AN AUDIT RISK MODEL FOR IT AUDIT ECOSYSTEMS AND DIGITAL TRANSFORMATION (DX) DECISION MAKING

ABSTRACT

Strategy has become indispensable for survival in a contemporary business environment. The role of IT audit or assurance review is now viewed from two perspectives – first, as an independent assessor and, second, as a consulting expert advisor. IT auditors are, therefore, expected to plan their reviews such that their scarce IT audit resources will be put to efficient use and at the same time effectively provide advisory opinions on IT governance and strategies to leverage business executives’ function towards the achievement of their specified business objectives. The study used the design science approach using the audit risk model as a conceptual model to develop an objective approach to identify the quality of risk inherent in a digital transformation (dx) project. A major design output was that an Audit Risk model for IT (IAR) in the context of digital transformation is calculated as IAR = PR × SR × RR, where was PR is Primary Risk, SR is Secondary Risk and RR is Residual Risk. Also, Return on IT investment (ROI) has an inverse correlation with PR and was relevant in estimating the PR given IAR as equivalent to ROI. A mixture of a multiple case study approach, quasi experimentation and the Delphi method was used to evaluate the model. The Delphi approach used produced an overall significant value in evaluators’ understanding of the usefulness, ease of use and acceptability of the model as an IS/IT audit risk model for the assessment of digital risks and strategies of different organisations. The ICC which was used to measure the Intra-Class Correlation (ICC) which is the reliability of agreement among the participating evaluators showed an average ICC of 0.90 with a significant p-value of 0.000 to prove the validity of the model. The study contributes to practice because it provides a tool to assist IT audit practitioners and other business IT assessors to reduce the risk of subjectivity in the allocation of IT audit resources at the planning stage of the audit or assessment.

Disclosure Statement

No potential conflict of interest was reported by the author(s).

Additional information

Notes on contributors

Sampson Anomah

Sampson Anomah; ORCID ID: https://orcid.org/0000-0003-0030-4306Email: [email protected]. Dr Sampson Anomah holds a PhD in Information Systems (Auditing) from the University of Cape Town, South Africa. He is a qualified member and fellow of the Association of Certified Chartered Accountants (ACCA), U.K. He is a Senior Lecturer in Kumasi Technical University, Ghana and currently, Head of Department of the Department of Accountancy and Accounting Information Systems in Kumasi Technical University. His research interest is in the field of Accounting Information Systems focussing on Auditing, Internal Control, Accounting, Compliance and Risk Management.

Boadu Ayeboafo

Boadu Ayeboafo; ORCID ID: https://orcid.org/0000-0001-5886-1485Email: [email protected]. Dr Boadu Ayeboafo holds a PhD in Business (Finance) from the SMC Swiss Management Center AG: Zug, ZG, CH. He holds fellowship qualification of the Association of Certified Chartered Accountants (ACCA), U.K and a Platinum member/trainer of Sage Accounting. He is a Lecturer at the Department of Accountancy and Accounting Information Systems in Kumasi Technical University, Ghana. His research interest is in the areas of accounting and finance.

Maurice Aduamoah

Maurice Aduamoah; ORCID ID: https://orcid.org/0000-0001-5639-211X. Email: [email protected]. Dr Maurice Aduamoah holds a PhD in Management Science and Engineering from Wuhan University of Technology, China. He is a Senior Lecturer at the Department of Accountancy and Accounting Information Systems. His research interest is in the fields of accounting software implementation and IT auditing.