Information technology (IT) related auditing in Malaysian public sector: an empirical study of national audit department of Malaysia

Abstract

Advances in information technology (IT) continuously render control procedures obsolete. Indispensably audit methodology has to evolve to keep abreast with the change in technology. This study is to investigate on the adoption and usage of IT control evaluation and examine IT evaluation based on IT audit objectives, organisational characteristics, competency of auditor and usage of CAATTs. Mail self-administered questionnaires were sent to 400 public sector auditors (providing a usable sample size of 73). The instrument was developed based on the 36 specific test outlined in IFAC (1995). The results show that application processing control and data integrity, privacy and security control were the most frequent evaluation performed by the public sector auditor. It was observed that auditors in different divisions performed evaluation on system development and acquisition control as well as system maintenance and program change control differently. IT audit objectives related to compliance with policies, procedures and regulation is given higher consideration and performed differently in different divisions. CAATTs has been used most frequently as the problem solving aid. Only application processing controls are associated with the percentage of new system. Several appealing patterns emerged from the regression models. Audit objective related to fairness of financial statements and accuracy of accounting records appears to have the greatest association with IT controls. The usage of CAATTs appears to have the strongest association with IT evaluations. The existence of new systems may play a role in evaluations. The results will enable management and auditors to better understand the controls evaluations of their CIS and confer more attention to evaluations that have been overlooked by the auditors as well as to improve the IT evaluation procedures. The reviews show that this is the first research done in the Malaysian public sector. By virtue of this, this study is conducted with the aim in fulfil the gap.