IT auditing activities of public sector auditors in Malaysia

Abstract

Information technology (IT) has become an increasingly important tool for the Malaysian government to improve the delivery of its services. However, advances in information technology continuously render control procedures obsolete. Indispensably audit methodology has to evolve to keep abreast with the change in technology. This study investigates the IT practices of the public sector auditors in Malaysia. We examine IT evaluation based on IT audit objectives, organisational characteristics, competency of auditor and usage of Computer Assisted Audit Tools and techniques (CAATTs). Self-administered questionnaires were mailed to 400 public sector auditors providing a usable sample size of 73. The results show that application processing control and data integrity, privacy and security control were the most frequent evaluations performed by public sector auditors. The most frequent IT audit objective is the evaluation of compliance with policies, procedures and evaluation of internal control and these objectives are performed differently in different divisions. CAATTs have been used most frequently as a problem solving aid. Several appealing patterns emerged from the eight regression models. The findings provide important implications for research on IT and public sector auditing.