The evolving role of information technology in internal auditing
- Authors: Ravjee, Harshal Keshav
- Date: 2015-09-28
- Subjects: Auditing, Internal , Information technology
- Type: Thesis
- Identifier: uj:14198 , http://hdl.handle.net/10210/14641
- Description: M.Com. (Computer Auditing) , Modern organizations are increasingly dependent on information technology (IT) for various reasons: to enhance their operational efficiency, reduce costs or even attain a competitive advantage. The role of information technology in the organization continues to evolve and this has an impact for the internal audit functions that serve these organizations. The study investigated whether the King III report, ISACA standards and IIA standards assist the internal audit function in addressing the impact of information technology on the organization and, as a result, the internal audit function itself. This was performed by way of a comprehensive literature study on the internal audit function and the selected standards and corporate governance framework, the role of information technology in both the organization and the internal audit function, as well as an empirical study detailing a comparative analysis of the King III report, ISACA standards and IIA standards, utilizing key success factors. The study identified an alignment of the key principles and elements identified in the King III report, ISACA standards and IIA standards. There was direct support for ITrelated reviews in the King III report, ISACA Standards and IIA Standards. The comparative analysis performed between the King III report and IIA standards, as well as the ISACA standards and the IIA standards resulted in the formulation of key internal audit success factors. These key success factors compared favourably to those identified in the literature review. The study indicated that the King III report, ISACA Standards and IIA Standards assisted the internal audit function by addressing IT related risks, controls and governance elements.
- Full Text:
- Authors: Ravjee, Harshal Keshav
- Date: 2015-09-28
- Subjects: Auditing, Internal , Information technology
- Type: Thesis
- Identifier: uj:14198 , http://hdl.handle.net/10210/14641
- Description: M.Com. (Computer Auditing) , Modern organizations are increasingly dependent on information technology (IT) for various reasons: to enhance their operational efficiency, reduce costs or even attain a competitive advantage. The role of information technology in the organization continues to evolve and this has an impact for the internal audit functions that serve these organizations. The study investigated whether the King III report, ISACA standards and IIA standards assist the internal audit function in addressing the impact of information technology on the organization and, as a result, the internal audit function itself. This was performed by way of a comprehensive literature study on the internal audit function and the selected standards and corporate governance framework, the role of information technology in both the organization and the internal audit function, as well as an empirical study detailing a comparative analysis of the King III report, ISACA standards and IIA standards, utilizing key success factors. The study identified an alignment of the key principles and elements identified in the King III report, ISACA standards and IIA standards. There was direct support for ITrelated reviews in the King III report, ISACA Standards and IIA Standards. The comparative analysis performed between the King III report and IIA standards, as well as the ISACA standards and the IIA standards resulted in the formulation of key internal audit success factors. These key success factors compared favourably to those identified in the literature review. The study indicated that the King III report, ISACA Standards and IIA Standards assisted the internal audit function by addressing IT related risks, controls and governance elements.
- Full Text:
Information technology audit approach for the assessment of software patch management
- Authors: Oosthuizen, Deon
- Date: 2015
- Subjects: Auditing - Data processing , Information technology - Auditing , Computer software - Development
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/54885 , uj:16254
- Description: Abstract: Computer software is ubiquitous and is driven extensively by our information-based society. However, little consideration is given to the complex task of developing software, which may involve conflicting objectives. Developing software that is free from material defects is the ultimate goal for software developers; however, due to its cost and complexity, it is a goal that is unlikely to be achieved. As a consequence of the inevitable defects that manifest within computer software, the task of software patch management becomes a key focus area for software companies, IT departments, and even end users. Audit departments, as part of their responsibilities, are required to provide assurance on the patching process and therefore need to understand the various decisionmaking factors. The task of patching software to rectify inherent flaws may be a simple operation on computer systems that are of low significance, but is far more complex and critical on high-risk systems. Software flaws that exist within computer systems may put confidential information at risk and may also compromise the availability of such systems. One of the environments that is extremely susceptible to software flaws is the South African banking system, where not only is confidentiality a critical imperative, but also where high system availability is expected by the banking public. The study investigated the recommended approaches for the task of software patching, with a view to balancing the sometimes conflicting requirements of security and system availability. The reasons for software patching, the discipline of risk management relating to IT and software patching are also identified as fundamental to the audit approach for assessing the process. The study found that there are a number of key aspects that are required to ensure a successful patching process and that the internal auditors of the ‘big four’ South African banks considered most of these factors to be important. Despite these organisations being extremely mature from a risk management perspective, the auditors believed that the patching process may benefit from an increased focus on risk management. , M.Com. (Computer Auditing)
- Full Text:
- Authors: Oosthuizen, Deon
- Date: 2015
- Subjects: Auditing - Data processing , Information technology - Auditing , Computer software - Development
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/54885 , uj:16254
- Description: Abstract: Computer software is ubiquitous and is driven extensively by our information-based society. However, little consideration is given to the complex task of developing software, which may involve conflicting objectives. Developing software that is free from material defects is the ultimate goal for software developers; however, due to its cost and complexity, it is a goal that is unlikely to be achieved. As a consequence of the inevitable defects that manifest within computer software, the task of software patch management becomes a key focus area for software companies, IT departments, and even end users. Audit departments, as part of their responsibilities, are required to provide assurance on the patching process and therefore need to understand the various decisionmaking factors. The task of patching software to rectify inherent flaws may be a simple operation on computer systems that are of low significance, but is far more complex and critical on high-risk systems. Software flaws that exist within computer systems may put confidential information at risk and may also compromise the availability of such systems. One of the environments that is extremely susceptible to software flaws is the South African banking system, where not only is confidentiality a critical imperative, but also where high system availability is expected by the banking public. The study investigated the recommended approaches for the task of software patching, with a view to balancing the sometimes conflicting requirements of security and system availability. The reasons for software patching, the discipline of risk management relating to IT and software patching are also identified as fundamental to the audit approach for assessing the process. The study found that there are a number of key aspects that are required to ensure a successful patching process and that the internal auditors of the ‘big four’ South African banks considered most of these factors to be important. Despite these organisations being extremely mature from a risk management perspective, the auditors believed that the patching process may benefit from an increased focus on risk management. , M.Com. (Computer Auditing)
- Full Text:
The development of pervasive qualities and skills of prospective chartered accountants
- Authors: Lansdell, Peter
- Date: 2018
- Subjects: Accountants - Training of - South Africa , Accounting - Study and teaching (Higher) - South Africa , Soft skills - South Africa
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/283304 , uj:30549
- Description: M.Com. (Auditing) , Abstract: The continuously changing business environment requires prospective Chartered Accountants (hereafter CAs) to acquire and develop pervasive qualities and skills in addition to technical accountancy knowledge, which would enable them to add value as responsible business leaders. The South African Institute of Chartered Accountants (hereafter SAICA) identifies specific pervasive qualities and skills, also referred to as ‘generic’ or ‘soft skills’, which all competent prospective CAs are expected to master and apply in the work environment. These include problem-solving, leadership, professionalism, strategic thinking, time management, verbal communication, listening, writing, teamwork, influencing others, critical thinking and ethical awareness. These pervasive qualities and skills, applied at the highest level of proficiency and combined with specific competencies, form a vital relationship which results in a valueadding competence that is unique to the CA profession. Current literature seems to often hold the Academic Programme responsible for the development of pervasive qualities and skills. Guidance is provided by the International Federation of Accountants (hereafter IFAC) and existing literature on methods which could be used to develop these pervasive qualities and skills effectively. There are, however, conflicting opinions as to the role and responsibility of the Academic Programmes of universities, the Professional Programmes of the Assessment of Professional Competence (hereafter APC) and the Training Programmes of the SAICA Training Offices in developing the required pervasive qualities and skills of prospective CAs. The research problem centres on the development of pervasive qualities and skills in a comprehensive manner. Thus, SAICA’s entire qualification process was examined as part of this dissertation, which involved an assessment of the Academic, Training and Professional Programmes in the empirical work of this study. The research problem is informed by the limited research available on the specific approach followed in this dissertation, namely, testing the research problem from the point of view of prospective CAs themselves (as the recipients of the pervasive qualities and skills imparted by the Academic, Training and Professional Programmes). The research problem was tested empirically through eight research hypotheses addressing the...
- Full Text:
- Authors: Lansdell, Peter
- Date: 2018
- Subjects: Accountants - Training of - South Africa , Accounting - Study and teaching (Higher) - South Africa , Soft skills - South Africa
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/283304 , uj:30549
- Description: M.Com. (Auditing) , Abstract: The continuously changing business environment requires prospective Chartered Accountants (hereafter CAs) to acquire and develop pervasive qualities and skills in addition to technical accountancy knowledge, which would enable them to add value as responsible business leaders. The South African Institute of Chartered Accountants (hereafter SAICA) identifies specific pervasive qualities and skills, also referred to as ‘generic’ or ‘soft skills’, which all competent prospective CAs are expected to master and apply in the work environment. These include problem-solving, leadership, professionalism, strategic thinking, time management, verbal communication, listening, writing, teamwork, influencing others, critical thinking and ethical awareness. These pervasive qualities and skills, applied at the highest level of proficiency and combined with specific competencies, form a vital relationship which results in a valueadding competence that is unique to the CA profession. Current literature seems to often hold the Academic Programme responsible for the development of pervasive qualities and skills. Guidance is provided by the International Federation of Accountants (hereafter IFAC) and existing literature on methods which could be used to develop these pervasive qualities and skills effectively. There are, however, conflicting opinions as to the role and responsibility of the Academic Programmes of universities, the Professional Programmes of the Assessment of Professional Competence (hereafter APC) and the Training Programmes of the SAICA Training Offices in developing the required pervasive qualities and skills of prospective CAs. The research problem centres on the development of pervasive qualities and skills in a comprehensive manner. Thus, SAICA’s entire qualification process was examined as part of this dissertation, which involved an assessment of the Academic, Training and Professional Programmes in the empirical work of this study. The research problem is informed by the limited research available on the specific approach followed in this dissertation, namely, testing the research problem from the point of view of prospective CAs themselves (as the recipients of the pervasive qualities and skills imparted by the Academic, Training and Professional Programmes). The research problem was tested empirically through eight research hypotheses addressing the...
- Full Text:
Mandatory audit firm rotation : a South African perspective
- Authors: Harber, Michael
- Date: 2018
- Subjects: Auditing - South Africa , Corporations - Auditing , Financial statements , Audit committees , Corporate governance - Moral and ethical aspects
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/291955 , uj:31718
- Description: Abstract: Study purpose and context: Auditor independence is a critical component of audit quality, which in turn is necessary for the proper functioning of capital markets, public protection and economic decision-making. Mandatory audit firm rotation (MAFR) has received a great deal of attention internationally in recent years, as concerns mount regarding the quality of external audits performed and the independence of auditors. These concerns have been exacerbated by corporate financial collapses that result from unchecked management misconduct and fraud. In these circumstances, the auditors are accused of failing to prevent and detect the financial misconduct, or to act as whistle-blowers. Many have claimed that problem goes beyond negligence and that the familiarity and relationships developed between client and auditor over many years of the audit firm appointment has impaired independence and professional scepticism. In 2017 the South African audit regulator, the Independent Regulatory Board for Auditors (IRBA), issued a ruling to implement MAFR on a ten-year rotation basis, effective April 2023. This ruling follows similar regulation enacted in the European Union (EU) in 2014. The debate concerning MAFR has shown divergent views among key audit-industry participants. These views include debate surrounding the additional intentions of the IRBA to use MAFR to stimulate socio-economic transformation in the audit profession by building the capacity of black-owned audit firms and facilitating opportunities for small- and medium-tier audit firms to compete for the audits of large and exchange-listed companies. There is disagreement concerning whether audit quality and auditor independence is impaired in South Africa, as well as whether the existing safeguards are appropriate. The study aims to investigate the perceptions and arguments of key stakeholders in the South African MAFR debate, with specific consideration of audit quality, socioeconomic transformation and market concentration factors, in order to understand and explore possible unintended consequences of MAFR, as well as provide recommendations to audit industry stakeholders and regulators... , Ph.D. (Auditing)
- Full Text:
- Authors: Harber, Michael
- Date: 2018
- Subjects: Auditing - South Africa , Corporations - Auditing , Financial statements , Audit committees , Corporate governance - Moral and ethical aspects
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/291955 , uj:31718
- Description: Abstract: Study purpose and context: Auditor independence is a critical component of audit quality, which in turn is necessary for the proper functioning of capital markets, public protection and economic decision-making. Mandatory audit firm rotation (MAFR) has received a great deal of attention internationally in recent years, as concerns mount regarding the quality of external audits performed and the independence of auditors. These concerns have been exacerbated by corporate financial collapses that result from unchecked management misconduct and fraud. In these circumstances, the auditors are accused of failing to prevent and detect the financial misconduct, or to act as whistle-blowers. Many have claimed that problem goes beyond negligence and that the familiarity and relationships developed between client and auditor over many years of the audit firm appointment has impaired independence and professional scepticism. In 2017 the South African audit regulator, the Independent Regulatory Board for Auditors (IRBA), issued a ruling to implement MAFR on a ten-year rotation basis, effective April 2023. This ruling follows similar regulation enacted in the European Union (EU) in 2014. The debate concerning MAFR has shown divergent views among key audit-industry participants. These views include debate surrounding the additional intentions of the IRBA to use MAFR to stimulate socio-economic transformation in the audit profession by building the capacity of black-owned audit firms and facilitating opportunities for small- and medium-tier audit firms to compete for the audits of large and exchange-listed companies. There is disagreement concerning whether audit quality and auditor independence is impaired in South Africa, as well as whether the existing safeguards are appropriate. The study aims to investigate the perceptions and arguments of key stakeholders in the South African MAFR debate, with specific consideration of audit quality, socioeconomic transformation and market concentration factors, in order to understand and explore possible unintended consequences of MAFR, as well as provide recommendations to audit industry stakeholders and regulators... , Ph.D. (Auditing)
- Full Text:
The impact of IT risk on external audit reports
- Authors: Dempsey, Karlien
- Date: 2018
- Subjects: Auditing - Data processing , Information technology - Management , Information technology - Risk management
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/292142 , uj:31743
- Description: Abstract: IT is an integral part of all organisations and consequently, all organisations should be considered as IT-affected entities. IT risk is therefore an entity risk which should be managed and mitigated through effective IT governance processes and the selection or design and implementation of IT governance frameworks. These frameworks should be designed and implemented at managerial level, however, the board and / or the audit committee should take overall responsibility for IT governance. The auditor uses the audit report as the primary tool to communicate their opinion to the users of the financial statements. The new audit report format, which superseded the previous format in 2016, should address the audit expectation gap as well as the shortcomings of the previous format, namely, limited communication and standardised language. The most significant change in this new format is the disclosure of items that are deemed of most significance in the audit, namely, Key Audit Matters. Through a content analysis of the JSE top 40 listed entities, it was found that those charged with governance in 39 of these entities regard IT as a significant risk and disclosed detail on IT governance or IT committees. However, although a total of 130 Key Audit Matters were raised by the entire study, none related to IT. This suggests a disconnect between the literature and the view of those charged with IT governance on the one hand, and the disclosure made by the auditor on the other. , M.Com. (Computer Auditing)
- Full Text:
- Authors: Dempsey, Karlien
- Date: 2018
- Subjects: Auditing - Data processing , Information technology - Management , Information technology - Risk management
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/292142 , uj:31743
- Description: Abstract: IT is an integral part of all organisations and consequently, all organisations should be considered as IT-affected entities. IT risk is therefore an entity risk which should be managed and mitigated through effective IT governance processes and the selection or design and implementation of IT governance frameworks. These frameworks should be designed and implemented at managerial level, however, the board and / or the audit committee should take overall responsibility for IT governance. The auditor uses the audit report as the primary tool to communicate their opinion to the users of the financial statements. The new audit report format, which superseded the previous format in 2016, should address the audit expectation gap as well as the shortcomings of the previous format, namely, limited communication and standardised language. The most significant change in this new format is the disclosure of items that are deemed of most significance in the audit, namely, Key Audit Matters. Through a content analysis of the JSE top 40 listed entities, it was found that those charged with governance in 39 of these entities regard IT as a significant risk and disclosed detail on IT governance or IT committees. However, although a total of 130 Key Audit Matters were raised by the entire study, none related to IT. This suggests a disconnect between the literature and the view of those charged with IT governance on the one hand, and the disclosure made by the auditor on the other. , M.Com. (Computer Auditing)
- Full Text:
The functioning of internal audit in category 'A' municipalities in South Africa
- Authors: Ackermann, Christo
- Date: 2015
- Subjects: Auditing, Internal - South Africa , Municipal government - South Africa
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/54565 , uj:16239
- Description: Abstract: Internal audit functions around the world are faced with the challenge of assisting key stakeholders such as audit committees and senior management in discharging their responsibilities. Organisations face many risk, governance, control and compliance challenges and having proper functions in place to assist in managing these challenges is integral to the success of organisations. Internal audit functions are a critical component of the combined assurance model providing stakeholders with independent and objective assurance and consulting services on internal control, risk management and governance processes. It is therefore crucial that internal audit functions operate properly. The research problem was defined as follows: if internal audit functions are providing inadequate services to audit committees in the areas of internal control, risk management and governance, the ability of audit committees to perform their responsibilities effectively could be hampered. The research problem thus called for a study into the functioning of internal audit functions within the current framework of the International Standards for the Professional Practice of Internal Auditing and other related best practices. The research problem was explored through qualitative content analysis of annual reports and through questionnaires sent to audit committee members and chief audit executives of the eight metropolitan municipalities in South Africa. The three data sets were presented separately and triangulated. The study found that internal audit functions are crucial informants to audit committees in the areas of internal control, risk management, governance and compliance issues. In this regard, internal audit provides a broad scope of work which audit committees use to assist them in discharging their responsibilities. This is underpinned by the fact that internal audit is regarded as ethical, competent in its core technical areas and able to provide internal audit reports which are informative, persuasive and calling for action. However, overall competency is regarded as problematic by audit committee members. The study also found that internal audit’s true functioning is not reflected in annual reports and the opportunity thus exists to implement internal audit disclosure policies as this would contribute to transparency and accountability which, in turn,... , D.Phil. (Auditing)
- Full Text:
- Authors: Ackermann, Christo
- Date: 2015
- Subjects: Auditing, Internal - South Africa , Municipal government - South Africa
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/54565 , uj:16239
- Description: Abstract: Internal audit functions around the world are faced with the challenge of assisting key stakeholders such as audit committees and senior management in discharging their responsibilities. Organisations face many risk, governance, control and compliance challenges and having proper functions in place to assist in managing these challenges is integral to the success of organisations. Internal audit functions are a critical component of the combined assurance model providing stakeholders with independent and objective assurance and consulting services on internal control, risk management and governance processes. It is therefore crucial that internal audit functions operate properly. The research problem was defined as follows: if internal audit functions are providing inadequate services to audit committees in the areas of internal control, risk management and governance, the ability of audit committees to perform their responsibilities effectively could be hampered. The research problem thus called for a study into the functioning of internal audit functions within the current framework of the International Standards for the Professional Practice of Internal Auditing and other related best practices. The research problem was explored through qualitative content analysis of annual reports and through questionnaires sent to audit committee members and chief audit executives of the eight metropolitan municipalities in South Africa. The three data sets were presented separately and triangulated. The study found that internal audit functions are crucial informants to audit committees in the areas of internal control, risk management, governance and compliance issues. In this regard, internal audit provides a broad scope of work which audit committees use to assist them in discharging their responsibilities. This is underpinned by the fact that internal audit is regarded as ethical, competent in its core technical areas and able to provide internal audit reports which are informative, persuasive and calling for action. However, overall competency is regarded as problematic by audit committee members. The study also found that internal audit’s true functioning is not reflected in annual reports and the opportunity thus exists to implement internal audit disclosure policies as this would contribute to transparency and accountability which, in turn,... , D.Phil. (Auditing)
- Full Text:
- «
- ‹
- 1
- ›
- »