The current issue and full text archive of this journal is available at

www.emeraldinsight.com/0268-6902.htm

Adoption of
Examining the adoption CAATTs
of computer-assisted audit tools
and techniques
327
Cases of generalized audit software use
by internal auditors
Nurmazilah Mahzan
Department of Accounting, Faculty of Business and Accountancy,
University of Malaya, Kuala Lumpur, Malaysia, and
Andy Lymer
Department of Accounting and Finance, Birmingham Business School,
University of Birmingham, Birmingham, UK
Abstract
Purpose – The use of computer-assisted audit techniques and tools (CAATTs) is a part of many
professionally recommended audit procedures. This paper aims to argue that obtaining a better
understanding of the factors underlying successful CAATTs adoptions would be helpful to aid wider
development of these technologies in internal audit functions.
Design/methodology/approach – To help develop the understanding of the factors that lead to
successful adoption of GAS, this paper uses current theories that are seeking to better explain the various
elements that constitute IT adoption processes. In particular, it makes use the “Unified Theory of
Acceptance and Use of Technology” (UTAUT). UTAUT is used to structure the analysis of ten
semi-structured, qualitative, interviews of key decision-makers in adoptions of CAATTS in internal audit
functions in exploring the key factors that drove the successful adoption of these IT technologies. The most
widely used CAATTs tools available to internal auditors is currently GAS. This study specifically focuses
on GAS tools.
Findings – This paper explores the successful adoption of GAS in ten cases to draw out the general
factors that appear to be essential elements that lead to successful adoptions. From this basis, the
paper proposes an initial model, built on existing theories of IT adoption more generally, as a
theoretical basis for GAS adoption by decision-makers in an internal audit setting to better understand
what may be essential factors to their adoption decisions to be likewise successful. Results suggest
that two constructs from UTAUT (performance expectancy and facilitating conditions) appear to be
particularly important factors influencing successful adoptions of GAS in this domain. However, the
UTAUT constructs of social influence and effort expectancy are not found by this study to be as
important in this specific IT adoption domain. UTAUT also proposes four moderating factors that
influence the constructs. This paper explores two of these moderators – experience and voluntariness
– and shows that both are keys to the constructs application to this domain.
Originality/value – The paper examines the motivation for CAATTs adoption by internal auditors
using the UTAUT framework commonly used in information system research but not so to date in this
domain where there is professional guidance suggesting wider use of technology should be made
compared to actual usage.
Keywords UTAUT, Gas, CAATTs, Internal audit Managerial Auditing Journal
Vol. 29 No. 4, 2014
Paper type Research paper pp. 327-349
q Emerald Group Publishing Limited
0268-6902
JEL classification – M42 DOI 10.1108/MAJ-05-2013-0877
MAJ 1. Introduction and motivation
29,4 Computer assisted audit tools and techniques (CAATTs) can be used by an auditor
(external or internal) as part of their audit procedures to process data of audit
significance contained in an entity’s information systems (Singleton and Flesher, 2003).
Literature (Grand, 2001a, b; Braun and Davis, 2003) has shown that the types of
CAATTs embraced by auditors include the following groups: electronic working
328 papers, fraud detection, general audit software (GAS) (for supporting tasks such as
information retrieval and analysis), network security testing, continuous monitoring,
audit reporting, databases of audit history, computer-based training, electronic
commerce and internet security.
The focus of this paper is on usage of GAS because it is the primary CAATT in use by
internal auditors (Hall, 2012; Kim et al., 2009; IIA UK, 2003; Gray, 2006). The usage of
GAS has evolved over time, due in large part to the proliferation of information
technology usage in the businesses auditors are working within, necessitating some
degree of automation (Ramamoorthi, 2004). However, prior evidence in the literature has
suggested that the pace of growth and the extent of use of these tools has not kept up
with the developments of the underlying businesses they audit (Ramamoorthi, 2004). As
such, an interesting research question arises as to why internal audit use of GAS remains
limited. This paper seeks to explore this question.
There is limited research that studies the behavioural aspects of IT adoption by
external auditors (Bedard et al., 2002; Schafer and Eining, 2002; Braun and Davis, 2003;
Debreceny et al., 2005; Dowling and Leech, 2007; Curtis and Payne, 2008; Javnrin et al.,
2008; Stoel et al., 2012; Aidi and Kent, 2013). However, at the time of undertaking this
study, almost no work looked at its adoption by internal auditors (Huang et al., 2008;
Kim et al., 2009; Gonzalez et al., 2012). The adoption of IT generally has been a
well-studied domain and there are several IT adoption theories that have been developed
and applied across a variety of non-audit related fields (key examples of this literature
include; Davis, 1989; Hu et al., 1999; Karahanna et al., 1999; Venkatesh, 2000;
Bhattacherjee, 2000).
The key objective of this study is therefore to examine the factors that lead to
successful GAS adoption in the cases chosen. This exploratory study examines those
that have become successful adopters of this technology. This enables the focus to be
on what has led to successful adoption for this subset of CAATTs use to seek to draw
out common factors that could be more widely applicable as best practice in adoption
decision making that seeks to match GAS use to perceived needs in other internal audit
settings[1]. In exploring this objective, this examination is undertaken using a theory
testing approach based on the use of wider academic literature on IT adoption from
other domains.
The results of this study can be used by internal auditors, regulators and software
providers in helping them to better understand how the context and processes
associated with adoption decisions can help, or hinder, successful implementation of
GAS in internal audit. In order to achieve the research objective set, the key research
question addressed by this paper is:
RQ1. To what extent do general theories of IT adoption aid in identification of
factors influencing successful GAS adoption decisions in the internal audit
domain.
The key contributions of this paper are: Adoption of
.
the testing of current IT adoption theory in explaining the successful adoption of CAATTs
GASs for selected internal audit settings;
.
an academic contribution to better understanding of GASs’ use in the UK by
internal auditors (and, by extension, to other countries who have similar internal
audit domains), where previously only limited professional body surveys have
been generally available;
329
.
offering specific research outcomes to support future guidance by professional
bodies on adoption decisions for the use of GASs in internal audit domains; and
.
provision of a theoretical foundation for development of a testable model to support
adoption and successful implementation of GASs in an internal audit setting.

This paper is organised as follows. In the next section, the prior literature highlighting the
reasons for GASs’ adoption and use is reviewed. The following section discusses the
justification for the application of the wider IT adoption theories to aid understanding of
the success factors for GASs’ adoption. Section 3 then explains the theoretical framework
used in this paper (i.e. Unified Theory of Adoption and Use of Technology (UTAUT)).
Section 4 elaborates on the application of the constructs from UTAUT used to explore
adoption success factors. Section 5 details the qualitative work undertaken to apply this
model to GAS adoptions, using a series of interviews with key personnel in business and
public sector entities who are successful users of GASs in the UK and Malaysia. Results
from these interviews are explored in Section 6. Section 7 offers some conclusions and
implications for this research before the final section discusses limitations of this work.

2. Literature review
2.1 Academic literature
The research literature on information technology audit (IT audit) is fairly extensive;
however, little attention in this literature has been given to CAATTs adoption factors.
To take one example, Stoel et al. (2012) look into factors influencing the quality of IT
Audit resulting from use of support tools, but does not address the adoption factors of
CAATTs by auditors. Several studies have been conducted into CAATTs’ development
and application by auditors. This has particularly however, been applied to their use by
external auditors (Bedard and Graham, 2002; Bedard et al., 2002; Javnrin et al., 2008; Aidi
and Kent, 2013). These include several documented cases showing why CAATTs were
adopted in particular external audit situations (Debreceny et al., 2005; Neuron, 2003;
Paukowits, 2000; Hudson, 1998). Only limited studies of these decisions in an internal
audit setting exist (Huang et al., 2008; Kim et al., 2009; Gonzalez et al., 2012).
A small number of recent studies on technology adoption by auditors have applied IT
adoption theories used in the information systems adoption literature to explore the
various factors that influence adoption in this domain (Kim et al., 2009; Huang et al., 2008;
Curtis and Payne, 2008; Gonzalez et al., 2012). Kim et al. (2009) looked at technology use
by internal auditors and used the technology acceptance model (TAM) (a precursor
model to UTAUT) in their study. In this case the basic TAM was extended to include a
variety of potential external influencing factors split into organizational, social and
individual factors and particularly introduced technology complexity into the usage
decision likelihood. Kim et al. (2009) found support for the use of the TAM to explain
MAJ dimensions of system usage, perceived usefulness and perceived ease of use and report
29,4 some impact of organizational and individual factors. They report a lack of social
influence however, as an explanatory factor in this domain, unlike that found in other IT
adoption domains. They found that as the complexity of the technology at hand (i.e. more
advanced CAATTs) grew, its use to aid the audit review decreased. This finding
supports the evidence that GAS, as a relatively simple CAATT, is more widely used in
330 practice than more advanced CAATTs. Huang et al. (2008) review internal audit
CAATTs acceptance, also based on an extended TAM where organisational support
and system quality factors were added to the base model. This research found strong
support for their extended TAM in explaining adoption decisions by internal auditors
based on a survey conducted of 117 internal auditors in Taiwan.
Curtis and Payne (2008) applied the same base IT adoption theory applied in this paper
(UTAUT) to the CAATTs decisions made by external financial auditors in this case on
their intention to adopt substantive testing software. The base UTAUT model was also
extended in this study to include contextual factors and individual characteristics that
they posited may add explanatory power to the base model in this context. They made
use of a similar experimental instrument to that used in the original work on this theory
by Venkatesh et al. (2003) and applied it to 70 in-charge financial auditors. They report
UTAUT to be a valid model to study audit technology adoption decisions and found
support for their extensions to the base model in this particular domain.
Gonzalez et al. (2012) also used UTAUT in their study on intention to adopt
continuous auditing and found that this model explains a substantial amount of
variance in the intentions of internal auditors, albeit in a different context to CAATTs
adoption decisions. Their result showed that perceptions of effort expectancy and social
influence are significant predictors of internal auditors’ intentions to use continuous
auditing, while performance expectancy and facilitating conditions are not supported.
Therefore, no academic work to date directly addresses the use of GAS by internal
auditors using the UTAUT model that is now accepted as the base IT adoption model for
IT adoption decisions. This paper addresses this gap, building on the prior literature
using TAM, as outlined above, to extend our understanding of the GAS adoption
decisions made by internal auditors that led to successful implementations in an attempt
to provide a forward looking understanding to aid future decisions by internal auditors
in considering use of this technology in their own organisations.

2.2 Professional literature

While academic research on this topic is limited, there have been a number of surveys
carried out by professional bodies to which auditors belong that outlines CAATTs’
usage in practice across a variety of industries. There is however, a particular focus on
businesses in the USA in this existent professional literature.
The insights relating to CAATTs’ use by internal auditors (as a subset of all auditors)
largely come from the results of the Institute of Internal Auditors (IIA) USA surveys;
these were conducted annually from 1995 to 2006 (Gray, 2006; Salierno, 2001) where a
range of information relating to the percentage of CAATTs usage was routinely
collected, and through which some history of development practices of these
technologies was captured. However, systematic reviews of even basic information
about their usage do not exist outside the USA. IIA (UK) (2003) did conduct a survey
touching on CAATTs’ usage at the end of 2002. The respondents of the survey were
65 Heads of Internal Audit from organisations throughout the UK. This survey revealed Adoption of
some hesitation at the time of this data gathering exercise amongst those overseeing CAATTs
internal audit departments in the UK in relation to any automation of internal audit
work. The key reason cited for this was that they perceived that there was a lack of
software available in the market that met their needs as internal auditors. The survey
also suggested that some software packages were too restrictive in their requirements to
be directly applicable to the audit methodologies used in the businesses that evaluated 331
them – requiring too large a change in the methodologies used to justify the costs for the
benefits that might be accrued. However, more than 40 percent of respondents suggested
that they would be willing to adopt an amended audit approach if they could find a
package, or packages, that otherwise met their needs. This suggests scope for wider
automation to occur in the future, if the right conditions for adoption could be
understood, and communicated, to software developers.
Neither of these previous sets of surveys in the USA or the UK has addressed, in any
useful detail, the early stages of CAATTs’ adoption processes, particularly the specific
motivation for initially exploring and building a business case for the adoption of
CAATTs, and the limiting factors to their wider adoption. They primarily report on the
details of applications in place at the time of the survey. Therefore, the information on
motivating factors that influence adoption, which is necessary to provide the next step
forward in wider adoption for many other businesses, is not currently widely available,
either in professional or academic literature.
Further, the current information available does not focus on CAATTs’ adoption
employing any systematic approach. This study therefore addresses the lack of
CAATTs’ adoption decision literature applicable, by providing insight into technology
adoption issues using theory developed in other IT adoption domains. The next section
will review this literature in more depth.

3. Theoretical framework to study the motivation for CAATTs’ adoption

The theoretical base underlying this paper is the model of technology adoption known
as the Unified Theory of Acceptance and Use of Technology (UTAUT). UTAUT is a
unified model of IT acceptance by individuals that was developed by Venkatesh et al.
(2003), after reviewing, comparing and testing eight competing theories in this field of
research, whilst seeking to establish the general factors that influence users when
making technology adoption choices across a variety of domains. These models
originate in psychology studies and have been adapted, through a series of successive
research projects, to IT adoption decisions.
The eight models reviewed, compared and tested by Venkatesh et al. (2003) were the
TAM; the theory of reasoned action (TRA); the theory of planned behaviour (TPB); the
motivational model (MM); the innovation diffusion theory (IDT); the model of personal
computer utilisation (MPCU); the social cognitive theory (SCT); and a model that
combined TAM and TPB.
The review and comparison undertaken by Venkatesh et al. (2003), illustrated that there
are five limitations noted in the eight extant models related to issues such as the technology
being studied (all evidenced by relatively simple technology adoption decisions);
participants are mostly students in academic settings; the timing of decisions; and the
nature of measurement and voluntary versus mandatory contexts. These issues are
addressed by Venkatesh et al. (2003), by selecting participants for their study from
MAJ non-academic settings and through various stages of experience with new technology, and
29,4 in comparing all models across all participants. Further, Venkatesh et al. (2003), argue that
this will address many of the key limitations of the existing theories, in producing a
composite model of general applicability to IT adoption decisions, made by individuals.
Having reviewed, examined and tested the eight complementary models,
Venkatesh et al. (2003) developed UTAUT based on conceptual end empirical
332 similarities across the models (Figure 1).
Venkatesh et al. (2003) demonstrated that the prior models could be reduced to four
major elements (termed “constructs”) that are significant, direct, determinants of
adoption intention, and thereby actual usage, in one or more of the individual models:
(1) Performance expectancy is the degree to which an individual believes that
using the system they are considering adopting, will help them to attain gains
in task performance.
(2) Effort expectancy refers to the degree of ease the adopter associates with the
use of the system they are considering using.
(3) Social influence, refers to the degree to which the individual perceives that
important others believe that he or she should use the new technology they are
considering.
(4) Facilitating conditions are defined as the degree to which an individual believes
that an organisational and technical infrastructure exists to support the use of
the technology they are considering adopting.

In addition, Venkatesh et al. (2003), illustrated that these four major constructs can be
influenced by four key “moderators”: gender, age, voluntariness (the extent to which
the adoption choice is one over which the chooser has power to reject) and experience
(novice v expert in the choice domain).
The proposed theory (UTAUT), was empirically validated using data from
individuals in four organisations over a six-month period, and was found to outperform
each of the eight individual models in explaining adoption activity for various
technologies (Venkatesh et al., 2003). Subsequently, the UTAUT model has been applied

Performance
Expectancy (PE)

Behavioural Actual use

Effort Expectancy Intention (BI) behaviour
(EE)

Social Influence
(SI)

Facilitating
Figure 1. Conditions (FC)
Unified Theory of Voluntariness
Acceptance and Use Gender Age Experience to use
of Technology
Source: Venkatesh et al. (2003)
in various other domains such as internet marketing (Abu Shanab and Pearson, 2007) as Adoption of
well as healthcare (Hennington and Janz, 2007). However, in this study, we focus on the CAATTs
individual adoption decision making process, rather than the organisational context, as
the adoption decision for CAATTs use is typically made by an individual who leads an
internal audit department.
Figure 2 illustrates the theoretical view in this research derived from the UTAUT
model. In comparison to the original UTAUT model, the moderating factors (age and 333
gender) are not fully explored as this study focuses instead on the assessment of the
potential of the four constructs for explaining successful adoption decisions in this
domain[2]. However, the moderators of experience and voluntariness are given some
exposure in the approach adopted in this paper as the adopted research methodology
does allow for some, albeit incomplete, exploration of these factors. Further, behavioural
intention and actual usage in the original UTAUT are replaced with motivation and
successful CAATTs’ adoption to make this model specific to the internal audit domain.
The next section develops these four constructs further in the context of this study,
followed by further exploration of the moderators used in this study in the following
section.

4. Constructs examined in this study

This section explores each of the constructs from UTAUT that are proposed for testing
in this study, to illustrate their theoretical application to our model.

4.1 Performance expectancy

Auditing standards and guidelines suggest that the usage of technology tools could help
to enhance the efficiency and effectiveness of an internal auditor’s work (e.g. see IIA
standard 1220.A2). In addition, other literature on CAATTs has shown that auditors
adopt CAATTs to be able to perform various functions, such as: to test program controls
(Pogrob and Isenberg, 1999; Javnrin et al., 2009), to gain a comprehensive understanding of
their IT controls (Neuron, 2003); to facilitate risk assessment during specific audit
planning processes (Paukowits, 2000); and to improve the efficiency of audit testing
(Hudson, 1998). As such, CAATTs are argued to be an important tool for internal auditors
in the performance of their audit work. This perception therefore could be argued to be
consistent, in principle, with perceived usefulness as included in the performance
expectancy construct in UTAUT, which refers to the extent to which an individual
believes that their use of the technology will enhance their job performance (Davis, 1989).

PE

EE

Successful
Figure 2.
Motivation CAATTs’
FC Theoretical view
Adoption
of studying motivation
for successful
SI CAATTs’ adoption
Experience Voluntariness
MAJ 4.2 Effort expectancy
29,4 UTAUT’s effort expectancy construct addresses perceived ease of use UTAUT
suggests that there is a direct (positive) effect of perceived ease of use via effort
expectancy on behavioural intention (Venkatesh et al., 2003). All other things being
equal, UTAUT would suggest therefore that there is a higher likelihood that internal
auditors would adopt CAATTs when they are easy to use and they do not have to
334 undergo a difficult learning curve to make use of them.
Despite apparent support for this construct in UTAUT, Hu et al. (1999) concluded
from their study that amongst knowledge workers, no amount of ease of use would
compensate for their low perception of a system’s usefulness. Their investigation of a
physician’s acceptance of telemedicine revealed that as the level of knowledge of
professionals differs significantly from other subjects of prior research (students,
clerical staff, etc.), then their ability to assimilate new technology would be quicker
(Hu et al., 1999). Therefore, ease of use was found to have no significant effect on attitude
and perceived usefulness in the Hu study of technology adoption.
However, Bedard et al. (2002), in looking more directly at auditors as knowledge
professionals, found otherwise. Their results showed that ease of use perceptions were,
in fact, important among a group of highly experienced auditors, thus potentially
supporting the use of this construct in the modelling of technology adoption by auditors.
Bedard et al.’s research examined the effect of technological and task knowledge on the
basic TAM relationships. The positive relationship between task knowledge and ease of
use implies that, even individuals with requisite computer skills, may consider a system
difficult to use if they are uncertain about their proficiency with tasks that need to be
performed using the system. In later research, Bedard et al. (2003), found that the
perception of ease of use can be shifted with training. Therefore, in this study, the effect
of ease of use and training on CAATTs’ adoption by internal auditors is examined in
seeking confirmation of their applicability to an internal auditor’s adoption decision.

4.3 Facilitating conditions

Facilitating conditions relate to the degree in which the infrastructure provided by the
organization and external environment is perceived to influence the motivation to adopt
(Venkatesh et al., 2003). In the context of CAATTs’ adoption by internal auditors, the
facilitating conditions that can impact their motivation to adopt includes the adequacy of
information on what CAATTs can do; support from vendors or software providers; as well
as support from senior management in their organisation (CICA, 1994). Therefore, this
construct on adoption decisions also, theoretically, appears to be potentially applicable to
this study domain, and is therefore worthy of further examination in this study.

4.4 Social influence

In the context of social influence, this study seeks to understand if image and
normative belief (Venkatesh and Davis, 2000), will have any influence toward an
intention to adopt CAATTs, as found to be the case elsewhere in other studies using
UTAUT. For example, the decision whether to adopt CAATTs or not, may be
influenced by the head of internal audit in an organisation, or fellow auditors within
their firm, or from other professional contacts or their professional body. Again,
it appears plausible that this construct could play a part in CAATTs adoption decision
by internal auditors. It therefore appears that the refined constructs developed and
tested in UTAUT as the key factors informing IT adoption decisions, could provide a Adoption of
fit in the domain in question in principle. CAATTs
4.5 Moderators
The full exploration of the impact of moderating factors proposed in the UTAUT is
beyond the primary focus of this study, which instead seeks to explore the validity of
the constructs of the theory. However, two of the moderators are argued to be testable 335
using the research method being applied in this study. Given their role in explaining
the extent of the influence of three of the constructs on adoption decisions, these
moderators are explored in a limited way in this study.
In testing UTAUT, Venkatesh et al. (2003), found that the social influence construct may
be significant when analysed with the inclusion of the moderating variables: age, gender,
experience and voluntariness. For example, social influence was found to be significant in
mandatory adoption in their testing of UTAUT. In this study, we therefore include an
analysis of the impact of voluntariness within our analysis of this particular construct.
However, the moderators of age and gender are not separately addressed in this study, due
to our small sample size and given our use of a selective interview based approach.
In addition to the moderating impact on social influence, experience is also found in
the development and testing of UTAUT to have a moderating impact on effort
expectancy and facilitating conditions. For an experienced adopter, effort expectancy is
not found to be as significant a determinant of adoption, while the facilitating conditions
tended to be more significant as expertise grew (Venkatesh et al., 2003). Therefore, our
theoretical model adopts a similar view by including experience as a moderator in our
analysis as this factor, we argue, could be explored using interview based approaches as
applied in this study. The other moderating factors proposed by UTAUT of gender and
age are not explored specifically in this study but could form part of a wider study on the
potential of UTAUT in this domain if a larger scale research method was applied.

4.6 Research questions

Drawing from the above UTAUT constructs and selected moderators, the wider
literature and information from extant literature, the general research question proposed
for this study was developed into a series of more specific interview questions to be
incorporated into the research instrument for the interviews. Several pilot interviews
were conducted to test and refine these questions into ones collectively considered to
capture the core elements of the personal adoption decision making process. The key
question categories[3] arising from this process were:
RQ2. When do internal auditors decide to use CAATTs in their audit process?
RQ3. Why do internal auditors decide to use CAATTs in their audit process?
RQ4. How do internal auditors evaluate the appropriateness and adequacy of staff
skills?
The following section reviews the research method adopted in this study.

5. Data collection and analysis

Qualitative based interviews were chosen as the data collection method for this study.
The use of interviews as the research method in IT adoption studies has also proven
MAJ useful in previous research when an in-depth description is sought of the adoption
29,4 process (Dowling and Leech, 2007; Sieber et al., 2005; Rahim, 2008; Anderson and
Schwager, 2004). This, it is argued, demonstrates the validity of this approach used for
this new domain to UTAUT application. Further, this was necessary in this domain
given the limited sample of successful adopters available to use for this study preventing
surveys being viable or larger scale experimental approaches as had been successfully
336 applied in external auditor IT adoption research (Curtis and Payne, 2008).

5.1 Qualitative data

The interview cases used in this study comprised the key adoption decision makers in
eight organisations in the UK, along with two different organisations in Malaysia.
Organisations were selected for participation in the study based on leads obtained from
a brief usage survey undertaken with participants of a UK ACL User Conference, UK
IDEA User Conference[4] and also with the assistance of a consultancy firm providing
expertise in CAATTs’ use for internal audit settings[5]. The interview cases selected
comprise a convenience sample of nine successfully adopting entities (only respondents
who were both successful and significant users were chosen given the research question
this study was exploring) but were also selected to represent different kinds of industries
to enable some spread of coverage of CAATTs usage to be included. We believe that ten
sample cases are a suitable number to provide adequate exploration of the potential
value of the use of the UTAUT model in this domain while recognising that further
validation in other cases (successful and otherwise) would provide further insight in the
application of this model to this specific domain.
Two comparative cases were selected from outside the UK (taken from Malaysia) to
offer some, albeit very limited, international comparison information. The profile of the
case study respondents is described in Table I.

Case 1 Case 2 Case 3 Case 4 Case 5

Sector Insurance Pharmaceutical Fund manager Central Financial
company government
Location UK UK UK and global UK UK
Usage category Adopter Adopter Adopter Adopter Adopter
Years using Less than 5 More than 15 Less than 5 More than 5 More than 15
CAATTs
GAS package ACL ACL and IDEA ACL IDEA IDEA
used
Case 6 Case 7 Case 8 Case 9 Case 10
Sector Local Software National Cooperative Financial
government provider/ government
consultant auditor
Location UK UK Malaysia UK Malaysia
Usage category Adopter Adopter Adopter Adopter Adopter but
stopped due
technical
problem
Years using More than 10 More than 10 Between 5 and 10 More than 10 Less than 5
Table I. CAATTs
General summary of GAS package ACL IDEA ACL ACL AND ACL
interviewee profiles used IDEA
Data was collected in face-to-face interviews with key individuals in each case Adoption of
company. The collected interviewee responses were analysed using a pattern matching CAATTs
technique. According to Yin (2003), the pattern matching techniques can be effectively
deployed in qualitative data analysis when there is a theoretical proposition supporting
the research questions – as is the case in this study.

5.2 Data analysis 337

Analysis was undertaken of the interviews by performing cross case data tabulation.
The data was analysed by identifying key words that can identify the possible existence
in this domain of the constructs adapted from UTAUT. We made use of Nvivo, (research
software used to analyse qualitative data) to process this data. The transcripts were first
condensed and uploaded into Nvivo. Then, the data was arranged into a table format
based on the detailed research questions. From the cross case tabulation, keywords were
identified (for example, the word “benefits” is identified as one of the factors that
motivates adoption) and categorized according to the four constructs adapted from
UTAUT.
The next section provides details of the results produced from this analysis.

6. Research findings
6.1 General findings
In the Appendix we present a summary of responses received from each case outlining
each of the factors the interviewees provided as the motivations for CAATTs’ adoption
in their specific circumstances. Despite the range of possible CAATTs that could be used
in practice by these cases, the types of CAATTs focused upon across our cases were
exclusively limited to GAS applications (Debreceny et al., 2005), as such no evidence was
therefore available related to successful adoption of other CAATTs[6]. This is, in itself,
an interesting discovery suggesting that, whilst significant commentary on the potential
for other CAATTs usage exists in professional guidance, this, of itself, has been
ineffective in producing substantive wider exploitation of anything other than the use of
GAS, even in cases where successful GAS adoptions have occurred and therefore may be
considered to have offered favourable contexts for further developments to have been
used. Further study is required to explore this finding in more detail. As this paper is
exploring the motivation to adopt from successful cases of CAATTs’ adoption,
we therefore focus our following analysis on GAS applications specifically.
In broad terms, selected key quotes from the analysis of each interviewee’s
comments (the Appendix) indicates that GAS adoption is primarily driven by the
adoption decision maker’s perception of the benefits that will be derived from GAS
usage in the internal auditing process. There are several specific benefits that can be
classified within the performance expectancy category identified from the cases which
include cost savings (case 1), greater audit coverage (cases 3, 5 and 8), increased audit
quality (case 5) and faster processing time (case 9).
Detailed analysis of the cross case tabulated data demonstrated that the key words
described the first three constructs of performance expectancy (supported mainly by
use of keywords describing benefits), and facilitating conditions (supported by
keywords describing the availability of CAATTs’ expertise and support from
management). However, the findings do not appear to strongly support the existence of
social influence and effort expectancy. The keywords from the cases did not match the
MAJ description of these two constructs as defined above. This is likely to indicate that, for
29,4 these successful adoption cases at least, these constructs of effort expectancy and
social influence were not key factors influencing motivation to adopt GAS. These
results are analysed further in the following discussion.

6.2 Performance expectancy

338 The construct of performance expectancy appears to be strongly supported by findings
from the interview analyses. Performance expectancy appears to be the main motivation
for GAS adoption in six out of ten cases. Interviewees reported consistently that they
believed that the benefits that would be derived from use of GAS would greatly enhance
their job efficiency. In their opinion, adoption of GAS meant that internal auditors were
able to automate parts of the audit process to improve overall performance.
For example, case 6 had used GAS for more than ten years. The auditors decided
to adopt GAS (specifically ACL in their case) because they believed that the audit
software would improve the efficiency of the audit team. ACL was initially used for
fraud investigations (to compare housing benefit data with payroll data). The results
were good in that the team was judged to have become significantly more effective in
producing “exception reports” on housing benefit that is not paid according to the
rules. Subsequently, having proven its worth in this initial task area, ACL was rolled
out more widely across the team and used for additional data matching tasks,
exception reporting, sampling and other kinds of automated audit work.
Two cases (6 and 9) also claimed to have adopted GAS because it was considered to
be necessary to do so within a growing electronic data processing system environment
that they were both facing. In both cases, they are large departments handling
significant volumes of data. As such, usage of GAS became indispensable to them for
audit sampling data extraction and related analysis.
Our interview evidence therefore strongly indicates that performance expectancy is
a key motivation for GAS adoption in internal audit settings. This follows logic in that
it would be unlikely in this professional setting that software would be used that did
not contribute to the effectiveness of the overall audit task. This was also found to be
the case by Curtis and Payne (2008) in their study of external auditors.

6.3 Facilitating conditions

Auditors’ skills and knowledge. This study probes into the auditors’ readiness (in terms
of skills and knowledge) to adopt and maximize the value of GAS adoption. The
evidence of our interview studies suggests that it is important, prior to organisations
adopting GAS, that they know someone in the organisation would be able to
implement and use the tools. In seven out of the ten cases, the auditors interviewed
have either previous experience, or at least a basic knowledge of, the use of GAS prior
to the decision to adopt GAS. This knowledge facilitates the decision making process
of GAS adoption. The finding also supports the role of experience as a moderator to the
significance of this construct on successful adoption decisions.
Another influencing factor related to skills of auditors is training. Three cases cited
the availability of targeted training as encouraging them to adopt GAS where they may
not otherwise have done so. Javnrin et al. (2009) also suggested that training will enhance
the adoption of CAATTs. In case 5, the ability to use GAS was made a pre-employment
criterion for newly recruited internal auditors. This was to promote the use of GAS for Adoption of
most audit work within the organisation. CAATTs
External facilitating conditions. Externalities in the context of an internal audit
environment comprise the external auditors; regulatory bodies such as the tax
authority; the professional bodies influencing the profession; the company board’s
audit committee; and also any other operating departments within the organisation.
In case 9, CAATTs’ adoption occurred so that data might be more easily extracted for 339
external auditor uses[7]. Therefore, the adoption of CAATTs was in part due to the
influence of an external party, the external auditor, as a key stakeholder of the
management of this organisation’s data. When the organisation shifted to a PC based
environment, they then looked for a CAATTs’ solution that was compatible with PCs.
Initially, CAATTs were used in this organisation to perform data interrogation and data
extraction on behalf of the external auditor, and to their specifications. However, once
implemented for this initial purpose, usage was further expanded into data analysis
beyond only for internal audit purposes, but also in support of operational business
requirements. It was found that by making effective use of CAATTs the organisation
was able to meet the data requirements of external parties such as external auditors, and
auditors from HM Revenue and Customs, and also internal parties like their operational
departments. As such, the facilitating conditions were found to be a strong motivation
for successful adoption in this case.
Further, through case 7, it was found that a number of local authorities in the UK
are using GAS due to external motivating factors. The interviewee for case 7 confirmed
that there are almost 300 local authorities using GAS in a similar way to how they
illustrated their usage. He explained that the fact that these authorities are all being
audited by the UK’s Audit Commission, which is itself an extensive user of GAS, has
encouraged most of them to do the same.
Evidently, the effect of external facilitating factors, at least when these have a
regulatory influence, was found to be strong in this study. There appears therefore to
be strong evidence from the interview findings that the availability of facilitating
conditions motivates GAS adoption.
A possible question that arises on the basis of these results is whether the absence
of these conditions would discourage non-users from adopting GAS? An interesting
example cited in case 9 may answer this question:
Our IT audit function had been visited by a multinational company that was interested in using
IDEA. A presentation was made to their General Manager of Finance and Head of IT. They
were impressed with what IDEA could do. If they were to use IDEA, they wanted to use it
globally throughout all of their subsidiaries. The problem they faced was that they did not have
the expertise to plan and carry out the implementation process; hence outsourcing was the only
answer. Outsourcing however, was very expensive and organisations did not have the
necessary budgets for such expenditure.
Given the above example it appears evident that the existence of facilitating conditions
(be they either auditor skills and knowledge, or external influences) plays an important
role in motivating auditors to adopt GAS.

6.4 Lack of support for social influence and effort expectancy

In previous research (Davies and Venkatesh, 2000; Curtis and Payne, 2008; Kim et al.,
2009), constructs related to social influence have not always been found to be significant
MAJ in voluntary contexts, but do so within mandatory settings (Gonzalez et al., 2012).
29,4 Venkatesh et al. (2003) also found that this construct is significant in the presence of the
four moderating variables which are age, gender, experience and voluntariness. In the
domain of this study, GAS usage is voluntary, even though professional standards
prescribe that GAS should ideally be used by the internal auditors to ensure that they
deliver due professional care (ISACA, 1999) and some pressure appears to be being
340 exerted in some industries by regulatory oversight processes (as described in case 7
above). However, as there is a lack of enforcement and monitoring of compliance to this
proposal of use, internal auditors are left, in practice, to make context specific decisions
on adoption. Also, membership of professional bodies, such as the IIA, is not, in practice,
mandatory for all internal auditors. Therefore, as is in keeping with prior studies of IT
adoption, it appeared to be the case that the effect of social influence was not significant
within the context of these cases (see also Kim et al. (2009) who report likewise). Should
the adoption of GAS be made mandatory, either by internal or external parties, the social
influence construct may then play a greater role in influencing GAS adoption as the UK
local authority (case 7) could arguably be interpreted to imply. As such, voluntariness is
seen to negatively influence the applicability of this construct to internal auditors’
motivation to adopt GAS. This may further imply that, with a change in the voluntary
status of GAS usage, social influence will have more significant influence on the range
and nature of CAATTs usage. However, this proposition could not be tested in this
setting to be certain this would be the case.
Similarly, the construct of effort expectancy in this study was not found to be a key
factor in influencing internal auditors’ motivation to adopt GAS. No interviewee reported
software ease of use as being critical to their decisions to use GAS. This may be related to
the nature of the GAS systems being used, and the fact these generic tools are well
supported by training availability, means this is implicit in the decision taken in these
cases. However, this was not specifically reported as a key factor by our interviewees. This
result contrasts with that of Curtis and Payne (2008) when using UTAUT to explore
external auditor adoption decisions for similar technologies. However, this finding is
consistent with findings from Hu et al. (1999), in their study on a physician’s acceptance of
telemedicine technology. This study found that perceived usefulness was supported in
their findings (as is likewise here), whilst perceived ease of use (i.e. effort expectancy) was
found to have no significant effect on the physician’s intention to adopt telemedicine.
A possible explanation of these findings is that internal auditors are professionals
(and therefore similar to physicians) who work within a specialised knowledge domain
and possess high levels of professional qualifications. As such the effort required to learn
these systems is not, of itself at least, a significant constraint to their use.
Further, this finding implies that the moderating variable of experience influences
the significance of effort expectancy in the adoption decisions for GAS. In this case
however, rising experience negatively impacts this construct (i.e. rising experience
decreases any impact of effort expectancy on adoption decision). As it is the case that
those making these adoption decisions are invariably leads within the Internal Audit
team, their high levels of experience may be driving this result suggesting that effort
expectancy is not significant in adoption decisions in this domain.
In addition, the description given by Succi and Walter (1999) in their study of IT
adoption decisions by knowledge workers proposed that certain characteristics of such
workers (i.e. their ability to work without supervision, the use of peer review for
evaluation of work and the underlying knowledge-oriented task that they completed) Adoption of
could arguably be similarly applied to internal audits. As in the Succi and Walter’s case, CAATTs
this could distinguish them from other IT adopters in other UTAUT studies where social
pressure and effort expectancy were found to be important and further supports the
findings reported here that internal auditors are not strongly influenced by these
motivators. The next section following seeks to draw conclusions from the results of this
study and offers practical implications of them for different audiences. 341
7. Conclusions, contributions and research implications
7.1 Conclusion
This study explores the motivating factors that contribute to successful GAS adoption by
internal auditors. It is motivated by the perhaps surprisingly limited use of CAATTs in
internal audit environments, despite a long history of availability of these tools, and strong
professional guidance that their use will aid effective completion of their various tasks.
Detailed evaluation of why this is the case does not currently exist in the literature. This
study therefore contributes to reducing this knowledge gap by examining the motivations
that underlay successful adoptions of GAS, as currently the most widely used CAATT,
looking for common factors that could be used to influence future GAS adoptions by
internal auditors. The research undertaken applies IT adoption theories, widely evidenced
in other IT adoption domains as useful to explore the nature of IT adoption strategies, to
shed light on this domain’s limited use of this technology. It does this by exploring the use
of the unified theory of IT adoption (UTAUT), as an explanatory theory. Evidence is
obtained from key individuals in ten successful GAS adoptions.
This study concluded that IT adoption theory is a useful tool to explain the
motivations leading to successful GAS adoption. Specifically, the results of this study
show that the factors (termed “constructs” in UTAUT) outlined in this literature can be
used as guidance when proposing GAS implementations as likely to aid successful
adoption of GAS in internal audit domains. In particular, the factors distilled in UTAUT
into performance expectancy and facilitating conditions were illustrated as being of
particular importance, suggesting particular emphasis should be given to these aspects
of a business case for GAS adoption in this domain. This study also illustrated however,
that the other two factors found in UTAUT, of social influence and effort expectancy,
were not as dominant in the successful adoption cases studied. This implies business
case focus associated with these factors is less likely to support wider successful GAS
adoption. While these factors may not be adequate for successful adoptions in all cases
(see limitations of this research as discussed in Section 8 below), they can be considered
to be an effective structure to use in making adoption plans for internal audit use for GAS
by organisations, or for focusing professional body or other support upon (such as by
software providers interested in this industry) to aid development in this domain.
This study also provided limited exploration of the moderating factors outlined in
UTAUT as being of partial importance in affecting the extent of impact of the factors
in successful adoption decisions. Specifically, the two proposed moderators that were
explored – voluntariness and experience – as deemed suitable for study using an
interview research based method as applied in this study. These moderators were
shown to be important in all three factors in the case of experience (positively
supporting facilitating conditions and negatively social influence and effort
expectancy) and in the factor of social influence in voluntariness’ case. This is in
MAJ keeping with the proposed relationships found in UTAUT and shown to be consistent
29,4 with prior literature in other domains.
In respect of the key research question set for this study – namely:
RQ5. To what extent do general theories of IT adoption aid in identification of
factors influencing successful GAS adoption decisions in the internal audit
domain.
342
we believe this study has demonstrated that these theories do provide useful insights
into the motivations to adopt GAS in this domain. Further study is necessary to widen
this finding and to look at the extent to which these findings remain true for other
CAATTs usage.
There are several implications that result from the findings of this research:
academic contributions to the literature in this field, implications for professional
practice and for professional bodies/industry regulators and implications for CAATTs
solution providers. Each of these is addressed further below.

7.2 Academic contributions

The present study contributes to the extension of UTAUT to a further specialised
domain; the internal audit domain (in the UK primarily but which is also, by extension,
and given the globally similar practices of this profession, arguably similarly applicable
more widely beyond the UK). Since UTAUT was introduced in 2003 (Venkatesh et al.,
2003), there have been a range of studies (Curtis and Payne, 2008; Sieber et al., 2005), that
extend the basic theory proposed for wider IT adoption domains, but none that have, as
yet, examined the CAATTs adoption decisions within the internal audit community.
This study utilised a pattern matching technique in analysing the data from a series
of interviews, and found that facts from the interviewee organisations provide support
for two of the constructs from UTAUT (performance expectancy and facilitating
conditions). This study also found that the other two UTAUT constructs (effort
expectancy and social influence), were not strongly supported. This contributes to
further explanation of the impact of certain attributes of knowledge workers previously
found by Hu et al. (1999), Succi and Walter (1999) and Bedard et al. (2002).
In respect of UTAUT’s proposed moderating factors examined in this study
(voluntariness and experience), consistent with extant literature, this study suggests
that the constructs of effort expectancy and social influence are not supported by these
cases. This appears to be the case perhaps because internal auditors are knowledge
workers operating in a voluntary decision domain when making adoption decisions on
GAS (Hu et al., 1999). A similar result is reported in Gonzalez et al. (2012) for motivations
to adopt continuous audit approaches in internal audit environments. Therefore,
the moderating variable (voluntariness) appears to negatively affect the significance
of the social influence construct that is reported as important in other IT adoption
domains.
With regards to effort expectancy, the interviewees used were GAS expert users,
as such the decision to adopt GAS was not influenced by the effort expectancy construct.
This result demonstrates the important influence of a moderating variable (experience) on
the significance of effort expectancy construct. However, correspondingly, there was no
evidence that the moderating factor of experience (as proposed by our derived UTAUT
model tested in this paper), had significant negative impact on facilitating conditions.
Where an influence exists, this appears to be positive to the extent that availability and Adoption of
effective use of training on GAS appears to aid the motivation for CAATTs’ adoption. CAATTs
This research provided an initial attempt at the application of UTAUT to IT
adoption decisions in the internal audit domain. Subsequent work is needed to
determine if similar results would also be found in a mandatory situation or with
non-expert decision makers. The use of a quantitative study in this domain would also
enable evidence to be produced on the other UTAUT proposed moderating factors 343
(namely age and gender) that were not examined in this study.

7.3 Implications for professional bodies and industry regulators

The discussion in the research findings section argued that a possible reason that social
influence was not found to be important in our model, as one of the key factors
influencing motivations to adopt GAS, is that it was not mandatory for internal auditors
to use these tools. The argument was made based on the findings from Davies and
Venkatesh (2000), where social influence on IT adoption was found to be insignificant in
other voluntary contexts, but to significantly influence adoption decisions within
mandatory settings. This could offer implications for a greater role encouraging the
employment of GAS usage for internal auditors by professional bodies, or industry
regulators, if they genuinely believe the implied importance of CAATTs’ use their
guidance currently suggests.
Even though existing standards by the IIA, IAASB and ISACA provide
recommendations and guidance on the use of GAS, the decision to use GAS in
practice remains the prerogative of the auditors. Regulators may take the view that a
stronger encouragement is going to be necessary to ensure auditors develop wider use of
GAS (e.g. as has been the case by the NAO in the government environment as discussed
in case 6). Mandating use of specific approaches is, of course, difficult to achieve in
practice, particularly in many areas less heavily centrally controlled than government
accounting, and is unlikely to be easily deliverable, as simple mandates to use these tools
are not easily enforceable nor likely to be commercial acceptable to the industry;
however, other action to push forward these tools as best practice illustrations could be
helpful in overcoming the failure of social influence to achieve this effect. This research
suggests a focus on performance expectancy and facilitating conditions development
would be fruitful rather than focus on social influence and effort expectancy messages.

8. Limitations and future research

The key goals established for this research were the identification of factors influencing
motivations for GAS adoption by our cases of internal auditors, and the application of
UTAUT has been demonstrated to have a useful role in understanding these factors
more widely. However, this research must be interpreted with full knowledge of its
various limitations.
This study is mostly conducted within one geographical area – the UK where eight
cases are analysed. Therefore, the findings may only be applicable to the economic and
regulatory environment in the UK. While two cases from Malaysia were included as
international comparators and no substantive differences were found between these
sub-samples, these clearly are inadequate to provide more than indicative data on issues
that may differ between the UK and a developing country like Malaysia, or indeed other
developed countries (e.g. USA). Future work would need to be done to extend and
MAJ replicate this study to other geographical and economic environments to provide this
29,4 wider support. A comparative study could also be conducted to identify the
relationships between different environmental influences to each of the factors identified
in the model in these different contexts (e.g. does social influence, or other factors not
present in this UTAUT based study, such as technology cost, have greater influence in
other economic and cultural contexts?).
344 It would also be informative to use UTAUT as the basis of a more wide scale
(perhaps survey based) approach to examine not only motivations amongst successful
adopters (if substantial enough cases can be found although not available for our
study) but also what limits successful adoption by exploring with non-adopters why
they do not make greater use of CAATTs. This would help create a fuller picture of
CAATTs adoption decisions.
In conclusion, despite the limitations of this research, we believe that it has
contributed to knowledge with respect to theoretical extension, practical
implementations of GAS and regulatory implications for developing wider use of
these technologies in internal auditing and supporting professional body proposals that
greater use of these technologies would aid the development of this domain.

Acknowledgements
The authors wish to acknowledge various key inputs to the development of this paper
including comments from attendees at various academic conferences in the UK, Europe
and the USA and in particular the assistance of the participants in this research and the
consulting firm who was willing to engage with this research enabling interviewees to
be identified and data to be collected.

Notes
1. The authors recognise the valuable insights that may also be gained from study of failures to
adopt GAS both to validate the proposed model of success produced by this work, and to
enable a wider focus to be developed on issues that may impact on the relative importance of
the indicated success factors. However, this did not form a part of this exploratory study.
Instead its focus is solely on what led to successful adoption to create an initial model of
adoption factors in this area. Further study of non-adopters would be useful to validate and
potentially to extend this initial model. In this study “success” is defined by the user and
therefore can differ in degrees and nature between the participants, but includes in each case
completion of a considered adoption process for at least one recognised CAATT which has
been in regular and continual use for more than one audit cycle.
2. The authors acknowledge that their validation of the UTAUT theory in this domain would
be further enhanced by a wider study that could more effectively incorporate these
moderating factors to develop the findings of our work further.
3. These questions specifically probe into the motivations to adopt CAATTs. During the
interview, there are eight other questions (i.e. 11 in total) related to implementation and
evaluation that formed the basis of the semi structured interviews. These additional eight
questions are not analysed further in this paper.
4. ACL and IDEA are the two key generalised audit software tools used in the internal audit
domain at the time of study. Their national UK user group conferences therefore represented
an ideal place to obtain expert lead cases as required for this study.
5. The consultants firm used agreed to allow the authors selected access to their client base to
seek additional expert users for our study. This firm provided the leading independent
 consulting service in internal audit use of CAATTs in the UK at the time of this study and Adoption of
therefore represented the most comprehensive user base available to supplement our
existing sources of expertise. The combined use of these three sources meant the researchers CAATTs
are likely to have access to many of the key GAS users in internal audit functions in the UK
at the time of this study.
6. While significant GAS use may reasonably be thought to be the case at the ACL and IDEA
events where it would be expected users of this software would be in the majority, there was 345
no evidence of these users also making much significant wider use of CAATTs, despite
having converted their audit methodologies to GAS use. The same results were found
amongst the more general pool of users sourced through the consultant’s client base
confirming the lack of wider CAATTs usage at the time of this study.
7. Further information about the reason for adoption was obtained through our analysis of
internal documents provided to the authors by case 9 interviewee. Improved performance of
data interrogation was expected in terms of the ability to identify inaccurate or problematic
accounting data. Internal auditors were expected to meet demand for quick, accurate and
dependable reporting of such problems through data interrogation.

References
Abu Shanab, E. and Pearson, J.M. (2007), “Internet banking in Jordan: the unified theory of
acceptance and use of technology (UTAUT) perspective”, Journal of Systems and
Information Technology, Vol. 9 No. 1, pp. 78-97.
Aidi, A. and Kent, S. (2013), “The utilisation of generalised audit software (GAS) by external
auditors”, Managerial Auditing Journal, Vol. 28 No. 2, pp. 88-113.
Anderson, J.E. and Schwager, P.H. (2004), “SME adoption of wireless LAN technology: applying
the UTAUT model”, Proceedings of Seventh Annual Conference of the Southern
Association for Information Systems (SAIS), USA.
Bedard, J., Ettredge, M., Jackson, C. and Johnstone, M. (2002), “The effect of technological
knowledge and task knowledge on professional user acceptance of an electronic work
system”, working paper, Northeastern University, Boston, MA.
Bedard, J.C. and Graham, L.E. (2002), “The effects of decision aid orientation on risk factor
identification and audit test planning”, Auditing: A Journal of Practice & Theory, Vol. 21
No. 2, pp. 39-56.
Bedard, J.C., Jackson, C., Ettredge, M.L. and Johnstone, M.K. (2003), “The effect of training on
auditors’ acceptance of an electronic work system”, International Journal of Accounting
Information Systems, Vol. 4 No. 4, pp. 227-250.
Bhattacherjee, A. (2000), “Acceptance of e-commerce services: the case of electronic brokerages”,
IEEE Transactions on Systems, Man, and Cybernetics – Part A: Systems and Humans,
Vol. 30 No. 4, pp. 411-420.
Braun, R.L. and Davis, H.E. (2003), “Computer-assisted audit tools and techniques: analysis and
perspectives”, Managerial Auditing Journal, Vol. 18 No. 9, pp. 725-731.
CICA (1994), The Application of CAATTS Using Microcomputers Research Report,
The Canadian Institute of Chartered Accountants, Toronto.
Curtis, M.B. and Payne, E.A. (2008), “An examination of contextual factors and individual
characteristics affecting technology implementation decisions in auditing”, International
Journal of Accounting Information Systems, Vol. 9 No. 2, pp. 104-121.
Davies, F.D. and Venkatesh, V. (2000), “A theoretical extension of the technology acceptance
model: four longitudinal field studies”, Management Science, Vol. 46 No. 2, pp. 186-204.
MAJ Davis, F.D. (1989), “Perceived usefulness, perceived ease of use, and user acceptance of
information technology”, MIS Quarterly, Vol. 13, pp. 319-339.
29,4 Debreceny, R., Lee, S., Neo, W. and Toh, J.S. (2005), “Employing generalized audit software in the
financial services sector”, Managerial Auditing Journal, Vol. 20 No. 6, pp. 605-619.
Dowling, C.S. and Leech, S. (2007), “Audit support systems and decision aids: current practice
and opportunities for future research”, International Journal of Accounting Information
346 Systems, Vol. 8 No. 2, pp. 92-116.
Gonzalez, G.C., Sharma, P.N. and Galletta, D.F. (2012), “The antecedents of the use of continuous
auditing in the internal auditing context”, International Journal of Accounting Information
Systems, Vol. 13 No. 3, pp. 248-262.
Grand, C.L. (2001a), Use of Computer-Assisted Audit Tools and Technique (CAATTs) Part 1,
Vol. 4, IT Audit, The Institute of Internal Auditor, October 1, available at: www.theiia.org/
itaudit/index.cfm?fuseaction¼forum&fid¼320
Grand, C.L. (2001b), Use of Computer-Assisted Audit Tools and Technique (CAATTs) Part 2,
Vol. 4, IT Audit, The Institute of Internal Auditor, October 15, available at: www.theiia.
org/itaudit/index.cfm?fuseaction¼forum&fid¼380
Gray, G.L. (2006), “An array of technology tools: a broad mix of spreadsheet and audit-specific
products enables auditors to take on many different tasks, according to the 2006 internal
auditor software survey”, Internal Auditor, Vol. 63 No. 4, pp. 56-62.
Hall, J. (2012), Information Technology Auditing, International edition, 3rd ed., Cengage,
Mason, OH.
Hennington, A.H. and Janz, B.D. (2007), “Information systems and healthcare XVI: physician
adoption of electronic medical records: applying the UTAUT model in a healthcare
context”, Communications of the Association for Information Systems, Vol. 19 No. 5,
pp. 60-80.
Hu, P., Chan, P.Y.K., Liu, S.O.R. and Tam, K.Y. (1999), “Examining the technology acceptance
model using physician acceptance of telemedicine technology”, Journal of Management
Information System, Vol. 16 No. 2, pp. 91-112.
Huang, S.-M., Hung, Y.-C. and Tsao, H.-H. (2008), “Examining the determinants of
computer-assisted audits techniques acceptance from internal auditors viewpoints”,
International Journal of Services and Standards, Vol. 4 No. 4, pp. 377-392.
Hudson, M.E. (1998), “CAATTs and compliance”, Internal Auditor, Vol. 55 No. 2, pp. 25-27.
IIA (UK) (2003), Internal Audit Automation Survey, The Institute of Internal Auditor UK and
Ireland, London.
ISACA (1999), IS Auditing Guideline, Use of Computer Assisted Audit Technique (CAATs),
Information Systems Audit and Control Association, Houston, TX.
Javnrin, D., Lowe, J.L. and Bierstaker, J. (2009), “Auditor acceptance of computer-assisted audit
techniques”, paper presented at American Accounting Association Auditing Section
Mid-Year Meeting, St Petersberg, FL, January 15-17.
Javnrin, D.J.B., Bierstaker, J. and Lowe, J.L. (2008), “An examination of audit information
technology use and perceived importance”, Accounting Horizons, Vol. 22, pp. 1-21.
Karahanna, E., Straub, D.W. and Chervany, N.L. (1999), “IT adoption across time”,
MIS Quarterly, Vol. 23 No. 2, pp. 183-213.
Kim, H.J., Mannino, M. and Nieschwietz, R.J. (2009), “Information technology acceptance in the
internal audit profession: impact of technology features and complexity”, International
Journal of Accounting Information Systems, Vol. 10 No. 4, pp. 214-228.
Neuron, B. (2003), “SAS 94: issues and opportunities”, InfoTech Update, Vol. 12 No. 1.
Paukowits, F. (2000), “Bridging CAATTS and risk”, Internal Auditor, Vol. 57 No. 2, p. 27. Adoption of
Pogrob, K.R. and Isenberg, G. (1999), “Accountants corner: auditing in a paperless society”, CAATTs
The Secured Lender, Vol. 55 No. 7, p. 126.
Rahim, M. (2008), “Identifying factors affecting acceptance of e-procurement systems: an initial
qualitative study at an Australian City Council”, Communications of IBIMA, Vol. 3, pp. 17-78.
Ramamoorthi, W. (2004), The Pervasive Impact of Information Technology on Internal Auditing,
Chapter 9, Institute of Internal Auditors Inc., Altamonte Springs, FL. 347
Salierno, D. (2001), “Tools of the trade”, The Internal Auditor, Vol. 58 No. 4, pp. 32-34.
Schafer, B.A. and Eining, M. (2002), “Auditor’s adoption of technology: a study of domain experts”,
paper presented at American Accounting Association Annual Meeting, San Diego, CA.
Sieber, S., Valor, J. and Miralles, F. (2005), “CIO herds and user gangs in the adoption of open
source software”, IESE working paper series.
Singleton, T. and Flesher, D.L. (2003), “A 25 years retrospective on the IIA’s SAC project”,
Managerial Auditing Journal, Vol. 18 No. 1, pp. 39-53.
Stoel, D., Havelka, D. and Merhout, J.W. (2012), “An analysis of attributes that impact
information technology audit quality: a study of IT and financial audit practitioners”,
International Journal of Accounting Information Systems, Vol. 13 No. 1, pp. 60-79.
Succi, M.J. and Walter, Z.D. (1999), “Theory of user acceptance of information technologies:
an examination of health care professionals”, Proceedings of the 32nd Hawaii International
Conference on System Sciences (HICSS), pp. 1-7.
Venkatesh, V. (2000), “Determinants of perceived ease of use: integrating control, intrinsic
motivation, and emotion into the technology acceptance model”, Journal of Information
Systems Research, Vol. 11 No. 4, pp. 342-365.
Venkatesh, V. and Davis, F.D. (2000), “A theoretical extension of the technology acceptance
model: four longitudinal field studies”, Management Science, Vol. 46 No. 2, pp. 186-204.
Venkatesh, V., Morris, M., Davis, G. and Davis, F. (2003), “User acceptance of information
technology: toward a unified view”, MIS Quarterly, Vol. 27 No. 3, pp. 425-478.
Yin, R. (2003), Case Study Research: Designs and Methods, Sage, Newbury Park, CA.

Further reading
Davis, F.D., Bagozzi, R.P. and Warshaw, P.R. (1989), “User acceptance of computer technology:
a comparison of two theoretical models”, Management Science, Vol. 35, pp. 982-1002.
Paukowits, F. (1998), “Mainstreaming CAATTS”, Internal Auditor, Vol. 55 No. 1, p. 19.

About the authors

Nurmazilah Mahzan is a Senior Lecturer in Faculty of Business and Accountancy, University
Malaya. Her research areas are auditing, financial reporting and corporate governance.
Nurmazilah Mahzan is the corresponding author and can be contacted at: nurmazilah@um.edu.my
Andy Lymer is a Professor of accounting and taxation at Birmingham Business School,
The University of Birmingham. He researches in the use of technology in financial reporting and
auditing, and in all aspects of taxation.
(The Appendix follows overleaf.)

To purchase reprints of this article please e-mail: reprints@emeraldinsight.com

Or visit our web site for further details: www.emeraldinsight.com/reprints
 29,4

348
MAJ

response
Table AI.
Summary of general
Appendix

Case number General response on motivation to adopt CAATTs

1 “The Head of Internal audit decided that ACL should be used by the audit function. He himself has had more than 15 years
experience in using ACL. I was employed to champion the adoption of ACL and during the trial period I have to provide
proofs on the benefits of using ACL. I presented to them cost savings on Insurance Claims that can be produced through
data interrogation using ACL. The management are happy with the benefits derived from ACL and approved the adoption
of ACL”
2 “The company adopted CAATTs initially due to occurrence of computer fraud, which was also the reason for the establishment of
the internal audit function. Main emphasis then is to check computer controls. The task was carried out by a computer auditor who
has an in-depth knowledge of computers. At the beginning, IDEA was mainly used by computer auditors. Later, IDEA is also
adopted by the management to check data accuracy”
3 “ACL has been adopted for the past 3 years. One of the main factors to adopt CAATTs was the benefit that could be derived
from CAATTs usage such as increased coverage. Apart from that, it also makes more sense to use audit software to audit
data that is available electronically”
4 “In this organisation, we have been using CAATTs for more than 5 years. The IT Auditors drove the usage. The reason for
adoption was mainly due to electrification of data processing in the organisation. It is much easier to audit data in electronic
form by using IT tools. IDEA is mainly used to audit the financial system run using SAP R3. We also think that when the
legacy system is moved to a higher technology then auditors need to use tools to be more efficient in their audits. For
example, it is easier to do random sampling using IDEA when the data is available electronically”
5 “The adoption of IDEA is due to benefits that can be derived from the software. Those benefits are an increased level of
assurance, improved quality of audit and increase coverage of the tests. In fact the usage of CAATTs makes it possible to
perform 100% coverage”
6 “The decision to buy was driven by the belief that the audit software would improve the efficiency of the audit team. The
team started to use ACL for fraud investigations, which were to compare Housing Benefit data with Payroll data. The
results were good and the management was satisfied with it. Subsequently ACL was used for data matching and to find
exceptions in reports”
(continued)
Case number General response on motivation to adopt CAATTs

7 “Throughout my experience in providing audit automation solution to internal auditors, I found that there are few factors that
motivate adoption of audit software. One of the most important motivations would be to fulfil compliance requirements such as
Sarbanes Oxley. In the absence of such regulation, the motivation may not be strong enough”
8 “The organisation has adopted a fully computerised system, therefore it is more efficient to conduct the audit using CAATTs. It
enables a wider scope and coverage of the audit. The facilities and functions in ACL are powerful and those tests are not able to be
carried out manually”
9 “Historically we started to use CAATTS when the external auditors requested for data interrogation to be carried out on a
particular area. When the organisation shifted to a PC based environment, we then looked for CAATTs solution that is
compatible with PCs. First, we used ACL to perform data interrogation as well as data extraction. The usage further
expanded into data analysis for internal purposes. Later, the organisation decided to use IDEA as audit tools because we
found that the software is extremely powerful if it is properly utilised
Continued and expanding usage of CAATTs is due to fast processing as well as unlimited audit coverage that is possible when
conducting the tests. Usage of IDEA has also enabled us to perform a few tests that can’t be performed manually due to volume of
data. The ability of the software to analyse, interrogate and extract data is also recognised by business units other than internal
audit. For instance, the Purchase Order Processing Function use IDEA in order to generate reports on duplicate payments.”
10 “We decided to use CAATTs to be able to deliver extra value-added audit service for the organisation. We know that
CAATTs has capabilities of performing data extraction and analysis that cannot be done manually”
CAATTs

Table AI.
349
Adoption of