Improvements in Audit Risks Related to Information Technology Frauds

Improvements in Audit Risks Related to Information Technology Frauds

Saeed Askary (Abu Dhabi University, UAE), David Goodwin (University of Wollongong in Dubai, UAE) and Roman Lanis (University of Technology, Sydney, Australia)
Copyright: © 2012 |Pages: 12
DOI: 10.4018/jeis.2012040104
OnDemand PDF Download:
No Current Special Offers


In this paper, the authors examine how different types of fraud in most Information Technology (IT) environments affect an audit risk model from 2001 through 2008. Variations in IT fraud are questionable for determining the audit risks that affect audit quality and report. The data sources in this study came from the Computer Crime and Security Survey report (CSI) 2008. By relating different IT fraud to audit risk components through trend analysis in IT fraud improvements from 2001 to 2008, the authors measured declined percentages for control risks, inherent risks, and detection risks. They found that an improvement in control risks has been achieved up to 52.80%, 43% for detection risks, and 14% for inherent risks. An overall improvement in audit risk is 47.5%, which is a considerable development in audit quality. The study shows that progress in detecting IT fraud positively reduced audit risks and has significantly increased the audit quality since 2001.
Article Preview


Enron, the USA’s largest energy company, collapsed as the largest corporate failure in US history in 2001. The role of Arthur Andersen in this event dented the public trust on the accounting and auditing profession and financial reporting practices. In response to the collapses, enormous efforts have concentrated on rebuilding investors and the public trusts. The Sarbanes-Oxley (SOX) Act of 2002, also known as the Public Company Accounting Reform and Investor Protection Act, was a US federal law in response to the corporate and accounting scandals. The Act establishes a new quasi-public agency, the Public Company Accounting Oversight Board (PCAOB) which is charged with overseeing, regulating, inspecting, and disciplining accounting firms in their roles as auditors of public companies. The Act also covers issues such as auditor independence, corporate governance, internal control assessment, and enhanced financial disclosure. The legislation is wide-ranging and establishes new or enhanced standards for all U.S. public company boards, management, and public accounting firms. The ultimate purpose of the legislation would be ideally to produce the most reliable financial information for different user of that information. If auditors are supposed to achieve this goal, they should manage and reduce the audit risk. The lower audit risks inevitably increase audit report quality.

Recent corporate collapses and the new guidelines and legislation of Sarbanes-Oxley Act emphasize the importance of audit risks. Risk assessment in an audit environment is one of essential tasks of every external auditor. Adams et al. (2005) argue that “… clients with greater risk of fraud are less likely to engage prospective auditors in competitive bidding, consistent with the theory that these companies seek to limit access to information that might reveal their high-risk status” (p. 417). Audit risks have three components in a classic view including inherent risk, control risk and detection risk. Auditors of the financial statements are practically exposed to minimize audit risk at the actual lowest possible level. If an auditor fails to do this, then not only nature, timing and extent of other substantive procedures will be affected but also it sometimes causes to issue a wrong audit report that indeed bears auditors with heavy legal penalties. As a result, the risk of producing wrong audit reports is high when audit risk is high. According to Chemuturi (2008, p. 6): “Evaluating fraud risk factors is probably the most difficult part of assessing overall audit risk, and owes its complexity to the fact that human behavior cannot be predicted with certainty. A recent study by the Association of Certified Fraud Examiners estimated that US organizations lose approximately 5% of annual revenue to fraud.”

The reliability of information is significantly affected by the design of the computerized internal controls systems (Kearns & Baker, 2011). As IT systems prevail all over today business entities’ systems of almost all-type sizes and integrated with the internal control systems in many ways (Fukukawa et al., 2006), therefore auditors should consider their due care and skill for understanding the internal control to perform control tests during audit engagements (ISA 315). IT systems are complex by its natures and detecting any types of risks related to information systems, frauds, crimes and IT attacks causes many financial and non-financial damages to their clients. As a result, IT frauds are complex in nature and auditor expose to higher risks to those IT frauds where those frauds eventually will affect the reliability of financial statement of auditors’ client.

Despite how to detect IT frauds, we evaluate how did IT frauds detections audit risks’ components in this study. Although there are recently plenty of research on audit risks and fraud, but effect on a lack of investigation exists on how the IT frauds impact on audit risk model. This research enhances to the previous literature by establishing a contractual framework to analysis IT frauds in audit risk model. Then, we measure arithmetically the frauds in term of either increase or decrease in audit risk components and model.

Complete Article List

Search this Journal:
Volume 18: 4 Issues (2022): Forthcoming, Available for Pre-Order
Volume 17: 4 Issues (2021)
Volume 16: 4 Issues (2020)
Volume 15: 4 Issues (2019)
Volume 14: 4 Issues (2018)
Volume 13: 4 Issues (2017)
Volume 12: 4 Issues (2016)
Volume 11: 4 Issues (2015)
Volume 10: 4 Issues (2014)
Volume 9: 4 Issues (2013)
Volume 8: 4 Issues (2012)
Volume 7: 4 Issues (2011)
Volume 6: 4 Issues (2010)
Volume 5: 4 Issues (2009)
Volume 4: 4 Issues (2008)
Volume 3: 4 Issues (2007)
Volume 2: 4 Issues (2006)
Volume 1: 4 Issues (2005)
View Complete Journal Contents Listing