Abstract
This study analyses the characteristics of IT auditing in banks. Based upon two Italian case studies, the article provides a qualitative assessment of the objectives of the IT audit, the activities performed, the stakeholders served and the critical success factors that influence the capability of IT auditing to add value. The results show that the scope of the IT auditing function has extended; nowadays senior managers expect IT auditors to support them in the evaluation of the IT system and in the assessment of IT security controls. Regarding IT auditing activities, the most commonly performed are risk assessment and information security risk assessment. Considering stakeholders, the interviewees revealed that the main stakeholders are executive managers, while the critical success factors are the characteristics of the control environment, the capacity of the IT auditor to stay in touch with the business, and behavioural skills.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
CBOK: Common Body of Knowledge IN Internal Auditing. Project in Progress. The Institute of Internal Auditors, Altamonte Springs, FL (2010)
Alkafaji, Y., Hussain, S., Khallaf, A., Majdalawieh, M.: Characteristics of an Internal Audit Activity. The Institute of Internal Auditing Research Foundation, Altamonte Springs (2011)
Allegrini, M., D’onza, G., Melville, R., Selim, G., Sarens, G.: What’s the Next for Internal Auditing. The Institute of Internal auditing research foundation, Altamonte Springs (2011)
Lacity, M.C., Willcocks, L.P., Feeny, D.F.: IT outsourcing: maximize flexibility and control. Harvard Bus. Rev. 73, 85–93 (1995)
Ang, S., Straub, D.W.: Production and transaction economies and IS outsourcing: a study of the U.S. banking industry. MIS Q. 22, 535–552 (1998)
Vasarhelyi M., Romero S., Kuenkaikaew S., Littley, J.: Adopting continuous audit/ continuous monitoring in internal audit. ISACA J. 3, 1−5 (2012)
Champlain, J.J.: Auditing Information Systems. Wiley, Hoboken (2003)
Weber, R.: EDP Auditing: Conceptual Foundations and Practice. McGraw-Hill, New York (1998)
Pathak, J.: Information Technology Auditing: an Evolving Agenda. Springer, Berlin (2005)
Buchanan, S., Gibb, F.: The information audit: an integrated approach. Int. J. Inf. Manag. 18, 29–47 (1998)
Senft, S., Gallegos, F.: Information Technology Control and Audit, 3rd edn. Auerbach Publications, Taylor & Francis Group, Auerbach (2009)
Wright, C., Freedman, B., Liu, D.: The IT Regulatory and Standards Compliance Handbook: How to Survive an Information Systems Audit and Assessments. Elsevier, Burlington (2008)
Omoteso, K., Patel, A., Scott, P.: Information and communications technology and auditing: current implications and future directions. Int. J. Auditing. 14, 147–162 (2010)
Moeller, R.R.: IT Audit, Control, and Security. Wiley, Hoboken (2010)
IT Governance Institute (ITGI): Cobit 4.0, Rolling Meadows, USA (2005)
IT Governance Institute (ITGI): IT control objectives for Sarbanes Oxley and board briefing on IT governance. Rolling Meadows, USA (2003)
Henderson, J.C., Venkatraman, N.: Strategic alignment: leveraging information technology for transforming organizations. IBM Syst. J. 38, 472–484 (1993)
Adams, P., Cutler, S., McCuaig, B., Rai, S., Roth, J.: Sawyer s Guide for Internal Auditors, 6th edn. The IIA Research Foundation, Altamonte Springs, Florida (2012)
Chambers, A., Rand, G.: The Operational Auditing Handbook. Auditing, Business and IT Process, 2nd edn. Wiley, Chichester (2011)
Roth, J.: Academic culture, business culture and measuring achievement differences: internal auditing views. Educational policy studies dissertations, digital archive. Georgia State University, Atlanta (2012)
Bou-Raad, G.: Internal auditors and a value-added approach: the new business regime. Manag. Auditing J. 15, 182–187 (2000)
MihretD, G., Woldeyohannis, G.Z.: Value-added role of internal audit: an Ethiopian case study. Manag. Auditing J. 23, 567–595 (2008)
Stoel, M.D., Muhanna, W.A.: IT internal control weaknesses and firm performance: an organizational liability lens. Int. J. Acc. Inf. Syst. 12, 280–304 (2011)
Teo, T.S.H., Wong, P.K., Chia, E.H.: Information technology (IT) investment and the role of firm: an explanatory study. Int. J. Inf. Manage. 20, 269–286 (2000)
Sarens, G., De Beelde, I.: Building a research model for internal auditing: insights from literature and theory specification cases. Int. J. Acc. Auditing Perform. Eval. 3, 452–470 (2006)
Yin, R.K.: Case Study Research: Design and Methods. SAGE Publications, London (2003)
Miles, M.B., Huberman, A.M.: Qualitative Data Analysis, 2nd edn. Sage Publications, London (1994)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Lamboglia, R., D’Onza, G. (2014). IT Auditing in Italian Banks: An Explanatory Study. In: Baglieri, D., Metallo, C., Rossignoli, C., Pezzillo Iacono, M. (eds) Information Systems, Management, Organization and Control. Lecture Notes in Information Systems and Organisation, vol 6. Springer, Cham. https://doi.org/10.1007/978-3-319-07905-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-07905-9_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07904-2
Online ISBN: 978-3-319-07905-9
eBook Packages: Business and EconomicsBusiness and Management (R0)