Investigating the Relationship between Internal Audit Characteristics and Information Technology Control Concerning the Mediating Role of Internal Audit Participation

Document Type : Original Article

Authors
Ali Ebrahimi Kordlar 1
maryam rahnama 2
Atena Khazen 3
1 Associate Prof., Department of Accounting and Auditing, Faculty of Accounting and Financial Sciences, College of Management, University of Tehran, Tehran, Iran
2 Accounting, Faculty of Accounting and Auditing, University of Tehran, Iran.
3 Ph.D. Candidate, Department of Accounting, Faculty of Accounting and Auditing, University of Tehran, Tehran, Iran
10.22034/aimj.2024.229262
Abstract
This study investigated the relationship between internal audit characteristics and IT control with regard to the mediating role of internal audit performance participation. The present study is applied and descriptive-survey based on the structural equation model in terms of data collection. The statistical population of internal auditors of companies listed in the Tehran Stock Exchange was selected, and considering the size of the available population, 246 questionnaires were received to increase the validity of the study and were used as the basis for statistical analysis. To test the hypotheses, the probability value obtained from fitting the model in the mode of parameter significance was used. The appropriateness (fitness) of the proposed model was examined by explaining the hypotheses in the mode of standard estimation and parameter significance using SmartPLS software. The results at the five percent error level showed that IT knowledge and IT audit competence are significantly positively correlated with internal audit performance in the quality of IT communication. IT knowledge, internal audit roles, and IT audit competencies are positively related to internal audit functions in IT governance processes. Hence, the distinctive characteristics of an internal audit department can enhance the involvement of internal audit functions in IT governance. This interaction can enhance the effectiveness of IT controls. The findings indicated that internal audit roles do not have a significant impact on internal audit functions in the quality of IT communication.

Keywords

Abbott, L. J., Daugherty, B., Parker, S. & Peters, G. F. (2016). Internal audit quality and financial reporting quality: The joint importance of independence and competence. Journal of Accounting Research, 54(1), 3-40.
Abdolmohammadi, M. J. & Boss, S. R. (2010). Factors associated with IT audits by the internal audit function. International Journal of Accounting Information Systems, 11(3), 140-151.
Abubaker, F. & El-Badri, H.A. (2022). Using Digital Storytelling as a Tool for Reflection in the Libyan EFL Literature Classroom. In English as a Foreign Language in a New-Found Post-Pandemic World. IGI Global, pp. 182–205.
Akram, M.S., Goraya, M.A.S., Malik, A. & Aljarallah, A.M. (2018). Organizational performance and sustainability: exploring the roles of IT capabilities and knowledge management capabilities. Sustainability, 10(10), 3816.
Ali, S. & Green, P. (2012). Effective information technology (IT) governance mechanisms: An IT outsourcing perspective. Information systems frontiers, 14(2), 179-193.
Allataifeh, H.A. & Moghavvemi, S. (2022). Digitally-Enabled Innovation Processes: The Emergence of a New Management Logic. In Emerging Technologies for Innovation Management in the Software Industry. IGI Global, pp. 44–59.
Boritz, J.E., Hayes, L. & Lim, J.H. (2013). A content analysis of auditors’ reports on IT internal control weaknesses: The comparative advantages of an automated approach to control weakness identification. International Journal of Accounting Information Systems, 14(2), 138-163..
Bradley, R. V., Byrd, T. A., Pridmore, J. L., Thrasher, E., Pratt, R. M. & Mbarika, V. W. (2012). An empirical examination of antecedents and consequences of IT governance in US hospitals. Journal of Information Technology, 27(2), 156-177.
Coderre, D. (2005). Continuous Auditing: Implications for Assurance, Monitoring and Risk Assessment. GTAG# 3-Global. In: Technology Audit Guide. The Institute of Internal Auditors, NJ.
De Haes, S., Caluwe, L., Huygh, T. & Joshi, A. (2020). Governance Objectives to Lead Digital Transformation. In Governing Digital Transformation (pp. 47-61).Springer, Cham.
De Haes, S. & Van Grembergen, W. (2009). An exploratory study into IT governance implementations and its impact on business/IT alignment  Information Systems Management, 26 (2), 123–137.
De Haes, S., Van Grembergen, W. & Debreceny, R. S. (2013). COBIT 5 and enterprise governance of information technology: Building blocks and research opportunities. Journal of information systems, 27(1), 307-324.
DeLone, W., Migliorati, D. & Vaia, G. (2018). Digital IT governance. In: CIOs and the Digital Transformation. Springer, Cham, pp. 205–230.
Donathan, C. (2012). So, you want to be an IT auditor: practitioners need a combination of technical and people skills to forge a career in auditing Technology. Internal Auditor, 69 (5), 25–27.
Ege, M. S. (2015). Does internal audit function quality deter management misconduct?. The Accounting Review, 90(2), 495-527.
Héroux, S. & Fortin, A. (2013). The internal audit function in information technology governance: A holistic perspective. Journal of Information Systems, 27(1), 189-217.
Hair, J. F., Hult, T. M., Ringle, C. M. & SarstedtM, A. (2013). Primer on Partial Least Squares Structural Equation Modeling (PLS-SEM). London: SAGE.
Haislip, J.Z., Masli, A., Richardson, V.J., Sanchez, J.M. (2016). Repairing organizational legitimacy following information technology (IT) material weaknesses: Executive turnover, IT expertise, and IT system upgrades. Journal of Information Systems, 30(1), 41-70.
Hall, J.A. (2015). Information Technology Auditing. Cengage Learning.
Hermanson, D. R., Hill, M. C. & Ivancevich, D. M. (2000). Information technology‐related activities of internal auditors. Journal of Information Systems, 14(s-1), 39-53.
Huang, S. M., Hung, W. H., Yen, D. C., Chang, I. C. & Jiang, D. (2011). Building the evaluation model of the IT general control for CPAs under enterprise risk management. Decision Support Systems, 50(4), 692-701.
Institute of Internal Auditors (IIA) (2012). International Standards for the Professional Practice of Internal Auditing. The Institute of Internal Auditors, Altamonte Springs, FL.
Institute of Internal Auditors (IIA) (2018). Global Technology Audit Guide (GTAG): Auditing IT Governance. The Institute of Internal Auditors, Lake Mary, FL.
IT Governance Institute (ITGI) (2013). COBIT 5 for Assurance. IT Governance Institute, Rolling Meadows, IL.
KPMG (2021a) Trends in material weaknesses Retrieved from https://assets.kpmg/content/dam/kpmg/bm/pdf/2022/02/materials-weakness-non-ipo.pdf.
KPMG (2021b). Agile, resilient & transformative Retrieved from https://assets.kpmg/content /dam/kpmg/xx/pdf/2021/08/agile-resilient-and-transformative-report. pdf.
Li, C., Peters, G. F., Richardson, V. J. & Watson, M. W. (2012). The consequences of information technology control weaknesses on management information systems: The case of Sarbanes-Oxley internal control reports. Mis Quarterly, 179-203.
Lunardi, G. L., Maçada, A. C. G., Becker, J. L. & Van Grembergen, W. (2017). Antecedents of IT governance effectiveness: An empirical examination in Brazilian firms. Journal of information systems, 31(1), 41-57.
Merhout, J. W. & Havelka, D. (2008). Information technology auditing: A value-added IT governance partnership between IT management and audit. Communications of the Association for Information Systems, 23(1), 26.
Mulyana, R., Rusu, L. & Perjons, E. (2021). IT governance mechanisms influence on digital transformation: A systematic literature review. In Twenty-Seventh Americas' Conference on Information Systems (AMCIS), Digital Innovation and Entrepreneurship, Virtual Conference, August 9-13, 2021 (pp. 1-10). Association for Information Systems (AIS).
Nfuka, E. N. & Rusu, L. (2011). The effect of critical success factors on IT governance performance. Industrial Management & data systems, 111(9), 1418-1448.
Nicoletti, B. (2013). Governance of Cloud Computing. In Cloud Computing in Financial Services. Palgrave Macmillan, London, pp. 87–117.
Paiva, I.E., Maravilhas, S., Marinho, F.S. & Sampaio, R.R. (2021). Digital transformation, public policies, and the triple helix: a case study of the city of Salvador. In: Handbook of Research on Digital Transformation and Challenges to Data Security and Privacy. IGI Global, pp. 289–310.
Pang, M. S. (2014). IT governance and business value in the public sector organizations—The role of elected representatives in IT governance and its impact on IT value in US state governments. Decision Support Systems, 59, 274-285.
Pizzini, M., Lin, S. & Ziegenfuss, D. E. (2015). The impact of internal audit function quality and contribution on audit delay. Auditing: A Journal of Practice & Theory, 34(1), 25-58.
Prawitt, D. F., Smith, J. L. & Wood, D. A. (2009). Internal audit quality and earnings management. The accounting review, 84(4), 1255-1280.
Spremic, M. (2017). Governing digital technology–how mature IT governance can help in digital transformation?. International Journal of Economics and Management Systems, 2.
Steinbart, P. J., Raschke, R. L., Gal, G. & Dilla, W. N. (2018). The influence of a good relationship between the internal audit and information security functions on information security outcomes. Accounting, Organizations and Society, 71, 15-29.
Stewart, J. & Subramaniam, N. (2010). Internal audit independence and objectivity: emerging research opportunities. Managerial auditing journal, 25(4), 328-360.
Stoel, M. D. & Muhanna, W. A. (2011). IT internal control weaknesses and firm performance: An organizational liability lens. International Journal of Accounting Information Systems, 12(4), 280-304.
Teffo, M.C., Motjolopane, I. & Masenya, T.M. (2022). Academic library innovation through a business model canvas lens: a case of South African Higher Education Institutions. In: Innovative Technologies for Enhancing Knowledge Access in Academic Libraries. IGI Global, pp. 22–39.
Wallace, L., Lin, H. & Cefaratti, M. A. (2011). Information security and Sarbanes-Oxley compliance: An exploratory study. Journal of Information Systems, 25(1), 185-211.
Wu, S. P. J., Straub, D. W. & Liang, T. P. (2015). How information technology governance mechanisms and strategic alignment influence organizational performance. MIS quarterly, 39(2), 497-518.
Wu, T-H., Huang, S.Y., Chiu, A-A. & Yen, D.C. (2024). IT governance and IT controls: Analysis from an internal auditing perspective, International Journal of Accounting Information Systems, 52, https://doi.org/10.1016/j.accinf.2023.100663.
Yu, P., Chen, D. & Ahuja, A. (2022). Smart and Sustainable Economy: How COVID-19 Has Acted as a Catalyst for China's Digital Transformation. In AI-Enabled Agile Internet of Things for Sustainable FinTech Ecosystems (pp. 106-146). IGI Global Scientific Publishing.
 

  • Receive Date 31 July 2025
  • Accept Date 14 September 2025