مطالعات مدیریت کسب و کار هوشمند

مطالعات مدیریت کسب و کار هوشمند

شماره جاری

بر اساس شماره‌های نشریه

بر اساس نویسندگان

بر اساس موضوعات

نمایه نویسندگان

نمایه کلیدواژه ها

صفحه اصلی

درباره نشریه

اهداف و چشم انداز

اصول اخلاقی انتشار مقاله

بانک ها و نمایه نامه ها

پیوندهای مفید

پرسش‌های متداول

فرایند پذیرش مقالات

اطلاعات آماری نشریه

اخبار و اعلانات

تفاهم نامه با انجمن انفورماتیک ایران

راهنمای نگارش

فایل ها

داوران 1399

داوران1403

داوران 1402

داوران سال 1401

داوران1400

راهنمای ثبت نام درPublons

چالش‌های اجرای فرآیند حسابرسی فناوری اطلاعات در شبکه بانکی ایران

نوع مقاله : مقاله پژوهشی

نویسندگان

1 دانشجوی دکتری رشته مدیریت فناوری اطلاعات، گروه مدیریت فناوری اطلاعات، دانشکده مدیریت و اقتصاد، واحد علوم و تحقیقات، دانشگاه آزاد

2 استادیار گروه مدیریت صنعتی، دانشکده مدیریت و حسابداری، واحد کرج، دانشگاه آزاد اسلامی، کرج، ایران نویسنده مسئول : poorebrahimi@gmail.com

3 استادیار گروه مدیریت فناوری اطلاعات، دانشکده مدیریت و اقتصاد، واحد علوم و تحقیقات، دانشگاه آزاد اسلامی، تهران، ایران

4 استادیار گروه مدیریت صنعتی، دانشکده مدیریت، واحد تهران مرکزی، دانشگاه آزاد اسلامی، تهران، ایران

چکیده

در این مقاله، چالش‌های اجرای فرآیند حسابرسی فناوری اطلاعات در شبکه بانکی ایران از طریق انجام یک مطالعه موردی در چهار بانک بزرگ ایرانی شناسایی شده‌است. داده‌ها از طریق انجام 20 مصاحبه با خبرگان هر دو حوزه مدیریت فناوری‌اطلاعات و حسابرسی فناوری اطلاعات مؤسسات اعتباری مزبور، و بررسی برخی از اسناد داخلی آنها جمع‌آوری شده‌است. در این پژوهش 20 مورد از چالش‌ها و مشکلات اصلی اجرای فرآیند حسابرسی فناوری اطلاعات شناسایی شد. یافته‌های پژوهش نشان داد که "عدم استقلال و وجود منافع مالی مشترک"، "ناتوانی برقراری ارتباط میان واحد حسابرسی فناوری ‌اطلاعات و واحد فناوری اطلاعات"، "سازمان و ساختار اداری نامناسب نهاد تحت حسابرسی"، "فقدان دانش تخصصی فناوری اطلاعات و قابلیت‌های ضروری حسابرسی فناوری اطلاعات"، "تجربیات ناکافی و سوابق نامناسب حسابرسان فناوری اطلاعات"، "فقدان دوره‌های آموزشی معتبر و عدم برخورداری حسابرسان از گواهینامه‌ها و مدارک معتبر بین‌المللی حسابرسی فناوری اطلاعات" و "اعتماد به نفس ناکافی حسابرسان"، از اصلی‌ترین چالش‌های اجرای فرآیند حسابرسی فناوری اطلاعات به‌شمار می‌رود. شناخت این چالش‌ها ضمن فراهم‌آوردن زمینه مطالعات آتی در خصوص تدوین چارچوب‌ها و مدل‌های پیاده‌سازی حسابرسی فناوری اطلاعات در بانک‌ها برای پژوهشگران، به مؤسسات اعتباری کمک می‌کند تا با شناسایی این چالش‌ها، اقدامات موثری جهت اجرای فرآیند حسابرسی فناوری اطلاعات انجام دهند.

کلیدواژه‌ها

موضوعات

عنوان مقاله [English]

Challenges to the implementation of information technology audit process in Iran's banking network

نویسندگان [English]

  • Mojtaba Ahmadi 1
  • Alireza pourebrahimi 2
  • Ladan Riazi 3
  • Seyed Abdollah Amin Mousavi 4

1 Ph.D Student, Department of Information Technology Management, Science and Research Branch, Islamic Azad University, Tehran, Iran

2 iAssistant Professor, Department of Industrial Management, Karaj Branch, Islamic Azad University, Karaj, Iran Corresponding Author: poorebrahimi@gmail.com

3 Assistant Professor, Department of Information Technology Management, Science and Research Branch, Islamic Azad University, Tehran, Iran

4 Assistant Professor, Department of Industrial Management, Central Tehran Branch, Islamic Azad University, Tehran, Iran

چکیده [English]

In this paper, the challenges to the implementation of the IT audit process in Iran's banking network have been identified through a number of case studies in four large Iranian banks. The data has been collected through conducting 20 interviews with experts in both IT management and IT audit fields of the mentioned credit institutions, and reviewing some of their internal documents. In this research, 20 cases of the main challenges and problems in the implementation of the IT audit process were identified. The findings of the research showed the existance of "Lack of independence and existence of common financial interests", "Inability to establishing communication between IT audit unit and IT unit", "Inappropriate organization and administrative structure of the entity under audit", "Lack of specialized information technology knowledge and necessary capabilities" information technology audit", "insufficient experience and inappropriate records of information technology auditors", "lack of valid training courses and lack of auditors having valid international certificates and documents of information technology audit" and "insufficient self-confidence of auditors", are among the main challenges to the implementation of the audit process that is considered information technology.

Introduction

In this paper, the challenges to the implementation of the IT audit process in Iran's banking network have been identified through a number of case studies in four large Iranian banks. The data has been collected through conducting 20 interviews with experts in both IT management and IT audit fields of the mentioned credit institutions, and reviewing some of their internal documents. In this research, 20 cases of the main challenges and problems in the implementation of the IT audit process were identified. The findings of the research showed the existance of "Lack of independence and existence of common financial interests", "Inability to establishing communication between IT audit unit and IT unit", "Inappropriate organization and administrative structure of the entity under audit", "Lack of specialized information technology knowledge and necessary capabilities" information technology audit", "insufficient experience and inappropriate records of information technology auditors", "lack of valid training courses and lack of auditors having valid international certificates and documents of information technology audit" and "insufficient self-confidence of auditors", are among the main challenges to the implementation of the audit process that is considered information technology.
Among the most effective ways of evaluating and crediting the financial and management reports calculated with the help of information technology tools is information technology audit. Today, information technology control and audit have become an important mechanism to ensure integrated information systems and financial reports of organizations to prevent heavy financial failures in the future.
According to the Central Bank regulations, Iranian banks have been required to perform the information technology audit process and provide related reports in accordance with the ISACA ITAF. The evaluation shows unfavorable results. According to the issues raised, this research tries to use Stoll and Havelka's model (Stoll and Havelka, 2021), which lead to the successful implementation and improvement of information technology audit quality, including "organizational factors", "control factors" and "Individual factors of the auditor" has been devoted to the detailed analysis of problems, challenges and enabling and inhibiting factors in the field of challenges of implementing the IT audit process in the banking network of Iran.

Literature Review

"Information technology audit" is the inspection of the organization's IT systems and infrastructure to ensure that standards and guidelines are followed, documented, have the necessary efficiency, and operate effectively in line with business goals (ISACA, 2015a). The need for optimal implementation of the IT audit process has been recognized by many researchers as the main concern of many organizations today. Studies have mainly focused on IT audit concepts, dimensions, patterns and frameworks that can be used to properly implement the IT audit process. In this paper, considering that our focus is on reviewing IT audit challenges, articles have been reviewed and evaluated that mostly deal with the main challenges that most organizations face in this field. Information technology audit in banks is different from other organizations due to the sensitivity of business, complexity of operations, unique regulations, different characteristics and security needs, high-risk environment, the importance of maintaining customers' financial information and data confidentiality, and auditors should pay attention to General frameworks should be used to review and evaluate the information technology field of banks using the specific security standards and regulations of this industry.

Methodology

In the first stage, it has been helped to review the theoretical foundations and extract categories, concepts and key codes of the challenges of implementing the information technology audit process, and then in the second stage, each of the mentioned categories, concepts and key codes, according to the information obtained from the face-to-face interviews It has been analyzed with the participants and experts' opinions of both information technology and information technology audit. In order to accurately assess the problems, challenges and enabling and inhibiting factors in the optimal implementation of information technology audit, the information technology area of 4 Iranian banks (as a representative of four types of banks in the country including: government commercial, specialized government, semi-private and fully private), to conduct a case study has been selected. The current research is fundamental-applied in terms of research directions and a case study in terms of research strategy. The main tool for collecting information and data is through interview, observation and review of collected documents and documents, and therefore its approach is qualitative.

Results

The categories, concepts and the number of 20 key codes regarding the challenges of implementing the IT audit process were extracted based on the research literature and Stoll and Havalka's model (2021) and according to the information obtained from the interviews with the participants and the opinions of experts in both IT fields and Information technology audits were analyzed. The results indicate that "Lack of independence and existence of common financial interests", "Inability to establish communication between the information technology audit unit and the information technology unit", "Inappropriate organization and administrative structure of the entity under audit", "Lack of specialized information technology knowledge and capabilities" The necessity of information technology audit", "Insufficient experience and inappropriate records of information technology auditors", "Lack of valid training courses and lack of auditors having international valid information technology audit certificates and documents" and "Insufficient self-confidence of auditors", are among the main challenges of implementing the process. It is an information technology audit.

Discussion and Conclusion

Information technology audit is the main way to measure the effectiveness of information technology services, guarantee its efficiency and avoid threats and risks. In this paper, the challenges of implementing the IT audit process in Iran's banking network were identified through a case study in four large Iranian banks. The data has been collected by conducting twenty 45-minute interviews with experts in both IT management and IT audit fields of the mentioned credit institutions and reviewing some of their internal documents. In this research, 20 cases of the main challenges and problems of implementing the IT audit process were identified. Recognizing these challenges, while providing the background for future studies regarding the formulation of IT audit implementation frameworks and models for researchers, helps credit institutions to identify these challenges and take effective measures to implement the IT audit process. The study of this research included only four Iranian banks, which of course are among the large and complex organizations; However, it limits the generalizability of the results to other organizations and businesses, which is one of the limitations of this research.
Keywords: Information Technology Audit, Information Technology Inspection, Iranian Banking Industry, Audit Implementation Challenges, Internal Audit.
 
 
 

کلیدواژه‌ها [English]

  • Information technology audit
  • Information technology inspection
  • Iranian banking industry
  • Audit implementation challenges
  • Internal audit
مراجع

  1. Al-Ateeq, B., Sawan, N., Al-Hajaya, K., Altarawneh, M. and Al-Makhadmeh, A. (2022). Big data analytics in auditing and the consequences for audit quality: a study using the technology acceptance model (TAM), Corporate Governance and Organizational Behavior Review, Volume 6, Issue 1, pp 64–78.

    1. Bierstaker, J, D, Janvrin and J. Lowe, (2013). What factors influence auditors' use of computer assisted audit techniques? Advances in Accounting, incorporating Advances in International Accounting, 4,.57-69.
    2. Carlton, M., Levy, Y., and Ramim, M. (2019). Mitigating cyber attacks through the measurement of non-it professionals’cybersecurity skills. Information and Computer Security, 27(1), 101-121.
    3. Cascarino, R. E. (2012). Auditor's guide to IT auditing (2nd ed.). Hoboken, NJ: John Wiley & Sons, Inc.
    4. Castka, P. and Searcy, C. (2023). Audits and COVID-19: A paradigm shift in the making. Business Horizon, 66(1), 5-11.
    5. D'Onza, G., Lamboglia, R. and Verona, R. (2015). Do IT audits satisfy senior manager expectations? A qualitative study based on Italian banks, Managerial Auditing Journal, Vol. 30 No. 4/5, pp. 413-434.
    6. Farcane, N., Bunget O. C., Blidisel, R., Dumitrescu, A. C., Deliu, D., Bogdan, O. and Burca, V. (2023). Auditors’ perceptions on work adaptability in remote audit: a COVID-19 perspective. Economic Research-Ekonomska Istraživanja, 36:1, 422-459.
    7. Gantz, Stephen D. (2014). The basics of IT audit: purposes, processes, and practical information, Syngress publications.
    8. Gu Huh Bong, Lee Sunhwa, Kim Wonsin. (2021). The impact of the input level of information system audit on the audit quality: Korean evidence, International Journal of Accounting Information Systems,Volume 43.

    10.Havelka, Douglas & Merhout, Jeffrey W., (2013). Internal information technology audit process quality: Theory development using structured group processes. International Journal of Accounting Information Systems, Elsevier, vol. 14(3), pages 165-192.

    1. Harvard University (2022). What is an Information Technology(IT) Audit? Retrieved from https://rmas.fad.harvard.edu/faq/what-does-information-systems-audit-entail
    2. INTOSAI (2019). Guidance on audit of information systems, Retrieved from http://www.issai.org.
    3. ISACA (2022). Get cisa certified: Apply for certification. Retrieved from https://www.isaca.org/credentialing/cisa/get-cisa-certified
    4. ISACA (2020). IT audit framework (itaf): A professional practices framework for it audit. Schaumburg, IL.
    5. ISACA (2015a). Information systems auditing: Tools and techniques: IS audit reporting. Rolling Meadows, IL.
    6. ISACA (2015b). Certified information system auditor (CISA): Review manual (26th ed.). Rolling Meadows, IL: ISACA.
    7. Lapalme, J. Kabiwa, V. and Tardif, P.M. (2019). Relationship between information technology auditors and auditees and their impacts on auditors, International Journal of Engineering Business Management, Volume 11: 1–16.
    8. Lewis, M. (2020). Examining the relationship between CISSP certification and job performance:A Variance-based Approach (Doctoral dissertation, Capella University).
    9. Lincoln, Y. S. and Guba, E. G. (1985). Naturalistic inquiry, Beverly Hills, CA, SAGE Publications, Inc.
    10. Lugli, E. and Bertacchini, F. (2022). Audit quality and digitalization: some insights from theItalian context, Meditari Accountancy Research, Vol. 52 No. 4, pp. 570-593
    11. Maior. P. (2015), Technologies and Methods for Auditing Databases, Procedia Economics and Finance, 26: 991 – 999.
    12. Manita, Riadh, Elommal, Najoua, Baudier, Patricia and Hikkerova, Lubica, (2020). The digital transformation of external audit and its impact on corporate governance, Technological Forecasting and Social Change, Elsevier, vol. 150(C).
    13. Mazza, T., Azzali, S. and Fornaciari, L. (2014). Audit quality of outsourced information technology controls, Managerial Auditing Journal, Vol. 29 No. 9, pp. 837-862.
    14. Mustapha, Mazlina and Lai, Soh Jin. (2017). Information Technology in Audit Processes: An Empirical Evidence from Malaysian Audit Firms, International Review of Management and Marketing, 7(2): 53-59.
    15. Muthmainnah, Yulisda, D. and Ilhadi, V. (2022). Academic Information System Audit Using Cobit 5 Domain APO Framework, International Journal of Engineering, Science & Information Technology, Volume 2, No. 1, pp. 123-130.
    16. NGUYEN, Anh Huu, HA, Hanh Hong, NGUYEN, Soa La. (2020). Determinants of Information Technology Audit Quality: Evidence from Vietnam, Journal of Asian Finance, Economics and Business Vol 7 No 4,41- 50.
    17. Nye, E., Melendez-Torres, G.J., and Bonell, C. (2016). Origins, methods and advances in qualitative meta-synthesis.Review of Education, 4(1), 57-79.
    18. Pais, Cláudio; Machado, Flávia, (2021). The influence of auditor characteristics on audit quality,"2021 16th Iberian Conference on Information Systems and Technologies (CISTI),, pp. 1-6, doi: 10.23919/CISTI52073.2021.9476493.
    19. Rodriguez, R.E., Vega, A.F.Q., Sanchez, A.F., López, A. and Pérez, J. F. (2018). Design of an Automation Model for Taking Documentary Evidence of Compliance Tests of the IT Audit, 2018 Congreso Internacional de Innovación y Tendencias en Ingeniería (CONIITI), pp. 1-5.
    20. Saffie, N.A.M., and Rasmani, K.A. (2016). Fuzzy delphi method: Issues and challenges. In 2016 International Conference on Logistics, Informatics and Service Sciences (LISS) (pp. 1-7). IEEE.
    21. Sandelowski, M., and Barros, J. (2007). Handbook for synthesizing qualitative research, Springer publishing company Inc.
    22. Sembiring, F.N. and Widur, R. (2023). The effect of auditor experience, big data and forensic audit as mediating variables on fraud detection, Journal of Theoretical and Applied Information Technology. Vol.101. No 6.
    23. Siew Eu-Gene, Yeow Paul H.P., Choon Ling Tan and Grigoriou, Nicholas (2017). Factors affecting IT Audit Quality: an Exploratory Study, Communications of the IBIMA, Vol. 2017 (2017), Article ID 802423.
    24. Sherer, S. A., & Paul, J. W. (1993). Focusing audit testing on high risk software modules: a methodology and an application. Journal of Information Systems, 7-20.
    25. Stoel, D. and D. Havelka. (2021) Information Technology Audit Quality: An Investigation of the Impact of Individual and Organizational Factors, Journal Of Information Systems, American Accounting Association,Vol. 35, No. 1
    26. Stoel, D., D. Havelka, and J. W. Merhout. (2012). An analysis of attributes that impact information technology audit quality: A study of IT and financial audit practitioners. International Journal of Accounting Information Systems 13 (1): 60–79.
    27. Thottoli, M.M. and K.V., T. (2022). Characteristics of information communication technology and audit practices: evidence from India, VINE Journal of Information and Knowledge Management Systems, Vol. 52 No. 4, pp. 570-593.
    28. Ukpere, O. (2019). Examining the relationship between human capital factors and data breach occurrences: A correlational study (Doctoral dissertation, Capella University).
    29. Vasarhelyi, M. A. and Romero, S. (2014). Technology in audit engagements: a case study, Managerial Auditing Journal, Vol. 29 Iss: 4, pp.350 – 365.
    30. Walsh, D., and Downe, S. (2005), Meta-synthesis method for qualitative research: a literature review, Journal of Advanced Nursing, 50, 204–211.
    31. Westland, J.C. (2022). Assessing Privacy and Security of Information Systems from Audit Data. Information Systems Frontiers 24, 1417–1434.

     

     

     

مطالعات مدیریت کسب و کار هوشمند
دوره 13، شماره 50
آذر 1403
صفحه 1-47
فایل ها
سابقه مقاله
  • تاریخ دریافت: 08 اردیبهشت 1403
  • تاریخ بازنگری: 30 مهر 1403
  • تاریخ پذیرش: 15 آبان 1403
هم رسانی
ارجاع به این مقاله
آمار