This study was carried out to examine the auditor’s perception of the usefulness of computer assisted audit techniques in Nigerian organizations. The study seeks to evaluate the nature and extent of the utilization of GAS in financial institutions, which economical significant entities typically make intensive use of information systems for many business processes. Many financial institutions are of a sufficient size to warrant investment in GAS by internal or external auditors. Financial institutions also are often subject to regulatory regimes that require monitoring of particular risks and potential malfeasance in areas such as money laundering. It was used to determine whether the effected Computer Assist Audit technique has been used in the auditing practice and to determine if there is a significant relationship between CAATS and effective financial reporting in an organization. It was concluded that Computer Assisted Audit Techniques (CAATS) and generalized Audit software (GAS) have been seen as an important element of both the external and internal audit processes. Finally, it was recommended that all auditing firms should be instructed to have the security code to enhance effectiveness and efficiency in their business and that training of personnel in auditing should be based on workshop, seminar and conference to boost the awareness of the security auditors.
TABLE OF CONTENTS
Title Page i
Table of Contents vi
Chapter One: Introduction 1
1.1 Background to the Study 1
1.2 Statement of Study 4
1.3 Research Questions 6
1.4 Objective of the Study 6
1.5 Statement of Hypothesis 7
1.6 Significance of the Study 8
1.7 Scope of the Study 9
1.8 Limitations of the Study 10
1.9 Definition of Terms 10
Chapter Two: Review of Related Literature 12
2.1 Introduction 12
2.2 The Unified Theory of Acceptance and
use of Technology 14
2.3 Factors influencing auditor acceptance of CAATS 15
2.4 Computer Audit Versus Manual Audit 17
2.5 An Overview of Information System and System
Based Audit 20
2.6 Information Technology Audit Based Process 22
2.7 Power Supplies, Fire Retardant/Fighting
2.8 Auditing Technique in Computerized System 25
2.9 Use of Computers in Audit Tests 26
2.10 Audit is for Security 28
2.11 Audit Standards 30
2.12 Audit Plan 34
2.13 Generally Accepted System Security Principles 37
2.14 Computer Security Supports the Mission of
2.15 Computer-Security is an Integral Element of
Sound Management 41
2.16 Computer Security should be Cost-Effective 43
2.17 System owners have Security Responsibilities
outside their own Organizations 45
2.18 Computer Security Responsibilities and
Accountability should be made Explicit 47
2.19 Computer Security requires a Comprehensive
and Integral Approach 48
2.20 Computer Security should be Periodically
2.21 Computer Security is Constrained by
Societal Factors 50
2.22 Common Security Practices 52
Chapter Three: Research Method and Design 55
3.1 Introduction 55
3.2 Research Design 55
3.3 Population of the Study 56
3.4 Sample Size 56
3.5 Sampling Techniques 56
3.6 Sources of Data Collection 57
3.7 Method of Data Presentation 58
3.8 Method of Data Analysis 59
CHAPTER FOUR: Data Presentation, Analysis
and Hypothesis Testing 60
4.1 Introduction 60
4.2 Presentation of Data 60
4.3 Data Analysis 63
4.4 Hypothesis Testing 63
Chapter Five: Summary Finding, Conclusion
and Recommendations 72
5.1 Introduction 72
5.2 Summary of Findings 72
5.3 Conclusion 75
5.4 Recommendations 76
1.1 Background to the Study
While the use of Information Technology (IT) in the business world has grown exponentially in the past two decades, the extent to which auditors have adopted IT such as Computer-Assisted Auditing Techniques (CAATS) to meet this growth remains an empirical question (Arnold and Sutton 1998; Curtis and Payne 2008; Janvrin et al 2009). CAATS are computer tools that extract and analyze data from computer applications (Braun and Davis 2003). CAATS permit auditors to increase their productivity as well as that of the audit function (Zhao et al. 2004, 389). For example, CAATS may automatic previously manual audit tests reducing total audit hours expended. They enable auditors to test 100 percent of the population rather than a sample, thereby increasing the reliability of conclusions based on that test (AICPA 2001; Curtis and Payne 2008). In addition, CAATS may be used to select sample transactions meeting specific criteria, sort transactions with specific characteristics, obtain evidence about control effectiveness, and evaluate inventory existence and completeness (AICPA 2006).
Recent audit standards encourage auditors to adopt CAATS to improve audit efficiency and effectiveness (AICPA 2001, 2002a, 2002b, 2002c, 2006). For example SAS No 106 suggests that CAATS may be used to improve audit efficiency by recalculating information provided by audit clients (AICPA 2006). Furthermore, SAS No. 106 indicates CAATS increase audit effectiveness by allowing auditors to directly inspect evidence stored in electronic from (AICPA 2006). Improving audit efficiency and effectiveness in particularly important in today audit environment where auditors have enhanced responsibilities for detecting fraud due to SAS No. 999 requirement and internal control effectiveness as directed under Section 404 of the Subanes Oxieg Act and Public.Company Accounting oversight Board (PCAOB) Audit standard No. 5 Despite the current emphasis on CAATS, research indicates that auditors do not frequently and systematically use CAATS (Liang et al. 2001; Kalaba 2002; Debrecency et al 205. Shaikh 2005) Curtis and Payne 2008; Janriv et al 2009). Auditor acceptance of CAATS may be driven by both firm resource issues and individual user perceptions. Prior information systems research indicates that even when sufficient resource exist to purchase IT, users may not use (i.e., accept) the new IT (Davis 1989). Thus, the primary purpose of our research is to examine factors that influence individual, auditor acceptance of CAATS.
Information systems research has developed several models to predict user acceptance of IT. This study uses a recent technology acceptance model, the unified technology acceptance and use of technology theory (UTAUT) (Venkatesh et al. 2003). UTAUT integrates several previously accepted models to assess the likelihood of success for new technology introductions. Understanding the drivers of acceptance allows researchers and audit firm management to proactively design interventions (including training, marketing etc) targeted (including training, marketing etc) targeted at populations of auditors that may be less inclined to adopt and use new systems (Venkatesh et al 2003). UTAUT proposes that four factors influence user acceptance.
1. The expectation users hold regarding how well the system may improve their performance (i.e., performance expectancy)
2. The degree of effort users, believe will be needed to use the new system (i.e., degree expectancy).
3. The extent users perceive that individuals important to them encourage system usage (i.e., social influence).
4. The expectation users hold regarding the existence of an organization and technical infrastructure to support system usage (i.e. facilitating conditions).
1.2 Statement of Problem
Prior CAAT research is generally descriptive in nature. Braun and Davis (2003) surveyed government auditor regarding their usage of Audit command language (ACL), a commercially available CAAT. They found that while participants perceived the potential benefits associated with ACL, they displayed a lower confidence in their technical abilities to use ACL (Braun and Davis 2003). Debreceny et al (2005) interviewed bank internal auditors are external auditors in Singapore. They note that internal auditors tend to use CAATS for special investigations rather than as a foundation for their regular audit work. Furthermore, external auditors did not adopt CAATS citing its inapplicability to the nature of testing the financial statement assertions or the extent or quality of computerized internal controls.
Liang et al (2001) noted that auditors do not frequently and systematically adopt CAATS in practice and proposed a new electronic audit approach. Sheikh (2005) suggested a new CAAT based on the electronic auditing from work that includes most feature of existing generalized audit software but can be designed and deployed independently from the auditor’s EDP system. Finally, Zhao et al (2004) describes how CAATS must exist in order to conduct continuous auditing.
1.3 Research Questions
The following research questions will help in the study under review;
i. Is there a significant relationship between computer assisted audit techniques (CAATS) and audit practice in Nigeria?
ii. Does a significant relationship exist between computer assisted audit techniques (CAATS) and effective financial reporting in an organization?
1.4 Objectives of the Study
“When a man does not know what harbor he is making for, no wind is the right wind”. These words is attributed to first century Roman philosophers Lucius Anneals Seneca, bear out a long recognized truth, for life (business) to have direction. Goals are essential when the following objectives of the study came to mind in the choice of the topic.
i. To determine whether there is a significant relationship between CAAT and audit practice.
ii. To determine if there is a significant relationship between CAATS and effective financial reporting in an organization.
iii. To determine how far company law in Nigeria has ensured Information auditors.
iv. To determine whether the audit committees served to play ensure auditor’s C.A.A.T is effectively used in the practice work.
1.5 Statement of Hypotheses
HO: There is no significant relationship between computer Assist Audit techniques (CAATS) and audit practice in Nigeria.
HI: There is a significant relationship between computer assist audit techniques (CAATS) and audit practice in Nigeria.
HO: There is no significance relationship between computer assist audit techniques (CAATS) and effective financial reporting in an organization.
HI: There is a significance relationship between computer assist’ audit techniques (CAATS) and effective financial reporting in an organization.
1.6 Significance of the Study
Interestingly, there has been little or no formal research on the application of CAATS in general and GAS in particular to the assurance process (Boritz 2002). This study aims is to make a first step in filling this clear gap in the research literature. The study seeks to evaluate the nature and extent of the utilization of GAS in financial institutions. These economically significant entities typically make intensive use of information systems for many business processes. Many financial institutions are of a sufficient size to warrant investment in GAS by internal or external auditors. Financial institutions also are often subject to regulatory regimes that require monitoring of particular risks and potential malfeasance in areas such as money laundering. In particular, this study aims to establish how GAS assists internal auditors within banks and their external auditors in the process of substantive testing in the conduct of both financial statement audits as well as special audits. Second, in the event that banks do not make use of GAS to obtain audit evidence through substantive procedures, the second objective of this study is to examine the reasons for such limited usage. In addition, this study also attempts to examine the possibilities of how banks’ internal and external auditors would be able to better exploit GAS if they were given an opportunity to exploit their capabilities to the fullest.
1.7 Scope of the Study
This work is not intended to serve itself, but the generality of auditing firms and the public at large. The study is to appraise thoroughly the theoretical formation on which is acquainted with basic fact about the significance of information system security auditing in Nigeria business environment.
1.8 Limitations of the Study
The scope of this study is limited to the survey of some selected auditing firms in Benin City. This study would have been more relevant if data could be gathered from all existing auditing firms in Nigeria. However we are constrained by limited resources in terms of finance and time. Other factor includes delay in response to questionnaires to be administered.
1.9 Definition of Terms
Information Technology Audit: An information technology audit or information systems auditing is an examination of the management controls within an information technology (IT) infrastructure. The evaluation of obtained evidence determines if the information technology or system are safeguarding assets, maintaining data integrity and operating effectively to achieve the organization’s goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement. (Gawde, 2004).
Audit Personnel: According to Webster Dictionary, it is an annual personnel administration inventory which is an analysis and measurement of a company’s personnel policies and practices to determine their effectiveness.
Security Risk: A measure of the extent to which an entity is threatened by potential circumstance or event and typically a function of (1) the adverse impact that would arise if the circumstance or event occurs, and (2) the likelihood of occurrence. Note information system- related security risk are those risk that arise from the loss of confidentiality, or availability of information or information systems and reflect the potential adverse impacts to organizational operations (including mission, functions, image, or reputation) organizations assets individuals other organizations, and the Nation (Larnpson, 2000).