Propose a model for successful IT auditing in Iran's banking industry

Document Type : Original Article

Authors
Mojtaba Ahmadi 1
Alireza Pourebrahimi 2
Ladan Riazi 3
Seyed Abdollah Amin Mousavi 4
1 Ph.D Student, Department of Information Technology Management, Science and Research Branch, Islamic Azad University, Tehran, Iran
2 Assistant Professor, Department of Industrial Management, Karaj Branch, Islamic Azad University, Karaj, Iran
3 Department of IT Management, Science and Research branch, Islamic Azad University, Tehran, Iran
4 Assistant Professor, Department of Industrial Management, Central Tehran Branch, Islamic Azad University, Tehran, Iran
10.22034/jmaak.2024.23807
Abstract
The purpose of this research is to propose a model for successful information technology audit in Iran's banking industry. For this purpose, the combination of Meta-synthesis method and fuzzy Delphi technique has been used. In the first phase of the research, in order to extract the variables of successful information technology audit from the literature related to the research, Meta-synthesis method was used. In this regard, researches from reliable sources from 1994 to 2024 were reviewed, 203 sources were extracted and 28 research titles were used. In the second phase, using the fuzzy Delphi technique and the questionnaire tool, the calculated variables for a successful information technology audit were presented with a survey of screening experts and then the final model. The statistical population of this research includes the Central Bank, the field of IT and IT auditing of different Iranian banks and IT auditors. The result of the research showed that the successful audit model has four main dimensions: factors related to the auditor, factors related to frameworks, requirements and regulations, factors related to the regulator and supervisor, and factors related to the environment and the employer.
Keywords
successful information technology audit
success model
Iranian banking industry
Meta-synthesis
fuzzy Delphi
Bierstaker, J, D, Janvrin and J. Lowe, (2013). What factors influence auditors' use of computer assisted audit techniques? Advances in Accounting, incorporating Advances in International Accounting, 4, .57-69.
Carlton, M., Levy, Y., and Ramim, M. (2019). Mitigating cyber attacks through the measurement of non-it professionalscybersecurity skills. Information and Computer Security, 27(1), 101-121.
Cascarino, R. E. (2012). Auditor's guide to IT auditing (2nd ed.). Hoboken, NJ: John Wiley & Sons, Inc.
Castka, P. and Searcy, C. (2023). Audits and COVID-19: A paradigm shift in the making. Business Horizon, 66(1), 5-11.
D'Onza, G., Lamboglia, R. and Verona, R. (2015). Do IT audits satisfy senior manager expectations? A qualitative study based on Italian banks, Managerial Auditing Journal, Vol. 30 No. 4/5, pp. 413-434.
Farcane, N., Bunget O. C., Blidisel, R., Dumitrescu, A. C., Deliu, D., Bogdan, O. and Burca, V. (2023). Auditors’ perceptions on work adaptability in remote audit: a COVID-19 perspective. Economic Research-Ekonomska Istraživanja, 36:1, 422-459.
Gantz, Stephen D. (2014). The basics of IT audit: purposes, processes, and practical information, Syngress publications.
Gu Huh Bong, Lee Sunhwa, Kim Wonsin. (2021). The impact of the input level of information system audit on the audit quality: Korean evidence, International Journal of Accounting Information Systems,Volume 43.
Havelka, Douglas & Merhout, Jeffrey W., (2013). Internal information technology audit process quality: Theory development using structured group processes. International Journal of Accounting Information Systems, Elsevier, vol. 14(3), pages 165-192.
Harvard University (2022). What is an Information Technology(IT) Audit? Retrieved from https://rmas.fad.harvard.edu/faq/what-does-information-systems-audit-entail
INTOSAI (2019). Guidance on audit of information systems, Retrieved from http://www.issai.org.
ISACA (2022). Get cisa certified: Apply for certification. Retrieved from https://www.isaca.org/credentialing/cisa/get-cisa-certified
ISACA (2020). IT audit framework (itaf): A professional practices framework for it audit. Schaumburg, IL.
ISACA (2015a). Information systems auditing: Tools and techniques: IS audit reporting. Rolling Meadows, IL.
ISACA (2015b). Certified information system auditor (CISA): Review manual (26th ed.). Rolling Meadows, IL: ISACA.
Lapalme, J. Kabiwa, V. and Tardif, P.M. (2019). Relationship between information technology auditors and auditees and their impacts on auditors, International Journal of Engineering Business Management, Volume 11: 1–16.
Lewis, M. (2020). Examining the relationship between CISSP certification and job performance:A Variance-based Approach (Doctoral dissertation, Capella University).
Lincoln, Y. S. and Guba, E. G. (1985). Naturalistic inquiry, Beverly Hills, CA, SAGE Publications, Inc.
Lugli, E. and Bertacchini, F. (2022). Audit quality and digitalization: some insights from theItalian context, Meditari Accountancy Research, Vol. 52 No. 4, pp. 570-593
Maior. P. (2015), Technologies and Methods for Auditing Databases, Procedia Economics and Finance, 26: 991 999.
Manita, Riadh , Elommal, Najoua , Baudier, Patricia and Hikkerova, Lubica, (2020). The digital transformation of external audit and its impact on corporate governance, Technological Forecasting and Social Change, Elsevier, vol. 150(C).
Mazza, T., Azzali, S. and Fornaciari, L. (2014). Audit quality of outsourced information technology controls, Managerial Auditing Journal, Vol. 29 No. 9, pp. 837-862.
Mustapha, Mazlina and Lai, Soh Jin. (2017). Information Technology in Audit Processes: An Empirical Evidence from Malaysian Audit Firms, International Review of Management and Marketing, 7(2): 53-59.
Muthmainnah, Yulisda, D. and Ilhadi, V. (2022). Academic Information System Audit Using Cobit 5 Domain APO Framework, International Journal of  Engineering, Science & Information Technology, Volume 2, No. 1, pp. 123-130.
NGUYEN, Anh Huu, HA, Hanh Hong, NGUYEN, Soa La. (2020). Determinants of Information Technology Audit Quality: Evidence from Vietnam, Journal of Asian Finance, Economics and Business Vol 7 No 4,41- 50.
Nye, E., Melendez-Torres, G.J., and Bonell, C. (2016). Origins, methods and advances in qualitative meta-synthesis. Review of Education, 4(1), 57-79.
Pais, Cláudio; Machado, Flávia, (2021). The influence of auditor characteristics on audit quality," 2021 16th Iberian Conference on Information Systems and Technologies (CISTI), , pp. 1-6, doi: 10.23919/2021.9476493.
Rodriguez, R.E., Vega, A.F.Q., Sanchez, A.F., López, A. and Pérez, J. F.(2018). Design of an Automation Model for Taking Documentary Evidence of Compliance Tests of the IT Audit, 2018 Congreso Internacional de Innovación y Tendencias en Ingeniería (CONIITI),  pp. 1-5.
Saffie, N.A.M., and Rasmani, K.A. (2016). Fuzzy delphi method: Issues and challenges. In 2016 International Conference on Logistics, Informatics and Service Sciences (LISS) (pp. 1-7). IEEE.
Sandelowski, M., and Barros, J. (2007). Handbook for synthesizing qualitative research, Springer publishing company Inc.
Sembiring, F.N. and Widur, R. (2023). The effect of auditor experience, big data and forensic audit as mediating variables on fraud detection, Journal of  Theoretical and Applied Information Technology. Vol.101. No 6.
Siew Eu-Gene, Yeow Paul H.P., Choon Ling Tan and Grigoriou, Nicholas (2017). Factors affecting IT Audit Quality: an Exploratory Study, Communications of the IBIMA, Vol. 2017 (2017), Article ID 802423.
Sherer, S. A., & Paul, J. W. (1993). Focusing audit testing on high risk software modules: a methodology and an application. Journal of Information Systems, 7-20.
Stoel, D. and D. Havelka. (2021) Information Technology Audit Quality: An Investigation of the Impact of Individual and Organizational Factors, Journal Of Information Systems, American Accounting Association,Vol. 35, No. 1
Stoel, D., D. Havelka, and J. W. Merhout. (2012). An analysis of attributes that impact information technology audit quality: A study of IT and financial audit practitioners. International Journal of Accounting Information Systems 13 (1): 60–79.
Thottoli, M.M. and K.V., T. (2022). Characteristics of information communication technology and audit practices: evidence from India, VINE Journal of Information and Knowledge Management Systems, Vol. 52. 4,. 570-593.
Ukpere, O. (2019). Examining the relationship between human capital factors and data breach occurrences: A correlational study (Doctoral dissertation, Capella University).
Vasarhelyi, M. A. and Romero, S. (2014). Technology in audit engagements: a case study, Managerial Auditing Journal, Vol. 29 Iss: 4, pp.350 – 365.
Walsh, D., and Downe, S. (2005), Meta-synthesis method for qualitative research: a literature review, Journal of Advanced Nursing, 50, 204–211.
Westland, J.C. (2022).  Assessing Privacy and Security of Information Systems from Audit Data. Information Systems Frontiers 24, 1417–1434.