Impact of Information Technology on the Audit Process
Great advancements in the information technology area have changed the manner in which organizations and corporations conduct many of their internal activities. The speed and efficiency characteristics of the IT systems have resulted in companies investing heavily to acquire the automated systems. One area within the organization that has significantly witnessed these transformations is the auditing department. As a result, complex business transactions are being accomplished within short timelines, while errors and mistakes that are common with the traditional manual systems have effectively been curtailed. Management teams in organizations benefit from this change because decisions can now be made quicker than in the past. However, the transformation towards automation in organizations has equally resulted in numerous challenges for the managers. Firms require highly trained personnel to handle the complex IT systems, while the systems also face the risk of being accessed by unauthorized persons who may gain critical knowledge about the firm. System failure, loss of data, and reduced human involvement, among other factors comprise of the challenges that organizations are forced to deal with as they deal with IT systems. This paper seeks to discuss how the audit process has generally been affected by the installation and full adoption of the IT mechanism of auditing.
Organizations are often forced to train their employees to increase their capacity to operate or handle IT systems. Although computerized systems are automatic and potentially compile and synthesize data internally, it is critical to point out that human input is needed to guide the entire operation (Mindak, & Heltzer, 2011). Specific data needed to be input into the system has to be determined by qualified personnel to enable the organization to obtain positive results. Equally, interpreting the final output of the IT system requires knowledge and understanding on the part of the personnel. This capacity can only be built effectively when the employees in the organization have the right training concerning operating a computerized system.
Recruiting workers who are already trained to handle such complex IT systems may not be possible for the organization. This may force the management to arrange for the training of the organization’s workers, which may require huge spending (Brody, Kowalczyk & Coulter, 2003). More complex and highly specialized IT systems are being announced as fast-paced technology advancement continues to be witnessed. This means that organizations may be forced to continually change their existing IT systems as they anticipate upgrading from their older systems. Such upgrades and numerous advancements pose a challenge to the organizations as they have to continually look for skilled personnel or train their workforce to build the necessary capacity (Mindak & Heltzer, 2011). As a result, workflow performance of the auditing process is often affected whenever the organization acquires new technology because it is forced to either look for trained personnel, or build the capacity of its internal workforce.
A computerized auditing process in an organization often stores all the resultant information within a single data repository. This critical information detailing the actual picture of the organization needs to be closely guarded as it contains the secrets of the firm. Often, such databank is protected by allowing only a few individuals in the organization, usually the top level managers, to gain access to it. Restrictions are enforced by the use of high-tech security mechanism like employing the application of passwords that are secretly held by the authorized personnel (Watson & Dow, 2010).
However, fraudsters are using the advantages of the fast technology advancements to access such information without the organization’s consent (Abu-Musa, 2002). Use of corrupted software that is capable of bypassing the secret passwords is reportedly on the increase as people seek for illegal ways of accessing such information. Hacking of corporate information that is closely guarded is a major threat to any management because it exposes the important details to rival players in the industry or market (Abu-Musa, 2002), who may use it to compete against the firm. In other words, it is difficult to guarantee data security within the computerized system.
Internally, employees of the organization may as well gain access to sections of the information stored in the database without the knowledge of the management (Watson & Dow, 2010). Dishonest employees may take such an advantage to carry away sensitive information that should otherwise remain a secret to the organization because the computerized system will, at some point, interact with humans. Lack of adequate internal technical know-how may sometimes compel organizations to hire external experts to help them operate their systems effectively. Such hired experts may end up accessing sensitive details of the organization without the organization’s knowledge and disseminate the same to other individuals or rival organizations.
Malicious people gaining access to the company’s audit information without knowledge of the management may as well alter the information to suit their interest. This implies that the organization will be running or relying on false information as reflected in the altered database. If this is not detected in advance, it may result in organizations making losses or failing to fulfill their mandate as promised. It is critical to point out that various societies have come up with stringent laws that hold managers or organizations accountable for failure to protect data information, particularly where sensitive customer details are involved.
The IT mechanism often faces internal failures or breakdowns, apart from human tampering that might slow or destroy a computerized system altogether (Debreceny et al., 2005). A complex computerized system used for auditing purposes in a typical organization comprises of hundreds of thousands or even millions of programs. These multiple programs are required to be integrated to enable the smooth functioning of the system as a whole. However, program and hardware failure may occur unexpectedly, resulting in a sudden shutdown of the entire system.
Malicious programs referred to as viruses may equally affect a system’s operation, resulting in unexpected failures. The system may be infected with the virus either through hackers or internally by the workers knowingly or unknowingly. Depending on the extent of the interference, system failures may last for significant period before the mishap is corrected. The organization equally registers loses in many ways as the system lies idle because of unprecedented failures, whether artificial or technical (Mande & Son, 2011). This is a challenging scenario because it is difficult to control the failures from happening. No matter how high-tech an audit system may be, it still remains liable for failures at some point during its operation (Debreceny et al., 2005). In other words, a company installing a computerized audit system is assured of facing a system failure dilemma as long as it continues relying on the same.
In instances where such system failures occur, the firm faces a dilemma because the operations are affected negatively. The capture and subsequent synthesis of the accounting details remain paralyzed until such a time when the systems are resuscitated. However, the organizational accounting process is a critical area whose functioning needs to operate mutually with the overall running of the firm (Arens & Elder, 2006). In essence, any system failures affecting the auditing process means that the organization may be forced to close down and wait for system revival or face the risk of making losses and other related challenges.
Loss of Data
The databank in the organization containing all the information processed by the auditing system is usually located in a single location. Unlike in the manual filing system where every department stored its own information, the computerized filing system stores large portions of data in the same location. This poses a great risk and danger to the organization because any distractions or interference with the database would see the company lose all its stored data (Yu, Hung-Chao & Chi-Chun, 2000).
Loss of data affects the entire organization severely because it literally paralyzes its functioning. Managers rely on historical data to make decisions concerning the future running of the organization. The organization’s past trends are useful in helping to determine its future effectiveness. Lost audit reports, analysis, and general information cripple the management’s ability to make decisions concerning its future running (Yu, Hung-Chao & Chi-Chun, 2000). Organizations usually maintain very limited copies of the information contained in their databases because of the need to maintain a high level of data security. Thefts and burglaries or calamities like fire outbreaks and earthquakes may cause permanent destruction of the database in the organization, leaving the organization with no choice of reclaiming the data.
Unintentional human action may also result in the loss of an organization’s computerized data stored in its central repository. Employees with administration rights who may be employed to work on the system may accidentally cause a permanent deletion of the data when performing their normal routines. Additionally, computer crashes resulting from internal system failures of software and hardware incompatibility or virus programs may cause permanent loss of data (Yu, Hung-Chao & Chi-Chun, 2000). While it may be possible for organizations to backup information for use during such periods of emergency, it is worth noting that managers in many occasions may lack the ability to stop or protect the situation from occurring.
Reduced Human Involvement
Firms are increasingly downsizing their workforce sizes, particularly trimming individuals who previously worked in the accounting department as computerized audit systems take center stage in organizations. A single IT system is capable of accomplishing numerous tasks all at once and within a very short period compared to when the same activities are performed manually. Organizations are finding it more practical to replace workers with the systems because a computerized audit system has a limited propensity of making erroneous statements and reports (Hunton & Rose, 2010). It is not possible for an employee in the accounting department to follow the computerized audit trail, unlike in the case of the traditional manual accounting systems. The documents are transformed into electronic files that are difficult to view.
A single individual in the IT department can effectively authorize all the firm’s transactions in the contemporary organization where computerization is overshadowing all activities and operations previously run manually. This has changed the practice from the past where an organization had to identify more people to be in charge of the transaction authorization function. This further gives the organization more reasons to retrench workers whose roles have since been usurped by the IT system (Hunton & Rose, 2010).
The downsizing of workforce sizes in the accounting department, however, subjects the organization to many dangers. An error may occur in the audit system programming because of the human involvement and affect the outcome. The reduced workforce in the accounting department means that only a few individuals, probably one or two, participate in programming the system (Hunton & Rose, 2010). This means the probability of errors being spotted early and rectified before causing a lot of damage is limited, unlike the case where the program is analyzed by teams of experts before being approved. The organization is forced to perform a repeat of the same functions due to the flawed auditing process. The firm also faces the probability of incurring serious losses and damages.
Organizations have to contend with spending exorbitantly to acquire and maintain accounting systems. The ever changing software versions force organizations to keep up to date with the newly announced programs to benefit from the added capabilities and expanded functionalities. Advanced software released by the system manufacturers often come with expensive licenses. Firms have to purchase the licenses before operating the software (Yang & Guan, 2004). Some of the licenses are single user, meaning the firm has to buy several licenses depending on the number of workstations within the organization to be able to benefit fully from the services.
Apart from software and hardware acquisition charges, organizations also face the major challenge of spending more on maintenance. This requires IT experts to continually service an organization’s auditing system to reduce the probability of failures and damages. If this is not checked, the organization faces the danger of having its operations crippled altogether, resulting in massive losses and damages. Maintaining IT specialists internally in an organization is very expensive. The experts are remunerated highly because of the relatively short supply in the market (Yang & Guan, 2004). Even after acquiring these experts, continuous training and development are necessary to enhance their skills and capabilities. The fast-paced advancements in the IT sector that see new software and hardware versions released almost daily require IT specialists undergo continuous training to keep pace with the developments.
The organization, therefore, takes up these responsibilities because of the underlying challenges and business pressure. Individual IT experts, for instance, may not have the necessary resources to finance their own training consistently, unless they receive such funding from their employing organization. Any failure on the part of the organization to honor these critical demands may result in lack of adequate internal capacity to handle any major maintenance operations.
In some instances, software manufacturers may release a new accounting program into the market. The new program may portray new features almost in its entirety. Such new programs in the market may be difficult to operate even by the existing expertise in the company or market. In essence, the organization may be forced to bring in the actual software manufacturers to help in training. Meeting such expenses could be too costly for the organization acquiring the software or hardware, particularly if such utilities are shipped from a different country (Yang & Guan, 2004).
The overreliance of computer systems on electricity means that organizations must look for ways of ensuring full-time availability of power. This entails investing in power backups and generators that would work as a substitute during power failures or hitches. Acquiring the equipment is expensive because apart from the acquisition price paid by the firm, it has to spend more on maintenance activities to ensure effective operations as anticipated.
A computerized auditing system is highly dependent on various software and hardware parts. Each part must be fully functioning for the system to be operational. In other words, a computer must be functioning well for the user to be able to access the software installed, while all other related machines, such as the printers, must equally be functional for physical reports to be published. A breakdown in any one of the system’s components implies that the whole system has to be halted and the necessary repairs made to revive it.
This is highly challenging for the organization in terms of sustaining an uninterrupted process operation. It makes the automated auditing process susceptible to numerous failures and interruptions that reduce the overall efficiency (Hunton & Rose, 2010). Any slight stoppage of the auditing system literally affects the entire running of the organization, placing it at the risk of incurring losses. The automated process is complicated and vulnerable to constant mechanical and technical failures, unlike the manual auditing system that fundamentally relies on the output of employed individuals in the department.
Information technology prowess and infinite capability have significantly been integrated into organizations to help with the achievement of efficient and accurate results. One significant organizational area that has benefited immensely from such a move is the auditing process. Firms are increasingly computerizing their auditing processes to benefit from the speed with which the IT system operates. However, organizations also face challenges as a result of the automation of their internal auditing processes. Computerized data are susceptible to losses or damages because of the single storage databases. An organization losing its data as a result of a fire incident or theft ends up encountering huge losses because the historical data contained in the database is critical in enabling the decision making process in an organization.
Malicious programs are used by people to gain access to the data repository of the organization without the consent of the management. This information is often critical for the organization and may end up in the hands of other industry rivals in a bid to curtail their competitive advantage. Computerized audit systems equally require highly trained personnel to operate and handle them on a daily basis. Organizations are also required to constantly upgrade their systems to enhance their operations and keep pace with the continued advancements in the IT sector. These upgrades and subsequent new installations force the organizations to retrain their workers to empower them in the area of handling the new systems. This is expensive and it interrupts with the flow of operations in the auditing department. Although computerized systems are automatic and limit the incidences of errors witnessed in manual systems, a single error during the programming phase may end up affecting the organization negatively.
Abu-Musa, A. (2002). Security of computerized accounting information systems: An integrated evaluation approach. Journal of American Academy of Business, Cambridge, 2(1), 141-149.
Arens, A. A., & Elder, R. J. (2006). Perspectives on auditing education after Sarbanes-Oxley. Issues in Accounting Education, 21(4), 345-362.
Brody, R. G., Kowalczyk, T. K., & Coulter, J. M. (2003). The effect of a computerized decision aid on the development of knowledge. Journal of Business and Psychology, 18(2), 157-174.
Debreceny, R., Lee, S-K., Neo, W., Toh, J. S. (2005). Employing generalized audit software in the financial services sector: Challenges and opportunities. Managerial Auditing Journal, 20(6), 605-618.
Hunton, J. E., & Rose, J. M. (2010). 21st Century auditing: Advancing decision support systems to achieve continuous auditing. Accounting Horizons, 24(2), 297-312.
Mande, V., & Son, M. (2011). Do audit delays affect client retention? Managerial Auditing Journal, 26(1), 32-50.
Mindak, M., & Heltzer, W. (2011). Corporate environmental responsibility and audit risk. Managerial Auditing Journal, 26(8), 697-733.
Watson, M. W., & Dow, K. E. (2010). Auditing operational compliance: The case of employee long distance piracy. Issues in Accounting Education, 25(3), 513-526.
Yang, D. C., & Guan, L. (2004). The evolution of IT auditing and internal control standards in financial statement audits: The case of the United States. Managerial Auditing Journal, 19(4), 544-555.
Yu, C., Hung-Chao, Y., & Chi-Chun Chou. (2000). The impacts of electronic commerce on auditing practices: An auditing process model for evidence collection and validation. International Journal of Intelligent Systems in Accounting, Finance and Management, 9(3), 195-216.