Presentation is loading. Please wait.

Presentation is loading. Please wait.

Audit Quality Of Outsourced Information Technology Controls

Published byHope Alexander Modified over 5 years ago

Similar presentations

Presentation on theme: "Audit Quality Of Outsourced Information Technology Controls"— Presentation transcript:

1 Audit Quality Of Outsourced Information Technology Controls
Author: Tatiana Mazza, Stefano Azzali and Luca Fornaciari Publisher: Managerial Auditing Journal 2014,Vol 29 Issue 9, pp 蒋 欣 怡

2 Introduction Outsourced IT may increase audit risks and affect the reliability of financial reporting. To lower these risks, public authorities and other institutions provide legislation, auditing standards and frameworks (COSO; Control Objectives for Information and related Technology – [COBIT]; COBIT for SOX) to provide guidance for the auditor when performing audits. The author test for the relation between information technology audit quality (ITAQ) and AQ of outsourced information technology controls (ITC). The model of ITAQ is based on factors derived from phases of the audit cycle as regulated by PCAOB, SEC and COBIT for SOX.

3 Literature review ITAQ
• Carcello et al. (1992) addresses financial AQ in general. It identifies four primary factors to measure AQ: client experience, industry experience, responsive to client needs and compliance with a Generally Accepted Auditing Standard. • Stoel et al. (2012) indicate that “Independence” and “Accounting Knowledge and Audit Skills” are the most important factors for ITAQ. AQ of outsourced ITC • There is very little literature on audit provisions and published papers are mainly non-academic research. However, it’s important to investigate them. • Wigley and Company (2013) point out that audit provisions often don’t get the focus they deserve and show that clever use of audit clauses can give much better results for customers in dispute resolution scenarios.

4 Purpose This paper aims to test the positive relationship between audit quality (AQ) of outsourced information technology controls (ITC) and information technology audit quality (ITAQ). Method Factor analysis: determine factors that explain ITAQ Ordinary least squares (OLS) regressions and simulations: test the key hypothesis of the research

5 Hypothesis Hypothesis
H: Audit quality (AQ) of outsourced information technology controls (ITC) is positively related to information technology audit quality (ITAQ). Hypothesis The population is the 255 Italian companies listed on the Milan Stock Exchange in 2010 used a sample of 50 of the 255 companies to perform factor analysis to compute the ITAQ factors. Thirty-one of the 50 companies outsource IT, and this subsample was used to perform the OLS regressions.

6 Model Dependent variable (ITAQ) Building a measurable construct for ITAQ (dependent variable) through factor analysis. Selecting six main variables related to the audit cycle phases. (1) Business Scale and Audit Scope.(dummy variable) (2) Business Process Knowledge .(dummy variable) (3) IT and Controls Knowledge .(dummy variable) (4) Planning and Methodology .(dummy variable) (5) Fieldwork and Audit Procedures.(develop a measure based on compliance with the number of processes, objectives and controls proposed by COBIT for SOX from 0 to 4) (6) Responsiveness based on time frame.(Responsiveness increases if the audit is performed coherently with the intermediate and annual financial statement. To encode it we develop a measure from 0 to 4)

7 independent variables and control variable
Measure the AQ of outsourced ITC 1 2 3 use a 5-point scale with the different types of EVALUATION PROCEDURES based on their efficiency defined by the frameworks 1 assign value 1 to companies which use these provisions in the contract with the service provider, and 0 otherwise 2 3 firm-level (Industry、 Foreign、 Loss、 Firm age)and AQ characteristics( Governance score、 Audit fees、Audit opinion)

8 Factor analysis Two principal components (“ITAQ scoping” and “ITAQ planning”) with an eigenvalue higher than 1. “ITAQ Scoping” phase explains 42 per cent of ITAQ. “ITAQ Planning” explain 27 per cent . The two phases, together, explain 69 per cent. This confirms that the percentage of the variance of each item is significant in explaining variance of ITAQ.

9 Regression results The AQ of outsourced ITC is directly related, at a 0.01 level of significance, to ITAQ in aggregate. This is the case using both the factor score and the simple score, especially for the phase of the audit cycle related to“ITAQ planning” . This paper stresses the importance of the evaluation methodology of outsourced ITC. Don’t find that the audit provisions are significant in explaining ITAQ.

10 Conclusion improve on previous literature by: • confirming the relevance of some ITAQ items • selecting and summarizing these items to determine useful measures of ITAQ related to audit cycle phases determine two principal components and identify them as “ITAQ Scoping” and “ITAQ Planning”. These two factors explain more than 69 percent of ITAQ and are thus justified as dependent variables of the regression model. The AQ of outsourced ITC is strongly and directly related to ITAQ.

11 Practical implications
Companies and auditors could improve ITAQ through a better organization of the scoping and planning activities; they could also improve the AQ of outsourced ITC using direct evaluation in the service provider location supplemented with service auditor reports. Regulators could refine or change laws and frameworks to take into account the factors of ITAQ and the methodology of evaluation of outsourced ITC.

12 value limitations Private data collected by questionnaire.
The measures of ITAQ and the OLS model could be tested in countries with different frameworks and regulations related to AQ, different weight of outsourced information technology and other characteristics related to clients, service providers and service auditors. limitations Sample size and input items in factor analysis

13 Thanks

Download ppt "Audit Quality Of Outsourced Information Technology Controls"

Similar presentations

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
IS Audit Function Knowledge

IS Audit Function Knowledge
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 25 - 1 Internal and Governmental Financial Auditing and.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Internal and Governmental Financial Auditing and.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Cost Implications of Architectural Design Variables Ahmed S. Al Zahrani December 2005 King Fahd University of Petroleum & Minerals Department of Construction.

Cost Implications of Architectural Design Variables Ahmed S. Al Zahrani December 2005 King Fahd University of Petroleum & Minerals Department of Construction.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.

Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
An Accountant’s Look at the Changing Horizons within SOX 404 Presented to Colorado Bar Association’s Securities Law Group Presented by Bill Evert Hein.

An Accountant’s Look at the Changing Horizons within SOX 404 Presented to Colorado Bar Association’s Securities Law Group Presented by Bill Evert Hein.
Planning an Audit The Audit Process consists of the following phases:

Planning an Audit The Audit Process consists of the following phases:
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING
Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.

Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.
Chapter 5 Internal Control over Financial Reporting

Chapter 5 Internal Control over Financial Reporting
Considering Internal Control

Considering Internal Control
Auditor IT Experience and Client Benefits Jacob Z. Haislip, Gary F. Peters, and Vernon J. Richardson.

Auditor IT Experience and Client Benefits Jacob Z. Haislip, Gary F. Peters, and Vernon J. Richardson.
22 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Internal and Governmental Financial Auditing and Operational Auditing.

©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Internal and Governmental Financial Auditing and Operational Auditing.
©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley 26 - 1 Internal and Governmental Financial Auditing and Operational Auditing.

©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley Internal and Governmental Financial Auditing and Operational Auditing.
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.

Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
1 IT Control Weaknesses, IT Governance and Firm Performance Efrim Boritz Jee-Hae Lim University of Waterloo UWCISA: October 11-13, 2007, Toronto.

1 IT Control Weaknesses, IT Governance and Firm Performance Efrim Boritz Jee-Hae Lim University of Waterloo UWCISA: October 11-13, 2007, Toronto.

Similar presentations

Ads by Google