An Examination of Auditing Control Risk Under It

An Examination of Control Risk Under

COBIT Framework

1. Introduction

The fast growth of Information Technology changes our society significantly. IT is fully penetrating into people’s daily life, especially into business world. Almost every company involves using IT to assist its business activities. For example, more and more firms (regardless of the size and culture of the firm) start to implement IT system such as ERP system to achieve management goals. Accordingly, IT changes accounting information system (AIS) and alters how auditors conduct auditing work. Control Objectives for Information and Related Technology (COBIT) is a framework that helps companies adjust to IT environment. This paper tries to explore possible reasons for whether firms’ control risk will be lower through implementing COBIT framework and also to provide more idea about how to improve firms’ internal control under IT based AIS. The paper will be organized as follows: the second part will show related literature and hypothesis, and the third part will provide supportive reasons and explanations for my hypothesis, and the last part is conclusion and limitations of this paper.

1. Literature review and hypothesis development

Audit risk model

Audit risk refers to provide inappropriate audit opinion about material mistakes and irregularities based on firms' financial reports. A lot of factors can contribute to audit risk, such as the nature of information errors and companies' code of ethics. The Cost Benefit consideration determines how many audit risks that auditors are willing to take or accept. Auditors or auditing firms may face litigation exposure due to their inappropriate audit opinions or reports.

The audit risk can be measured by both material errors and detection failure. Material errors are generated in accounting process and cannot be controlled by auditors. However, auditors can choose to withdraw to reduce bearing the audit risk caused by material errors. Material errors may occur due to management integrity, firms' internal control and firm's economic condition. Compared with the other two determinants, management integrity has a severer consequence. For example, if managers want to take advantage of net income based compensation plan or bonus plan, they may manipulate firms' revenue and use their power to override firms' internal control. Although material errors are beyond auditors’ control, especially for management integrity, auditors can influence a firm's internal control by providing improvement suggestions via the management letter. The effectiveness and quality of firms' internal control usually determine the credibility of their financial reports and, hence, companies value and frequently conduct the internal control assessment. Auditors will take a Firm’s economic conditions into considerations, if a firm is under serious economic pressure. For example, a company that cannot meet the going concern requirements may have problem with paying back its debt and therefore make highly risky business decisions. Different from material errors, auditors can control the detection failure of the audit risk (Warren, 1979).