Article

Integrated information systems: SAS 94 and auditors

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

Statement on Auditing Standards No. 94 (SAS 94) gives guidance to auditors on how IT impacts internal control—and it affects how auditors get their understanding of internal control and assess control risk. The authors discuss the background of these issues, describe the major changes of SAS 94, and give tips on implementing it. © 2007 Wiley Periodicals, Inc.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... These areas are information protection, disclosure of the business and transactions integrity. WebTrust provides the trust in the websites containing the information, and the SysTrust service provides the trust in the systems producing the information (Pathak and Lind, 2002;Amin and Mohamed, 2016). ...
... They also need to be aware of the risks that may occur as a result of IT implementation. (Pathak and Lind, 2002). It is for the auditors to gain an understanding of technical requirements to improve their role in the implementation and proper use of audit software. ...
Article
Full-text available
Purpose Information technology (IT) largely affected contemporary businesses, and accordingly, it imposes challenges on the auditing profession. Several studies investigated the impact of IT, in terms of the extent of use of IT audit techniques, but very studies are available on the perceived importance of the said issue in developing countries. This study aims to explore the impact of implementing IT on the auditing profession in a developing country, namely, Egypt. Design/methodology/approach This study uses both quantitative and qualitative data. A survey of 112 auditors, representing three of the Big 4 audit firms as well as ten local audit firms in Egypt, is used to gather preliminary data, and semi-structured interviews are conducted to gather details/qualitative-pertained information. A field-based questionnaire developed by Bierstaker and Lowe (2008) is used in this study. This questionnaire is used first in conducting a pre-test, and then, the questionnaire for testing the final results is developed based on the feedback received from the test sample. Findings The findings of this study reveal that auditors’ perception regarding client’s IT complexity is significantly affected by the use of IT specialists and the IT expertise of the auditors. Besides, they perceive that the new audit applications’ importance and the extent of their usage are significantly affected by the IT expertise of the auditors. The results also reveal that the auditors’ perception regarding the client’s IT is not affected by the control risk assessment. However, the auditors perceive that the client’s IT is significantly affected by electronic data retention policies. The results also indicated that the auditors’ perception regarding the importance of the new audit applications is not affected by the client’s type of industry. The auditors find that the uses of audit applications as well as their IT expertise are not significantly affected by the audit firm size. However, they perceive that the client’s IT complexity as well as the extent of using IT specialists are significantly affected by the audit firm size. Research limitations/implications This study is subject to certain limitations. First, the sample size of this research is somehow small because it is based on the convenience sampling technique, and some of the respondents were not helpful in answering the surveys distributed for this research’s purpose. This can be attributed to the fear of the competitors that their opponent may want to gather information regarding their work to be able to succeed in the competition in the market so they become reluctant to provide any information about their firm. Even some people who were interested to participate were not having enough time because the surveys were distributed during the high season of their audit work and there was limited time for the research to be accomplished. Hence, it is difficult to generalize the results among all the audit firms in Egypt because this limits the scope of the analysis, and it can be a significant obstacle in finding a trend. However, this can be an opportunity for future research. Second, the questionnaire is long and people do not have enough time to complete it. This also affected the response rate. In addition to this, the language of the questionnaire was English, so some respondents from the local audit firms were finding difficulty in understanding some sophisticated IT terms. Practical implications This study makes some recommends/suggestions that can well be used to solve some practical problems regarding the issues concerned. This study focuses on accounting information system (AIS) training during the initial years of the auditors’ careers to help staff auditors when they become seniors to be more skilled with AIS expertise needed in today’s audit environment. Clear policy statements are important to direct employees so that IT auditors evaluate the adequacy of standards and comply with them. This study suggests increasing the use of AIS to enhance individual technical and analytical skill sets and to develop specialized teams capable of evaluating the effectiveness of computer systems during audit engagements. This study further recommends establishing Egyptian auditing standards in this electronic environment to guide the auditors while conducting their audit work. Social implications Auditors should prioritize causes of risks and manage them with clear understanding of who receives them, how they are communicated and what action should be taken in a given community/society. So, they have to determine and evaluate all risks according to the client’s type of industry (manufacturing, non-financial services and financial). Auditors also have to continually receive feedback on the utility of continuous auditing (CA) in assessing risk. In particular, it is better for the auditor to determine how the audit results will be used in the enterprise risk management activity performed by the management. In addition, privacy has several implications to auditing, and so, it has to be reflected in the audit program and planning as well as the handling of assignment files and reports. Alike, retention of electronic evidence for a limited period of time may require the auditor to select samples several times during the audit period rather than just at year end. Originality/value As mentioned, this study is conducted within a developing country’s context. The use and importance of IT is reality of time. However, very few studies are devoted to explore the use/importance of IT in auditing in developing countries, and thus, this study carries a significance to have better understanding about it. Moreover, knowledge of how IT is used, the related risks and the ability to use IT as a resource in the performance of audit work is essential for auditor effectiveness at all levels including developing countries.
... Whereas it is possible to have a qualified SysTrust report, that is not possible for a WebTrust report. WebTrust provides the trust in the websites containing the information, and the SysTrust service provides the trust in the systems producing the information (Pathak and Lind, 2002;Amin and Mohamed, 2016). Some of the specific differences between a SAS 70 audit engagement and a SysTrust engagement are illustrated in Table 2.3. ...
Thesis
This study aims to examine and validate the impact of the implementation of SysTrust's framework (principles and criteria) as an internal control method for assuring reliability of Accounting Information System on the business performance via the mediating role of the quality of financial reporting among Jordanian public listed companies Based upon the literature review and contingency theory, an integrated conceptual framework was developed to guide this study. The study's conceptual framework consists of three major constructs: The SysTrust's service framework (availability, security, integrity processing, confidentiality, and privacy), the business performance (financial and non-financial indicators) and the quality of financial reporting. Descriptive correlational survey design approach is used in this study used as it sought to describe and establish the relationships among the study variables and it employs quantitative method to test the hypotheses first, and then to answer the research questions. Data were collected through self-administrated questionnaire with 239 respondents. Several statistical techniques were used to analyse the collected data. The model fitness and the constructs' validity and reliability were tested, followed by the validation of the conceptual model and research hypotheses. The findings of the study support the proposition that availability of SysTrust requirements as internal method for assuring the reliability of AIS is positively linked to business performance via the mediating role of the quality of financial reporting. Therefore, a better understanding of the influence of SysTrust principles upon business performance and quality of financial reporting should be viewed as whole rather than isolated fragments. The magnitude and significance of the loading estimate indicate that all of these five principles of SysTrust are relevant in predicating business performance and quality financial reporting. Thus, this study and its findings have number of contributions and managerial implications. In terms of theoretical contributions, this study has extended the reliability of AIS literature by providing the following: First, it explained the unexplored relationship among the reliability of AIS, the quality of financial reporting using the IASB's framework fundamental qualitative characteristics and business performance indicators (financial and non-financial). Second, testing the impact of the role of the quality of financial reporting as a mediating factor between the reliability of AIS and business performance measures (financial and non-financial) considered another contribution for the current study Furthermore, the SysTrust's framework implementation as an internal control system for assuring the reliability of AIS could be considered as the critical intangible resources for any business organization seeks for a reliable and effective accounting system in the long run. In this study, financial reporting quality justified as the mediator from contingency theory perspective where good quality and effective of information system is an integral component of a strong internal control system. III Declaration This work has not previously been accepted in substance for any degree and is not being concurrently submitted in candidature for any degree. Signed………………………………………………… (Candidate) Date…………………………………………………… IV ACKNOWLEDGMENTS
Article
Full-text available
Although the Internet is an essential conduit for many business activities, it isn't rendering the physical world any less important, as the failures of many Web merchants demonstrate. People need social and sensual contact. The companies that succeed will be those best able to integrate the physical and the virtual. But that requires a new kind of business architecture--a new approach to designing stores, offices, factories, and other spaces where business is conducted. The author, a faculty member at Harvard Graduate School of Design, provides practical guidelines to help managers and entrepreneurs think creatively about the structures in which their businesses operate. He outlines four challenges facing designers of such "convergent" structures, so-called because they function in both physical and virtual space: matching form to function, allowing visitors to visualize the presence of others, personalizing spaces, and choreographing connectivity. Using numerous examples, from a fashion retailer that wants to sell in stores as well as through a Web site to a radically new kind of consulate, the author shows how businesses can meet each challenge. For instance, allowing customers to visualize the presence of others means that visitors to a Web site should be given a sense of other site visitors. Personalizing physical and virtual spaces involves using databases to enable those spaces to adapt quickly to user preferences. The success of companies attempting to merge on-line and traditional operations will depend on many factors. But without a well-designed convergent architecture, no company will fully reap the synergies of physical space and Internet technology.
Article
DEVICES - A 40-year-old nonvolatile memory technology is being resurrected for use in low-power portable devices. Once perfected, its many advantages should qualify it to replace the flash memories now often used when information needs to be retained while power is off. It is compatible with state-of-the-art logic CMOS processes and thus is a strong candidate for embedded memory applications as well.
Article
The highly advertised third generation of wireless communications technology adds high-speed data and many features to the cellular network. The technology is poised for deployment, but the available bandwidth is scanty and user acceptance varies from country to country. It's a technology and service with growing pains.
Article
Article
The auditing industry has mounted a global campaign to reduce its liability. In Canada, it is attempting to change from a doctrine of joint and several liability to proportionate liability, to have the Federal government legislate a statutory cap on liability, or to have the Provincial governments approve the establishment of Limited Liability Partnerships. These initiatives are consistent with the proposals of the CPA firms in the US and the CA firms in the UK. This cross-national trend suggests that a global theory of society is needed to analyze the consequences of audit risk. This paper uses the “risk society” model proposed by Beck to understand why the audit industry focuses on reducing exposure to liability, rather than on improving the quality of audits. Beck's theory of “reflexive modernization” provides an analysis of the so-called “liability crisis” that attempts to overcome the institutional construction offered by the auditing industry. The paper recognizes that it is very difficult for observers outside of the large auditing firms to judge the real risks of audits and to develop alternative public policy options. Ideally, we should be able to evaluate litigation in a modern audit environment. However, the audit firms are not required to disclose sufficient information about their costs to determine the real impact. Meanwhile, professional groups are lobbying hard for changes that will reduce auditors risk without addressing the root causes of audit failures.
Article
Progressive sales organizations are becoming more strategic in their approaches to the initiation, development, and enhancement of customer relationships. In moving to a more strategic, less tactical approach, these organizations are exploring new leadership models to direct change. In addition, they are using emerging technologies to support sales strategy. This article presents a 15-point joint agenda following a review of pertinent research in the sales strategy, leadership, and technology areas. This joint agenda offers action items, food for thought, and research ideas for sales executives, academicians, trainers, consultants, and professional organizations.
Article
European Journal of Information Systems (2002) 11, 296–297. doi:10.1057/palgrave.ejis.3000414
Article
More than ever before, the supply chain presents a significant challenge to firms that must develop a logistics system to help enhance product flow throughout their distribution channels. Of the various types of suppliers, those described as preferred should normally be in the best position to respond to the strategic aspirations of large order-givers. Given the growing importance ascribed to supply chain management and supplier characterization in the literature, this article proposes to examine the actual contribution of various types of suppliers to supply chain integration. Following an empirical study focusing on a large multinational firm and its regular first-tier suppliers, a detailed statistical analysis was conducted. Cluster analysis revealed the extent of a suppliers' logistics contributions. Overall, the findings suggest three types of contributions, and show that the intensity of a supplier's contribution has little to do with its status as a preferred supplier, depending instead on the sophistication of a supplier's logistics system. The system is characterized by a significant increase in the role of logistics in a firm's structures, through formalization of an organization, reinforcement of communication and information quality and the use of leading-edge technology. The authors conclude that it may be tempting for a large order-giver simply to expect supply chain performance from its preferred suppliers, rather than adding this characteristic to the others used as a basis for granting preferred status to some of its suppliers.
Article
The AICPA and CICA have developed a new and promising assurance service for CPAs/CAs to offer clients-the CPA/CA WebTrust, The development and deployment of the CPA/CA WebTrust, however, are done in a high litigation risk enviromnent. No U.S. legal case has yet been reported which addresses directly the liability of accountants to nonclients for disseminating misleading financial or business information over a computer network; The rule that can be distilled from several related legal cases is that one who negligently disseminates misleading financial or other information over a public medium will be immune from a negligence claim, However,the current U.S. legal environment is characterized by a high level of uncertainty. Several risk management strategies may be adopted by WebTrust providers to minimize litigation risk.
Article
This paper examines the pricing of business risk by homogeneous auditors in a two period model. Incumbent auditors learn the client's business risk type during the course of the engagement. They subsequently compete in prices with prospective auditors. In such an environment, we show that equilibrium audit fees do not fully reflect the cost of business risk. Moreover, there exists differential auditor turnover between high and low risk firms; cross-subsidization of the audit fees of high risk firms by low risk firms; and low-balling by auditors.
Article
The Web service security challenge is to understand and assess the risk involved in securing a Web-based service today, based on our existing security technology, and at the same time track emerging standards and understand how they will be used to offset the risk in new Web services. Any security model must illustrate how data can flow through an application and network topology to meet the requirements defined by the business without exposing the data to undue risk. In this paper we propose a mechanism for the client to provide authentication data, based on the service definition, and for the service provider to retrieve those data. We also show how XML Digital Signatures and encryption can be exploited to achieve a level of trust.
Article
Suppliers have traditionally managed their relationships in the indirect reseller channel using inefficient, labor-intensive communications processes. As a result, the tasks of managing resellers and of precisely monitoring reseller productivity in converting leads to sales have been difficult. Today, a whole new category of Web-based software has emerged to address these opportunities. Software modules and systems in this new market space, now referred to as “Partner Relationship Management (PRM),” provide solutions specifically targeted to build closer and more productive supplier–reseller relationships. This paper overviews the origin, evolution, and potential role of PRM solutions in general channel management, and considers their link to existing Customer Relations Management software solutions. Also addressed is the prospective future of PRM—most notably, the possibility that dedicated PRM companies and their specialized best-of-breed solutions may be absorbed by broader-based software solution providers.
Article
The development of the Internet has made a powerful impact on the concept of commerce. E-commerce, a new way to conduct business, is gaining more and more popularity. Despite its rapid growth, there are limitations that hinder the expansion of e-commerce. The primary concern for most people when talking about online shopping is security. Due to the open nature of the Internet, personal financial details necessary for online shopping can be stolen if sufficient security mechanism is not put in place. How to provide the necessary assurance of security to consumers remains a question mark despite various past efforts. Another concern is the lack of intelligence. The Internet is an ocean of information depository. It is rich in content but lacks the necessary intelligent tools to help one locate the correct piece of information. Intelligent agent, a piece of software that can act on behalf of its owner intelligently, is designed to fill this gap. However, no matter how intelligent an agent is, if it remains on its owner's machine and does not have any roaming capability, its functionality is limited. With the roaming capability, more security concerns arise. In response to these concerns, SAFE, secure roaming agent for e-commerce, is designed to provide secure roaming capability to intelligent agents (Guan and Yang, 1999).
Article
How do companies in the fast-growing industries achieve good customer satisfaction together with efficiency in supply chain management (SCM)? This inductive case study of six customer cases of Nokia Networks, one of the leading providers of mobile telecommunication technology, led to propositions exploring that question. Good relationship between the customer and the supplier contributes to reliable information flows, and reliable demand information flows in turn contribute to high efficiency—these are well-researched issues also in other industry environments. But in a fast-growing systems business such as mobile telecommunications industry, the supplier needs to be able to adapt its offering to a wide variety of customer situations and needs. Understanding the customer’s situation and need together with the right offering contributes to good co-operation in improving the joint demand chain, which further leads to superior demand chain efficiency and high customer satisfaction.
E-com-merce strategies for business-to-business service firms in the global environment
  • D J Good
  • R Schultz
Good, D. J., & Schultz, R. (2002). E-com-merce strategies for business-to-business service firms in the global environment. American Business Review, 20(2), 111–118.
XBRL: Streamlining financial reporting
  • C D Graziano
Graziano, C. D. (2002). XBRL: Streamlining financial reporting. Financial Executive, 18(8), 52–55.
Traditional and emerg-ing methods of electronic assurance
  • G L Helms
Helms, G. L. (2002). Traditional and emerg-ing methods of electronic assurance. CPA Journal, 72(3), 26–31.
Case study on auditing in an electronic envi-ronment
  • G L Helms
  • F L Lilly
Helms, G. L., & Lilly, F. L. (2000). Case study on auditing in an electronic envi-ronment. CPA Journal, 70(4), 52–54.
The electronic auditor
  • G L Helms
  • J Mancino
Helms, G. L., & Mancino, J. (1998). The electronic auditor. Journal of Accoun-tancy, 185(4), 45–48.
Creating a business architecture
  • J Herman
Herman, J. (2001). Creating a business architecture. Business Communications Review, 31(12), 22–23.
Electronic signatures and encryp-tion
  • W Hillison
  • C Pacini
  • D Sinason
Hillison, W., Pacini, C., & Sinason, D. (2001). Electronic signatures and encryp-tion. CPA Journal, 71(8), 20–25.
XBRL in action: Banking
  • M Hucklesby
  • J Macdonald
Hucklesby, M., & Macdonald, J. (2002). XBRL in action: Banking. Chartered Accountants Journal of New Zealand, 81(10), 55–56.
Peer-to-peering into the future Agents in e-commerce: State of the art
  • E Millard
Millard, E. (2002). Peer-to-peering into the future. ABA Journal, 88, 66. Minghua, H., & Leung, H. F. (2002). Agents in e-commerce: State of the art. Knowl-edge & Information Systems, 4(1), 257–282.
Dot-com com-panies: Are they all hype?
  • S Natraj
  • J Lee
Natraj, S., & Lee, J. (2002). Dot-com com-panies: Are they all hype? S.A.M. Man-agement Journal, 67(3), 10–14.
Keeping information technology off the balance sheet
  • O Connor
O'Connor, D. (2002). Keeping information technology off the balance sheet. AFP Exchange, 22(2), 38–45.
Integration is key: An introduction to EAI technology. Manage-ment Services
  • J Opie
Opie, J. (2002a). Integration is key: An introduction to EAI technology. Manage-ment Services, 46(9), 18–19.
ABC and SAP. Strate-gic Finance
  • M Osheroff
Osheroff, M. (2002). ABC and SAP. Strate-gic Finance, 84(5), 23–25.
Assurance in the electronic commerce environment
  • D Pace
Pace, D. (1999). Assurance in the electronic commerce environment. Pennsylvania CPA Journal, 70(3), 1–5.
What the next IT revolu-tion should be? Information Resources Management Journal
  • D Paper
Paper, D. (2003). What the next IT revolu-tion should be? Information Resources Management Journal, 16(1), 1–5.
EDI: Getting rid of the paper trail
  • J Pathak
Pathak, J. (2001, January). EDI: Getting rid of the paper trail. Accountancy SA, pp. 3–4.
Long term profits, broad business benefits
  • J E Peak
Peak, J. E. (2002). Long term profits, broad business benefits. AFP Exchange, 22(6), 34–39.