Information technology and its implications for internal auditing: An empirical study of Saudi organizations

摘要

Purpose – The purpose of this paper is to investigate empirically the impact of emerging information technology (IT) on internal auditors' (IA) activities, and to examine whether the IT evaluations performed in Saudi organizations vary, based on evaluation objectives and organizational characteristics. Design/methodology/approach – A survey, using a self-administered questionnaire, is used to achieve these objectives. About 700 questionnaires were randomly distributed to a sample of Saudi organizations located in five main Saudi cities. In total, 218 valid and usable questionnaires – representing a 30.7 percent response rate – were collected and analyzed using Statistical Package for Social Sciences – SPSS version 15. Findings – The results of the study reveal that IA need to enhance their knowledge and skills of computerized information systems (CIS) for the purpose of planning, directing, supervising and reviewing the work performed. The results of the study are consistent with Hermanson et al. that IA focus primarily on traditional IT risks and controls, such as IT data integrity, privacy and security, asset safeguarding and application processing. Less attention has been directed to system development and acquisition activities. The IA's performance of IT evaluations is associated with several factors including: the audit objectives, industry type, the number of IT audit specialists on the internal audit staff, and the existence of new CIS. Practical implications – From a practical standpoint, managers, IA, IT auditors, and practitioners alike stand to gain from the findings of this study. Originality/value – The findings of this study have important implications for managers and IA, enabling them to better understand and evaluate their computerized accounting systems.