• No results found

THE INFLUENCE OF IT GOVERNANCE ON THE ATTITUDES OF AUDITORS TOWARDS IT

N/A
N/A
Protected

Academic year: 2021

Share "THE INFLUENCE OF IT GOVERNANCE ON THE ATTITUDES OF AUDITORS TOWARDS IT"

Copied!
39
0
0

Bezig met laden.... (Bekijk nu de volledige tekst)

Hele tekst

(1)

THE INFLUENCE OF IT GOVERNANCE ON THE ATTITUDES OF AUDITORS

TOWARDS IT

Master thesis, MSc Accountancy & Controlling University of Groningen, Faculty of Economics and Business

20th of June, 2016

Student name: ROBIN KNOLLEMA Student number: s2022559 Supervisor: Dr. S. Girdhar

(2)

2

Abstract

This thesis investigates how IT Governance influences the attitudes of auditors towards the IT that is used by auditors (Bierstaker, Burnaby, & Thibodeau, 2001). Auditors use IT almost during every activity in their profession. Computer Assisted Audit Techniques (CAATTs) can be used during the audit to make the work of an auditor more effective (J. Bierstaker, Janvrin, & Lowe, 2014). As the end users of IT are important in making an IT investment succeed, it is important that Business and IT is aligned. To get a better view of how the attitudes of auditors are influenced by IT Governance, a case study is held whereby auditors and IT personnel are interviewed. During the case study, it has been found that the attitude, subjective norm and perceived behavioral control have an influence on the behavior of how an auditor uses IT to perform audits.

(3)

3

Table of Contents

Introduction ... 4

Theoretical Framework ... 7

IT governance and audit firms ... 7

The auditor and IT ... 7

Theory of Planned Behavior (TPB) ... 9

Attitudes ... 10 Subjective norm ... 11 Behavioral control ... 11 Case description ... 14 Interviews ... 15 Results ... 17 Attitude ... 17 Subjective norm ... 19 Behavioral control ... 20 Summary ... 27

Discussion and Conclusion ... 29

Limitations and future research... 30

References ... 32

(4)

4

Introduction

The audit profession is characterized by the phenomenon that auditors are subjected to multiple sources of pressure (DeZoort & Lord, 1997). This ranges from time budget pressure, to evaluation pressure, to client pressure (Coram, Ng, & Woodliff, 2003; Curtis & Payne, 2008; Kao, Li, & Zhang, 2013). When appointed to a client, auditors get a certain amount of hours to finish associating tasks. The auditor is often under pressure whether he or she will be capable of attaining his budget (Coram et al., 2003). In the audit profession, time budgets are used to control costs, but as the pressure to meet time budget increases, it becomes “an externally imposed restriction on performance and a source of constraint stress” (McDaniel, 1990). Furthermore, since the economic recession, most audit firms aren’t that generous in paying overtime anymore. One could imagine that this could increase the perceived pressure even further. Perceived time budget pressure reduces the effectiveness of an auditor, which can lead to dysfunctional behavior of auditors and which eventually could lead to lower audit quality, also known as “performing quality threatening behavior” (QTB) (Coram et al., 2003; McDaniel, 1990; Sweeney & Pierce, 2004). It is thus relevant that pressure is prevented as much as possible to maintain audit quality (McNamara & Liyanarachchi, 2008).

These days, Information Technology (IT) is getting more and more important. Especially in the audit industry, auditors use IT for nearly every activity in their profession (J. L. Bierstaker et al., 2001). The IT that is used by most auditors are called Computer Assisted Audit Tools & Techniques (CAATTs) (Mahzan & Lymer, 2014). One can imagine that when auditors perceive that CAATTs and IT are better connected to their needs, their perceived pressure will be lower, because they can do more work in a shorter amount of time (J. Bierstaker et al., 2014). The more efficient an auditor is, the higher the perceived audit quality could be. As an auditor can perform more audits in a shorter amount of time and therefore increase audit quality as he or she can increase the amount of audits. In this research it will be researched in which matter IT plays a role in the perceived pressures by auditors.

However, IT is not always a guarantee of success (Curtis & Payne, 2008). It can be concluded that by the means of an IT learning curve (Curtis & Payne, 2008), perceived low levels of computer self-efficacy and technostress (Shu, Tu, & Wang, 2011; Tarafdar, Tu, Ragu-Nathan, & Ragu-Nathan, 2007), IT is not always just a positive factor in business practices. In case of an auditor, this might lead to lower audit quality because auditors are not able to perform certain tasks due to the fact that IT-skills are lacking or the implemented IT-invested doesn’t meet their needs. The stress that arises from the use of computer technologies on a daily basis is called technostress which is an upcoming phenomenon in information systems research (Ayyagari, Grover & Purvis, 2011).

Although multiple Statements of Auditing Standards (SASs) recommend the use of CAATTs (J. Bierstaker et al., 2014; Pedrosa & Costa, 2014), the use of some CAATTs is often low (Janvrin, Bierstaker, & Lowe, 2008; Pathak, Debreceny, Lee, Neo, & Shuling Toh, 2005). However, it could be

(5)

5 that the use of CAATTs at Big4 audit firms is higher because the clients of Big4 firms are more complex and Big4 firms have more resources available to invest in IT (J. Bierstaker et al., 2014). When it comes to the adoption of IT, there are several factors that can inhibit the acceptance of CAATTs. For instance, the implemented CAATTs might not fit with the tasks of an auditor, the auditor might find the CAATTs hard to use, or there is a lack of support (Janvrin et al., 2008; Rosli, Yeow, & Siew, 2012). As stated earlier, the purpose of IT Governance in case of an audit firm is to fulfill the needs of the auditors (Van Grembergen, 2000; Weill & Ross, 2004a; Wiedenhöft, Mezzomo Luciano, & Gregianin Testa, 2014). IT investments and developments need to be communicated to the users so they become aware of the IT and how it can be used effectively and the chances of misalignment decrease (Györy, Cleven, Uebernickel, & Brenner, 2012; Lee, Lee, Park, & Jeong, 2008). Creating awareness can be attained by giving training (Wilkin, Campbell, & Moore, 2013), communicating IT policies, (Johnston & Warkentin, 2012) or by support from superiors (Lee et al., 2008).

The Governing of IT, better known as IT Governance, which is about aligning business and IT strategy so that IT is used in the best possible way (Wilkin et al., 2013). One of the most important stakeholder of IT Governance are the end users of IT (Wong, Ngan, Chan, & Chong, 2012), in this study, the auditors. The better IT fits to the tasks of an auditor the more productive he or she is (Goodhue & Thompson, 1995). As the use of IT is an important part in the daily work of an auditor, the task of IT Governance at an audit firm is inter alia to take care of the fit of IT-investments with the business needs of the auditors. It is therefore investigated how the implemented IT is perceived by auditors. The research question will therefore be:

RQ: How does IT Governance influence the perceived attitudes of auditors towards IT?

The goal of this research is to discover how attitudes towards IT Governance are influenced through the IT-investments that are made. To answer the research question, it will be investigated how IT is implemented, how auditors are supported in their use of IT and how the attitudes of auditors are towards IT usage and how this relates to pressure and eventually audit quality. To investigate the elements that are influencing behavior, the Theory of Planned Behavior (TPB) is used, which is invented by Ajzen (1991).

By investigating the matters above mentioned, an insight will be given in the contribution of IT Governance in attaining organizational success. The research will be held by doing a qualitative case study at an office of a Big4 audit firm located in the Netherlands. As the research subject in total is quite new, it is considered better to do an exploratory case study. The research will have a qualitative character and therefore auditors are interviewed. As experience in IT plays certainly a role in effective use of IT (Downey & Kher, 2015), auditors from multiple rankings will be interviewed who may use IT differently. Also partners of the firm and people from IT support are interviewed.

(6)

6 This research contributes in the following ways. First of all, when investigating the alignment of business and IT, there has been little focus on one of the most important stakeholders, the employee, when it comes to IT Governance (Wong, Ngan, Chan & Chong, 2012). As the auditors are the ones who use IT in practice, they are crucial in achieving business-IT alignment (De Haes & Van Grembergen, 2005).

Second, most studies regarding CAATTs are held quantitatively (Pathak et al., 2005). A qualitative case study can give more insight in possible existing social human problems that arise from the use of IT by doing interviews (Andrade, 2009). Also, in case that CAATTs are not mandatory, the average use by auditors of CAATTs is often low (J. Bierstaker et al., 2014). This research could therefore give more insight in the contribution of governance in the low use of CAATTs by investigating through which channels auditors maintain their knowledge of IT. This study tries furthermore to evaluate whether management is making auditors enough aware of the possible value of the available CAATTs.

Thirdly, most research of IT in audit firms that applied TPB or similar technology adoption models only encompassed one particular CAATT. This research looks at the applications used during the activities of the auditor in total, with the advantage that in this case possible switches between applications can be observed.

Lastly, this research will give an insight in how IT Governance and CAATTs influences the work of an auditor. As said, auditors are controlled by time budgets (Otley & Pierce, 1996b). Effective use of CAATTs and IT increases productivity and thus could possibly decrease stress that arises from attaining a time budget. Insofar, no research has yet concerned both the use of CAATTs and the perceived time pressure. This research could therefore make a start in contributing to the existing auditing literature in that field.

(7)

7

Theoretical Framework

IT governance and audit firms

According to Weill & Ross (2004a), IT Governance is about “specifying the decision rights and accountability framework to encourage desirable framework in using IT”. IT Governance is defined as “the organizational capacity exercised by the board, executive management and IT management to control the formulation and implementation of IT strategy and in this way ensuring the fusion of business and IT” (Van Grembergen, 2013). Weill and Ross (2004b) define IT Governance as “specifying the decision rights and accountability framework to encourage desirable framework in using IT”. The IT governance Institute defined IT Governance (2003) as “an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives”. Taking these definitions into account, it can be concluded that IT Governance is about people with decision rights that are implementing a framework or IT strategy to ensure alignment between business and IT.

There thus are many best practice manuals that can guide an organization in how IT could be governed. As stated earlier, an important factor in achieving IT-business alignment are the stakeholders that have to do with IT (Van Grembergen, 2000). Employees are considered as the most important stakeholders when it comes to business-IT alignment (Wong et al., 2012). The same applies to audit firms, of which the largest part of stakeholders consist of the auditors that use IT during their daily activities.

When it comes to the stakeholders in IT Governance in the well-used IT Balanced Scorecard (IT BSC), it is important that IT is effective and efficient (Operational Excellence) and that users of IT are satisfied with the implemented IT (Stakeholder satisfaction) (i.e. does IT fit with stakeholders’ needs?) (De Haes & Van Grembergen, 2015; Jairak & Praneetpolgrang, 2013; Van Grembergen, 2000). These themes are recurring in COBIT 5, the latest version of the just mentioned best practice manual, with processes like DS7 Educate and train users, PO8 Manage quality and DS4 Manage continuous service (Sadikin, Hardi, & Haji, 2014). The above mentioned exposes that the end users are important when it comes to IT Governance.

The auditor and IT

In general, the work of the external auditor contains providing assurance on the annual reports of firms. The tasks that are performed by an auditor in providing assurance are called audits (J. Bierstaker et al., 2014). One can think of assessing internal control quality (Ettredge, Li, & Sun, 2006) and balance sheet and net income components that need to be verified (Simunic, 1980). However, under normal conditions, not all balance sheet items are checked and is sampling used to give a reasonable amount of assurance (Swanepoel, 2013). To keep audit risk low (the risk that the annual rapport gives a misinterpretation of reality), an auditor has to perform a certain amount of audits (Cohen, Krishnamoorthy, & Wright, 2014). The more audits are performed, the higher the scope of

(8)

8 the audit is. The less sampling is performed, the less items are checked and therefore the odds that audit quality is harmed becomes higher. Due to high competition, auditors are pressured to be as efficient as possible, while maintaining audit quality (i.e. effectiveness) (Braun & Davis, 2003).

When it comes to IT, the dependency of auditors is high (J. L. Bierstaker et al., 2001). Auditors use Computer-assisted Audit Tools & Techniques (CAATTs), but also more regular IT tools like cell phones and instant messaging (Janvrin et al., 2008). Differences exist when it comes to the interpretation of the definition of CAATTs. CAATTs are defined as “all computer software and techniques that auditors can use to support their daily audit tasks” (Pedrosa & Costa, 2014). However, computer-assisted audit tools (CAATs) are defined as “the use of technology to assist in the completion of the audit” (Braun & Davis, 2003). Furthermore, Generalized audit software (GAS) are defined as “class of packaged software that enables auditors to interrogate a variety of databases, application software and other sources an then conduct analyses and audit routines on the extracted or live date” (Pathak et al., 2005) and are considered as a group of CAATTs (Pathak et al., 2005). It can be concluded that there is no uniform definition of the used IT during the audit. In this research, the term CAATTs will therefore be used to avoid confusion.

CAATTs encompass every form of software that is used to perform audits (Pathak et al., 2005). Auditors use CAATTs for many audit procedures like analytical reviews, client acceptances, risk assessments, sampling and fraud reviews, but also to create time and cost budgets and to issue client invoices (Abou‐El‐Sood, Kotb, & Allam, 2015). Although tools like MS Word and Excel are obligated to use, software to perform data analyses often are not. However, these tools can be valuable as they make auditors capable of gathering data and checking the whole population of items (Smidt, van der Nest, & Lubbe, 2014). Auditors are furthermore able to provide higher quality audits and spend less time to each client which the just mentioned tools and techniques (Janvrin et al., 2008).

As mentioned, the auditors do not always use CAATTs. There are more forms of IT applications that are used in the practices of auditors. Rai (2012) used the eight IT-skill categories of the International Federation of Accountants (IFAC), and found that the ‘General Office’ category (i.e. word processing, electronic spreadsheets and e-mail and communication software) was most important in the activities of an auditor. Applying these findings to the present case, this corresponds with applications like Word, Adobe, Excel, Skype and Outlook. Especially with spreadsheets (Excel), an auditor can perform multiple tasks; from basic functions like adding and subtracting to Data analysis add-in functions and Financial functions like calculating Net Present Value (NPV) and Fair Value (FV) (Ragland & Ramachandran, 2014). Research is already performed when it comes to instant messaging and the use of spreadsheets accompanied by the use of the Theory of Planned Behavior (TPB) (Lu, Zhou & Wang, 2009; Mathieson, 1991). These applications will therefore also be taken into account as these applications haven’t been researched in case of an audit firm yet. As the use of CAATTs is important in the work of an auditor, factors that influence the behavior in using IT

(9)

9 are investigated. The attitudes of auditors and the other influencing elements in the IT-behavior of an auditor will be discussed in the following research questions.

Theory of Planned Behavior (TPB)

There are two frequently used theories in explaining the attitudes of users towards IT; the Theory of Reasoned Action (TRA) and Theory of Planned Behavior (TPB) (Martins, Oliveira, & Popovič, 2014; Moore & Benbasat, 1996; Venkatesh, Thong, & Xu, 2012). Both theories are developed by Icek Ajzen (1991). According to TPB, behavior is influenced by four elements, attitudes, subjective norm, perceived behavioral control, and behavioral intention (Ajzen, 1991). Attitudes reflect to which extent someone evaluates a behavior positively or negatively (Ajzen, 1991). The subjective norm reflects the perceived social pressure someone experiences (Ajzen, 1991). Perceived behavioral control reflects, in the case of IT, the facilitating conditions that are organized by the firm (Venkatesh et al., 2012). Following the model, each of the three elements can influence each other. Furthermore, these three elements influence the intention to behave, which eventually influences behavior.

When comparing both theories, preference is given to TPB in explaining attitudes and behavior of auditors, because TPB also includes the behavior control element. When it comes to IT Governance, behavior can be controlled for instance by providing training and support which are forms of administrative controls (Venkatesh et al., 2012), and by communicating policies and guidelines which are a form of personnel controls. Comparing TRA and TPB, TPB is considered as a more valuable approach.

Applying TPB to IT Governance, attitudes can thus be influenced by social pressure and behavioral control, let alone the fact that attitudes arise from the beliefs based on the IT and CAATs that is used by auditors (the so-called ‘object’ (Fishbein & Ajzen, 1977)). According to TPB, one can say that how IT and CAATs are used by an auditor (i.e. the behavior) depends on his or her attitudes (perceived usefulness, complexity and compatibility) towards the IT, the amount of social pressure he or she perceives (peers, superior and experts) and how behavior control is perceived (self-efficacy and facilitating conditions). The role of IT Governance is to align these elements with the auditors’ needs to prevent misuse of IT, i.e. performed behavior. Looking at a decomposed model of TPB of Figure 1, one can see that IT Governance may influence behavior (Taylor & Todd, 1995). The additions to the model of Taylor & Todd (1995) will be motivated later on. The contribution of this research is that it is investigated which role IT plays in the work of an auditor, what the attitudes of auditors are towards IT and which elements are having an influence on both attitude and behavior with thereby making use of TPB.

(10)

10

Figure 1. Adjusted model of Theory of Planned Behavior (Taylor & Todd, 1995)

Attitudes

According to Bierstaker et al. (2014), CAATTs will be used when it is perceived as easy to use and when auditors perceive it as effective. As auditors perceive that CAATTs can make it possible to do more work in an shorter amount of time than without CAATT, the CAATT is perceived as effective (J. Bierstaker et al., 2014). Also, the more the CAATT fits with the tasks of an auditor, the CAATT is perceived as more effective. (Rosli et al., 2012). According to TPB, when users of IT perceive the IT as easy to use, useful and not complicated, it will lead to positive attitudes towards the system (Ajzen, 1991), because the CAATTs lead “appropriately to outcomes they value” (Dowling, 2009).

The perception of IT also depends on the ranks of the auditors (Banker, Chang, & Kao, 2002). For instance, junior auditors use IT to automate computations and audit managers use IT to review the work of junior and senior auditors (Banker et al., 2002). Because the way IT is used by auditors will differ per auditor rank, the attitudes of auditors might be different as well. The rank of the auditor is therefore added to the conceptual model of Taylor & Todd (1995). In this study, it is investigated whether auditors find that IT fits with their business needs, and whether auditors are satisfied with implemented IT and CAATTs. According to TPB, it will be investigated whether the attitudes of auditors influence the use of IT within the audit firm. Furthermore it is investigated which CAATTs are adopted and which not and why. As operational excellence is also an important factor in creating stakeholder satisfaction (Van Grembergen, 2000), it is also investigated whether this influences the attitudes of auditors. However, as this is part of the behavioral control section, this matter will be discussed below. Altogether, the research first research question will therefore be:

(11)

11

Subjective norm

From IT Governance perspective, subjective norms are “the normative beliefs together with the motivation to comply with referent group expectations” (Teo, Manaf, & Choong, 2013a). It is important that auditors are made aware of IT-developments to comply with the behavioral intentions of the IT-department as auditors use IT in nearly every audit activity. According to Taylor & Todd (1995), subjective norms are influenced by both superiors and peers, but also by professional bodies (Teo, 2010). In general, executive support is a broadly known enabler (or vice versa, an inhibitor) of IT-business alignment (Lee et al., 2008; Luftman & Brier, 1999), but influences from other persons than executives is a lesser investigated phenomenon in the field of IT Governance.

In the case of CAATT adoption by auditors, peers and supervisors can enhance the use of CAATs. In line with Taylor & Todd (1995), it depends on who is considered as a peer or a superior by an auditor who can influence the awareness of IT Governance but also have an influence on how and which IT needs to be used within the company. One can imagine that when at an audit, a CAATT is not used by an audit team because the auditors are not made aware by IT personnel, partners or other auditors. That is, auditors are not motivated to use a certain CAATT because it is not expected by ‘the group’ (Dowling, 2009). As the subjective norm in IT Governance is not a widely investigated phenomenon yet, it is investigated which individuals influence perceived group expectations and how this influences the behavior of auditors according to TPB (Ajzen, 1991). The second research question will therefore be:

Q2: How does the subjective norm influence the behavior of auditors when it comes to IT?

Behavioral control

Another way in guiding behavior is by means of behavioral control (Ajzen, 1991), which is influenced by computer self-efficacy and facilitating conditions according to Taylor & Todd (1995). In IT Governance, behavioral control is about “implementing necessary structures and processes” (Teo et al., 2013). Training, which is a form of administrative control and thus behavioral control, can enhance both awareness and skills of auditors when it comes to IT (Samuwai & Prasad, 2014; Wilkin et al., 2013). Furthermore, training is known for having a positive effect on computer self-efficacy (Downey & Kher, 2015). As training can increase the efficacy of the end users of IT (Huffman, Whetten & Huffman, 2013), it can have an influence on the behavior of auditors. According to Weill & Ross (2004a), employees cannot be empowered directly by implementing IT without continuous training. Training is also important as a lack of IT capabilities are considered as an important inhibitor in creating business/IT alignment (Györy et al., 2012).

Due to the fact that the audit teams wherein auditors work when they are appointed to a certain client differ, the efficacy of the group might be important as the auditors perform the audit together. The more IT-skills the audit team members have, the higher the chances are that CAATTs are used more efficient as a team. Group-efficacy will therefore be added to the model of Taylor and

(12)

12 Todd (1995). Other facilitating conditions are technical support (e.g. helpdesks), IT policies, instructions and practical guidelines (J. Bierstaker et al., 2014; Johnston & Warkentin, 2012; Stoneburner, Goguen, & Feringa, 2002; T. Teo, 2010; Weill et al., 2002) that can be used to create awareness and shape behavior (Montazemi & Pittaway, 2012). As applies to training, the function of the mentioned facilitating conditions are to guide the users to use IT according to IT strategy (Johnston & Warkentin, 2012).

When new developments in the field of IT are released which have to do with auditors, auditors need to be informed (R. Huang et al., 2010). Communications are important as it enhances both employee trust and knowledge of the IT strategy (Wong et al., 2012). IT developments can be made aware through several channels (R. Huang et al., 2010; Wong et al., 2012). Management can inter alia use announcements, web-based portals or committees, e-mails or paper documents about IT developments the organization can communicate about any new future updates and how to use them (R. Huang et al., 2010). The type of communication technique that is used (mass media vs. interpersonal) will influence the eventual reach and attitudes of the receivers (Agarwal & Prasad, 1998). It is furthermore important that communications occur by the use of business terms in that auditors understand the message more clearly (Luftman & Brier, 1999).

Another element that will be added is the supply by data of the client. As auditors are enormously dependent on the data that clients provide (Chan & Kogan, 2016). Subsequently, in which manner and condition the auditor receives the data that is needed for the audit might influence how functional the CAATTs are to the auditor that are implemented by the firm. As the supply of the data is the beginning of a substantial amount of the auditor’s activities, the data supply can be seen as a form of facilitating condition. The data supply of the client will therefore be added to the perceived behavioral control section as ‘Client data supply’.

Another way of creating awareness is by using auditors with a co-function as a champion and are embedded in the office to promote how the system is supposed to be used (Dowling, 2014). Although the champions primarily act as an auditor within the firm and can be seen as a professional body according to Teo (2010) and thus can be seen as a subjective norm element, it is decide them to classify them under the behavioral control dimension. This decision is made because the function is organized nationwide and can therefore be seen as a part of IT governance to make auditors aware of applications and control behavior. The champions are therefore also investigated and are added to the model of TPB.

In this research it will be investigated how IT developments are made aware to auditors and whether this enhances the auditors’ view on how to use CAATTs and whether auditors perceive this as effective. It will therefore be questioned during the interviews how auditors get known with IT in the audit firm and whether the auditors perceive this as effective. It is also investigated how auditors perceive their own efficacy and the efficacy of the group. Furthermore, a light will be shed upon the

(13)

13 data provided by the clients and the role of the IT-champions. As all discussed elements are part of behavioral control, the third research question will be:

Q3: How does perceived behavioral control by auditors influence the behavior and attitudes of auditors?

(14)

14

Methodology

The study will be held at an office of an audit firm in the Netherlands. The office is chosen as an object of research because it could be accessed by doing an internship. The office is part of a large network of audit firms across the world with 12 offices in the Netherlands. For the thesis, the firm is given the superficial name the Global Audit Firm (GAF). The investigated office of GAF has fifty auditors with varying audit functions like managers, senior managers, supervisors, trainees and assistants leaving aside the supporting functions (i.e. planning, secretaries and IT personnel). The research will be held by the means of doing a case study whereby auditors from multiple levels are interviewed, as the use of IT and CAATTs varies with the level of an auditor in the firm (Banker et al., 2002). During the interviews, it will be questioned what the attitudes of auditors are towards the IT auditors use, if the auditors perceive any influence from peers or superiors when it comes to the use of IT, how the auditors perceive the behavioral control of the firm and how these elements relate to behavior. Furthermore, someone of IT-support and a partner of the audit firm are interviewed to investigate how the IT personnel support the auditors in the use of IT and what the attitudes of the partners are towards the system

The interviews will be held one-on-one and will be of a semi-structured nature. As a major subject of this research is about attitudes of auditors, the choice of interviewing multiple interviewees at once is dropped as this method could harm the willingness to discuss the problems that are experienced during auditors’ activities. One could imagine that auditors don’t want to discuss problems they experience in front of their superior or colleagues.

Although TPB is generally used as a theory in conducting quantitative research, there are studies that use TPB in a qualitative way (Bélanger et al., 2011; Renzi & Klobas, 2008; Zoellner et al., 2012). As more researchers using TPB in a qualitative way it is not seen as a problem in conducting qualitative research. The main forces of TPB will therefore be used as a basis of the interviews. Due to the fact that research is held at high-season wherein auditors have little time for things other than their own tasks, the interviews are so arranged that the conversation do not last longer than thirty minutes in order to get as much responses as possible. The interviews are recorded and transcribed word by word after the interviews are held to have a clear overview of the results. It is investigated which role IT plays in the in the work of the auditor by asking twenty pre-made questions to the auditors which could be find in Appendix A.

Case description

As an auditor starts at the GAF, he or she receives a laptop and a mobile phone. There are differences in the laptops that are provided as some auditors still have older laptops. The laptop contains standard software like MS Word, Excel, Adobe and PowerPoint. These applications can be used during the audit in the following ways: One can think of Word used to record reports, Excel to perform analyses

(15)

15 on the data that is provided by the client, Adobe is used to reconcile report or compare documents and PowerPoint to write management letters.

The mandatory audit program for the performed audits is eAudIT. EAudIT is an electronic control program which orders all the tasks that need to be supported and which captures all the decisions and activities that are made during the audit. It is also eAudIT where all the data is captured, which also encompasses an interface wherein independences of auditors and audit tasks are managed. Since the implementation of eAudIT in 2010, GAF experienced the change from working with hard-copy files to working in the digital environment. This resulted in auditors becoming more reliant on IT in the company, as nearly every activity is performed on the laptop. In eAudIT, files from other software-packages like MS Word, Excel and Adobe can be imported, extracted and viewed. IDEA is implemented in 2015 and is a CAATT that can be used to perform samples and journal entry tests.

When it comes to other data and analytical software, multiple CAATTs are implemented. However these CAATTs will be primarily used by auditors that are appointed to the specialized Data & Analytics teams which are trained in using these CAATTs. Furthermore, in every office of GAF in the Netherlands has one or two eAudIT and one Data and Analytics (D&A) champion(s). This is also the case in the investigated office. The role of the champions is to promote the use of the CAATTs within the company, but also to be an oracle when auditors have questions in how CAATTs need to be used.

Developments and information of IT within the company are communicated via several channels. E-mail is used by communicating news bulletins with new functions that are added to the software. However, communications are mainly applicable to eAudIT and not to the other applications that are implemented. A reason for this can be that eAudIT is in fact one of the few applications that is obligated to use by all auditors. Furthermore, maintenance is also communicated via mail. Developments are also communicated by the means of training that are given by GAF itself. Three types of training can be identified namely; Audit Academy, GBS and Virtual Classrooms. Although the Audit Academy and GBS are mandatory, the Virtual Classrooms are not. The trainings include, besides the technical audit subjects, information about functions of the CAATTs that are deemed to be important by the risk department of GAF. Manuals and guidelines on how to use CAATTs or Adobe and Excel, can be found on the intranets’ portal which includes the templates that can be implemented in Excel.

Interviews

The interviews were held in a timespan of three consecutive weeks. In total, thirteen interviews were held. The office consists of 47 auditors plus 1 employee of IT department. In total, 12 auditors and 1 IT specialist were interviewed which implies a response rate of 27%. The IT employee is employed at three offices in the Northern part of the Netherlands. Due to busy schedules, 2 of the 13 interviews were held by the means of a telephone call. As intended, all interviews lasted no longer than 30

(16)

16 minutes. In Table 1, interviewees are clustered according to the rank of the auditors in GAF. The interviewees’ identities are to be kept anonymous to preserve their identity and will not enhance restrainment of interviewees to provide information. Therefore, each interviewee has been attached to a corresponding number: ‘(r.#)’.

As can be seen in table 1, auditors from all functional layers of the office are interviewed. This gives a broad view of the impact of IT across the organization with a minimum response rate of 24%, taking into account that some functions are clustered. These functions are: Managers (assistant managers, managers and senior managers) and Trainees (HBO (university of applied knowledge) and WO (academic university) Trainees. Motivations made for this division are due to the fact that the clustered functions perform the same type of activities. Also, when it comes to working experience there are quite some differences. Table 2 shows the amount of work experiences that auditors (and IT support) have. The firm experienced in 2010 the transition from hardcopy files to the electronic audit support system that includes all uploaded audit files, called eAudIT. The interviewees with experience longer than six years could therefore make the distinction between the pre- and post- electronic era but could also provide information about the early troubles with the implementation of the system at the time.

Table 1:

Specification of interview data sources

Rank of interviewee Available auditors (#) Interviews (#) Response Rate (%)

Partner 6 2 33 Managers 17 4 24 Supervisor 5 2 40 Senior 8 2 25 Trainee 11 3 27 IT-support 1 1 100 Totals (N) 48 13

Note. Average response rate = 27%.

Table 2:

Specification of work experience within GAF

Years (#) Interviewees (#) % 0-3 4 31 4-6 2 15 7-9 3 23 10+ 4 31 Totals (N) 13 100

(17)

17

Results

Attitude

Perceived usefulness

Overall, as most CAATTs are mandatory it is hard to determine the perceived usefulness of auditors. However, the IDEA SMART-analyzer is not obligated to use. One can say that auditors do not perceive or do not want to perceive the usefulness of this particular CAATT since the application, which is implemented in 2015, is not adopted fully by all auditors. It seems that the auditors find that the CAATT doesn’t fit in their practices wherein the CAATTs are used, or don’t know how to use it in their activities. However, to stay informed about developments is not deemed as a pressure. However, developments are perceived as fairly incremental and therefore not hard to understand. It is rather the case that changes in software are perceived as hard to implement in their daily practices, because the auditors are used to perform their activities in a certain way. Developments are therefore not always influencing the way auditors perform their activities, which is by all means not the intention of management that implements developments. The assumptions are made according to the following respondents:

“Taking the SMART-analyzer into account, you can perform that task in two ways. I can make a pivot table and perform the analyses manually in Excel. Some people find that more pleasant because they know the system better. Others may find the SMART-analyzer better to use because you get a complete logging from it.” (r.9).

Another interviewee replied:

“The biggest change I experienced was that IDEA (SMART-analyzer) was implemented in eAudIT. What you sense is that it takes a while before something like that has adopted by us… ...while if you do the sample in eAudIT the activity is actually easier, but because people don’t know it, they think it’s harder to do” (r.13).

This last citation is confirmed by two other auditors that where interviewed. Applying TPB, the perception is that the non-mandatory CAATT is perceived as useful as it provides more value for the auditors, in this case a complete logging. The perceived usefulness of CAATTs is in this sense an enhancer to adopt the particular CAATT in practice. This view is enhanced by the observation that auditors that do not perceive this usefulness do not use this CAATT to perform activities. As said, for the mandatory CAATTs it is difficult to determine what the additional value is, as this is the only application the auditor can use to perform the activity for the audit.

(18)

18 Complexity

As the possibilities in CAATTs like Excel are deemed to be endless, three interviewees mentioned that they sometimes have troubles with using Excel. Furthermore, it is mentioned by three interviewees that the use of IDEA to perform the sample sometimes is perceived as complex as the auditors make use of the D&A champion for help. It can be concluded that most of the used applications are not perceived as complex. As responded by the interviewees:

“I can’t do all Excel codes, but I can take care of myself” (r.5, 11). And:

“Normal things like eAudIT are going well” (r.5, 11, 12).

It is also noted that there is a certain learning curve in using the CAATTs: “Certainly in Excel, you will get better as you use it more” (r.12).

Looking at TPB, it can be concluded that the applications are not difficult to understand. When it comes to Excel, it is mainly the perception that the auditors do not know how to use a specific tool or function, than that the auditors do not know how to use the complete application. This has therefore little impact in the auditor’s behavior. However, when it comes to the adoption of IDEA, this seems an explaining element in the adoption of the particular CAATT. As the quotes in the ‘perceived usefulness’ paragraph mention, IDEA is not used because auditors ‘think’ it’s hard to use IDEA or auditors perceive that another application (Excel) is easier to use.

Compatibility

When it comes to the compatibility of the implemented IT with the activities of the auditors, all auditors find that the CAATTs align with their needs during the audit. For instance, the fact that Excel-files can be implemented in eAudIT is perceived as positive. Overall, it can be concluded that the auditors find that the applications are compatible with the activities of the auditor as and that the interaction between applications works well. However, three interviewees still respond that additions could be made to make the IT more compatible. Interviewees responded to compatibility as follows:

“...I believe so yes, as an auditor our core task is that we perform the audit, and to do that we need the best resources.” (r.6).

Another auditor responded;

“...the engagement acceptance, the risk assessment, interim activities and completion phase in eAudIT are designed perfectly” (r.4)

(19)

19 “The way eAudIT records our activities helps us during the audit…” “…the flow in the system is very logical.” (r.13).

Furthermore is mentioned about additions that could be made:

“There is no tool to process the unworkable Excel-data that is provided by the client” (r.7). Taking TPB into account, the fact that auditors find that the implemented CAATTs are compatible with their activities doesn’t change to which extent the applications are used (.i.e. behavior), as the applications are mandatory. There is no alternative application to perform these activities. However the opinion of the auditors does have a positive influence on the attitude towards the implemented IT. Furthermore, of the earlier mentioned SMART-analyzer, one could say that the perceived compatibility is low because ‘the innovation doesn’t fit with current needs of the adopter’ (Taylor & Todd, 1995).

Auditor rank

During the interviews it can be concluded that for every activity of an auditor IT is used (except for activities like “checking a bank statement of a client” (r.13)). The auditors at the firm are provided with multiple CAATTs, like eAudIT, Excel, Word, PowerPoint, but also with sample CAATTs like IDEA. As every evidence for the audit has to be recorded in the electronic audit program, eAudIT, this is the most used application in all functional ranks. In general, most used CAATTs are Excel and Adobe. Per rank the use of CAATTs differs. Auditors that perform samples can make use of the IDEA SMART-analyzer, which is a sample application. Auditors that have to right accounting papers or a management letter (i.e. auditors of a higher rank) will use PowerPoint to right the document.

According to the adjusted TPB presented in the theoretical framework, the rank of the auditor is expected to have an impact on the attitude and the behavior of the auditor towards IT. As different auditor ranks use different applications, this can have an influence on the attitudes of the auditors. However, this was not the case, as there were no significant differences observed due to the rank of the auditor. Furthermore, auditor rank also has an influence on the behavior (i.e. activities) as the lower ranks will use the applications for executive functions. Subsequently, the auditors of higher ranks will use the output to base their professional judgement upon it.

Subjective norm

Peer & superior influence

The general activities that are performed by an auditor in an audit team are considered as similar (r.8, 10). However, there are some differences mentioned in how the activities by the means of using IT by an auditor are performed. This is caused by the influence of peers with high perceived efficacy and by auditors with a higher rank within the audit team. The auditors with the highest perceived knowledge of IT are deemed to have an impact in the way CAATTs are used. Five auditors mention that they ask

(20)

20 a colleague of whom he or she deems to know how to fix a code or to perform a sample. This is the person of which the auditor thinks they have the right knowledge when it comes to IT. Furthermore, the role of the superior (the auditor with a higher rank relative to the particular auditor) also became clear as he or she has can influence in how activities are performed. It is perceived that when a higher ranked auditor is more minded towards a certain application, it is more likely that this application will be used during the audit. As responded by the interviewees:

“How you execute your task depends on how you want to work and how the auditor who reviews you wants you to perform your activities.” (r.7),

Another auditor responded:

“When the people in the team above you are high-skilled with Excel, they prefer a recording of tasks in Excel” (r.12).

When it comes to the influence of peers auditors responded:

“I think my skills are above average, because with Excel, colleagues often ask if I want to take a look when they have a problem in using Excel” (r.9),

This is confirmed by another interviewee:

“I know exactly who I need to call if I need formulas for Excel” (r.12).

Looking at TPB, one can say that both peers and superiors have an influence in how applications are used. When auditors experience problems in using applications, they ask their colleagues with high knowledge of IT in the audit team to help. These peers have therefore an influence in how applications are used. Furthermore, the influence of the superior is observed. As the activities of an auditor are performed in consultation with the auditor who supervises or reviews him or her, he has an influence by encouraging the use of an application.

Behavioral control

Self-efficacy

There are some differences when it comes to the self-efficacy of the auditors towards IT within the office. It ranges from five auditors that perceive that their skills are about average, while the efficacy of the other seven auditors is perceived to be high. Eleven auditor mention that the IT-skills of an auditor with applications are heavily important. The efficacy is apparent from the fact that the auditors are involved in the first client were the electronic file program was used, which was considered as “a great exploring on how to do things digitally” (r.1), they provided training in eAudIT (r.2), or they make Adobe scripts themselves (r.7). The importance of skills in the use of CAATTs accounts for the

(21)

21 efficiency and to a lesser extent for the effectivity of the auditor. Auditors reply that IT-skills are a must in performing activities. Most respondents agreed that it IT-skills have positive impact on the efficiency of an auditor. Furthermore, the quality of the activities of an auditor with IT-skills is higher as well, because the control evidence of an audit becomes clearer. Interviewees responded as follows about efficacy:

“It saves a lot of time when you have some skills in using the applications” (r.9). Another auditor responded:

“You need to have affinity with Excel, otherwise you won’t make it as an auditor” (r.11). To give an example of saving time:

“I invented a script for Adobe myself which reduces the amount of clicks from 20 to 2” (r. 7).

As responded to the quality of activities:

“Activities are performed qualitatively better in the sense that the output becomes clearer” (r.6).

Which is reflected by the following citation:

“One then can better filter the right data out of a big amount of data that is provided by the client” (r.12).

When looking at TPB, self-efficacy does not have an impact on using IT more often, as the use of IT is already almost always the case in the job of an auditor. However, self-efficacy has an influence in how applications are used and on the quality of the output of the activities.

Group-efficacy

When it comes to group-efficacy, the skills of audit team members are perceived by six auditors to have an impact on how activities are performed. It also has an impact on which CAATTs are used. The efficacy of the group has therefore a perceived impact on the efficiency of the auditor as this can inhibit to use certain techniques or CAATTs or because tasks that are delegated take longer. As responded by interviewees:

“If there are team-members that know more about how to perform a data-analysis, you will see that in the audit approach we will make easier use of a data-analysis...” “...the teams that misses such a person will also come to good audit evidence, but maybe that is less efficient” (r.2).

(22)

22 This view is confirmed by another respondent:

“IDEA includes a smart-analyzer and then you are dependent from whether there is someone in your team who can do that and there can be quite some differences in it…” “...this saves a lot of time because otherwise you have to perform a workaround in Excel” (r.9).

Taking TPB into account, the above presented quotes show that the efficacy of the group has a large influence on how the activities are performed during the audit. The efficacy of the group, relative to the individual, does also seem to have an impact on which CAATTs are used. Group-efficacy is therefore of greater influence on performed behavior than self-Group-efficacy.

Resource facilitating conditions Provision of resources

The auditors perceive that their dependency on IT is large. The general audit system is considered as quite stable when it comes to the technology facility, although some errors are still arising. However, the system seems to have improved a lot comparing to the term just after the implementation. The dependency on the IT is perceived as large and when a big error occurs, this dependency is shown clearly. Other important factors in how an auditor can work is the internet connection and the provided laptop. These have to be of high quality otherwise it will have a negative impact on the productivity of the auditor. However, the lack of high-speed internet is mainly the case at the client on which the auditor has little impact. The following respondents confirm the above mentioned:

“When the laptop doesn’t function, the auditor is stalled…” “…And when someone has an eAudIT file with a malfunction that connects to team members of an audit team, this will affect the other auditors as well” (r.3).

As a respondent refers to the errors:

“Sometimes the system encounters an application error” (r.8). However, another auditor responded:

“Taking the first version of eAudIT into account and the amount of application errors we get now, that is about 10% I think, so it has improved a lot” (r.2).

(23)

23 Another interviewee mentioned:

“I was off-air for two and a half day plus the entire weekend, then you can’t do anything at all!” (r.6).

As responded to the internet and laptop facilities:

“All files are on a server and when you are at a client and the cache network is slow this really slows you in your work.” (r.9).

“We have a heavy virus scanner, heavy encryption and backup tooling, plus the CAATTs that are used which shows that the old laptops really need to be replaced” (r.4).

This is reflected by another respondent:

“I get a newer laptop soon because it all didn’t work properly…” “...my Excel crashed, eAudIT crashed, this takes you out of your concentration, you have to start up all your work again, which costs a lot of time” (r.11).

Taking TPB into account, there are facilitating resources that inhibit the use of IT. Although a complete application error has a lot of impact, the chance of occurrence is perceived as low. Also, the amount of smaller application errors of eAudIT is decreasing since the implementation in 2010 which thus also accounts for the impact on behavior. The internet connection and old laptops are therefore the biggest inhibitors as it thwarts that application can be used efficiently, not to mention that with some old laptops applications can’t be used at all. Furthermore, it is observed that the interruptions don’t have an influence towards behavioral intentions of the auditors, but mainly towards the usage behavior as it interrupts auditors in using applications.

Training & Developments

At the company, auditors’ IT-skills are trained by the means of a compulsory ‘Audit Academy’ and optional ‘Virtual Classrooms’. There are also courses that can be done via the portal, which can improve the skills in inter alia Adobe and Excel. The Audit Academy is deemed to influence the skills of auditors. The virtual classrooms are perceived as very specific, which prohibits that the treated matters are implemented in daily activities. Furthermore some auditors might not pick up developments that are communicated by Virtual Classrooms, as it coincides with working at the client. Also, one can apply for tailored courses on the portal, which are optional and have to come from yourself (r.13). This enables that only the auditors that are interested in learning IT-skills will follow courses on the portal. However, it may be quite hard for auditors to take lessons from the

(24)

24 portal as sometimes auditors don’t know where to find the courses. The above mentioned inhibits that auditors can increase their knowledge in IT. Interviewees responded as follows:

“You get to learn basic skills that are applicable to your function.” (r.7). As responded by another:

“This really influences your mindset which has an impact on your activities.” (r.11). The virtual classrooms are perceived as very specific (r.12):

“If you learned a new trick the point is that you have to perform this yourself more often, otherwise you lose it within one or two weeks.” (r.9).

Which is mentioned by another respondent:

“Virtual classroom is a good way to alert, but to work with it in practice you have to sit behind the controls yourself…” “…sometimes it falls through because if you’re at the client it’s not convenient to do the course” (r.5).

As responded to the voluntary training on the portal by the following auditors:

“What mostly happens is that people with a lot of affinity will look at information on the portal and the ones that are not aware of the fact that their knowledge maybe is somewhat low will not do that...” “…if you don’t have the knowledge that you can work more efficient you will not search for it” (r.2).

“There are a lot of courses online, which makes it hard to navigate because you’re not used to it...” “…it would be nice when there was a good description of which steps could be made and that everyone would do it in that way.”(r.7).

When it comes to the resources facilitated, the auditors stay informed by the following media: audit academies, virtual classrooms, mail and the eAudIT magazine which is provided both hard-copy and via e-mail. Nine auditors mentioned that they are informed by e-mail. The hard-copy eAudIT magazine is a less mentioned channel and mainly mentioned by auditors with a high perceived affinity. However, mails mostly include information about eAudIT, the electronic audit program. Updates by e-mails are taken notes of quickly, as mentioned by six auditors. Furthermore, due to busy season, updates are sometimes passed over by auditors. This was mentioned by two auditors. It is also striking that also non-provided resources like Google are consulted (r.9). The auditors responded as follows:

(25)

25 “For a lot of people it is so that they learn from colleagues how to make a text block or how to work with bookmarks in Excel, but we actually don’t have a specific training for that” (r.2)

This is agreed by another interviewee:

“Other tools than eAudIT are little discussed within training” (r.13). As mentioned, mails are taken note of:

“I screen e-mails mostly on the salient things” (r.4). One mentioned about the eAudIT magazine:

“Honesty compels me to say that I have not read it, but you notice that during busy times there is less time to focus on that” (r.11).

One auditor mentioned about Google:

“It sounds weird but you can get a lot of stuff from Google: in the end it is the auditor himself who reasons what he wants to achieve” (r.6).

Taking TPB into account, there are some inhibitors mentioned in the behavior of auditors. The general training (audit academy, GBS) are perceived as increasing knowledge in using applications and thus have an effect on behavior. Furthermore, the fact that virtual classrooms are perceived as very precisely inhibits that the information can be applied in practice by the auditors. Again, the affinity plays a role. If one really wants to apply the knowledge of the virtual classrooms, an auditor has to practice on his or her own. This also accounts for the guidelines and training (Excel and Adobe) that can be found on the portal. The auditors that want to increase their knowledge will search for new knowledge, instead of the auditors whose affinity is low and might have lower knowledge in the use of IT. Excel and Adobe are two of the most used applications during the audit. The fact that trainings in Excel and Adobe only can be find on the portal inhibits therefore increased effective use of the applications. This is also reflected by the fact that Google is often consulted when one has issues with using Excel. Furthermore, the impact of the communication channels by management on behavior differs. Because e-mails and the eAudIT Magazine only include news about eAudIT, this has little impact on behavior when it comes to the other applications.

Client data supply

The way the data is provided by the client varies from hard-copy to digital. However, the hard-copy clients are hardly decreasing which is mentioned by three auditors. Seven auditors mentioned that

(26)

26 differences exist when it comes to digital supply of data by the data. This majorly has an impact on how applications can be used and the amount of activities that need to be performed by the auditor. It is also mentioned by two auditors that the client has an impact in which applications can be used. It appeared that some applications are only able to use data from specific other applications like for instance Exact, which is a bookkeeping application that can be used by the client. The interviewees responded as follows:

“I still have one client that prints everything, and then we have to scan everything in” (r.12).

The client is deemed to have an impact on how an auditor works which is reflected by the following respondent:

“The better you get the data delivered by the client the lesser activities we have to perform” (r.10).

Furthermore, this is also perceived to relate to the quality: “We sometimes say: ‘garbage in is garbage out’.” (r.6). However, it is also the other way around:

“From the bigger clients, with every Excel-file they send us they add a print screen of the financial administration...” “...then we know we got the right specification which saves a lot of time with the reconciliation…” (r.9).

Another auditor responded:

“In IDEA, you can do a lot of stuff and we use that more and more for the data-analysis, but that is very dependent on which systems the client has.” (r.13).

Taking TPB into account, the client that supplies the data to the auditor during the audit has a big influence in behavior. That is, how and which applications are used. When clients provide everything hardcopy, no samples can be performed by Excel or IDEA. This is thus a big inhibitor in using IT in the audit. However, as the hardcopy clients are decreasing, the impact is low. Furthermore, when the supplied digital data is of low quality, more resources are needed, which has therefore an influence in how IT is used during the audit. It is furthermore mentioned that when the systems of the client don’t fit with the used applications of the auditors, some applications cannot be used at all. This has an influence on behavior in the sense that it can inhibit to use data-analysis during the audit.

(27)

27 Champions

The role of the different champions in using CAATTs differ. The role of the eAudIT champions have little impact in the use of CAATTs. Most auditors are signaling that all knowledge about eAudIT is already among the auditors. However, the role of the D&A champions is perceived by five auditors as more important which is reflected by more frequently consultation of the D&A champion. Auditors responded as follows:

“I have contacted him once this year” (r.7), Another auditor reacted with:

“If I have a problem with eAudIT I won’t call a champion but rather ask a team member” (r.8).

The superfluity of the EAudIT champion is also apparent from the following quote: “Everyone grows up with eAudIT and in terms of functionality everyone knows how it works by now” (r.9).

Furthermore, another responded to the D&A champions:

“But we can use more knowledge when it comes to D&A” (r.5). Another auditor mentions:

“I recently used a D&A champion for a complex sample that needed to be performed” (r.13)

Which is confirmed by the following citation:

“D&A is still being implemented, so than you use such a champion more often” (r.9).

Looking at TPB, the influence of the champions in behavior differs per application. As the auditors perceive that they have enough knowledge in the use of eAudIT, the influence of this champion is low. On the other side, the D&A applications are rather new. As these champions are more consulted by auditors, these champions have more opportunities to propagate how to use CAATTs in practice and have therefore more influence in behavior of the auditors.

Summary

After doing the case-study it can be concluded that the following aspects of the elements of TPB have the biggest influence on how IT is used by auditors of the firm. When it comes to the attitudes, the perceived usefulness of the CAATTs are most important. Some auditors are not familiar enough with the sample CAATT and are therefore less efficient.

(28)

28 When it comes to the subjective norm, both superiors and peers in the audit team are perceived to have the biggest influence by auditors. Audit teams with higher ranked auditors that are excel-minded will perform more activities in Excel and other team members that are known for their knowledge in IT are often asked by colleagues in how the auditors should perform their activities.

When it comes to the perceived behavioral control, the efficacy of the auditor him- or herself and the auditor will not influence which activities are performed, but do have an effect on how these activities are performed. This has an influence on the efficiency and effectivity of both auditor and audit team. Due to the fact that some IT training are perceived specific, optional (Excel and Adobe), the affinity of the auditor himself is important to increase knowledge and thus efficiency and effectivity. Furthermore, the files that the client provides plays a major role in how an auditor can perform his or her activities. It is a shared view that the input of the client is very different. This is deemed to have an impact on how an auditor works as it has both has an influence on the effectiveness and the efficiency of the auditor. The role of the champions in behavior differs. As there are multiple types of champions, the champions of the newer applications are deemed to have more influence on the auditor’s behavior.

(29)

29

Discussion and Conclusion

This research investigated what the attitudes of auditors are towards IT how this is influenced by IT Governance. This question is translated into the elements of TPB that are investigated whether they have an impact on auditor behavior. Subsequently, it can be concluded that IT plays an important role in an auditor’s life. Auditors are heavily dependent on IT as they use IT nearly with every activity they perform as an auditor. eAudIT, Excel, Adobe, PowerPoint and the IDEA SMART-analyzer are the most used applications in performing the audit. This result is supporting Rai (2012) who also found that the General Office technologies were of most important in the auditors’ activities when it comes to IT. From the interviews it can be concluded that when looking to the adjusted model of the Theory of Planned Behavior (TPB), from each main-element, there are some sub-elements that have a clear impact on how IT is used within the firm. It can be concluded that it is important that IT needs to be governed when management wants that auditors adopt the implemented CAATTs but also to prescribe a uniform way in which these CAATTs should be used.

When looking to the first research question, the attitude towards the behavior that has to be performed by the means of CAATTs, the perceived usefulness has the largest impact. The fact that some auditors don’t perceive de SMART-analyzer as useful leads to the behavior that auditors perform the same activity in Excel which will cost more time. The result is supported by Janvrin et al.(2008), who found that the adoption of CAATTs varies across firms and is often low. They furthermore found that the adoption can be explained by performance expectancy witch is more or less the same as the perceived usefulness of TPB (Janvrin et al., 2008). Curtis & Payne (2008) might have find a cause why a particular new application is not adopted by auditors which is not incorporated in TPB. Curtis & Payne (2008) found that audit software with a perceived long-term payoff will not be adopted when the auditor awarded on short-term performances. The relation might be enforced by the fact that GAF is still undergoing the move to a more data-mining approach of the audit. As not all the applications are yet implemented by GAF, the auditors might not become aware of what the value of the applications will be on the longer term. As a result, non-mandatory CAATTs are not adopted by auditors.

When it comes to subjective norm, the second research question, influence exists from both peers and superiors. That is, colleagues in the audit team with higher perceived IT knowledge and the auditor with a higher rank that propagates a certain use of which applications are used and have significant influence in how IT is used. The elements that were of biggest influence in the adoption of an application in the model of Taylor & Todd (1995) were the perceived usefulness, peer influence, superior’s influence, self-efficacy and resource facilitating conditions. These results do majorly overlap with the earlier mentioned results of this case study that is held. However, the influence of the superior might be bigger in the case of GAF as the auditors of lower ranks usually speak through with

Referenties

GERELATEERDE DOCUMENTEN

However, insight into this relationship is only of value if we know what other factors determine the attitude of employees to organizational change and how the

Evidence is provided that the personal factor PIIT and three of the six sub-dimensions of the environmental factor transformational IT leadership have a

All in all, when looking at the research question presented in the introduction, how does transformational IT leadership influence employee’s innovative behavior with

In order to strengthen the communication with teachers, a contact person could be designated to maintain contact with the teachers (e.g. every week) about how the matter stands

” In this example, the tediousness of the request procedures that have to be followed resulted in an enhanced IT self-leadership, but it also occurs that these type

The climate for innovation moderates the relationship between IT self-leadership and innovative behaviour with IT such that the effect of this leadership on

 Literature review – divisions in Corporate governance, IT governance, Corporate control and IT control sections – presents some of the most used and important

A quantitative study of the influence of waiting time on satisfaction with the dwelling and satisfaction with the neighborhood of social housing tenants in The