Doctoral Degrees (School of Accountancy)
Permanent URI for this collection
Browse
Browsing Doctoral Degrees (School of Accountancy) by Subject "Control environment"
Now showing 1 - 1 of 1
Results Per Page
Sort Options
Item Open Access A maturity level assessment of the use of generalised audit software by internal audit functions in the South African banking industry(University of the Free State, 2016-12) Smidt, Lodewicus Adriaan (Louis); Van der Nest, D. P.; Lubbe, D. S.English: Today’s business practices are characterised by accelerating growth in the use of technology and “big data”. It is almost unthinkable now for any organisation to function successfully without relying on its underlying information technology infrastructure: this is especially pertinent within the banking industry. Banking practices are no longer restricted to one country or jurisdiction but are characterised by cross-border transactions in multiple countries under a plethora of different legal and regulatory frameworks. For this reason, banks are reliant on a global network of data processing and information management systems to provide their core banking services and to enable them to effectively manage the macroeconomic elements of their industry. This cross-border interaction between international banks increases the systemic nature of risk in that in the event that an unwanted incident occurs it will almost inevitably affect more than just a single branch or company. The global financial crisis that occurred in 2007 was evidence of the systemic nature of risk to which the financial industry was (and remains) exposed. It further provided proof that no organisation or bank is too big or too powerful to escape unaffected. It further emphasised that excessive risk taking can be detrimental to the existence of an organisation, which in turn validated the necessity for organisations, and especially banks, to make use of reliable and independent assurance functions. As a consequence of the crisis, the banking industry continues to face ongoing and intense scrutiny by investors, the public and the banking industry’s own supervisors. In addition, increased reliance has been placed on the value that an internal audit function can contribute by enhancing a bank’s internal control environment. Internal audit, as one of an organisation’s independent assurance providers, is tasked with the important responsibility of providing an opinion regarding the effectiveness of governance, risk management and the internal controls of an organisation. However, the internal audit function today has to conduct its duties in control environments that are dominated by information technology and big data. In the same way that organisations’ and especially banks’ business models have been transformed as a result of the increased use of technology and the ever growing generation of and reliance on big data, it has equally impacted the manner in which internal audit is practiced today. This study is therefore motivated by the interest in understanding the use of technology-based tools (more specifically the use of GAS) by internal audit functions in the locally controlled South African banks. This study comprises a literature review and an empirical investigation. The literature review was undertaken to gain insight into the extent and applicability of the use of GAS by the internal audit profession, and more specifically the internal audit functions of the locally controlled South African banks. The literature review indicates that the use of GAS by internal audit functions is still at a relatively low level of maturity, despite the accelerating adoption of information technology and generation of big data within organisations. The literature review was then followed by empirical research. The results of this empirical study also confirm that the maturity of the use of GAS by the internal auditors employed by locally controlled South African banks is still lower than expected, given that we are now fully immersed in a technological-driven business environment. The empirical research component was conducted using a structured questionnaire. The structured questionnaire was developed to collect data regarding the use of GAS by the internal auditors employed by locally controlled South African banks, and specifically to address the following objectives: (1) To measure the existing practices of internal audit functions in the locally controlled South African banking industry regarding the use of GAS, against a benchmark developed from recognised data analytic maturity models, in order to assess the current maturity levels of the locally controlled South African banks in the use of this software for tests of controls; (2) To explore and identify the purposes for which GAS is presently being used by these internal audit functions; and (3) To develop recommendations that may assist internal audit functions in the locally controlled South African banking industry to reach their desired maturity levels. Opinions and perceptions were obtained from 9 of the 10 heads of internal audit departments that comprise the locally controlled segment of South Africa’s banking industry. This high response rate enabled the researcher to reach meaningful conclusions and make recommendations regarding the current preferences and applications of GAS employed by these internal audit functions. In addition, the results of this study have provided a deeper understanding of the current level of maturity of the use of GAS by the internal auditors employed by locally controlled South African banks. In addition, the results provide useful insights for internal audit practitioners, GAS vendors, professional auditing bodies (such as the IIA and ISACA), academia and researchers.