Risk Factors for an audit process in the developed IT

environment
The concept of research based on experiences from small audit practices in Poland

Izabela Maciejewska

Certified Public Accountant

Master of Science in Basic Technical Problems Risk factors

related to IT
PhD student, Uniwersity of Lodz,
Lodz, Poland

The number of months devoted to the development of the work: 7

e-mail: [email protected] e-business Audit

Research area includes the themes proposed for the Conference -

“ICT for Auditing”

Abstract—Small-and Medium-Sized Audit Practices ( SMP ) in

Poland face many challenges nowadays which are related to the e-processes e-products Accounts Procedures
legislation framework, public demands on quality of services,
expectation of customers regarding low prices, competitors and
impact of new technologies on accounting, financial reporting and
auditing. Polish SMP are on the way to prepare their activities in
order to meet regulations of ISA which are much more rigorous B2B e-products Errors CAAT
than polish ones in areas such as, for example, documentation of B2C e-services Frauds GAAS
an audit process, quality assurance system and risk based B2E
approach. The use of Computer Assisted Audit Tools ( CAAT) or e-currency Internal
EFT Controls
Generalized Audit Tools ( GAS) seems to be a crucial subject on
which audit practices in Poland should concentrate for the EDT
Datas
coming years. SMP needs to learn how to use ICT for decreasing edocuments
audit risk in highly developed IT environment. esignatures Security
eflow of
Keywords- evolution of the IT environment, audit risk , auditing
process, CAAT ( computer assisted audit tools). documents
e-shop
I. INTRODUCTION Cloud
B2B- business to business,
Computing
B2C-
BPO business to customer,
B2E – business to employee,
The dynamic development of data communications industry , EFT – electronic fund transfer,
with which we deal in recent years, affect the risk of audit of EDT – electronic data transfer,
financial statements to some extent by increasing them , and to BPO – business process outsorcing,
some minimizing the risk of audit . CAAT – Computer assisted audit tools,
Situational factors related to the IT environment , which affect GAAS- generally accepted audit systems,
the risk of an audit of the financial statements are presented
on the following diagram
 - identify commercially available audit systems
II. THE PROBLEM APPROACHED AND ITS SIGNIFICANCE supporting the process of an audit of financial
statement in Poland,
- determine the relevance of an audit procedures
A. The research problem. related to IT environment versus ISA requirements
included in those systems
Developed IT environment introduces the audit process - determine the knowledge and the level of usage
highly conditioned specific risks that require separate about CAAT of the audit practices in Poland.
identification and mitigation through appropriate modification
of the procedural elements of the auditing process . III. A BRIEF DISPLAY OF WHAT IS ALREADY
Polish and international auditing standards ( ISA) require KNOWN
from auditors performing testing of an IT environment in
order to identify risk of errors in the financial statement
related to IT environment. A. The purpose of the audit
Auditing has variously been regarded as a well-structured
and mechanistic process1. The degree of audit structure should The purpose of the audit of financial statement is to
be associated with the development of IT environment. enhance the degree of confidence of intended users in the
financial statements. This is achieved by the expression of an
audit opinion by the auditor on whether the financial
statements are prepared, in all material respects in accordance
B. Significance of the research problem. with an applicable financial reporting framework.
According to ISA 200 the auditor is required to obtain
The evolution of the financial and accounting systems from reasonable assurance about whether the financial statements as
simple batch systems to integrated ERP systems (enterprise a whole:
resource planning) with simultaneous development of - are free from material misstatements and
techniques for data and telecommunication devices has caused - prepared in all material respects in accordance with
fundamental changes in the records of business transactions. an applicable financial reporting framework.
In the environment developed computational technology
opportunities for falsification of data are very large at the large B. An audit of financial statement - risk based approach
amounts of data and complex algorithms and schemes
postings becomes impossible for auditing without the use of International Auditing Standards ( ISA ) are based on main
specialized software that will scan a file and key database concept which is the audit risk approach. The audit risk is
fields in search of / for characteristics indicating that the defined as a risk that the auditor expresses an inappropriate
evidence offense (General Audit Software) . audit opinion when the financial statements are materially
misstated. Audit risk is a function of the risks of material
misstatement ( inherent risk and control risk) and detection
III. THE RESEARCH OBJECTIVES AND RELATED risk.
INVESTIGATION TOPICS
The specific regulations are included in ISA 315
“Identifying and assessing the risks of material misstatement
The main objective through understanding the entity and its environment “.
Risk of material misstatement is the risk that the financial
This topic has been undertaken in order to: statements are materially misstated prior to an audit which
- identify the risks of an audit of the financial consists of two components described as inherent risk and
statements in developed information environment , control risk.
their determinants and impact on the process of Risk based approach leads to many challenges for auditors
auditing and and computer assisted audit tools as well. Computer assisted
- developing the concept of modifications of an audit audit tools which would support audit firms for an audit risk
procedures in order to minimize specific risks management would be great help for auditors during the
brought by IT environment. process of an audit of financial statement.

The specific objectives

The specific objectives are:

1
Smith M., „ Research methods in accounting”Sage, 2009
 Source: IFAC Guide
C. Auditing process

An auditing process consists of the following phases Based on ISA 500 an auditor is required to keep an audit
evidence in proper manners. The auditor should obtain
sufficient, appropriate audit evidence to reduce audit risk to an
AUDIT PHASES acceptably low level and thereby enable the auditor to draw
1. Client approval reasonable conclusions based on which the auditor’s opinion
is expressed.
Understand the Entity
Ethics considerations In practice the correctness of the auditor's opinion is
conditioned by the approach to the identification and
Risk Assesment Overview consideration of highly specific risks for the examination of
the financial statements drawn up and audited in the
Engagement Acceptance and Continuance conditions of a highly developed IT environment.
2. Plan
Audit Strategy
Audit Plan D. Related research works.
Materiality
At this stage of my research work I have not identified in
Audit-Team Discussions the literature similar research works.
3. Performing Risk Assessment Procedures
The research works which are related with audit risks and/or
Inherent Risks—Identification audit technology have been presented in foreign literatures
Inherent Risks—Assessment such as:
- Cushing B.E. and Loebecke J.K., „Comparision of
Significant Risks Audit Methodologies of Large Accounting Firms”,
Studies in Accounting Research No 26, American
Accounting Association, Savasota, Florida, 1986
Understanding Internal Control
- Dirsmith, M.W. and Haskins M.F., „ Inherent Risk
Evaluating Internal Control Assesment and Audit Firm Technology: A Contrast
in World Theories”, Accounting Organizations and
Communicating Deficiencies in Internal Control Society, Vol.16, No1, pp.61-90, 1991
- Dirsmith, M.W. and McAllister, „ The Organic vs.
Concluding the Risk Assessment Phase The Mechanistic Audit”, Journal of Accounting,
Auditing and Finance, Fall, pp.60-74, 1982
4. Risk Response - Kinney W., „ Audit Technology and Preferences for
Auditing Standards”, Journal of Accounting and
Risk Response Economics, Vol.12, pp.141-171.
The Responsive Audit Plan
In Poland there were not research works conducted so far
Determining the Extent ofTesting in the areas related to an audit risk in IT environment.

Documenting Work Performed The research works presented in polish literature which are
partially are:
Written Representations
- Młynarczyk A. „Methods of evaluation audit risk as
an element of audit procedures “, University of
5. Reporting Katowice,2009
Reporting—Overview - Szczepankiewicz E., „ Internal control system in the
IT accounting applications, University of Poznan,
Evaluating Audit Evidence 2006
Communicating withThose Charged with Governance
Modifications to the Auditor's Report IV. A PROPOSSED SOLUTION METODOLOGY FOR
THE PROBLEM.
Emphasis of Matter and Other Matter Paragraphs
Comparative Information A.PROPOSED SOLUTION METODOLOGY .

6. Quality control of an engagement Taking into consideration that the research work is at
the early stage the detailed specification of research method to developed IT environment occur.
be adopted will be done after literature review. Computer assisted audit tools could support the process
of an auditing in an advanced computational technology
The outline of the empirical studies which Im planning to environment. Therefore the audit firms should tailor the audit
conduct are: programs and procedures , in order to effectively and
properly examine the financial statements.
1. Analysis of an auditing standards (polish and international ) The use of computer-assisted audit techniques would
2. Literature studies ( polish and international ) increases the effectiveness and efficiency of performing
3. Analysis of polish and foreign research works on auditing auditing services.
in IT environment The independent audit of the IT environment by independent
4. Surveys of 5 CAAT tools available on polish market experts reduces the risk of audit process .
( compliance with ISA regarding risk of an audit in IT
environment) .
5. Surveys in audit firms in several Polish cities
6. Panel discussion during the conference for an audit firms . VI SUMMARY
7. Case study ( participant observation in natural conditions ,
together with an analysis of collected materials ) . In Poland nowadays using CAAT in audit process is not so
8.Identification of the risks of an audit of the financial popular. There are not trainings for auditors on this areas as
statements in developed information environment , their well.
determinants and impact on the process of auditing and Equipping auditors from SMP in Poland with Computer As-
9.Developing the concept of modifications of an audit sisted Audi Tools and Generally Audit Systems would in-
procedures in order to minimize specific risks brought by IT crease efficiency of an audit process and decrease the risk of
environment. an audit and clarity of management in SMP.

B. The planned structure of the research work. The research work with using CAATs in Poland offers a
range of research opportunities. I provided only a short review
Chapter 1 in order to emphasise the significance of the problem.
Evolution of the auditing function in the world and in Poland
Chapter 2
The dynamic development of the use of IT techniques in REFERENCES
accounting and financial reporting as a global trend of the
times. [1] IFAC, „Guide to practice management for small and medium-sized
Chapter 3 practices”, IFAC Publications, New York, 2012
The approach to the audit of financial statements , in practice, [2] ISA, IAASB
in the light of the theory of situational determinants [3] IFAC, Evaluating and improving costing in organization, International
Chapter 4 Good Practice Guidance, IFAC 2009
Risk Factors in audit process in the developed IT environment [4] Arens A., Elder R., Beasley M., „Auditing and assurance services an
integrated approach”, Pearson, 2012
Chapter 5
[5] Cushing B.E. and Loebecke J.K., „Comparision of Audit Methodologies
Reducing the risks brought by IT through the use of of Large Accounting Firms”, Studies in Accounting Research No 26,
appropriate testing procedures - in the light of empirical American Accounting Association, Savasota, Florida, 1986
research [6] Dirsmith, M.W. and Haskins M.F., „ Inherent Risk Assesment and
Chapter 6 Audit Firm Technology: A Contrast in World Theories”, Accounting
Organizations and Society, Vol.16, No1, pp.61-90, 1991
The concept of modified audit process in the IT environment
[7] Dirsmith, M.W. and McAllister, „ The Organic vs. The Mechanistic
Audit”, Journal of Accounting, Auditing and Finance, Fall, pp.60-74,
1982
[8] Kinney W., „ Audit Technology and Preferences for Auditing
Standards”, Journal of Accounting and Economics, Vol.12, pp.141-171
[9] Maciejewska I., „ Audit of the financial statement in IT environment” ,
V. EXPECTED RESULTS KIBR Publications, Warsaw, 2013
[10] Maciejewska I., The influence of IT technologies development on the
audit practice based on ISA regulations”, XIIAudit Conference in
The evolution of the IT environment affect the risk of errors Poland, KIBR, 2011
in the financial statements and audit process. [11] Smith M., „ Research methods in accounting”, Sage, 2009
New risks of an audit the financial statements in the