A case for curriculum renewal: Deficiencies in the training of prospective auditors in a technology era
The information revolution, where the evolution of technology has a pervasive impact on all aspects of life and business, is upon us. The private sector has embraced new technologies, presenting opportunities while also giving rise to new risks. Although slow to start, organisations (or audit clients – auditees) have started implementing specialist information technology (IT) governance frameworks to mitigate the risks attributable to IT. Just as organisations have changed, it is expected that external auditors (auditors), and their education and training, would also have adapted their audit approaches to account for the impact of evolving IT on auditees. This has not necessarily been the case. The standards do not provide the necessary detail guidance on IT required by auditors. The university curriculum as well as supplementary text have neither kept up to date with the rapid changes in technology or the changes in governance frameworks. The objective of this research was to perform a curriculum audit of the sufficiency of the auditing text (i.e. International Standards on Auditing (ISAs) and supporting guidances and textbooks as required by the competency framework) used in the audit specialisation of training prospective CAs (i.e. the curriculum relating to IT as part of the audit process) in ensuring graduates (i.e. future auditors) are relevant in an ever-evolving IT-driven environment The study found that although several areas of the audit curriculum are appropriate, there is in fact a gap within the current curriculum relating to IT internal controls and risks that exist at a technology level. The study calls for curriculum renewal within the audit specialisation, giving specific consideration to technology or operational-level controls within the framework of general and application IT internal controls taught.
Anderson, A. 2017. “4 Keys to the future of audit.” Thompson Reuters Checkpoint. https://tax. thomsonreuters.com/wp-content/private/pdf/checkpoint/whitepapers/Checkpoint-Al-Anderson-Whitepaper.pdf (Accessed 15 April 2019).
Arens, A. A. and J. K. Loebbecke. 1980. Auditing: An integrated approach. 2nd Edition. Englewood Cliffs: Prentice-Hall.
Boshoff, W. H. 1990. A path context model for computer security phenomena in potentially non-secure environments. PhD diss., University of Johannesburg.
Boynton, W. C. and N. J. Raymond. 2006. Modern auditing: Assurance services, and the integrity of financial reporting. 8th Edition. New York: Wiley.
Center for Audit Quality. 2014. CAQ member alert: Cybersecurity and the external audit. 2014(3) Alert. http://www.aicpa.org/interestareas/centerforauditquality/newsandpublications/caqalerts/ 2014/downloadabledocuments/caqalert_2014_03.pdf (Accessed 4 March 2016).
Center for Audit Quality. 2015. Selecting audit considerations for the 2015 audit cycle. 2015 Alert. http://www.thecaq.org/docs/default-source/alerts/select-auditing-considerations-for-the-2015-audit-cycle.pdf?sfvrsn=2 (Accessed 4 March 2016).
Center for Audit Quality. 2017. Cybersecurity: How CPAs and their firms are addressing a dynamic and complex risk. Cybersecurity factsheet. http://www.thecaq.org/cybersecurity-how-cpas-are-addressing-dynamic-and-complex-risk (Accessed 11 May 2017).
Chang, S.-I., D. C. Yen, I.-C. Chang and D. Jan. 2014. Internal control framework for a compliant ERP system. Information & Management 51(2): 187–205.
Desha, C. J., K. Hargroves and M. H. Smith. 2009. Addressing the time lag dilemma in curriculum renewal towards engineering education for sustainable development. International Journal of Sustainability in Higher Education 10(2): 184–99. https://doi.org/10.1108/14676370910949356
Flowerday, S. and R. von Solms. 2005. Real-time information integrity=System integrity+data integrity+continuous assurances. Computers & Security 24(8): 604–613.
Gartner. 2015. Hype cycle for emerging technologies identifies the computing innovations that organizations should monitor. http://www.gartner.com/newsroom/id/3114217 (Accessed 20 June 2016).
Gheorghe, M. 2010. Audit methodology for IT governance. Informatica Economică 14(1): 32–42.
Goosen, R. and R. Rudman. 2013. An integrated framework to implement IT governance principles at a strategic and operational level for medium-to large-sized South African businesses. International Business & Economics Research Journal 12(7): 835–854.
Hoogwerf, H. B. 2018. Feedback on exploring the growing use of technology in the audit. Accountancy SA April: 56–59.
Huang, S. M., W. H. Hung, D. C. Yen, I. C. Chang and D. Jiang. 2011. Building the evaluation model of the IT general control for CPAs under enterprise risk management. Decision Support Systems 50(4): 692–701.
IFAC see International Federation of Accountants.
International Federation of Accountants. 2011. Guide to using ISAs in the audits of small- and medium-sized entities. Volume 2: Practical guidance. 3rd Edition. https://www.ifac.org/publications-resources/guide-using-international-standards-auditing-audits-small-and-medium-sized-18 (Accessed 15 May 2019).
IODSA see Institute of Directors Southern Africa.
Institute of Directors Southern Africa. 2009. King Code of Governance for South Africa. http://www.ngopulse.org/sites/default/files/king_code_of_governance_for_sa_2009_updated_june_2012.pdf (Accessed 15 May 2019).
Institute of Directors Southern Africa. 2016. King IV Report on Corporate Governance for South Africa. https://cdn.ymaws.com/www.iodsa.co.za/resource/collection/684B68A7-B768-465C-8214-E3A007F15A5A/IoDSA_King_IV_Report_-_WebVersion.pdf (Accessed 15 May 2019).
IRBA see Independent Regulatory Board for Auditors.
Independent Regulatory Board for Auditors. 2016. Annual Report 2015/2016. https://www.irba.co.za/ upload/ANNUAL%20REPORT%202016%20final.pdf (Accessed 15 April 2019).
Independent Regulatory Board for Auditors. 2018. Exposure draft: Proposed international standard on auditing 315 (Revised): Identifying and assessing the risks of material misstatement. Communiques 26, 25 July 2018. https://www.irba.co.za/upload/report_files/26.-ED-ISA-315_Revised.docx (Accessed 4 September 2018).
ISACA see Information Systems Audit and Control Association.
Information Systems Audit and Control Association. 2014. COBIT 5 Process Reference Model – Processes for Governance of Enterprise IT. http://www.isaca.org/COBIT/Documents/COBIT-5-Enabling-Processes-Laminate_res_Eng_0812.pdf (Accessed 15 October 2015).
Information Systems Audit and Control Association and Protiviti. 2015. A global look at IT audit best practices: Assessing the international leaders in an annual ISACA/Protiviti Survey. http://www.isaca.org/knowledge-center/research/researchdeliverables/pages/a-global-look-at-it-audit-best-practices.aspx (Accessed 4 March 2016).
Jackson, R. D. C. and W. J. Stent. 2016. Auditing notes for South African students. 10th Edition. Southern Africa: LexisNexis.
Julisch, K., C. Suter, T. Woitalla and O. Zimmermann. 2011. Compliance by design: Bridging the chasm between auditors and IT architects. Computers and Security 30(6/7): 410–426.
Luchetti, J. P. 2015. Why Gartner’s hype cycle matters to companies and developers. DeveloperTech.com. http://www.developer-tech.com/news/2015/aug/20/why-gartners-hype-cycle-matters-companies-and-developers/ (Accessed 20 June 2016).
Marx, B., A. van der Watt and P. Bourne. 2014. Dynamic auditing. 11th Edition. Durban: LexisNexis.
Miles, D. 2016. 5 Ways technology is transforming accounting. rogercpareview.com. https://www.rogercpareview.com/blog/5-ways-technology-transforming-accounting (Accessed 24 July 2017).
Rubino, M. and F. Vitolla. 2014. Internal control over financial reporting: Opportunities using the COBIT Framework. Managerial Auditing Journal 29(8): 736–771.
SAICA see South African Institute of Chartered Accountants.
South African Institute of Chartered Accountants. 2010. Competency framework: Competencies of a Chartered Accountant (SA) at entry-point of the profession. Johannesburg.
South African Institute of Chartered Accountants. 2017. SAICA Comment letter on the IAASB’s request for input: Exploring the growing use of technology in the audit, with a focus on data analytics. https://www.saica.co.za/Portals/0/Technical/assurance/Data_Analytics.pdf (Accessed 16 May 2017).
South African Institute of Chartered Accountants. 2018. The future CA 2025. https://www.saica.co.za/ Portals/0/documents/SAICA_CAW_Future_CA_2025_Layout_v4.pdf (Accessed 15 April 2019).
Sanker, G. 2013. What is ITIL: A simple explanation. http://itsmtransition.com/2013/05/what-is-itil-a-simple-explanation (Accessed 1 June 2016).
Sayana, S. A. 2002. Auditing General and application controls. ISACA Journal 5: 1–3. http://www.isaca.org/Journal/archives/2002/Volume-5/Pages/Auditing-General-and-Application-Controls.aspx (Accessed 3 September 2015).
Singleton, T. 2010a. The minimum IT controls to assess in a financial audit (Part I). ISACA Journal 1: 1–3.
Singleton, T. 2010b. The minimum IT controls to assess in a financial audit (Part II). ISACA Journal 2: 1–5.
Stellenbosch University. 2016. Unpublished Auditing undergraduate and Honours curriculum. Stellenbosch.
Sylvester, A., M. Tate and D. Johnstone. 2013. Beyond synthesis: Re-presenting heterogeneous research literature. Behaviour & Information Technology 32(12): 1199–1215.
University of Arizona. 2016. Search strategy builder. //www.library.arizona.edu/help/tutorials/ searchBuilder.html (Accessed 18 June 2016).
Von Wielligh, P., P. Prinsloo, G. Penning, R. Butler, D. Nathan (Josset), R. Kunz, V. Motholo, G. O’Reilly, R. Rudman and H. Scholtz. 2014. Auditing fundamentals in a South African context. Cape Town: Oxford University Press.
Webster, J. and R. T. Watson. 2002. Analysing the past to prepare for the future: Writing a literature review. MIS Quarterly 26(2): xiii–xxiii.
Yang Liming Guan, D. C. 2004. The evolution of IT auditing and internal control standards in financial statement audits: The case of the united states. Managerial Auditing Journal 19(4): 544–555.
International Standards on Auditing
IAASB see International Auditing and Assurance Standards Board.
International Auditing and Assurance Standards Board. 2015a. Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment. ISA315 (Revised), Effective December 15, 2013. http://www.irba.co.za/upload/IAASB-2015-Handbook-Volume-1_0.pdf (Accessed 15 April 2019).
International Auditing and Assurance Standards Board. 2015b. Overall objectives of the independent auditor and the conduct of an audit in accordance with international standards on auditing. ISA200, Effective December 15, 2009. http://www.irba.co.za/upload/IAASB-2015-Handbook-Volume-1_0.pdf (Accessed 15 April 2019).
This journal is an open access journal, and the authorsÂ and journal should be properly acknowledged, when works are cited.
Authors, copyright holders, may use the publishers version for teaching purposes, in books, theses, dissertations, conferences and conference papers.Â
A copy of the authors' publishers version may also be hosted on the following websites:
- Non-commercial personal homepage or blog.
- Institutional webpage.
- Authors Institutional Repository.
The following notice should accompany such a posting on the website: This is an electronic version of an article published in SAJHE, Volume XXX, number XXX, pages XXX “XXX", DOI. Authors should also supply a hyperlink to the original paper or indicate where the original paper (http://www.journals.ac.za/index.php/SAJHE) may be found.
Authors publishers version, affiliated with the Stellenbosch University will be automatically deposited in the University Institutional Repository SUNScholar.
Articles as a whole, may not be re-published with another journal.
The following license applies:
Attribution CC BY-NC-ND 4.0