An assessment of the purpose of the use of
Generalised Audit Software:A perspective of Internal
Audit Functions in Australia
Dr. L.A. Smidt
Department of Auditing
Tshwane University of Technology
South Africa
smidtla@tut.ac.za
Dr. L. Steenkamp
Department of Accounting and Auditing
Central University of Technology
Free State
llubbe@cut.ac.za
Dr. Aidi Ahmi
College of Business: Accountancy
Universiti Utara Malaysia
Malaysia
aidi@uum.edu.my
Abstract — Modern day internal audit functions have to execute its
duties in control environments that are increasingly dominated by
technology and “big data”. Internal audit functions are therefore
encouraged to use technology-based tools such as GAS in the
execution of their duties in an effort to respond to its various
stakeholders’ needs and expectations in an efficient and effective
manner. GAS comes with a number of different functionalities
that the internal auditor can use. This paper explores the purpose
of the use of GAS as a data analytics tool by internal audit
functions in Australia. The research results indicate that
respondents are utilising GAS for a variety of purposes. The top
five purposes for which the respondents make use of GAS often to
always during separate internal audit engagements are: (1) for
conducting full population analyses; (2) to identify transactions
with specific characteristics or control criteria for tests of controls
purposes; (3) to evaluate fraud risks; (4) to obtain audit evidence
about control effectiveness; and (5) for selecting random samples
for tests of controls purposes from key electronic files.
Keywords - Computer Assisted Audit Techniques, Control
environment, Generalised Audit Software, Internal Audit, Tests of
Controls.
I. INTRODUCTION
Internal audit functions of organisations have to provide
independent assurance over the effectiveness and adequacy of
organisational governance, control and risk management
processes [1], [2]. Even though the overarching objective of the
internal audit function remained largely unchanged, the manner
2019 14th Iberian Conference on Information Systems and Technologies (CISTI)
19 – 22 June 2019, Coimbra, Portugal
ISBN: 978-989-98434-9-3
Prof. D.P. van der Nest
Department of Auditing
Tshwane University of Technology
South Africa
vandernestdp@tut.ac.za
Prof. D.S. Lubbe
School of Accountancy
University of the Free State
Free State
lubbeds@ufs.ac.za
in which internal audit functions conduct their work changed
quite significantly over the past few decades. Reference [3]
explain that due to the business environment changing from
largely manual processes to data-intensive technologies, vast
volumes of data are being produced and maintained. These
massive volumes of data are almost entirely offered in electronic
format – an occurrence that is generally referred to as “big data”
[4].
Historically, the emphasis of the internal audit function was
placed on a periodic, backward-looking approach, and important
activities and events in the organisation were usually identified
only after their occurrence or simply stayed undetected [5]. As
businesses hold and have access to an ever increasing wealth of
data, the role of the internal auditor in delivering its mandate is
rapidly moving away from a traditional, largely manual
function, to one that should be capable of utilising technology-
enabled tools and techniques [6]. Data analytics can greatly
enhance the performance of the internal audit function and create
organisational value. The Institute of Internal Auditors even
goes as far as stating that “internal audit professionals that
hesitate to incorporate data analytics more fully into their
operations will fall behind and risk becoming obsolete” [7]. In
literature, many authors share this view [8], [9], [10] and [11].
Further, the Institute of Internal Auditors published Standard
1220.A2, Due Professional Care, in the most recent edition of its
International Standards for the Professional Practice of Internal
Auditing (Standards) [1], emphasises that internal auditors are
actually required to make use of technology-based tools in
carrying out their responsibilities.
Reference [12] and [13] explains that the use of CAATs
enable the internal auditor to audit both “through” and “with”
the computer, instead of merely “around” the computer.
Literature pose five broad categories of CAATs namely test
data, integrated test facilities, embedded audit modules, parallel
simulations, and Generalised Audit Software (GAS) [14], [15]
and [16]. Reference [16] emphasises that GAS form part of the
broader definition of CAATs, and research has found GAS to be
the most frequently used CAAT [15], [16] and [18]. The
objective of this paper is therefore on the purpose of the use of
GAS by internal audit functions in Australia.
II. RESEARCH OBJECTIVES AND METHODOLOGY
The internal auditors of today have to embrace the power of
data that resides in the computer systems of their respective
organisations if they are to remain relevant in the era of “big
data”. This paper is therefore guided by the following research
objective:
To explore the purposes for which GAS, as a data analytics
tool, is utilised by internal audit functions in Australia.
The primary method of data collection used in this study was
by means of a structured online questionnaire using an online
survey tool called LimeSurvey (quantitative method). The
quantitative data, for the purposes of this paper, was analysed
through the use of descriptive statistics.
The online questionnaire was distributed to the full research
population consisting of 322 chief audit executives (CAEs) with
the support from the Institute of Internal Auditors (IIA) –
Australia. The executive officer and company secretary of the
IIA–Australia distributed the online questionnaire to all 322
CAEs that were registered members (at the time of the research)
with the IIA in accordance with their membership database.
These CAEs were well represented across a number of different
industries such as aviation, education, federal government,
finance and banking, government, health, human services,
insurance, local government, state government, superannuation,
transportation, utility, agriculture, construction, entertainment,
information technology, logistics, mining, non-profit and
professional services.
The total number of online questionnaires returned was 50 (i.e.
a response rate of 15.53%) from the total research population of
322 internal audit organisations that are registered members with
the IIA-Australia.
III. REVIEW OF PRIOR RESEARCH
CAATs are technology available to assist the internal audit
function in the execution of its audit tasks. GAS has been
identified as the most popular and most frequently used type of
CAAT, and examples of GAS packages include IDEA, CCM
and ACL [17], [19]. More specifically, [15] explains that GAS
allows auditors to access electronically coded data files and to
perform various operations on their contents.
2019 14th Iberian Conference on Information Systems and Technologies (CISTI)
19 – 22 June 2019, Coimbra, Portugal
ISBN: 978-989-98434-9-3
In research studies that have focused specifically on the
enabling factors that contribute to the adoption and/or use of
GAS by internal audit functions, [20] found that internal auditors
perceive the use of GAS primarily as a tool for special
investigations and not as part of their regular duties. A study by
[21] found that the use of GAS enhanced audit coverage and
contributed to significant cost reductions in internal audit
engagements. An AuditNet survey by [22] identified a number
of motivating factors for using GAS including, but not limited
to, assisting in identifying fraudulent transactions, improved
consistency in audit scope, increased audit efficiency and
reductions in planned fieldwork. A further study by [18] has
some similar findings and also draws attention to cost savings
and enhanced audit coverage and quality. Reference [23]
identified changing trends in internal audit and advanced
analytics. This study specifically noted a shift towards
leveraging data analytics to assist with compliance and to
improve risk management. In addition to the findings already
mentioned, the study by [24] emphasised the ease of use of GAS
as well as improved communications through the various
functionalities available in GAS. In one of the most recent
studies on data analytics in internal audit, the Institute of Internal
Auditors [7] highlighted similar motivating factors as the other
studies, making specific mention of increased volumes of work,
consistency in scope, time savings, streamlining of audit
processes and enhancing audit efficiency. See also [9].
Despite the numerous enabling factors, there are also a
number of so-called “inhibitors” or barriers to technology usage
[25], and specifically the use of GAS. Reference [26] emphasise
that inhibitors are not, as is sometimes wrongfully assumed,
merely the inverse of enablers. Reference [27] add that
overcoming inhibitors may be essential in order for enablers to
significantly affect adoption and usage. From an internal
auditing perspective, a number of studies focused on inhibitors
to GAS usage – rationalisations or justifications used for not
fully adopting or utilising GAS as part of internal audit
methodologies. Reference [21] identified training challenges,
system compatibility concern and staff competence as main
inhibitors.
The AuditNet survey by [22] adds challenges specifically
relating to data, such as availability, quality and reliability of
data, and also makes mention of lack of executive-level support
and buy-in. Over and above training, system compatibility, staff
competence and data challenges, industry reports by [28], [29]
and [30] also add more specific issues. These include building
teams with the right GAS skills sets, not fully embedding data
analytics across the internal audit life cycle, failing to leverage
data at all stages of the audit cycle, and inadequate investing in
and utilising the appropriate technology. The ACL report makes
specific mention of the expectation gap between management
and the internal audit function regarding what data analytics
entail. A recent industry report by [7] also highlighted numerous
challenges in integrating data analytics into internal audit
functions. These include, amongst others, lack of access to the
right data sources, the complexity of data sets and need for
customised extraction tools, poor data quality, data accessibility,
lack of management buy-in, time constraints in developing and
executing analytic procedures, insufficient resources and staff
training needs, lack of understanding of data analytics and an
inability to interpret results. To summarise, most studies
identified access to and availability of data, together with data
quality (accuracy, completeness and integrity) as the major
inhibitors to GAS usage.
In light of the above, inhibiting factors are still deterring many
internal audit functions from utilising CAATs and/or GAS to its
full potential. The Institute of Internal Auditors in a recent
CBOK report based on a global study by [32] indicated that as
many as 52% of the respondents did not make use of CAATs at
all, or only used CAATs to a very limited extent. A study by [29]
established that a mere 31% of internal audit functions are
utilising data analytics, a similar study by [33] shows a slight
increase in the use of data analytics of 34%. The fact that the
uptake of the use of CAATs and GAS is still at a very low level
globally, underlines the importance that the increased use should
be a high priority for internal audit functions [34]. Reference
[35] explains that one of the biggest challenges faced by internal
audit functions is the high expectations from senior management
and audit committees. More specifically, internal audit functions
are expected to be more efficient with less resources, identify
and respond to risk more effectively, deliver better and more
effective analysis of key issues, provide more meaningful
actionable insights, and be a driver of change within the business
[35]. The solution to these challenges lies in the application of
analytic techniques to the internal audit process. Reference [7]
identified four primary tasks for which internal audit
departments currently use data analytics, namely compliance,
fraud detection and investigation, operational performance, and
internal controls.
Literature focusing on the purpose of the use of GAS include
a number of theoretical papers [36], [37], [38], [39] and [53], as
well as studies focusing on a variety of continents, regions and
countries, including globally [32], [40], [41], [42] and [51],
Africa [2] the United States of America [43], [7], the United
Kingdom [21], Singapore [20], Malaysia [21], [24] and
Indonesia [44]. As far as could be determined no existing prior
research, focusing specifically on the purpose of the use of GAS
in internal audit functions in Australia, has been conducted.
Therefore, a clear “gap in the literature” was identified.
IV. SURVEY RESULTS
The current emphasis on risk based internal auditing, and the
growing use of GAS, should assist internal audit functions to
identify risks or areas within the control environment that
warrant further emphasis for internal audit engagement purposes
[45]. In addition, GAS is also seen as a useful tool for conducting
risk assessments, amongst other tasks, by identifying outliers,
anomalies and trends that warrant further emphasis, because
they pose higher risk for tests of controls purposes [1], [18], [38],
[46], [47], [48], [49] and [52].
As part of the survey, the respondents were asked to indicate
the frequency for which they utilised GAS in the various
systematic phases of the audit. The available options given were:
during annual audit planning, when performing specific
engagement planning, and during the process of monitoring and
follow-up. The options also allowed for other responses and ad-
hoc tasks, over and above the specific systematic internal audit
phases. For each of the various internal audit phases, as well as
2019 14th Iberian Conference on Information Systems and Technologies (CISTI)
19 – 22 June 2019, Coimbra, Portugal
ISBN: 978-989-98434-9-3
other options chosen, the respondents could indicate the
frequency of use as never, rarely, sometimes, often or always.
From the 50 positive responses received, only 23
respondents indicated that they are actually making use of GAS
in their respective internal audit functions. The results from an
analysis of the purposes for which GAS is utilised by these 23
responding internal audit functions in Australia revealed the
following:
The results indicated that the use of GAS for risk based
annual audit planning, is the exception rather than the norm.
The significant majority of respondents (16 of the 23 – 69.5%)
that do use GAS, indicated that GAS was never to rarely used to
conduct risk-based annual audit planning. There were 5 of the
23 respondents (21.7%) who indicated that it was sometimes
used for this purpose with only 2 of the 23 respondents (8.7%)
that indicated it was often to always used for this purpose.
The frequency of the use of GAS for risk based engagement
planning, was also at a relatively low level, with 9 of the 23
respondents (39.1%) indicating that GAS was never to rarely
used to conduct risk based engagement audit planning. A further
10 of the 23 respondents (43.5%) indicated that GAS is
sometimes used for this purpose.
With reference to the frequency of the use of GAS to identify
the purpose for which GAS is used during separate/individual
internal audit engagements (i.e., the fieldwork phase of an
engagement) it was evident that the respondents are utilising
GAS for a variety of purposes during the conduct of an
individual internal audit engagement.
The last phase of the systematic internal audit approach is to
conduct monitoring and follow-up in an effort to verify
whether management has taken action on previously reported
audit findings. The use of GAS can also be used for this purpose:
The survey results reveal that 30.4% of the respondents never
store audit specific data in GAS for monitoring and follow-up
purposes, 13.0% indicated that audit specific data is rarely
stored in GAS for monitoring and follow-up purposes, 34.8%
indicated it is sometimes stored in GAS, and 21.7% indicated
audit specific data is often stored in GAS to support and inform
monitoring and following-up on previously reported audit
findings at their departments. In brief, the significant majority
(78.2%) of the respondents indicated that audit specific data is
never to sometimes stored in GAS for this purpose.
Furthermore, respondents were provided with a range of
engagement tasks for which GAS can be utilised during the
fieldwork phase of an engagement. For each task they were
required to indicate the frequency of use, with the options being
never, rarely, sometimes, often and always.
A tendency to use GAS more frequently for specific
purposes during this phase (fieldwork) of the internal audit
engagement, was evident. The top five purposes for which the
respondents make use of GAS often to always during separate
internal audit engagements are:
x For conducting full population analyses (69.5%);
 x To identify transactions with specific characteristics
or control criteria for tests of controls purposes
(65.2%);
x To evaluate fraud risks (43.5%);
x To obtain audit evidence about control effectiveness
(39.1%); and
x For selecting random samples for tests of controls
purposes from key electronic files (30.4%).
The above include more basic types of data analytics, such
as conducting full population analyses and doing sample
selection. It is therefore evident that the highest uptake of data
analytics is seen in the more basic types of analytics.
The purposes for which the respondents had the lowest
uptake, indicating that they never to rarely make use of GAS
during separate internal audit engagements are:
x For the generation of exception reports through
continuous auditing (60.9%);
x To re-perform procedures (e.g., aging of account
receivables) (56.5%);
x The results of the data analysis are used to conduct a
root cause analysis to establish “why” a certain
control was not working effectively (52.1%);
x The results of the data analysis are used to identify
trends and to predict future risk events (47.8%); and
x For risk identification purposes (34.7%).
Purposes such as trend identification, prediction of future
events, continuous auditing and root cause analysis are
considered to be more advanced types of data analytics. From
the results it is clear that the internal audit functions still have a
low uptake of these more advanced uses of data analytics.
More specifically, the frequency of the use of GAS for risk
identification purposes during the conduct of individual audit
engagements (i.e. during the fieldwork stage) is also not at a high
level. The survey results show that 5 of the 23 respondents
(21.7%) indicated that GAS was never used for risk
identification purposes during individual audit engagements; 3
of the 23 respondents (13%) indicated that GAS was rarely used
for risk identification purposes during individual audit
engagements. On the other hand, 11 of the 23 respondents
(47.8%) indicated that they sometimes use GAS for this purpose
with a further 3 of the 23 respondents (13%) that indicated they
often use GAS for risk identification purposes. There was only
one respondent (4.3%) that indicated they always use GAS for
this purpose.
V. LIMITATIONS OF THE STUDY AND OPPORTUNITIES FOR
FUTURE RESEARCH
The empirical results of this study (as set out in section
IV) should be interpreted in the context of the following
limitations:
x CAATs include a broad definition (i.e. it includes
many different types of technology-driven and
2019 14th Iberian Conference on Information Systems and Technologies (CISTI)
19 – 22 June 2019, Coimbra, Portugal
ISBN: 978-989-98434-9-3
technology-dependent tools). This study focused
specifically on the use of GAS (as mentioned in
section II) as it is one of the most popular and
frequently used types of CAATs, by internal audit
functions when conducting tests of controls [50],
[53]. This study therefore did not gather information
about the use of any other types of CAATs from the
research respondents.
x Furthermore, this study focused on the use of GAS
by internal auditors in Australia. This study therefore
excluded the use of GAS employed by external
auditors in Australia.
x An additional limitation is that the research addresses
only the internal auditor’s performance of tests of
controls using GAS, and did not attempt to explore
the use of GAS when performing tests of details or
any other form of investigation.
x The empirical data was primarily collected through
the use of a structured questionnaire. The respondent
universe was limited to the CAEs of these internal
audit functions.
Further research opportunities therefore exist in the preceding
limitations, and these are briefly highlighted next:
x This study can also be replicated in other countries
which could lead to additional insights arising from
comparisons between local and international
practices.
x The research methodology could be extended to gain
insights from multiple case studies in a variety of
industries, a longitudinal study, or the use of face-to-
face interviews. These various approaches could
provide deeper insights with regard to the adoption
and purpose of the use of GAS by internal audit
functions generally.
x The target audience could be deepened, to research
the perceptions and understanding of the different
levels of staff within the individual internal audit
functions, from entry level internal auditors through
to senior management.
x The study could also be replicated to explore the
maturity of use of GAS employed by external
auditors.
x A future set of studies could also explore the use of
GAS by internal auditors as they relate to tests of
details.
VI. CONCLUSION
This paper provided an overview of the purposes for which
GAS, as a data analytics tool, is used by internal audit functions
in Australia. The empirical results revealed that internal audit
functions in Australia utilise GAS for a variety of purposes and
that some functionalities are more widely used than others. The
top five purposes for which the respondents make use of GAS
often to always during separate internal audit engagements are:
(1) for conducting full population analyses; (2) to identify
transactions with specific characteristics or control criteria for
tests of controls purposes; (3) to evaluate fraud risks; (4) to
obtain audit evidence about control effectiveness; and (5) for
selecting random samples for tests of controls purposes from key
electronic files.
The use of GAS enables internal audit functions to run
various data analytical tests and should improve the internal
audit function’s “line of sight”. The results revealed that the
respondents’ “line of sight” is mainly limited to providing
descriptive and diagnostic analytics. Descriptive and diagnostic
analytics are classified as the basic forms of data analytics
compared to more advanced analytics that are used to make
predictions about the state of a future occurrence or event (i.e.
predictive analytics). This predictive capability of analytics is
paving the way for internal audit functions to conduct risk-
focused annual audit planning, and also to focus audit efforts on
high risk areas that warrant emphasis. On the contrary, the use
of GAS to conduct risk-based annual audit planning was the
exception rather than the norm.
The global business industry is ever evolving and the control
environments in which internal audit functions conduct their
work are also being transformed by this continuous increase of
technology and “big data”, which also increases the complexity
of these control environments. It therefore comes as no surprise
that the IIA is placing a strong emphasis on the conduct of the
work of internal audit functions, in requiring them to utilise
technology-based tools and techniques as part of their systematic
audit methodology. The hope is there, that Chief Audit
Executives will further embrace the use of technology-based
tools and that they will continue to explore the various
functionalities and capabilities of the use of GAS. This, in an
effort to ensure that their respective internal audit functions are
optimally delivering and responding to its stakeholders’ needs
and expectations. In conclusion, as internal audit functions
continue to advance to greater levels of maturity in the use of
GAS to conduct data analytics, they should aspire to reach a
level of maturity whereby audit results could almost be
instantaneous through the use of predictive, prescriptive and
preventive data analytics. Internal audit functions need to realise
that they can no longer be static, but that that they will have to
continuously rethink or redesign their audit methodologies in
their efforts to remain relevant as a key assurance provider to
their respective organisations and key stakeholders.
REFERENCES
[1] The Institute of Internal Auditors. 2016a), “International Standards for the
Professional Practice of Internal Auditing”, October: pp. 1–25.
[2] The Institute of Internal Auditors Australia. (2016), “Internal Audit in
Australia”, Sydney, pp. 1–52.
[3] Sun, T. and Vasarhelyi, M.A. (2017), “Deep Learning and the Future of
Auditing: How an Evolving Technology Could Transform Analysis and
Improve Judgment”, The CPA Journal, June.
[4] Issa, H. (2013), Exceptional Exceptions, The State University of New
Jersey.
[5] Byrnes, E., Al-Awadhi, A., Gullvist, B., Brown-Liburd, H., Teeter, R.A.,
Warren, J.D.J. and Vasarhelyi, M.A. (2015), “Evolution of Auditing:
From the Traditional Approach to the Future Audit”, Audit Analytics and
Continuous Audit: Looking Toward the Future, American Institute of
Certified Public Accountants, Inc., New York: pp. 71–86.
2019 14th Iberian Conference on Information Systems and Technologies (CISTI)
19 – 22 June 2019, Coimbra, Portugal
ISBN: 978-989-98434-9-3
[6] Ramen, M., Jugurnath, B. and Ramhit: (2015), “UTR-CTOE: A New
Paradigm Explaining CAATs Adoption”, Journal of Modern Accounting
and Auditing, Vol. 11 No. 1(2), pp. 615–631.
[7] The Institute of Internal Auditors. 2016b), Data Analytics - Elevating
Internal Audit”s Value, available at:
https://www.theiia.org/bookstore/downloads /6900045156664/8510-
6388-09_data_analytics_v13_nocrop.pdf.
[8] Byrnes, E., Al-Awadhi, A., Gullvist, B., Brown-Liburd, H., Teeter, R.A.,
Warren, J.D.J. and Vasarhelyi, M.A. (2015), “Evolution of Auditing:
From the Traditional Approach to the Future Audit”, Audit Analytics and
Continuous Audit: Looking Toward the Future, American Institute of
Certified Public Accountants, Inc., New York: pp. 71–86.
[9] EY. (2014), Harnessing the power of data - How Internal Audit can embed
data analytics and drive more value.
[10] Krahel, J.P. and Titera, W.R. (2015), “Consequences of big data and
formalization on accounting and auditing standards”, Accounting
Horizons, Vol. 29 No. 2, pp. 409–422.
[11] Rikhardsson: and Dull, R. (2016), “An exploratory study of the adoption,
application and impacts of continuous auditing technologies in small
businesses”, International Journal of Accounting Information Systems,
Elsevier Inc., Vol. 20, pp. 26–37.
[12] Smidt, L.A. (2016), A Maturity Level Assessment of the Use of
Generalised Audit Software by Internal Audit Functions in the South
African Banking Industry, Univeristy of the Free State.
[13] Seeburn, K. (2013), “The IS auditor: what are the key knowledge
requirements”, International Journal of Auditing Technology, Vol. 1 No.
1, pp. 34.
[14] Braun, R.L. and Davis, H.E. (2003), “Computer-assisted audit tools and
techniques: analysis and perspectives”, Managerial Auditing Journal,
Vol. 18 No. 9, pp. 725–731.
[15] Hall, J.A. (2011), Information Technology Auditing, Fourth Edition,
Cengage Learning, Boston.
[16] Rajshekhar, J. (2008), “Using Computer Assisted Audit Tools (CAATs)
for Audit and Inspection of Banks in India”, CAB CALLING: pp. 38–41.
[17] Lin, C. and Wang, C. (2011), “A selection model for auditing software”,
Industrial Management & Data Systems, Vol. 111 No. 5, pp 776–790.
[18] Mahzan, N. and Lymer, A. (2014), “Examining the adoption of computer-
assisted audit tools and techniques: Cases of generalized audit software
use by internal auditors”, Managerial Auditing Journal, Vol. 29 No. 4, pp
327–349.
[19] Farkas, M.J. and Hirsch, R.M. (2016), “The Effect of Frequency and
Automation of Internal Control Testing on External Auditor Reliance on
the Internal Audit Function”, Journal of Information Systems, Vol. 30 No.
1, pp. 21–40.
[20] Debreceny, R., Lee, S., Neo, W. and Shuling Toh, J. (2005), “Employing
generalized audit software in the financial services sector”, Managerial
Auditing Journal, Vol. 20 No. 6, pp. 605–618.
[21] Mahzan, N. and Lymer, A. (2008), “Adoption of Computer Assisted
Audit Tools and Techniques (CAATTs) by Internal Auditors: Current
issues in the UK”, BAA Annual Conference, Blackpool: pp. 1–46.
[22] Kaplan, J. (2012), AuditNet ® 2012 Survey Report on Data Analysis
Audit Software.
[23] Protiviti. (2015), Changing Trends in Internal Audit and Advanced
Analytics.
[24] Shamsuddin, A., Rajasharen, L., Maran, D., Ameer, M.F.M. and
Muthu:M. (2015), “Factors influencing usage level of computer assisted
audit techniques (CAATs) by internal auditors in Malaysia”, Proceeding
- Kuala Lumpur International Business, Economics and Law Conference
6, Vol. 1, pp. 123–131.
[25] Cenfetelli, R.T. (2004), “Inhibitors and enablers as dual factor concepts
in technology usage”, Journal of the Association for Information Systems,
Vol. 5 No. 1, pp. 472–492.
[26] Henderson, D.L., Bradford, M. and Kotb, A. (2016), “Inhibitors and
Enablers of GAS Usage: Testing the Dual Factor Theory”, Journal of
Information Systems, Vol. 30 No. 3, pp. 135–155.
[27] Cenfetelli, R.T. and Schwarz, A. (2011), “Identifying and Testing the
Inhibitors of Technology Usage Intentions”, Information Systems
Research, Vol. 22 No. 4, pp. 808–823.
[28] ACL. (2013), “The ACL Audit Analytic Capability Model”.
[29] PwC. (2013), Recognizing the potential created by analytics, December.
[30] KPMG. (2013), “Data Analytics for Internal Audit”, available at:
http://www.kpmg.com/CH/en/Library/Articles-
Publications/Documents/Advisory/pub-20130412-data-analytics-
internal-audit-en.pdf (accessed 12 September 2017).
[31] Tumi, A. (2013), “An Investigative Study into the Perceived Factors
Precluding Auditors Form Using CAATS and CA”, International Journal
of Advanced Research in Business, Vol. 1 No. 3, pp. 1–87.
[32] Cangemi, M.P. (2015), “Staying a Step Ahead - Internal Audit”s Use of
Technology”, The Global Internal Audit Common Body of Knowledge
(CBOK), p. 16.
[33] PwC. (2015), 2015 State of the Internal Audit Profession Study - Finding
True North in a Period of Rapid Transformation, available at:
https://www.pwc.com/us/en/risk-assurance/internal-audit-
transformation-study/assets/pwc-state-of-the-internal-audit-profession-
2015.pdf.
[34] Appelbaum, D., Kogan, A. and Vasarhelyi, M.A. (2017), “Big Data and
Analytics in the Modern Audit Engagement: Research Needs”, Auditing:
A Journal of Practice & Theory, Vol. 36 No. 4, pp. 1–27.
[35] Deloitte. (2013), “Adding Insight to Audit: Transforming Internal Audit
Through Data Analytics”.
[36] Bănărescu, A. (2015), “Detecting and Preventing Fraud with Data
Analytics”, Procedia Economics and Finance, Vol. 32 No. 1(5), pp.
1827–1836.
[37] Cao, M., Chychyla, R. and Stewart, T. (2015), “Big data analytics in
financial statement audits”, Accounting Horizons, Vol. 29 No. 2, pp. 423–
429.
[38] Elefterie, L. and Badea, G. (2016), “The impact of information technology
on the audit process”, Economics, Management and Financial Markets,
Vol. 11 No. 1, pp. 303–309.
[39] Zaiceanu, A.M., Hlaciuc, E. and Lucan, A.N.C. (2015), “Methods for
Risk Identification and Assessment in Financial Auditing”, Procedia
Economics and Finance, Elsevier B.V., Vol. 32 No. 1(5), pp. 595–602.
[40] Cangemi, M.P. (2016), “Views on Internal Audit, Internal Controls, and
Internal Audit”s Use of Technology”, EDPACS: The EDP Audit, Control,
and Security Newsletter, Vol. 53 No. 1, pp. 1–9.
[41] Pedrosa, I., Costa, C.J. and Laureano, R.M.S. (2015), “Use of Information
Technology on Statutory auditors” work: new profiles beyond
Spreadsheets” users”, 10th Iberian Conference on Information Systems
and Technologies (CISTI).
2019 14th Iberian Conference on Information Systems and Technologies (CISTI)
19 – 22 June 2019, Coimbra, Portugal
ISBN: 978-989-98434-9-3
[42] The Institute of Internal Auditors. (2014), “Enhancing Value Through
Collaboration: A Call To Action - Global Report July 2014”, The Pulse
of the Profession, July, pp. 1–14.
[43] Janvrin, D., Bierstaker, J. and Lowe, D.J. (2009), “An Investigation of
Factors Influencing the Use of Computer-Related Audit Procedures”,
Journal of Information Systems, Vol. 23 No. 1, pp. 97–118.
[44] Muliawan, A.D. (2015), Investigating the Impact of Direct Access on the
Use of Generalised Audit Software (GAS) and on the Quality of Auditors'
Analytical Tests, The University of Queensland.
[45] Sun, T., Alles, M. and Vasarhelyi, M.A. (2015), “Adopting continuous
auditing A cross-sectional comparison between China and the United
States”, Managerial Auditing Journal, 30 (2), available
at:https://doi.org/10.1108/09574090910954864.
[46] Ahmi, A. and Kent, S. (2013), “The utilisation of generalized audit
software (GAS) by external auditors”, Managerial Auditing Journal, Vol.
28 No. 2, pp. 88–113.
[47] Coderre, D. (2015), “Gauge your analytics”, Internal Auditor, August: pp.
39–45.
[48] Murphy, M.L. and Tysiac, K. (2015), “Data analytics helps auditors gain
deep insight”, Journal of Accountancy, April.
[49] Shiau, W.-L. (2014), “Improving Firm Performance Through a Mobile
Auditing Assistance System”, International Journal of Enterprise
Information Systems, Vol. 10 No. 4, pp. 22–35.
[50] Smidt, L., van der Nest, D. P., & Lubbe, D. (2014), The use of sampling
and CAATs within internal audit functions in the South African banking
industry, 9th Iberian Conference on Information Systems and
Technologies (CISTI) (pp. 1-5). IEEE.
[51] Pedrosa, I., Costa, C. J., & Laureano, R. M. (2015), Motivations and
limitations on the use of information technology on statutory auditors'
work: An exploratory study, 10th Iberian Conference on Information
Systems and Technologies (CISTI) (pp. 1-6). IEEE.
[52] Pascual, E. H. (2015), Application of technical computer assisted audit in
the prevention and detection of fraud, 10th Iberian Conference on
Information Systems and Technologies (CISTI) (pp. 1-6). IEEE.
[53] Dias, C., & Marques, R. P. (2018), The use of computer-assisted audit
tools and techniques by Portuguese internal auditors, 13th Iberian
Conference on Information Systems and Technologies (CISTI) (pp. 1-7).
IEEE.