Audit Effectiveness
eBook - ePub

Audit Effectiveness

Meeting the IT Challenge

  1. 224 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Audit Effectiveness

Meeting the IT Challenge

About this book

In Audit Effectiveness, Dr Kamil Omoteso examines how information technology is changing the landscape for the audit profession as IT tools and techniques continue to be developed for auditors in the pursuit of quality, efficiency and effectiveness. In addition to shedding light on practical subjects such as audit automation, continuous online auditing and computer auditing, this book introduces some theory that helps explain the motivation for the use of new tools and techniques, and assists understanding of their impact on the quality of audit judgment. The book proposes a three-layered model - an integration of contingency, socio-technical systems and structuration theories - for a comprehensive understanding of IT's impact on audit. The model advocates that the use of IT in audits is a function of certain contingent factors that determine an optimal mix of human skills and technological capabilities, which would lead to changes in the nature of auditors' roles and outputs and audit organisations' structures. Dr Omoteso puts forward an audit automation maturity model that can help audit firms/departments to understand their current level of IT integration and how to systematically enhance their capabilities with a view to meeting modern IT challenges - taking them from the position of mere 'followers of technology' to that of effective 'leaders of technology'. Audit Effectiveness is for anyone practising in auditing or accounting automation, as well as for those with an academic or research interest in the challenges posed by technological advances for auditors in particular, and for managers in general.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Audit Effectiveness by Kamil Omoteso in PDF and/or ePUB format, as well as other popular books in Business & Business General. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Routledge
Year
2016
Print ISBN
9781409434689
eBook ISBN
9781317177456
Topic
Business
Subtopic
Business General
Index
Business
PART I
Modern Auditing and the IT Revolution

1
Background to Auditing

Introduction

Before starting a discussion on how the audit profession has adopted or is likely to further implement IT facilities, tools and techniques, a general background to auditing will be provided. This chapter provides a summary of how modern auditing began and traces its development through its different stages of change which has resulted in it being an integral part of today’s organisational governance systems in terms of providing assurance services to business owners as well as to many other interested parties including the public. The chapter also scrutinises the differences and similarities between the two main classes of audit – internal and the external – with a view to establishing a contextual definition of auditing for the purposes of this book.

Historical Development of Auditing

The practice of formalised auditing as a professional field of accountancy can be traced back to the closing years of the nineteenth century when professional accounting bodies were founded in several countries and governments began to make audit compulsory as a way of protecting the interests of shareholders. In the nineteenth and early twentieth centuries, the central theme of auditing was about providing an independent third-party opinion on the financial statements of an entity and confirming that the balance sheet was not fraudulently stated while in the latter part of the twentieth century and early twenty-first century, the (external) audit report has come to be seen as an expert opinion on the quality and compliance of financial information with required accounting standards and company legislation.
Historically, both the United Kingdom (UK) and the United States of America (USA) have served, at different periods, as the main centre of audit development. The profession emanated from the UK which remained the driving force behind its development until the early twentieth century. The US had taken over this leading role by the mid-twentieth century (and remains as the main centre still today) due to the high number of very large corporations some of which are multinational in operations and structures. These two periods also witnessed growth in interest in the accountability of business organisations, through their annual reports and accounts, from not just their legal owners (shareholders) but from all their stakeholders (including the shareholders, creditors, customers, suppliers, governments and the public). Added to these, the two periods saw the cardinal audit objectives expanded from the sole-purpose of fraud detection to multiple objectives comprising a certificate on the credibility of management’s annual reports and accounts, providing management advisory services, reporting doubts about an entity’s ability to carry on trading and helping to secure responsible corporate governance – for a further overview of the historical developments of auditing, see Porter et al. (2003: 18–38).

External and Internal Audits

According to the identity of the primary beneficiaries, audits can be categorised into external and internal. An external audit is where independent experts carry out an audit for the benefit of parties external to the audited entity (e.g. a statutory audit of an organisation’s financial statements) while an internal audit is carried out by either employees of an entity or contracted personnel (if outsourced) for the benefit of the entity’s management as defined by them (the management). The internal audit function within an organisation is responsible for setting up and monitoring the adequacy and the effectiveness of an entity’s internal control systems. In addition, the internal audit function is usually charged with issues relating to an organisation’s risk management and other aspects of governance.
Specifically, by definition, an external audit is an independent examination of the evidence upon which the financial statements of an entity are based, to generate an opinion as to whether the financial statements represent a “true and fair view” and have been prepared in accordance with the applicable reporting framework. On the other hand, internal audit can be described as:
an appraisal or monitoring activity established by management and directors, for the review of the accounting and internal control systems as a service to the entity. It functions by, amongst other things, examining, evaluating and reporting to management and the directors on the adequacy and effectiveness of components of the accounting and internal control systems. (Cosserat 2004: 666)
An internal audit is usually conducted according to the terms set by management in the internal audit charter. It is conducted either as a continuous activity or a one-off assignment. According to Porter et al. (2003: 7), “they may, for example, be as broad as investigating the appropriateness of, and level of compliance with, the organisation’s systems of internal controls, or as narrow as examining the entity’s policies and procedures for ensuring compliance with health and safety regulations”.
Internal audit is a relatively new development compared to external audit. Its role has changed in recent years due to increased demand for a greater accountability and improved effectiveness on the part of the management of business entities with a view to guaranteeing efficient corporate governance practices while promoting operational effectiveness within the business. Although internal audit emerged as a service to the management, its importance particularly to large organisations in ensuring good corporate governance is very significant in modern day business. This is because internal audit has a key function in guaranteeing effective internal control within an organisation thereby enabling directors to confirm that their organisations comply with the corporate governance requirement of ensuring effective internal controls. In addition, recent corporate governance regulations stipulate that internal auditors should be responsible to the audit committee rather than to the management in matters relating to the efficiency and effectiveness of internal controls. This is with a view to ensuring independence and objectivity.
In a nutshell, the following table presents the key areas of difference between external and internal audits:
Table 1.1 Differences between external and internal audits
Image
The above differences between external and internal audits notwithstanding, both forms of audit are underpinned by a systematic examination and evaluation of evidence to arrive at certain conclusions that are usually presented in the form of reports. Furthermore, ISA 610 stipulates that external auditors must obtain a sufficient understanding of the work carried out by internal auditors to help in the planning and development of an effective audit approach and to reach a conclusion on the possibility and the desirability of relying on the internal auditors’ work. This forges a bond of mutual cooperation in the work of the internal and external auditors. Such cooperation will further enhance effective and efficient corporate governance through the combined review and assessment of controls, operations and the trustworthiness of financial information. In addition, the audit committee, on behalf of the board and representing the interests of the shareholders, has an oversight role on the activities of both internal and external auditors. For the purposes of this book, auditing is taken as a composite profession providing assurance through both external and internal audits (including their offshoots such as fraud investigation, operational audit, compliance audit and information systems audit).

The Role of Auditing in Organisational Governance

With the present day emphasis on sound corporate governance across the globe as evidenced in the promulgation of appropriate codes and regulations such as the US’ Sarbanes-Oxley Act and the UK’s Corporate Governance Code (formerly the Combined Code), the significance of audit effectiveness cannot be stressed too strongly. An audit is said to be effective when the auditor expresses an appropriate opinion (view/judgement) on a set of financial statements. However, due to corporate governance provisions and the important role an effective audit plays in the modern corporation, auditors are compelled to adopt a business risk approach in their audits. This approach requires the auditor to take into account factors such as the business environment, governance issues and the nature of managerial control which have an impact upon their clients’ financial statements in terms of accuracy, fraud and future existence. In the words of Lemon et al. (2000: 12): “effective auditing requires greater attention to be paid to understanding the risks of the business”.
Auditing is an important third party assurance in the principal-agent problem that arises between the owners of capital (shareholders) and those in charge of the day-to-day running of the business (management). Agency theory acknowledges that shareholders’ fear that their capital may be misused by the management while the management craves a freehand to run the business as it likes and to be adequately remunerated. In sum, the problems of separation of ownership and control, information asymmetries and differing motives within the agency relationship diminishes trust between the shareholders and the management. According to the ICAEW (2005: 4):
Audits serve a fundamental purpose in promoting confidence and reinforcing trust in financial information. The principal-agent relationship, as depicted in agency theory, is important in understanding how the audit has developed. Principals appoint agents and delegate some decision-making authority to them. In so doing, principals place trust in their agents to act in the principals’ best interests. However, as a result of information asymmetries between principals and agents and differing motives, principals may lack trust in their agents and may therefore need to put in place mechanisms, such as the audit, to reinforce this trust.
Similarly, Lee (1993: 9) considered auditing as “a social mechanism to assist in monitoring and controlling corporate managerial behaviour, and as a political tool of the state which attempts to explicitly signal its desire to provide a means of corporate governance. Economically, the corporate auditor is observed as an agent in an agency situation, acting as an adjudicator in contractual relationships involving potential conflict and moral hazard.”
Technically, auditors can be referred to as another agent of the shareholder as they are hired, remunerated and can be fired by the shareholders (though on just grounds). Auditors also report and are responsible to the shareholders. However, the distinction between directors and auditors as agents of the shareholders lies in the fact that the former are expected to run the company on a day-to-day basis in the best interests of the shareholders, render accounts of their stewardship in the form of annual reports and accounts at the annual general meeting and take steps to prevent fraud by setting up a sound internal control system. Whereas auditors are required to:
• Report on the truth and fairness of the financial statements prepared by the directors which reflect the directors’ stewardship of the shareholders’ company during the year.
• Address their report to the members of the company.
• Are not responsible for detecting fraud except where fraud is so large that it would affect the “true and fair view”.
• Assess the financial statements for full disclosures required by accounting standards and company law.
Mainly, the auditor assesses the correctness of management assertions made in the financial statements being presented. These assertions relate to economic transactions (occurrence, completeness, accuracy and cut-off), financial accounts (existence, completeness, valuation, rights and obligations) and presentation and disclosure in the annual report (completeness, occurrence, classification, accuracy, rights and obligations). To examine the fairness of these assertions, the auditor carries out audit procedures in the forms of risk evaluations and tests of accounting information based on credible audit evidence gathered. Finally, on the strength of such audit procedures, auditors draw conclusions on the audit and these are presented in the audit report to members of the company at the annual general meeting.

Auditing, Information and Information Technology

From the foregoing, auditing can be described as an information-intensive activity involving gathering, organising, processing, evaluating and presenting data while the ultimate essence of the auditing process is to generate reliable information (in the audit report) as to the truth and fairness of the financial statements (and their compliance with the required standards and legislation) to the shareholders and other stakeholders. The role currently being played by Information and Communications Technology (ICT) (or Information Technology (IT) as these two terms are used in the literature interchangeably) in ensuring audit effectiveness in terms of the accuracy, timeliness and integrity of such reports cannot be stressed too strongly (Banker et al. 2002) as it is this audit report that in turn strengthens the credibility attached to the financial information being presented to a wide range of users.
Manson et al. (1998) identified two schools of thought on audit methodologies: the organic and the mechanistic. The former sees the audit as mainly a matter of the auditor’s judgement based on an understanding of the particular client while the latter sees the audit mainly as a set of procedures that can be applied to any audit engagement. The latter, Manson et al. believed, is an approach more amenable to computerisation.
The traditional view of the accounting profession (which views accounting as all about routine and number-crunching exercises) is being challenged by the diffusion of organisation-wide integrated information systems. This is evident in the transferability of accounting knowledge and skills to non-accountants (functional managers) through IT. Today, most of these routine and number-crunching tasks are carried out by IT while the modern accountant is being assigned new roles which include strategic decision-making, business management and Enterprise Resource Planning (ERP) (Caglio 2003). The major aspects of auditing centre on planning, control and decision-making. While these functions require quantitative processing usually carried out employing IT, they also require qualitative factors. The objective of an audit and the need to assess risks and understand controls are not affected by the extent and nature of IT used by an organisation. The same basic auditing standards and financial reporting objectives apply in all situations. However, the auditor must be aware of the nature of an organisation’s IT infrastructure because the design and operation of the various systems will have a direct impact on audit effectiveness.
It is a pertinent exercise to explore the individuals and groups that will feel the impact of using IT tools and techniques in the audit processes and procedures. The entities concerned are depicted in Figure 1.1.
Image
Figure 1.1 Parties affected by ICT’s use in audits
The five main entities, shown in the diagram, that will be affected by the upward trend in auditors’ use of IT tools and techniques are: the auditors themselves (in terms of performance, role change, attitudes and career progression); the audit firm or department (in terms of profitability as well as task and organisational restructuring); audit clients (in terms of audit fee and audit quality); shareholders (in terms of more dependable assurance) and the public (which includes other stakeholders and regulators in terms of expectations and perceptions).
Undoubtedly, the current pace of IT dynamics is setting the tune for the directions of audit quality and effectiveness. In the words of Arnold Schilder, the Chairman of the International Auditing and Assurance Standards Board (IAASB 2011: 2):
Because the context in which an audit is undertaken is continually evolving to keep pace with changes in the business environment, financial reporting standards, regulation and technology, intrinsically, an audit is an activity that evolves over time. The pursuit of audit quality, therefore, is not a program with a definitive outcome. Rather, it is a process that, through continual improvements in its elements, audit quality evolves with the environment in which audits are performed.
To demonstrate the reality of Schilder’s comment, today many audit firms, particularly the large ones, are proactive in continuously improving their use of high-tech tools and techniques in audit tasks in a way that matches the growing business technological environments and enhance audit quality.

Conclusion

This chapter provides a general overview of auditing vis-Ă -vis its significance in modern corporate governance systems and, hence, the need to sharpen its effectiveness through a growing contemporary business reality, information technology. This first chapter has laid the foundation upon which subsequent chapters will be built in terms of providing a general and contextual understanding of auditing and thereby making a case for the imperative of ensuring audit effectiveness through the application of modern IT tools and techniques.

2
Auditing and the IT Phenomenon

Introduction

The central role auditing plays in modern day corporate governance puts the auditing profession under increased scrutiny across the world particularly given the recent Arthur Andersen’s complicity in Enron scandal. This situation makes continuous improvement in audit practices pertinent to the profession. As developments in IT continue to enhance almost all areas of a business, this chapter discusses how IT tools and techniques are currently being adopted by auditors in carrying out their roles in business assurance. This chapter highlights how developments in computerised business information systems have led to accountants adopting computerised tools and techniques in different aspects of their work including the preparation of reports and financial statements. As a result of these developments and in orde...

Table of contents

  1. Cover Page
  2. Half Title Page
  3. Title Page
  4. Copyright Page
  5. Contents
  6. List of Figures
  7. List of Tables
  8. Foreword
  9. Acknowledgements
  10. About the Author
  11. Introduction
  12. Part I Modern Auditing and the IT Revolution
  13. Part II Audit of Computerised Information Systems
  14. Part III Audit Automation and Contemporary IT Challenges
  15. Part IV Auditing and IT: Theoretical Perspectives and Practical Implications
  16. Part V Auditing and the IT Challenge
  17. Bibliography
  18. Index