Affiliation:
1. Kennesaw State University.
2. University of North Carolina at Wilmington.
Abstract
Advances in information technology (IT) present important new organizational risks, and the assessment and management of these risks may involve a variety of groups, including internal auditors, external auditors, in-house IT experts, and outside consultants. To begin to understand how organizations are addressing their IT risks, this exploratory study examines the IT-related activities of one group—internal auditors.
Information gathered from over 100 internal audit directors indicates that internal auditors focus primarily on traditional IT risks and controls, such as IT asset safeguarding, application processing, and data integrity, privacy, and security. Much less work is done on system development and acquisition issues. Several factors are associated with internal auditors' performance of IT evaluations, including the nature of the audit objective, the prevalence of computer audit specialists on the internal audit staff, and the existence of new computerized systems. To supplement these results, we encourage further research on the efforts of other groups in addressing IT risks.
Publisher
American Accounting Association
Subject
Management of Technology and Innovation,Information Systems and Management,Human-Computer Interaction,Accounting,Information Systems,Software,Management Information Systems
Reference20 articles.
1. Budgetary Control and Organization Structure
2. Gelinas, U., S. Sutton, and A. Oran. 1999. Accounting Information Systems. Cincinnati, OH: South-Western College Publishing.
Cited by
21 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献