A case for curriculum renewal: Deficiencies in the training of prospective auditors in a technology era

R. Rudman, N.D. Sexton



The information revolution, where the evolution of technology has a pervasive impact on all aspects of life and business, is upon us. The private sector has embraced new technologies, presenting opportunities while also giving rise to new risks. Although slow to start, organisations (or audit clients – auditees) have started implementing specialist information technology (IT) governance frameworks to mitigate the risks attributable to IT. Just as organisations have changed, it is expected that external auditors (auditors), and their education and training, would also have adapted their audit approaches to account for the impact of evolving IT on auditees. This has not necessarily been the case. The standards do not provide the necessary detail guidance on IT required by auditors. The university curriculum as well as supplementary text have neither kept up to date with the rapid changes in technology or the changes in governance frameworks. The objective of this research was to perform a curriculum audit of the sufficiency of the auditing text (i.e. International Standards on Auditing (ISAs) and supporting guidances and textbooks as required by the competency framework) used in the audit specialisation of training prospective CAs (i.e. the curriculum relating to IT as part of the audit process) in ensuring graduates (i.e. future auditors) are relevant in an ever-evolving IT-driven environment The study found that although several areas of the audit curriculum are appropriate, there is in fact a gap within the current curriculum relating to IT internal controls and risks that exist at a technology level. The study calls for curriculum renewal within the audit specialisation, giving specific consideration to technology or operational-level controls within the framework of general and application IT internal controls taught.



curriculum renewal, accounting education, auditing, IT governance

Full Text:



Anderson, A. 2017. “4 Keys to the future of audit.” Thompson Reuters Checkpoint. https://tax. thomsonreuters.com/wp-content/private/pdf/checkpoint/whitepapers/Checkpoint-Al-Anderson-Whitepaper.pdf (Accessed 15 April 2019).

Arens, A. A. and J. K. Loebbecke. 1980. Auditing: An integrated approach. 2nd Edition. Englewood Cliffs: Prentice-Hall.

Boshoff, W. H. 1990. A path context model for computer security phenomena in potentially non-secure environments. PhD diss., University of Johannesburg.

Boynton, W. C. and N. J. Raymond. 2006. Modern auditing: Assurance services, and the integrity of financial reporting. 8th Edition. New York: Wiley.

Center for Audit Quality. 2014. CAQ member alert: Cybersecurity and the external audit. 2014(3) Alert. http://www.aicpa.org/interestareas/centerforauditquality/newsandpublications/caqalerts/ 2014/downloadabledocuments/caqalert_2014_03.pdf (Accessed 4 March 2016).

Center for Audit Quality. 2015. Selecting audit considerations for the 2015 audit cycle. 2015 Alert. http://www.thecaq.org/docs/default-source/alerts/select-auditing-considerations-for-the-2015-audit-cycle.pdf?sfvrsn=2 (Accessed 4 March 2016).

Center for Audit Quality. 2017. Cybersecurity: How CPAs and their firms are addressing a dynamic and complex risk. Cybersecurity factsheet. http://www.thecaq.org/cybersecurity-how-cpas-are-addressing-dynamic-and-complex-risk (Accessed 11 May 2017).

Chang, S.-I., D. C. Yen, I.-C. Chang and D. Jan. 2014. Internal control framework for a compliant ERP system. Information & Management 51(2): 187–205.

Desha, C. J., K. Hargroves and M. H. Smith. 2009. Addressing the time lag dilemma in curriculum renewal towards engineering education for sustainable development. International Journal of Sustainability in Higher Education 10(2): 184–99. https://doi.org/10.1108/14676370910949356

Flowerday, S. and R. von Solms. 2005. Real-time information integrity=System integrity+data integrity+continuous assurances. Computers & Security 24(8): 604–613.

Gartner. 2015. Hype cycle for emerging technologies identifies the computing innovations that organizations should monitor. http://www.gartner.com/newsroom/id/3114217 (Accessed 20 June 2016).

Gheorghe, M. 2010. Audit methodology for IT governance. Informatica Economică 14(1): 32–42.

Goosen, R. and R. Rudman. 2013. An integrated framework to implement IT governance principles at a strategic and operational level for medium-to large-sized South African businesses. International Business & Economics Research Journal 12(7): 835–854.

Hoogwerf, H. B. 2018. Feedback on exploring the growing use of technology in the audit. Accountancy SA April: 56–59.

Huang, S. M., W. H. Hung, D. C. Yen, I. C. Chang and D. Jiang. 2011. Building the evaluation model of the IT general control for CPAs under enterprise risk management. Decision Support Systems 50(4): 692–701.

IFAC see International Federation of Accountants.

International Federation of Accountants. 2011. Guide to using ISAs in the audits of small- and medium-sized entities. Volume 2: Practical guidance. 3rd Edition. https://www.ifac.org/publications-resources/guide-using-international-standards-auditing-audits-small-and-medium-sized-18 (Accessed 15 May 2019).

IODSA see Institute of Directors Southern Africa.

Institute of Directors Southern Africa. 2009. King Code of Governance for South Africa. http://www.ngopulse.org/sites/default/files/king_code_of_governance_for_sa_2009_updated_june_2012.pdf (Accessed 15 May 2019).

Institute of Directors Southern Africa. 2016. King IV Report on Corporate Governance for South Africa. https://cdn.ymaws.com/www.iodsa.co.za/resource/collection/684B68A7-B768-465C-8214-E3A007F15A5A/IoDSA_King_IV_Report_-_WebVersion.pdf (Accessed 15 May 2019).

IRBA see Independent Regulatory Board for Auditors.

Independent Regulatory Board for Auditors. 2016. Annual Report 2015/2016. https://www.irba.co.za/ upload/ANNUAL%20REPORT%202016%20final.pdf (Accessed 15 April 2019).

Independent Regulatory Board for Auditors. 2018. Exposure draft: Proposed international standard on auditing 315 (Revised): Identifying and assessing the risks of material misstatement. Communiques 26, 25 July 2018. https://www.irba.co.za/upload/report_files/26.-ED-ISA-315_Revised.docx (Accessed 4 September 2018).

ISACA see Information Systems Audit and Control Association.

Information Systems Audit and Control Association. 2014. COBIT 5 Process Reference Model – Processes for Governance of Enterprise IT. http://www.isaca.org/COBIT/Documents/COBIT-5-Enabling-Processes-Laminate_res_Eng_0812.pdf (Accessed 15 October 2015).

Information Systems Audit and Control Association and Protiviti. 2015. A global look at IT audit best practices: Assessing the international leaders in an annual ISACA/Protiviti Survey. http://www.isaca.org/knowledge-center/research/researchdeliverables/pages/a-global-look-at-it-audit-best-practices.aspx (Accessed 4 March 2016).

Jackson, R. D. C. and W. J. Stent. 2016. Auditing notes for South African students. 10th Edition. Southern Africa: LexisNexis.

Julisch, K., C. Suter, T. Woitalla and O. Zimmermann. 2011. Compliance by design: Bridging the chasm between auditors and IT architects. Computers and Security 30(6/7): 410–426.

Luchetti, J. P. 2015. Why Gartner’s hype cycle matters to companies and developers. DeveloperTech.com. http://www.developer-tech.com/news/2015/aug/20/why-gartners-hype-cycle-matters-companies-and-developers/ (Accessed 20 June 2016).

Marx, B., A. van der Watt and P. Bourne. 2014. Dynamic auditing. 11th Edition. Durban: LexisNexis.

Miles, D. 2016. 5 Ways technology is transforming accounting. rogercpareview.com. https://www.rogercpareview.com/blog/5-ways-technology-transforming-accounting (Accessed 24 July 2017).

Rubino, M. and F. Vitolla. 2014. Internal control over financial reporting: Opportunities using the COBIT Framework. Managerial Auditing Journal 29(8): 736–771.

SAICA see South African Institute of Chartered Accountants.

South African Institute of Chartered Accountants. 2010. Competency framework: Competencies of a Chartered Accountant (SA) at entry-point of the profession. Johannesburg.

South African Institute of Chartered Accountants. 2017. SAICA Comment letter on the IAASB’s request for input: Exploring the growing use of technology in the audit, with a focus on data analytics. https://www.saica.co.za/Portals/0/Technical/assurance/Data_Analytics.pdf (Accessed 16 May 2017).

South African Institute of Chartered Accountants. 2018. The future CA 2025. https://www.saica.co.za/ Portals/0/documents/SAICA_CAW_Future_CA_2025_Layout_v4.pdf (Accessed 15 April 2019).

Sanker, G. 2013. What is ITIL: A simple explanation. http://itsmtransition.com/2013/05/what-is-itil-a-simple-explanation (Accessed 1 June 2016).

Sayana, S. A. 2002. Auditing General and application controls. ISACA Journal 5: 1–3. http://www.isaca.org/Journal/archives/2002/Volume-5/Pages/Auditing-General-and-Application-Controls.aspx (Accessed 3 September 2015).

Singleton, T. 2010a. The minimum IT controls to assess in a financial audit (Part I). ISACA Journal 1: 1–3.

Singleton, T. 2010b. The minimum IT controls to assess in a financial audit (Part II). ISACA Journal 2: 1–5.

Stellenbosch University. 2016. Unpublished Auditing undergraduate and Honours curriculum. Stellenbosch.

Sylvester, A., M. Tate and D. Johnstone. 2013. Beyond synthesis: Re-presenting heterogeneous research literature. Behaviour & Information Technology 32(12): 1199–1215.

University of Arizona. 2016. Search strategy builder. //www.library.arizona.edu/help/tutorials/ searchBuilder.html (Accessed 18 June 2016).

Von Wielligh, P., P. Prinsloo, G. Penning, R. Butler, D. Nathan (Josset), R. Kunz, V. Motholo, G. O’Reilly, R. Rudman and H. Scholtz. 2014. Auditing fundamentals in a South African context. Cape Town: Oxford University Press.

Webster, J. and R. T. Watson. 2002. Analysing the past to prepare for the future: Writing a literature review. MIS Quarterly 26(2): xiii–xxiii.

Yang Liming Guan, D. C. 2004. The evolution of IT auditing and internal control standards in financial statement audits: The case of the united states. Managerial Auditing Journal 19(4): 544–555.

International Standards on Auditing

IAASB see International Auditing and Assurance Standards Board.

International Auditing and Assurance Standards Board. 2015a. Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment. ISA315 (Revised), Effective December 15, 2013. http://www.irba.co.za/upload/IAASB-2015-Handbook-Volume-1_0.pdf (Accessed 15 April 2019).

International Auditing and Assurance Standards Board. 2015b. Overall objectives of the independent auditor and the conduct of an audit in accordance with international standards on auditing. ISA200, Effective December 15, 2009. http://www.irba.co.za/upload/IAASB-2015-Handbook-Volume-1_0.pdf (Accessed 15 April 2019).

DOI: https://doi.org/10.20853/34-2-3535


  • There are currently no refbacks.

eISSN: 1753-5913

Copyright © 2016 South African Journal of Higher Education

Hosted by Stellenbosch University Library and Information Service since 2016.

Creative Commons License -CC BY-NC-ND 4.0

This journal is hosted by the SU LIS on request of the journal owner/editor. The SU LIS takes no responsibility for the content published within this journal, and disclaim all liability arising out of the use of or inability to use the information contained herein. We assume no responsibility, and shall not be liable for any breaches of agreement with other publishers/hosts.