The advancement of information technology in today's technologically driven era has had a significant impact on the way corporate organisations are conducting their business, especially in a developed country such as Australia. Consequently, it is now almost impossible to conduct effective and efficient audits without the use of technology‐based tools in control environments that are dominated by big data and increasing volumes of electronic audit evidence. Generalised Audit Software (GAS) is one of the most frequently used technology‐based tools available for the internal audit function for tests of controls purposes. The objective of this article is to explore the maturity of the use of GAS by internal audit functions in Australia. The literature review reveals that the use of GAS by internal audit functions globally is still at a relatively low level of maturity, despite the increased adoption of information technology and the generation of big data within organisations. Similarly, the empirical results also confirm the low level of maturity in the use of GAS by internal audit functions in Australia. Only 17.4% of the respondents displayed a high level of maturity with regard to the use of GAS.
This article explores the use by internal audit functions of audit sampling techniques in order to test the effectiveness of controls in the banking sector. The article focuses specifically on the use of statistical and/or non-statistical sampling techniques by internal auditors. The focus of the research for this article was internal audit functions in the banking sector of South Africa. The results discussed in the article indicate that audit sampling is still used frequently as an audit evidence-gathering technique. Non-statistical sampling techniques are used more frequently than statistical sampling techniques for the evaluation of the sample. In addition, both techniques are regarded as important for the determination of the sample size and the selection of the sample items.
This article explores the purpose for which GAS, as a data analytics tool, is utilised by internal audit functions in Australia. A quantitative research method was applied, and the data was analysed using descriptive statistics. The total number of online questionnaires returned was 50 (i.e., a response rate of 15.53%) from the total research population of 322 chief audit executives of internal audit functions of organisations that are registered members with the IIA-Australia. The purpose of descriptive statistics is to describe what the data looks like and to compare variables numerically; therefore, no inferences or extrapolation of the data results were made. The results of the study can be used as a benchmark that may enable CAEs to identify whether they are staying abreast of current best practice in the area of technology-based tools and techniques for tests of controls.
This article explores the existing practices of internal audit functions in the locally controlled South African banking industry regarding the use of Generalised Audit Software (GAS), against a benchmark developed from recognised data analytic maturity models, in order to assess the current maturity levels of the locally controlled South African banks in the use of this software for tests of controls. The literature review indicates that the use of GAS by internal audit functions is still at a relatively low level of maturity, despite the accelerating adoption of information technology and generation of big data within organisations. The empirical results of this article also confirm that the maturity of the use of GAS by the internal auditors employed by locally controlled South African banks is still lower than expected, given that the world, especially from a business perspective is now fully immersed in a technological-driven business environment. This study has since been extended to other industries in the following countries namely, Canada, Columbia, Portugal and Australia.
This article explores the purpose of the use of generalised audit software as a data analytics tool by internal audit functions in the locally controlled banking industry of South Africa. The evolution of the traditional internal audit methodology of collecting audit evidence through the conduct of interviews, the completion of questionnaires, and by testing controls on a sample basis, is long overdue, and such practice in the present technological, data-driven era will soon render such an internal audit function obsolete. The research results indicate that respondents are utilising GAS for a variety of purposes but that its frequency of use is not yet optimal and that there is still much room for improvement for tests of controls purposes. The top five purposes for which the respondents make use of GAS often to always during separate internal audit engagements are: (1) to identify transactions with specific characteristics or control criteria for tests of control purposes; (2) for conducting full population analysis; (3) to identify account balances over a certain amount; (4) to identify and report on the frequency of occurrence of risks or frequency of occurrence of specific events; and (5) to obtain audit evidence about control effectiveness.
Purpose: The primary research objective was to establish how the
university management used the risk register as part of the process
to achieve strategic objectives, manage risk and assess performance.
Methodology: The study followed a mixed-methods design. It
commenced with the qualitative collection of data through the
analysis of the current literature to establish whether the risk
register has the characteristics of a management tool. Based on the
qualitative data collection and analysis, a structured questionnaire
was developed to collect quantitative data to achieve the primary
research objective, namely to establish how the university’s
management currently uses the risk register to achieve strategic
objectives, manage risk and assess performance.
Findings: The findings indicated that management realized the value
of integrating strategy with risk and performance management, but
not through using the risk register. Furthermore, 79.5% of the
participants agreed that the risk register was populated to manage
risk, 40.2% agreed that it was populated to comply with legal
requirements, and 25.2% completed the risk register to comply with
executive management requirements.
Originality/Value: This study is meant to raise the awareness that
the risk register can be used as a tool to integrate strategy and risk
and performance management as it includes the strategic objectives,
the risk, and the controls to prevent the risk from arising.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.