Professional Documents
Culture Documents
2019 IEEE Smidt Et Al
2019 IEEE Smidt Et Al
Dr. L. Steenkamp
Department of Accounting and Auditing Prof. D.S. Lubbe
Central University of Technology
School of Accountancy
Free State
University of the Free State
llubbe@cut.ac.za
Free State
lubbeds@ufs.ac.za
Abstract — Modern day internal audit functions have to execute its in which internal audit functions conduct their work changed
duties in control environments that are increasingly dominated by quite significantly over the past few decades. Reference [3]
technology and “big data”. Internal audit functions are therefore explain that due to the business environment changing from
encouraged to use technology-based tools such as GAS in the largely manual processes to data-intensive technologies, vast
execution of their duties in an effort to respond to its various
stakeholders’ needs and expectations in an efficient and effective
volumes of data are being produced and maintained. These
manner. GAS comes with a number of different functionalities massive volumes of data are almost entirely offered in electronic
that the internal auditor can use. This paper explores the purpose format – an occurrence that is generally referred to as “big data”
of the use of GAS as a data analytics tool by internal audit [4].
functions in Australia. The research results indicate that
respondents are utilising GAS for a variety of purposes. The top Historically, the emphasis of the internal audit function was
five purposes for which the respondents make use of GAS often to placed on a periodic, backward-looking approach, and important
always during separate internal audit engagements are: (1) for activities and events in the organisation were usually identified
conducting full population analyses; (2) to identify transactions only after their occurrence or simply stayed undetected [5]. As
with specific characteristics or control criteria for tests of controls businesses hold and have access to an ever increasing wealth of
purposes; (3) to evaluate fraud risks; (4) to obtain audit evidence data, the role of the internal auditor in delivering its mandate is
about control effectiveness; and (5) for selecting random samples rapidly moving away from a traditional, largely manual
for tests of controls purposes from key electronic files. function, to one that should be capable of utilising technology-
Keywords - Computer Assisted Audit Techniques, Control enabled tools and techniques [6]. Data analytics can greatly
environment, Generalised Audit Software, Internal Audit, Tests of enhance the performance of the internal audit function and create
Controls. organisational value. The Institute of Internal Auditors even
goes as far as stating that “internal audit professionals that
I. INTRODUCTION hesitate to incorporate data analytics more fully into their
Internal audit functions of organisations have to provide operations will fall behind and risk becoming obsolete” [7]. In
independent assurance over the effectiveness and adequacy of literature, many authors share this view [8], [9], [10] and [11].
organisational governance, control and risk management Further, the Institute of Internal Auditors published Standard
processes [1], [2]. Even though the overarching objective of the 1220.A2, Due Professional Care, in the most recent edition of its
internal audit function remained largely unchanged, the manner International Standards for the Professional Practice of Internal
Auditing (Standards) [1], emphasises that internal auditors are