Computer Auditing: The way forward

Abstract

We broadly define computer auditing as any audit practices that may rely on information technology (IT). Such skill has long been argued and considered to be an important capability for both external and internal auditors for more than two decades though its applications were relatively limited in the past. In recent years, with the advance of information technology, what auditors can achieve with IT has dramatically changed. For example, auditors are now be able to perform both descriptive and predictive analyses, process both numeric and textual data, and apply such capability from assertion testing to compliance and risk assessments. This evolving capability has also brought the new term “audit analytics” to practices. Specifically, analytics focuses more on the business decisions and processes while the traditional computer auditing is mainly about audit. This improved capability and expanded scope have attracted a lot of attention with a wide range of applications. For instance, the PCAOB’s new strategic plan (PCAOB 2018 ) has highlighted that “[i]nnovations in data analytics and technology have great potential to improve the efficiency and effectiveness of financial reporting and the audit process” (p.9). Audit firms and internal audit functions have also engaged in the development and the use of analytics in external and internal audit processes (e.g., Forbes 2018; Deloitte 2016; KPMG 2016), which have potentially changed the role of internal auditors to internal consultants.