Professional Documents
Culture Documents
Mah Zan 2014
Mah Zan 2014
www.emeraldinsight.com/0268-6902.htm
Adoption of
Examining the adoption CAATTs
of computer-assisted audit tools
and techniques
327
Cases of generalized audit software use
by internal auditors
Nurmazilah Mahzan
Department of Accounting, Faculty of Business and Accountancy,
University of Malaya, Kuala Lumpur, Malaysia, and
Andy Lymer
Department of Accounting and Finance, Birmingham Business School,
University of Birmingham, Birmingham, UK
Abstract
Purpose – The use of computer-assisted audit techniques and tools (CAATTs) is a part of many
professionally recommended audit procedures. This paper aims to argue that obtaining a better
understanding of the factors underlying successful CAATTs adoptions would be helpful to aid wider
development of these technologies in internal audit functions.
Design/methodology/approach – To help develop the understanding of the factors that lead to
successful adoption of GAS, this paper uses current theories that are seeking to better explain the various
elements that constitute IT adoption processes. In particular, it makes use the “Unified Theory of
Acceptance and Use of Technology” (UTAUT). UTAUT is used to structure the analysis of ten
semi-structured, qualitative, interviews of key decision-makers in adoptions of CAATTS in internal audit
functions in exploring the key factors that drove the successful adoption of these IT technologies. The most
widely used CAATTs tools available to internal auditors is currently GAS. This study specifically focuses
on GAS tools.
Findings – This paper explores the successful adoption of GAS in ten cases to draw out the general
factors that appear to be essential elements that lead to successful adoptions. From this basis, the
paper proposes an initial model, built on existing theories of IT adoption more generally, as a
theoretical basis for GAS adoption by decision-makers in an internal audit setting to better understand
what may be essential factors to their adoption decisions to be likewise successful. Results suggest
that two constructs from UTAUT (performance expectancy and facilitating conditions) appear to be
particularly important factors influencing successful adoptions of GAS in this domain. However, the
UTAUT constructs of social influence and effort expectancy are not found by this study to be as
important in this specific IT adoption domain. UTAUT also proposes four moderating factors that
influence the constructs. This paper explores two of these moderators – experience and voluntariness
– and shows that both are keys to the constructs application to this domain.
Originality/value – The paper examines the motivation for CAATTs adoption by internal auditors
using the UTAUT framework commonly used in information system research but not so to date in this
domain where there is professional guidance suggesting wider use of technology should be made
compared to actual usage.
Keywords UTAUT, Gas, CAATTs, Internal audit Managerial Auditing Journal
Vol. 29 No. 4, 2014
Paper type Research paper pp. 327-349
q Emerald Group Publishing Limited
0268-6902
JEL classification – M42 DOI 10.1108/MAJ-05-2013-0877
MAJ 1. Introduction and motivation
29,4 Computer assisted audit tools and techniques (CAATTs) can be used by an auditor
(external or internal) as part of their audit procedures to process data of audit
significance contained in an entity’s information systems (Singleton and Flesher, 2003).
Literature (Grand, 2001a, b; Braun and Davis, 2003) has shown that the types of
CAATTs embraced by auditors include the following groups: electronic working
328 papers, fraud detection, general audit software (GAS) (for supporting tasks such as
information retrieval and analysis), network security testing, continuous monitoring,
audit reporting, databases of audit history, computer-based training, electronic
commerce and internet security.
The focus of this paper is on usage of GAS because it is the primary CAATT in use by
internal auditors (Hall, 2012; Kim et al., 2009; IIA UK, 2003; Gray, 2006). The usage of
GAS has evolved over time, due in large part to the proliferation of information
technology usage in the businesses auditors are working within, necessitating some
degree of automation (Ramamoorthi, 2004). However, prior evidence in the literature has
suggested that the pace of growth and the extent of use of these tools has not kept up
with the developments of the underlying businesses they audit (Ramamoorthi, 2004). As
such, an interesting research question arises as to why internal audit use of GAS remains
limited. This paper seeks to explore this question.
There is limited research that studies the behavioural aspects of IT adoption by
external auditors (Bedard et al., 2002; Schafer and Eining, 2002; Braun and Davis, 2003;
Debreceny et al., 2005; Dowling and Leech, 2007; Curtis and Payne, 2008; Javnrin et al.,
2008; Stoel et al., 2012; Aidi and Kent, 2013). However, at the time of undertaking this
study, almost no work looked at its adoption by internal auditors (Huang et al., 2008;
Kim et al., 2009; Gonzalez et al., 2012). The adoption of IT generally has been a
well-studied domain and there are several IT adoption theories that have been developed
and applied across a variety of non-audit related fields (key examples of this literature
include; Davis, 1989; Hu et al., 1999; Karahanna et al., 1999; Venkatesh, 2000;
Bhattacherjee, 2000).
The key objective of this study is therefore to examine the factors that lead to
successful GAS adoption in the cases chosen. This exploratory study examines those
that have become successful adopters of this technology. This enables the focus to be
on what has led to successful adoption for this subset of CAATTs use to seek to draw
out common factors that could be more widely applicable as best practice in adoption
decision making that seeks to match GAS use to perceived needs in other internal audit
settings[1]. In exploring this objective, this examination is undertaken using a theory
testing approach based on the use of wider academic literature on IT adoption from
other domains.
The results of this study can be used by internal auditors, regulators and software
providers in helping them to better understand how the context and processes
associated with adoption decisions can help, or hinder, successful implementation of
GAS in internal audit. In order to achieve the research objective set, the key research
question addressed by this paper is:
RQ1. To what extent do general theories of IT adoption aid in identification of
factors influencing successful GAS adoption decisions in the internal audit
domain.
The key contributions of this paper are: Adoption of
.
the testing of current IT adoption theory in explaining the successful adoption of CAATTs
GASs for selected internal audit settings;
.
an academic contribution to better understanding of GASs’ use in the UK by
internal auditors (and, by extension, to other countries who have similar internal
audit domains), where previously only limited professional body surveys have
been generally available;
329
.
offering specific research outcomes to support future guidance by professional
bodies on adoption decisions for the use of GASs in internal audit domains; and
.
provision of a theoretical foundation for development of a testable model to support
adoption and successful implementation of GASs in an internal audit setting.
This paper is organised as follows. In the next section, the prior literature highlighting the
reasons for GASs’ adoption and use is reviewed. The following section discusses the
justification for the application of the wider IT adoption theories to aid understanding of
the success factors for GASs’ adoption. Section 3 then explains the theoretical framework
used in this paper (i.e. Unified Theory of Adoption and Use of Technology (UTAUT)).
Section 4 elaborates on the application of the constructs from UTAUT used to explore
adoption success factors. Section 5 details the qualitative work undertaken to apply this
model to GAS adoptions, using a series of interviews with key personnel in business and
public sector entities who are successful users of GASs in the UK and Malaysia. Results
from these interviews are explored in Section 6. Section 7 offers some conclusions and
implications for this research before the final section discusses limitations of this work.
2. Literature review
2.1 Academic literature
The research literature on information technology audit (IT audit) is fairly extensive;
however, little attention in this literature has been given to CAATTs adoption factors.
To take one example, Stoel et al. (2012) look into factors influencing the quality of IT
Audit resulting from use of support tools, but does not address the adoption factors of
CAATTs by auditors. Several studies have been conducted into CAATTs’ development
and application by auditors. This has particularly however, been applied to their use by
external auditors (Bedard and Graham, 2002; Bedard et al., 2002; Javnrin et al., 2008; Aidi
and Kent, 2013). These include several documented cases showing why CAATTs were
adopted in particular external audit situations (Debreceny et al., 2005; Neuron, 2003;
Paukowits, 2000; Hudson, 1998). Only limited studies of these decisions in an internal
audit setting exist (Huang et al., 2008; Kim et al., 2009; Gonzalez et al., 2012).
A small number of recent studies on technology adoption by auditors have applied IT
adoption theories used in the information systems adoption literature to explore the
various factors that influence adoption in this domain (Kim et al., 2009; Huang et al., 2008;
Curtis and Payne, 2008; Gonzalez et al., 2012). Kim et al. (2009) looked at technology use
by internal auditors and used the technology acceptance model (TAM) (a precursor
model to UTAUT) in their study. In this case the basic TAM was extended to include a
variety of potential external influencing factors split into organizational, social and
individual factors and particularly introduced technology complexity into the usage
decision likelihood. Kim et al. (2009) found support for the use of the TAM to explain
MAJ dimensions of system usage, perceived usefulness and perceived ease of use and report
29,4 some impact of organizational and individual factors. They report a lack of social
influence however, as an explanatory factor in this domain, unlike that found in other IT
adoption domains. They found that as the complexity of the technology at hand (i.e. more
advanced CAATTs) grew, its use to aid the audit review decreased. This finding
supports the evidence that GAS, as a relatively simple CAATT, is more widely used in
330 practice than more advanced CAATTs. Huang et al. (2008) review internal audit
CAATTs acceptance, also based on an extended TAM where organisational support
and system quality factors were added to the base model. This research found strong
support for their extended TAM in explaining adoption decisions by internal auditors
based on a survey conducted of 117 internal auditors in Taiwan.
Curtis and Payne (2008) applied the same base IT adoption theory applied in this paper
(UTAUT) to the CAATTs decisions made by external financial auditors in this case on
their intention to adopt substantive testing software. The base UTAUT model was also
extended in this study to include contextual factors and individual characteristics that
they posited may add explanatory power to the base model in this context. They made
use of a similar experimental instrument to that used in the original work on this theory
by Venkatesh et al. (2003) and applied it to 70 in-charge financial auditors. They report
UTAUT to be a valid model to study audit technology adoption decisions and found
support for their extensions to the base model in this particular domain.
Gonzalez et al. (2012) also used UTAUT in their study on intention to adopt
continuous auditing and found that this model explains a substantial amount of
variance in the intentions of internal auditors, albeit in a different context to CAATTs
adoption decisions. Their result showed that perceptions of effort expectancy and social
influence are significant predictors of internal auditors’ intentions to use continuous
auditing, while performance expectancy and facilitating conditions are not supported.
Therefore, no academic work to date directly addresses the use of GAS by internal
auditors using the UTAUT model that is now accepted as the base IT adoption model for
IT adoption decisions. This paper addresses this gap, building on the prior literature
using TAM, as outlined above, to extend our understanding of the GAS adoption
decisions made by internal auditors that led to successful implementations in an attempt
to provide a forward looking understanding to aid future decisions by internal auditors
in considering use of this technology in their own organisations.
In addition, Venkatesh et al. (2003), illustrated that these four major constructs can be
influenced by four key “moderators”: gender, age, voluntariness (the extent to which
the adoption choice is one over which the chooser has power to reject) and experience
(novice v expert in the choice domain).
The proposed theory (UTAUT), was empirically validated using data from
individuals in four organisations over a six-month period, and was found to outperform
each of the eight individual models in explaining adoption activity for various
technologies (Venkatesh et al., 2003). Subsequently, the UTAUT model has been applied
Performance
Expectancy (PE)
Social Influence
(SI)
Facilitating
Figure 1. Conditions (FC)
Unified Theory of Voluntariness
Acceptance and Use Gender Age Experience to use
of Technology
Source: Venkatesh et al. (2003)
in various other domains such as internet marketing (Abu Shanab and Pearson, 2007) as Adoption of
well as healthcare (Hennington and Janz, 2007). However, in this study, we focus on the CAATTs
individual adoption decision making process, rather than the organisational context, as
the adoption decision for CAATTs use is typically made by an individual who leads an
internal audit department.
Figure 2 illustrates the theoretical view in this research derived from the UTAUT
model. In comparison to the original UTAUT model, the moderating factors (age and 333
gender) are not fully explored as this study focuses instead on the assessment of the
potential of the four constructs for explaining successful adoption decisions in this
domain[2]. However, the moderators of experience and voluntariness are given some
exposure in the approach adopted in this paper as the adopted research methodology
does allow for some, albeit incomplete, exploration of these factors. Further, behavioural
intention and actual usage in the original UTAUT are replaced with motivation and
successful CAATTs’ adoption to make this model specific to the internal audit domain.
The next section develops these four constructs further in the context of this study,
followed by further exploration of the moderators used in this study in the following
section.
PE
EE
Successful
Figure 2.
Motivation CAATTs’
FC Theoretical view
Adoption
of studying motivation
for successful
SI CAATTs’ adoption
Experience Voluntariness
MAJ 4.2 Effort expectancy
29,4 UTAUT’s effort expectancy construct addresses perceived ease of use UTAUT
suggests that there is a direct (positive) effect of perceived ease of use via effort
expectancy on behavioural intention (Venkatesh et al., 2003). All other things being
equal, UTAUT would suggest therefore that there is a higher likelihood that internal
auditors would adopt CAATTs when they are easy to use and they do not have to
334 undergo a difficult learning curve to make use of them.
Despite apparent support for this construct in UTAUT, Hu et al. (1999) concluded
from their study that amongst knowledge workers, no amount of ease of use would
compensate for their low perception of a system’s usefulness. Their investigation of a
physician’s acceptance of telemedicine revealed that as the level of knowledge of
professionals differs significantly from other subjects of prior research (students,
clerical staff, etc.), then their ability to assimilate new technology would be quicker
(Hu et al., 1999). Therefore, ease of use was found to have no significant effect on attitude
and perceived usefulness in the Hu study of technology adoption.
However, Bedard et al. (2002), in looking more directly at auditors as knowledge
professionals, found otherwise. Their results showed that ease of use perceptions were,
in fact, important among a group of highly experienced auditors, thus potentially
supporting the use of this construct in the modelling of technology adoption by auditors.
Bedard et al.’s research examined the effect of technological and task knowledge on the
basic TAM relationships. The positive relationship between task knowledge and ease of
use implies that, even individuals with requisite computer skills, may consider a system
difficult to use if they are uncertain about their proficiency with tasks that need to be
performed using the system. In later research, Bedard et al. (2003), found that the
perception of ease of use can be shifted with training. Therefore, in this study, the effect
of ease of use and training on CAATTs’ adoption by internal auditors is examined in
seeking confirmation of their applicability to an internal auditor’s adoption decision.
6. Research findings
6.1 General findings
In the Appendix we present a summary of responses received from each case outlining
each of the factors the interviewees provided as the motivations for CAATTs’ adoption
in their specific circumstances. Despite the range of possible CAATTs that could be used
in practice by these cases, the types of CAATTs focused upon across our cases were
exclusively limited to GAS applications (Debreceny et al., 2005), as such no evidence was
therefore available related to successful adoption of other CAATTs[6]. This is, in itself,
an interesting discovery suggesting that, whilst significant commentary on the potential
for other CAATTs usage exists in professional guidance, this, of itself, has been
ineffective in producing substantive wider exploitation of anything other than the use of
GAS, even in cases where successful GAS adoptions have occurred and therefore may be
considered to have offered favourable contexts for further developments to have been
used. Further study is required to explore this finding in more detail. As this paper is
exploring the motivation to adopt from successful cases of CAATTs’ adoption,
we therefore focus our following analysis on GAS applications specifically.
In broad terms, selected key quotes from the analysis of each interviewee’s
comments (the Appendix) indicates that GAS adoption is primarily driven by the
adoption decision maker’s perception of the benefits that will be derived from GAS
usage in the internal auditing process. There are several specific benefits that can be
classified within the performance expectancy category identified from the cases which
include cost savings (case 1), greater audit coverage (cases 3, 5 and 8), increased audit
quality (case 5) and faster processing time (case 9).
Detailed analysis of the cross case tabulated data demonstrated that the key words
described the first three constructs of performance expectancy (supported mainly by
use of keywords describing benefits), and facilitating conditions (supported by
keywords describing the availability of CAATTs’ expertise and support from
management). However, the findings do not appear to strongly support the existence of
social influence and effort expectancy. The keywords from the cases did not match the
MAJ description of these two constructs as defined above. This is likely to indicate that, for
29,4 these successful adoption cases at least, these constructs of effort expectancy and
social influence were not key factors influencing motivation to adopt GAS. These
results are analysed further in the following discussion.
Acknowledgements
The authors wish to acknowledge various key inputs to the development of this paper
including comments from attendees at various academic conferences in the UK, Europe
and the USA and in particular the assistance of the participants in this research and the
consulting firm who was willing to engage with this research enabling interviewees to
be identified and data to be collected.
Notes
1. The authors recognise the valuable insights that may also be gained from study of failures to
adopt GAS both to validate the proposed model of success produced by this work, and to
enable a wider focus to be developed on issues that may impact on the relative importance of
the indicated success factors. However, this did not form a part of this exploratory study.
Instead its focus is solely on what led to successful adoption to create an initial model of
adoption factors in this area. Further study of non-adopters would be useful to validate and
potentially to extend this initial model. In this study “success” is defined by the user and
therefore can differ in degrees and nature between the participants, but includes in each case
completion of a considered adoption process for at least one recognised CAATT which has
been in regular and continual use for more than one audit cycle.
2. The authors acknowledge that their validation of the UTAUT theory in this domain would
be further enhanced by a wider study that could more effectively incorporate these
moderating factors to develop the findings of our work further.
3. These questions specifically probe into the motivations to adopt CAATTs. During the
interview, there are eight other questions (i.e. 11 in total) related to implementation and
evaluation that formed the basis of the semi structured interviews. These additional eight
questions are not analysed further in this paper.
4. ACL and IDEA are the two key generalised audit software tools used in the internal audit
domain at the time of study. Their national UK user group conferences therefore represented
an ideal place to obtain expert lead cases as required for this study.
5. The consultants firm used agreed to allow the authors selected access to their client base to
seek additional expert users for our study. This firm provided the leading independent
consulting service in internal audit use of CAATTs in the UK at the time of this study and Adoption of
therefore represented the most comprehensive user base available to supplement our
existing sources of expertise. The combined use of these three sources meant the researchers CAATTs
are likely to have access to many of the key GAS users in internal audit functions in the UK
at the time of this study.
6. While significant GAS use may reasonably be thought to be the case at the ACL and IDEA
events where it would be expected users of this software would be in the majority, there was 345
no evidence of these users also making much significant wider use of CAATTs, despite
having converted their audit methodologies to GAS use. The same results were found
amongst the more general pool of users sourced through the consultant’s client base
confirming the lack of wider CAATTs usage at the time of this study.
7. Further information about the reason for adoption was obtained through our analysis of
internal documents provided to the authors by case 9 interviewee. Improved performance of
data interrogation was expected in terms of the ability to identify inaccurate or problematic
accounting data. Internal auditors were expected to meet demand for quick, accurate and
dependable reporting of such problems through data interrogation.
References
Abu Shanab, E. and Pearson, J.M. (2007), “Internet banking in Jordan: the unified theory of
acceptance and use of technology (UTAUT) perspective”, Journal of Systems and
Information Technology, Vol. 9 No. 1, pp. 78-97.
Aidi, A. and Kent, S. (2013), “The utilisation of generalised audit software (GAS) by external
auditors”, Managerial Auditing Journal, Vol. 28 No. 2, pp. 88-113.
Anderson, J.E. and Schwager, P.H. (2004), “SME adoption of wireless LAN technology: applying
the UTAUT model”, Proceedings of Seventh Annual Conference of the Southern
Association for Information Systems (SAIS), USA.
Bedard, J., Ettredge, M., Jackson, C. and Johnstone, M. (2002), “The effect of technological
knowledge and task knowledge on professional user acceptance of an electronic work
system”, working paper, Northeastern University, Boston, MA.
Bedard, J.C. and Graham, L.E. (2002), “The effects of decision aid orientation on risk factor
identification and audit test planning”, Auditing: A Journal of Practice & Theory, Vol. 21
No. 2, pp. 39-56.
Bedard, J.C., Jackson, C., Ettredge, M.L. and Johnstone, M.K. (2003), “The effect of training on
auditors’ acceptance of an electronic work system”, International Journal of Accounting
Information Systems, Vol. 4 No. 4, pp. 227-250.
Bhattacherjee, A. (2000), “Acceptance of e-commerce services: the case of electronic brokerages”,
IEEE Transactions on Systems, Man, and Cybernetics – Part A: Systems and Humans,
Vol. 30 No. 4, pp. 411-420.
Braun, R.L. and Davis, H.E. (2003), “Computer-assisted audit tools and techniques: analysis and
perspectives”, Managerial Auditing Journal, Vol. 18 No. 9, pp. 725-731.
CICA (1994), The Application of CAATTS Using Microcomputers Research Report,
The Canadian Institute of Chartered Accountants, Toronto.
Curtis, M.B. and Payne, E.A. (2008), “An examination of contextual factors and individual
characteristics affecting technology implementation decisions in auditing”, International
Journal of Accounting Information Systems, Vol. 9 No. 2, pp. 104-121.
Davies, F.D. and Venkatesh, V. (2000), “A theoretical extension of the technology acceptance
model: four longitudinal field studies”, Management Science, Vol. 46 No. 2, pp. 186-204.
MAJ Davis, F.D. (1989), “Perceived usefulness, perceived ease of use, and user acceptance of
information technology”, MIS Quarterly, Vol. 13, pp. 319-339.
29,4 Debreceny, R., Lee, S., Neo, W. and Toh, J.S. (2005), “Employing generalized audit software in the
financial services sector”, Managerial Auditing Journal, Vol. 20 No. 6, pp. 605-619.
Dowling, C.S. and Leech, S. (2007), “Audit support systems and decision aids: current practice
and opportunities for future research”, International Journal of Accounting Information
346 Systems, Vol. 8 No. 2, pp. 92-116.
Gonzalez, G.C., Sharma, P.N. and Galletta, D.F. (2012), “The antecedents of the use of continuous
auditing in the internal auditing context”, International Journal of Accounting Information
Systems, Vol. 13 No. 3, pp. 248-262.
Grand, C.L. (2001a), Use of Computer-Assisted Audit Tools and Technique (CAATTs) Part 1,
Vol. 4, IT Audit, The Institute of Internal Auditor, October 1, available at: www.theiia.org/
itaudit/index.cfm?fuseaction¼forum&fid¼320
Grand, C.L. (2001b), Use of Computer-Assisted Audit Tools and Technique (CAATTs) Part 2,
Vol. 4, IT Audit, The Institute of Internal Auditor, October 15, available at: www.theiia.
org/itaudit/index.cfm?fuseaction¼forum&fid¼380
Gray, G.L. (2006), “An array of technology tools: a broad mix of spreadsheet and audit-specific
products enables auditors to take on many different tasks, according to the 2006 internal
auditor software survey”, Internal Auditor, Vol. 63 No. 4, pp. 56-62.
Hall, J. (2012), Information Technology Auditing, International edition, 3rd ed., Cengage,
Mason, OH.
Hennington, A.H. and Janz, B.D. (2007), “Information systems and healthcare XVI: physician
adoption of electronic medical records: applying the UTAUT model in a healthcare
context”, Communications of the Association for Information Systems, Vol. 19 No. 5,
pp. 60-80.
Hu, P., Chan, P.Y.K., Liu, S.O.R. and Tam, K.Y. (1999), “Examining the technology acceptance
model using physician acceptance of telemedicine technology”, Journal of Management
Information System, Vol. 16 No. 2, pp. 91-112.
Huang, S.-M., Hung, Y.-C. and Tsao, H.-H. (2008), “Examining the determinants of
computer-assisted audits techniques acceptance from internal auditors viewpoints”,
International Journal of Services and Standards, Vol. 4 No. 4, pp. 377-392.
Hudson, M.E. (1998), “CAATTs and compliance”, Internal Auditor, Vol. 55 No. 2, pp. 25-27.
IIA (UK) (2003), Internal Audit Automation Survey, The Institute of Internal Auditor UK and
Ireland, London.
ISACA (1999), IS Auditing Guideline, Use of Computer Assisted Audit Technique (CAATs),
Information Systems Audit and Control Association, Houston, TX.
Javnrin, D., Lowe, J.L. and Bierstaker, J. (2009), “Auditor acceptance of computer-assisted audit
techniques”, paper presented at American Accounting Association Auditing Section
Mid-Year Meeting, St Petersberg, FL, January 15-17.
Javnrin, D.J.B., Bierstaker, J. and Lowe, J.L. (2008), “An examination of audit information
technology use and perceived importance”, Accounting Horizons, Vol. 22, pp. 1-21.
Karahanna, E., Straub, D.W. and Chervany, N.L. (1999), “IT adoption across time”,
MIS Quarterly, Vol. 23 No. 2, pp. 183-213.
Kim, H.J., Mannino, M. and Nieschwietz, R.J. (2009), “Information technology acceptance in the
internal audit profession: impact of technology features and complexity”, International
Journal of Accounting Information Systems, Vol. 10 No. 4, pp. 214-228.
Neuron, B. (2003), “SAS 94: issues and opportunities”, InfoTech Update, Vol. 12 No. 1.
Paukowits, F. (2000), “Bridging CAATTS and risk”, Internal Auditor, Vol. 57 No. 2, p. 27. Adoption of
Pogrob, K.R. and Isenberg, G. (1999), “Accountants corner: auditing in a paperless society”, CAATTs
The Secured Lender, Vol. 55 No. 7, p. 126.
Rahim, M. (2008), “Identifying factors affecting acceptance of e-procurement systems: an initial
qualitative study at an Australian City Council”, Communications of IBIMA, Vol. 3, pp. 17-78.
Ramamoorthi, W. (2004), The Pervasive Impact of Information Technology on Internal Auditing,
Chapter 9, Institute of Internal Auditors Inc., Altamonte Springs, FL. 347
Salierno, D. (2001), “Tools of the trade”, The Internal Auditor, Vol. 58 No. 4, pp. 32-34.
Schafer, B.A. and Eining, M. (2002), “Auditor’s adoption of technology: a study of domain experts”,
paper presented at American Accounting Association Annual Meeting, San Diego, CA.
Sieber, S., Valor, J. and Miralles, F. (2005), “CIO herds and user gangs in the adoption of open
source software”, IESE working paper series.
Singleton, T. and Flesher, D.L. (2003), “A 25 years retrospective on the IIA’s SAC project”,
Managerial Auditing Journal, Vol. 18 No. 1, pp. 39-53.
Stoel, D., Havelka, D. and Merhout, J.W. (2012), “An analysis of attributes that impact
information technology audit quality: a study of IT and financial audit practitioners”,
International Journal of Accounting Information Systems, Vol. 13 No. 1, pp. 60-79.
Succi, M.J. and Walter, Z.D. (1999), “Theory of user acceptance of information technologies:
an examination of health care professionals”, Proceedings of the 32nd Hawaii International
Conference on System Sciences (HICSS), pp. 1-7.
Venkatesh, V. (2000), “Determinants of perceived ease of use: integrating control, intrinsic
motivation, and emotion into the technology acceptance model”, Journal of Information
Systems Research, Vol. 11 No. 4, pp. 342-365.
Venkatesh, V. and Davis, F.D. (2000), “A theoretical extension of the technology acceptance
model: four longitudinal field studies”, Management Science, Vol. 46 No. 2, pp. 186-204.
Venkatesh, V., Morris, M., Davis, G. and Davis, F. (2003), “User acceptance of information
technology: toward a unified view”, MIS Quarterly, Vol. 27 No. 3, pp. 425-478.
Yin, R. (2003), Case Study Research: Designs and Methods, Sage, Newbury Park, CA.
Further reading
Davis, F.D., Bagozzi, R.P. and Warshaw, P.R. (1989), “User acceptance of computer technology:
a comparison of two theoretical models”, Management Science, Vol. 35, pp. 982-1002.
Paukowits, F. (1998), “Mainstreaming CAATTS”, Internal Auditor, Vol. 55 No. 1, p. 19.
348
MAJ
response
Table AI.
Summary of general
Appendix
1 “The Head of Internal audit decided that ACL should be used by the audit function. He himself has had more than 15 years
experience in using ACL. I was employed to champion the adoption of ACL and during the trial period I have to provide
proofs on the benefits of using ACL. I presented to them cost savings on Insurance Claims that can be produced through
data interrogation using ACL. The management are happy with the benefits derived from ACL and approved the adoption
of ACL”
2 “The company adopted CAATTs initially due to occurrence of computer fraud, which was also the reason for the establishment of
the internal audit function. Main emphasis then is to check computer controls. The task was carried out by a computer auditor who
has an in-depth knowledge of computers. At the beginning, IDEA was mainly used by computer auditors. Later, IDEA is also
adopted by the management to check data accuracy”
3 “ACL has been adopted for the past 3 years. One of the main factors to adopt CAATTs was the benefit that could be derived
from CAATTs usage such as increased coverage. Apart from that, it also makes more sense to use audit software to audit
data that is available electronically”
4 “In this organisation, we have been using CAATTs for more than 5 years. The IT Auditors drove the usage. The reason for
adoption was mainly due to electrification of data processing in the organisation. It is much easier to audit data in electronic
form by using IT tools. IDEA is mainly used to audit the financial system run using SAP R3. We also think that when the
legacy system is moved to a higher technology then auditors need to use tools to be more efficient in their audits. For
example, it is easier to do random sampling using IDEA when the data is available electronically”
5 “The adoption of IDEA is due to benefits that can be derived from the software. Those benefits are an increased level of
assurance, improved quality of audit and increase coverage of the tests. In fact the usage of CAATTs makes it possible to
perform 100% coverage”
6 “The decision to buy was driven by the belief that the audit software would improve the efficiency of the audit team. The
team started to use ACL for fraud investigations, which were to compare Housing Benefit data with Payroll data. The
results were good and the management was satisfied with it. Subsequently ACL was used for data matching and to find
exceptions in reports”
(continued)
Case number General response on motivation to adopt CAATTs
7 “Throughout my experience in providing audit automation solution to internal auditors, I found that there are few factors that
motivate adoption of audit software. One of the most important motivations would be to fulfil compliance requirements such as
Sarbanes Oxley. In the absence of such regulation, the motivation may not be strong enough”
8 “The organisation has adopted a fully computerised system, therefore it is more efficient to conduct the audit using CAATTs. It
enables a wider scope and coverage of the audit. The facilities and functions in ACL are powerful and those tests are not able to be
carried out manually”
9 “Historically we started to use CAATTS when the external auditors requested for data interrogation to be carried out on a
particular area. When the organisation shifted to a PC based environment, we then looked for CAATTs solution that is
compatible with PCs. First, we used ACL to perform data interrogation as well as data extraction. The usage further
expanded into data analysis for internal purposes. Later, the organisation decided to use IDEA as audit tools because we
found that the software is extremely powerful if it is properly utilised
Continued and expanding usage of CAATTs is due to fast processing as well as unlimited audit coverage that is possible when
conducting the tests. Usage of IDEA has also enabled us to perform a few tests that can’t be performed manually due to volume of
data. The ability of the software to analyse, interrogate and extract data is also recognised by business units other than internal
audit. For instance, the Purchase Order Processing Function use IDEA in order to generate reports on duplicate payments.”
10 “We decided to use CAATTs to be able to deliver extra value-added audit service for the organisation. We know that
CAATTs has capabilities of performing data extraction and analysis that cannot be done manually”
CAATTs
Table AI.
349
Adoption of