The impact of IT risk on external audit reports
- Authors: Dempsey, Karlien
- Date: 2018
- Subjects: Auditing - Data processing , Information technology - Management , Information technology - Risk management
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/292142 , uj:31743
- Description: Abstract: IT is an integral part of all organisations and consequently, all organisations should be considered as IT-affected entities. IT risk is therefore an entity risk which should be managed and mitigated through effective IT governance processes and the selection or design and implementation of IT governance frameworks. These frameworks should be designed and implemented at managerial level, however, the board and / or the audit committee should take overall responsibility for IT governance. The auditor uses the audit report as the primary tool to communicate their opinion to the users of the financial statements. The new audit report format, which superseded the previous format in 2016, should address the audit expectation gap as well as the shortcomings of the previous format, namely, limited communication and standardised language. The most significant change in this new format is the disclosure of items that are deemed of most significance in the audit, namely, Key Audit Matters. Through a content analysis of the JSE top 40 listed entities, it was found that those charged with governance in 39 of these entities regard IT as a significant risk and disclosed detail on IT governance or IT committees. However, although a total of 130 Key Audit Matters were raised by the entire study, none related to IT. This suggests a disconnect between the literature and the view of those charged with IT governance on the one hand, and the disclosure made by the auditor on the other. , M.Com. (Computer Auditing)
- Full Text:
- Authors: Dempsey, Karlien
- Date: 2018
- Subjects: Auditing - Data processing , Information technology - Management , Information technology - Risk management
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/292142 , uj:31743
- Description: Abstract: IT is an integral part of all organisations and consequently, all organisations should be considered as IT-affected entities. IT risk is therefore an entity risk which should be managed and mitigated through effective IT governance processes and the selection or design and implementation of IT governance frameworks. These frameworks should be designed and implemented at managerial level, however, the board and / or the audit committee should take overall responsibility for IT governance. The auditor uses the audit report as the primary tool to communicate their opinion to the users of the financial statements. The new audit report format, which superseded the previous format in 2016, should address the audit expectation gap as well as the shortcomings of the previous format, namely, limited communication and standardised language. The most significant change in this new format is the disclosure of items that are deemed of most significance in the audit, namely, Key Audit Matters. Through a content analysis of the JSE top 40 listed entities, it was found that those charged with governance in 39 of these entities regard IT as a significant risk and disclosed detail on IT governance or IT committees. However, although a total of 130 Key Audit Matters were raised by the entire study, none related to IT. This suggests a disconnect between the literature and the view of those charged with IT governance on the one hand, and the disclosure made by the auditor on the other. , M.Com. (Computer Auditing)
- Full Text:
IT risk management disclosure in the integrated reports of the Top 40 listed companies on the JSE Limited
- Authors: Hohls-du Preez, Covanni
- Date: 2016
- Subjects: Information technology - Risk management , Information technology - Security measures , Financial risk management , Auditing - Data processing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/245826 , uj:25469
- Description: M.Com. (Computer Auditing) , Abstract: Information Technology (IT) has become an integral part of virtually all modern day organisations. The advent of IT has given rise to numerous benefits which increase productivity and efficiency in the workplace, however, IT also brings with it significant risks that can have an impact on an organisation’s ability to function as a going concern. Organisations, especially those listed on the Johannesburg Stock Exchange (JSE), are required to submit an Integrated Report (IR) on an annual basis in which they indicate how they used the resources at their disposal to create value for the organisation and its stakeholders during the year under review. The IR is also a forward-looking document, as opposed to the traditional, backward-looking reports. The purpose of this study is to analyse the Integrated Reports of the Top 40 listed organisations on the JSE and determine the extent to which IT risks are disclosed in their IR and whether the way these risks are managed is also included in the IR as required by the IR Framework. This is done by means of an empirical study consisting of a content analysis of the IRs of the Top 40 listed companies on the JSE. The results of the analysis indicate that more than half of the companies in the sample included IT risk as part of their material risks and outlined appropriate and detailed processes that are followed by the company to manage those IT risks.
- Full Text:
- Authors: Hohls-du Preez, Covanni
- Date: 2016
- Subjects: Information technology - Risk management , Information technology - Security measures , Financial risk management , Auditing - Data processing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/245826 , uj:25469
- Description: M.Com. (Computer Auditing) , Abstract: Information Technology (IT) has become an integral part of virtually all modern day organisations. The advent of IT has given rise to numerous benefits which increase productivity and efficiency in the workplace, however, IT also brings with it significant risks that can have an impact on an organisation’s ability to function as a going concern. Organisations, especially those listed on the Johannesburg Stock Exchange (JSE), are required to submit an Integrated Report (IR) on an annual basis in which they indicate how they used the resources at their disposal to create value for the organisation and its stakeholders during the year under review. The IR is also a forward-looking document, as opposed to the traditional, backward-looking reports. The purpose of this study is to analyse the Integrated Reports of the Top 40 listed organisations on the JSE and determine the extent to which IT risks are disclosed in their IR and whether the way these risks are managed is also included in the IR as required by the IR Framework. This is done by means of an empirical study consisting of a content analysis of the IRs of the Top 40 listed companies on the JSE. The results of the analysis indicate that more than half of the companies in the sample included IT risk as part of their material risks and outlined appropriate and detailed processes that are followed by the company to manage those IT risks.
- Full Text:
- «
- ‹
- 1
- ›
- »