Auditors' training and proficiency in information systems: A research synthesis

Journal of Information Systems

Volumn 23, Issue 1, 2009, Pages 79-96

  Curtis, Mary B ^a   Gregory Jenkins, J ^b   Bedard, Jean C ^c   Deis, Donald R ^d  

^a UNIVERSITY OF NORTH TEXAS   (United States)

^b VIRGINIA POLYTECHNIC INSTITUTE AND STATE UNIVERSITY   (United States)

^c BENTLEY UNIVERSITY   (United States)

^d TEXAS A AND M UNIVERSITY CORPUS CHRISTI   (United States)

Author keywords

Audit expertise; Auditing; Information systems; Information technology

Indexed keywords

EID: 77956747502     PISSN: 08887985     EISSN: 15587959     Source Type: Journal    
DOI: 10.2308/jis.2009.23.1.79     Document Type: Article

References (90)

1. Accounting Education Change Commission (AECC). 1990. Objectives of education for accountants: Position Statement Number One. Issues in Accounting Education 5 (2): 307-312.
2. Adams, D., C. A. Schaller, and E. G. Jancura. 1975. Technical proficiency for auditing computer processed accounting records. Journal of Accountancy 140 (4): 46-59.
3. Albrecht, W. S., and R. J. Sack. 2000. Accounting Education: Charting a Course Through a Perilous Future. Accounting Education Series 16. Sarasota, FL: AAA.
4. American Institute of Certified Public Accountants (AICPA). 1996. Implementing IEG 11- Information Technology in the Accounting Curriculum: Strategies of the AICPA. Available at: http://www.ifac.org/Members/PubsDetails.tmpl?PubID_95816218135158&Category_Education
5. American Institute of Certified Public Accountants (AICPA). 2006a. Planning and Supervision. Statement of Auditing Standards No. 108. New York, NY: AICPA.
6. American Institute of Certified Public Accountants (AICPA). 2006b. Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement. Statement of Auditing Standards No. 109. New York, NY: AICPA.
7. American Institute of Certified Public Accountants (AICPA). 2006c. Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained. Statement of Auditing Standards No. 110. New York, NY: AICPA.
8. American Institute of Certified Public Accountants (AICPA). 2006d. The AICPA Core Competency Framework for Entry into the Accounting Profession. Available at: http://www.aicpa.org/edu/corecomp.htm
9. American Institute of Certified Public Accountants (AICPA). 2007a. Educational Competency Assessment. Available at: http://www.AICPA-eca.org
10. American Institute of Certified Public Accountants (AICPA). 2007b. A Firm's System of Quality Control. Statement on Quality Control Standards No. 7. New York, NY: AICPA.
11. Arens, A. A., and R. J. Elder. 2006. Perspectives on auditing education after Sarbanes-Oxley. Issues in Accounting Education 21 (4): 345-362.
12. Arnold, V., and S. G. Sutton. 2007. The impact of enterprise systems on business and audit practice and implications for university accounting education. International Journal of Enterprise Information Systems 3 (4): 1-21.
13. Association for Computing Machinery (ACM), Association for Information Systems (AIS), Association of Information Technology Professionals (AITP), and Association for Information Systems (AIS). 2002. IS 2002: Model Curriculum and Guidelines for Undergraduate Degree Programs in Information Systems. Available at: http://www.aisnet.org/Curriculum/IS2002-12-31.pdf
14. Baldwin, B. A., and D. C. Kneer. 1986. EDP audit education and EDP auditor characteristics: Empirical data from practitioners and professors. Issues in Accounting Education 1 (1): 153-167.
15. Bedard, J. C., L. Graham, and C. Jackson. 2005. Information systems risk and audit planning. International Journal of Auditing 9 (2): 147-163.
16. Bedard, J. C., L. Graham, and C. Jackson. 2008. Archival evidence on detection and severity classification of Sarbanes- Oxley Section 404 internal control deficiencies. Working paper, Bentley University.
17. Bedford Committee. 1986. Future accounting education: Preparing for the expanding profession. Issues in Accounting Education 1 (1): 168-195.
18. Bell, T. B., W. R. Knechel, J. L. Payne, and J. J. Willingham. 1998. An empirical investigation of the relationship between the computerization of accounting systems and the incidence and size of audit differences. Auditing: A Journal of Practice & Theory 17 (1): 13-38.
19. Bierstaker, J. L., P. Burnaby, and J. Thibodeau. 2001. The impact of information technology on the audit process: An assessment of the state of the art and implications for the future. Managerial Auditing Journal 16 (3): 159-164.
20. Bierstaker, and A. Wright. 2004. Does the adoption of a business risk audit approach change internal control documentation and testing practices? International Journal of Auditing 8 (1): 67-78.
21. Biggs, S. F., W. F. Messier, and J. V. Hansen. 1987. A descriptive analysis of computer audit specialists' decision-making behavior in advanced computer environments. Auditing: A Journal of Practice & Theory 6 (2): 1-21.
22. Bonner, S. 2008. Judgment and Decision Making in Accounting. Upper Saddle River, NJ: Pearson Prentice Hall.
23. Borthick, A. F., Curtis, M. B., and Sriram, R. S. 2006. Accelerating the acquisition of knowledge structure to improve performance in internal control reviews. Accounting, Organizations and Society 31 (4-5): 323-342.
24. Brazel, J. F. 2005. A measure of perceived auditor ERP systems expertise. Managerial Auditing Journal 20 (6): 619-631.
25. Brazel, J. F, and C. P. Agoglia. 2007. An examination of auditor planning judgments in a complex accounting information system environment. Contemporary Accounting Research 24 (4): 1059-1083.
26. Briggs, L. 2008. Best practices. CPAs in coders' clothing: Auditors breach IT's inner sanctum. IT Compliance Institute. Available from http://www.itcinstitute.com.
27. Brynjolfsson, E., and L. M. Hitt. 1995. Computers as a factor of production: The role of differences among firms. Journal of Economic Innovation and New Technologies 3: 183-199.
28. Brynjolfsson, E., and L. M. Hitt. 1996. Paradox lost? Firm-level evidence on the returns to information systems spending. Management Science 42 (4): 541-560.
29. Burg, W. D., and T. W. Singleton. 2005. Assessing the value of IT: Understanding and measuring the link between IT and strategy. Information Systems Control Journal 3: 40-44.
30. Canada, J., J. R. Kuhn Jr., and S. G. Sutton. 2006. The pervasive nature of IT controls: An examination of material weaknesses in IT controls and audit fees. Working paper, University of Central Florida.
31. Carmichael, D. 2004. The PCAOB and the social responsibility of the independent auditor. Accounting Horizons 18 (2): 127-133.
32. Carney, J. 2008. Navigating the cultural shift. Journal of Accountancy 205 (1): 44-45.
33. Collier, P., R. Dixon, and C. Marston. 1991. The role of internal auditors in the prevention and detection of computer fraud. Public Money & Management 11 (4): 53-61.
34. Curtis, M. B., and R. E. Viator. 2000. An investigation of multidimensional knowledge structure and computer auditor performance. Auditing: A Journal of Practice & Theory 19 (2): 83-103.
35. Curtis, M. B., and E. A. Payne. 2008. An examination of contextual factors and individual characteristics affecting technology implementation decisions in auditing. International Journal of Accounting Information Systems 9 (1): 104-121.
36. Daigle, R. J., D. C. Hayes, and K. E. Hughes II. 2007. Assessing student learning outcomes in the introductory accounting information systems course using the AICPA's core competency framework. Journal of Information Systems 21 (1): 149-169.
37. Davis, C. K., and C. A. Dykman. 1993. Information systems auditors: Friend or foe? Journal of Systems Management 44 (6): 25-27.
38. Dehning, B., and V. J. Richardson. 2002. Returns on investments in information technology: A research synthesis. Journal of Information Systems 16 (1): 7-30.
39. Dehning, B., V. J. Richardson, and R. W. Zmud. 2003. The value relevance of announcements of transformational information technology investments. MIS Quarterly 27 (4): 637-656.
40. Dewan, S., and C. Min. 1997. The substitution of information technology for other factors of production: A firm level analysis. Management Science 43 (12): 1660-1675.
41. European Spreadsheet Risks Interest Group (ESRIG). 2007. Spreadsheet Mistakes-News Stories. Available at http://www.eusprig.org/stories.htm
42. Gallegos, F. 1991. Computer information systems audit career development. The EDP Auditor Journal 1: 23-31.
43. Gallegos, F. 2004. Educating the masses: Audit, control and security of information systems today and tomorrow. Information Systems Control Journal 6: 13-15.
44. Ge, W., and S. McVay. 2005. The disclosure of material weaknesses in internal control after the Sarbanes-Oxley Act. Accounting Horizons 19 (3): 137-158.
45. Grabski, S. V., J. H. Reneau, and S. G. West. 1987. A comparison of judgment, skills, and prompting effects between auditors and systems analysts. MIS Quarterly 11 (2): 151-161.
46. Green, P., P. Best, M. Indulska, and T. Rowlands. 2005. Information systems audit and control issues for enterprise management systems: Qualitative evidence. Australian Accounting Review 3: 67-77.
47. Hermanson, D. R., M. C. Hill, and D. M. Ivancevich. 2000. Information technology-related activities of internal auditors. Journal of Information Systems 14 (Supplement): 39-53.
48. Hitt, L., and E. Brynjolfsson. 1996. Productivity, profit and consumer welfare: Three different measures of information technology. MIS Quarterly 20 (2): 121-142.
49. Hunton, J. E., A. M. Wright, and S. Wright. 2004. Are financial auditors overconfident in their ability to assess risks associated with enterprise resource planning systems? Journal of Information Systems 18 (2): 7-28.
50. Im, K. S., K. E. Dow, and V. Grover. 2001. A reexamination of IT investment and the market value of the firm-An event study methodology. Information Systems Research 12 (1): 103-117.
51. Information Systems Audit and Control Association (ISACA). 2002. Effect of Third Parties on an Organization's IT Controls. Available at http://www.isaca.org/Template.cfm?Section_home&Template_/ContentManagement/ContentDisplay.cfm&ContentID_18669
52. Information Systems Audit and Control Association (ISACA). 2006. Model curriculum for IS audit and control. Available at: http://www.isaca.org/Template.cfm?Section_ModelCurriculum&Template_/TaggedPage/TaggedPageDisplay.cfm&TPLID_41&ContentID_33103
53. Institute of Internal Auditors (IIA). 2007. IT Audit Curriculum. Available at: http://www.TheIIA.org/seminars/it-audit-curriculum
54. Janvrin, J. D., J. Bierstaker, and D. J. Lowe. 2008a. An investigation of factors influencing the use of computer-related audit procedures. Working paper, Iowa State University.
55. Janvrin, J. D., J. Bierstaker, and D. J. Lowe. 2008b. An examination of audit information technology use and perceived importance. Accounting Horizons 22 (1): 1-21.
56. Kiel, P. 2008. Challenges and payoffs in implementing the new standard. Journal of Accountancy 205 (1): 41-43.
57. Lacity, M. C., and L. P. Willcocks. 1998. An empirical investigation of information technology sourcing practices: Lessons from experience. MIS Quarterly 22 (3): 363-408.
58. Liang, D., F. Lin, and S. Wu. 2001. Electronically auditing EDP systems with the support of emerging information technologies. International Journal of Accounting Information Systems 2 (2): 130-147.
59. Lim, J-H., B. Dehning, and V. J. Richardson. 2008. A meta-analysis of the effects of IT investments on firm performance. Working paper, University of Waterloo.
60. Litecky, C. R., and J. E. McEnroe. 1981. EDP audit job definitions: How does your staff compare? The Internal Auditor 38 (2): 57.
61. Lynch, A., and M. Gomaa. 2003. Understanding the potential impact of information technology on the susceptibility of organizations to fraudulent employee behavior. International Journal of Accounting Information Systems 4 (4): 295-308.
62. Mainelli, M. 2005. The Michael Mainelli column: Standard differences: Differentiation through standardization? Journal of Risk Finance 6 (1): 71-79.
63. McConnell, D. K., and C. Schweiger. 2007. Implementing the new ASB risk assessment audit standards. The CPA Journal 77 (6): 20-26.
64. Messier, W. F., A. Eilifsen, and L. A. Austen. 2004. Auditor detected misstatements and the effect of information technology. International Journal of Auditing 8 (3): 223-235.
65. Musaji, Y. 2005. Sarbanes-Oxley and business process outsourcing risk. Information Systems Control Journal 5: 47-50.
66. O'Donnell, E., V. Arnold, and S. G. Sutton. 2000. An analysis of the group dynamics surrounding internal control assessment in information systems audit and assurance domains. Journal of Information Systems 14 (Supplement): 97-116.
67. Payne, E. A., and M. B. Curtis. 2008. Can the unified theory of acceptance and use of technology help us understand the adoption of computer-aided audit techniques by auditors? Working paper, University of Louisville.
68. Protiviti. 2006. Internal audit capabilities and needs survey. Available at: http://www.protiviti.com
69. Public Company Accounting Oversight Board (PCAOB). 2003. Interim Auditing Standards. Available at http://www.pcaobus.org/Standards/InterimStandards/AuditingStandards/index.aspx
70. Public Company Accounting Oversight Board (PCAOB). 2004. Standing Advisory Group Meeting Meeting-Potential Standard-Elements of Quality Control. Available at http://www.pcaobus.com/Standards/Standing Advisory Group/Meetings/2004/11-17/Quality Control.pdf.
71. Public Company Accounting Oversight Board (PCAOB). 2005. Staff Questions and Answers: Attest Engagements Regarding Xbrl Financial Information Furnished Under the Xbrl Voluntary Financial Reporting Program on the Edgar System. Available at: http://www.pcaob.org/Standards/Staff Questionsand Answers/2005/05-25%20.pdf.
72. Public Company Accounting Oversight Board (PCAOB). 2006. An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements. Auditing Standard No. 5. Available at http://www.pcaobus.org/Rules/Rulesof theBoard/Auditing Standard 5.pdf.
73. Public Company Accounting Oversight Board (PCAOB). 2007. Standing Advisory Group Meeting Standards-Setting Priorities As of October 18, 2007. Available at http://www.pcaob.org/standards/standingadvisorygroup/meetings/2007/10-18/activitiesscript.pdf.
74. Quarles, R. 1994a. An examination of work-related motivational needs of professional EDP auditors. Advances in Accounting 12: 187-207.
75. Quarles, R. 1994b. An empirical examination of a model of the turnover intentions of information systems auditors. Journal of Applied Business Research 10 (1): 73-85.
76. Ranganathan, C., and C. V. Brown. 2006. ERP investments and the market value of firms: Toward an understanding of influential ERP project variables. Information Systems Research 17 (2): 145-161.
77. Romeo, J. 2001. ERP: On the rise again. Available at: http://www.networkcomputing.com/1219/1219f1.html.
78. Securities and Exchange Commission (SEC). 2008. XBRL voluntary financial reporting program on the EDGAR System. Available at: http://www.sec.gov/rules/final/33-8529.htm
79. Shaikh, J. 2005. E-commerce impact: Emerging technology-Electronic auditing. Managerial Auditing Journal 20 (4): 408-421.
80. Stratopoulos, T., and B. Dehning. 2000. Does successful investment in information technology solve the productivity paradox? Information and Management 38 (2): 103-117.
81. Sutton, S. G., and C. Hampton. 2003. Risk assessment in an extended enterprise environment: Redefining the audit model. International Journal of Accounting Information Systems 4 (4): 57-73.
82. Sutton, S. G. 2006. Extended-enterprise systems' impact on enterprise risk management. Journal of Enterprise Information Management 19 (1/ 2): 97-114.
83. Trivedi, T. 2007. 10 things to consider when offshoring operations. Information Systems Control Journal 5: 1-2.
84. Tucker, G. 2001. IT and the audit. Journal of Accountancy 192 (3): 41-43.
85. Tussing, R. T., and G. L. Helms. 1980. Training computer audit specialists. Journal of Accountancy 150 (1): 71-74.
86. Vendrzyk, V. P., and N. A. Bagranoff. 2003. The evolving role of IS audit: A field study comparing the perceptions of IS and financial auditors. Advances in Accounting 20: 141-163.
87. Viator, R. E., and M. B. Curtis. 1998. Computer auditor reliance on automated and non-automated controls as a function of training and experience. Journal of Information Systems 12 (1): 19-30.
88. Waller, W. 1993. Auditors' assessments of inherent and control risk in field settings. The Accounting Review 68 (4): 783-803.
89. Wright, S., and A. M. Wright. 2002. Information system assurance for Enterprise Resource Planning systems: Unique risk considerations. Journal of Information Systems 16 (1, Supplement): 99-113.
90. Yang, D. C., and L. Guan. 2004. The evolution of IT auditing and internal control standards in financial statement audits: The case of the United States. Managerial Auditing Journal 19 (4): 544-555.