australian auditors and audit firms arise from a number of sources, highlighting its multi-faceted nature. This makes it impossible to identify a single body with ultimate responsibility for auditor oversight. Three recent Australian reviews commissioned by the Financial Reporting Council, together with an evaluation of the roles of the various regulatory and professional bodies, are used in this commentary as a platform from which to identify a number of significant anomalies in oversight processes. Major anomalies highlighted arise from the overlapping nature of the duties and functions of the various bodies and the variation in oversight across different categories of audit service providers. Policymakers should closely examine the issues raised in the paper if auditor oversight is to be undertaken in an effective and efficient manner.

SCLPV: secure certificateless public verification for cloud-based cyber-physical-social systems against malicious auditors

Cyber-physical-social system (CPSS) allows individuals to share personal information collected from not only cyberspace but also physical space. This has resulted in generating numerous data at a user's local storage. However, it is very expensive for users to store large data sets, and it also causes problems in data management. Therefore, it is of critical importance to outsource the data to cloud servers, which provides users an easy, cost-effective, and flexible way to manage data, whereas users lose control on their data once outsourcing their data to cloud servers, which poses challenges on integrity of outsourced data. Many schemes have been proposed to allow a third-party auditor to verify data integrity using the public keys of users. Most of these schemes bear a strong assumption: the auditors are honest and reliable, and thereby are vulnerability in the case that auditors are malicious. Moreover, in most of these schemes, an auditor needs to manage users certificates to choose the correct public keys for verification. In this paper, we propose a secure certificateless public integrity verification scheme (SCLPV). The SCLPV is the first work that simultaneously supports certificateless public verification and resistance against malicious auditors to verify the integrity of outsourced data in CPSS. A formal security proof proves the correctness and security of our scheme. In addition, an elaborate performance analysis demonstrates that the SCLPV is efficient and practical. Compared with the only existing certificateless public verification scheme (CLPV), the SCLPV provides stronger security guarantees in terms of remedying the security vulnerability of the CLPV and resistance against malicious auditors. In comparison with the best of integrity verification scheme achieving resistance against malicious auditors, the communication cost between the auditor and the cloud server of the SCLPV is independent of the size of the processed data, meanwhile, the auditor in the SCLPV does not need to manage certificates.

An essay about the effect of vague accounting standards on the decision making process of auditors

Vague words and expressions are present throughout the standards that comprise the accounting and auditing professions. Vagueness is considered to be a significant source of inexactness in many accounting decision problems and many authors have argued that the neglect of this issue may cause accounting information to be less useful. On the other hand, we can assume that the use of vague terms in accounting standards is inherent to principle based standards (different from rule based standards) and that to avoid vague terms, standard setters would have to incur excessive transaction costs. Auditors are required to exercise their own professional judgment throughout the audit process and it has been argued that the inherent vagueness in accounting standards may influence their decision making processes. The main objective of this paper is to analyze the decision making process of auditors and to investigate whether vague accounting standards create a problem for the decision making process of auditors, or lead to a better outcome. This paper makes the argument that vague standards prompt the use of System 2 type processing by auditors, allowing more comprehensive analytical thinking; therefore, reducing the biases associated with System 1 heuristic processing. If our argument is valid, the repercussions of vague accounting standards are not as negative as presented in previous literature, instead they are positive.

The certification role of venture capitalists, top underwriters and big-n auditors in ipos

Esta tese avalia o impacto dos principais atores recorrentes durante o processo de IPO, em particular, o venture capitalist, o underwriter, e o auditor, sobre as condições de comercialização das ações da empresa, capturado pelo bid-ask spread, a fração de investidores institucionais que investem na empresa, a dispersão de capital, entre outros. Além disso, este estudo também analisa alguns benefícios que os fundos de Venture Capital (VCs) fornecem às empresas que eles investem. Ele investiga o papel dos VCs em dificultar o gerenciamento de resultados em IPOs e quantifica o papel desempenhado por eles no desempenho operacional das empresas após sua oferta inicial de ações. No primeiro capítulo, os resultados indicam que as empresas inflam seus resultados principalmente nos períodos pré-IPO e do IPO. Quando nós controlamos para os quatro períodos diferentes do IPO, observamos que IPOs de empresas investidas por VCs apresentam significativamente menos gerenciamento de resultados no IPO e em períodos seguintes à orfeta inicial das ações, exatamente quando as empresas tendem a inflar mais seus lucros. Este resultado é robusto a diferentes métodos estatísticos e diferentes metodologias usadas para avaliar o gerenciamento de resultados. Além disso, ao dividir a amostra entre IPOs de empresas investidas e não investidas por VCs, observa-se que ambos os grupos apresentam gerenciamento de resultados. Ambas as subamostras apresentam níveis de gerenciamento de resultados de forma mais intensa em diferentes fases ao redor do IPO. Finalmente, observamos também que top underwriters apresentam menores níveis de gerenciamento de resultados na subamostra das empresas investidas por VCs. No segundo capítulo, verificou-se que a escolha do auditor, dos VCs, e underwriter pode indicar escolhas de longo prazo da empresa. Nós apresentamos evidências que as características do underwriter, auditor, e VC têm um impacto sobre as características das empresas e seu desempenho no mercado. Além disso, estes efeitos são persistentes por quase uma década. As empresas que têm um top underwriter e um auditor big-N no momento do IPO têm características de mercado que permanecem ao longo dos próximos 8 anos. Essas características são representadas por um número maior de analistas seguindo a empresa, uma grande dispersão da propriedade através de investidores institucionais, e maior liquidez através um bid-ask spread menor. Elas também são menos propensas a saírem do mercado, bem como mais propensas à emissão de uma orferta secundária. Finalmente, empresas investidas por VCs são positivamente afetadas, quando consideramos todas as medidas de liquidez de mercado, desde a abertura de capital até quase uma década depois. Tais efeitos não são devido ao viés de sobrevivência. Estes resultados não dependem da bolha dot-com, ou seja, os nossos resultados são qualitativamente similares, uma vez que excluímos o período da bolha de 1999-2000. No último capítulo foi evidenciado que empresas investidas por VCs incorrem em um nível mais elevado de saldo em tesouraria do que as empresas não investidas. Este efeito é persistente por pelo menos 8 anos após o IPO. Mostramos também que empresas investidas por VCs estão associadas a um nível menor de alavancagem e cobertura de juros ao longo dos primeiros oito anos após o IPO. Finalmente, não temos evidências estatisticamente significantes entre VCs e a razão dividendo lucro. Estes resultados também são robustos a diversos métodos estatísticos e diferentes metodologias.

Exploring Auditors’ Perceptions of the Usage and Importance of Audit Information Technology

This study provides novel evidence on the extent to which auditors perceive the usage and importance of audit technology in an emerging market. It explores the types of audit technology tools used and factors influencing the use of these; it tests the association between the perceived use and importance of the tools and firm-specific/ auditor-specific characteristics. Using interviews and questionnaires from auditors at Big 4 and international non-Big 4 audit firms, the findings reflect the highly perceived importance of using audit technology in technical and administrative procedures, specifically to assess risk. We find that the perceived use and importance of audit technology is relatively higher for those in Big 4 firms, with less years of auditor experience and higher auditor technology expertise, and those in management positions. The results provide policy makers with guidance on the opportunities and challenges of using information technology in the audit process.