Determinants of Information Technology Audit Quality: Evidence from Vietnam

  • NGUYEN, Anh Huu (Dean, School of Accounting and Auditing, The National Economics University) ;
  • HA, Hanh Hong (Lecturer, School of Accounting and Auditing, National Economics University) ;
  • NGUYEN, Soa La (Lecturer, School of Accounting and Auditing, National Economics University)
  • Received : 2020.02.07
  • Accepted : 2020.03.01
  • Published : 2020.04.30


The paper aims to investigate auditors, auditing firms and other external factors that affect quality of information technology audit in Vietnam. We conducted 2 types of data collections including direct and on survey. For direct survey, we sent directly to auditors at the training classes organized by State Securities Exchanges Commission. An online survey was established and Google doc link was provided to the Big4 and non-Big4 auditors. We received 138 survey responses in that 90 auditors came from Big4 and 48 auditors from non-Big4 firms. The data are analyzed using a factor analysis and compare means approaches to illustrate the potential IT audit quality factors and identify differences between two groups of auditors. The results show that independence and accounting knowledge and audit skills are the most important factors. And since external auditors perform many assurance services, the independence is critical. The result also shows that the auditors need to have enough competent and professional skills when conducting an audit, especially within an IT environment that requires high quality. The findings suggest a similar pattern of two groups in the context of Vietnam and some factors of auditors and auditing firms appear to have a statistically significant impact on quality of IT audit.


1. Introduction

Globalization opens up new ways to develop and integrate biotechnology, nanotechnology, information technology for developing countries. Currently, many countries have broad access channels to new technologies and their applications (Dnishev & Alzhanova, 2016). The rapid escalation of technology and the use of computers in current accounting practice result in more information technology (IT) auditing to manage the IT risks which has been increasingly appeared in organizations and businesses. The fundamental purposes of an IT audit within organizations are to provide management with assurance that its control responsibilities over automated system are actually being met (Havelka & Merhout, 2012). IT audit may serve various related stakeholders of an organization, thus there have been different definitions on IT audit quality. According to The International Organization of Supreme Audit Institutions (INTOSAI, 2019), IT audit is the examination and evaluation of an organization’s information technology infrastructure, policies and operations.

Recent research has addressed the importance of IT audit as well as the demand for IT assurance activities(Weidenmier & Ramamoorti, 2006). According to Stoel, Havelka, and Merhout (2012) the increased demand for IT audit services has been driven by two primary reasons: firstly, the increased spending and reliance on IT for business operations and secondly, new legislation and professional requirements related to the audit of the IT environment.

Major concerns over IT audit relate to the confidentiality, integrity, availability and reliability of data on computers and other processing system such as electronic data processing (EDP). The auditing profession therefore has been faced with a need to provide increased guidance for audit conducted in an IT environment (Yang, 2004). There are various authoritative bodies, such as the American Institute of Certified Public Accountants(AICPA) and the International Federation of Accountants(IFAC) has released guidance for auditors on this area. The increased demand for IT audit and issuance of new legislation emphasizes the importance of performing the services in the most efficient and effective manner, in other words, the importance of IT audit quality.

When it comes to IT audit quality, many attempts have been made in order to better define and explore insight into this area agree that we should start with the concept of audit quality. For many decades ago, the debates over the audit quality issues have finally ended up with an introduction of a standardized framework developed Public Company Accounting Oversight Board (PCAOB, 2015a). This common framework that has been used by PCAOB and the International Auditing and Assurance Standard Board(IAASB) releases 28 potential indicators fall into three elements: audit professionals, audit process and audit results (PCAOB, 2015a). The fundamental framework also has been applied in many studies to identify factors may affect quality of various types of audit.

In the case of Vietnam, however there is an increased interest in the IT audit, it still has been a new industry that is mainly occupied by Big4 firms. There also has not been yet any official legal framework for IT audit activities. In 2018 Vietnam State Audit issued a draft guideline for auditing IT systems, IT projects and auditing in IT environment basing on International Standards of Supreme Audit Institutions (ISSAI) 5300. The guideline is expected to support auditors improving IT audit quality in current practices.

The purpose of this research is to identify and evaluate potential attributes found in prior research and framework that are reported to impact the quality of IT audit in the context of Vietnam. This research is necessary and important for several reasons. Firstly, we base on the fundamental framework of PCAOB (2015a) and expand the prior research of Havelka and Merhout (2012) and contribute new findings to IT audit literature. Specifically, under the context of Vietnam where has been experiencing the change of industrial economy to the digital economy, we emphasize on discovering additional potential IT audit quality indicators.

Secondly, the results of the research have implications for researchers and practitioners. For researchers, the results enrich the knowledge of IT audit theoretical framework. For practitioners, such as auditing firms, policy makers and governments, the results provide a list of items should be considered prior to, during and after conducting an IT audit. For analysts, improve IT audit quality also like enhance the quality of financial audit when high-quality audit contributes to financial report quality, therefore improving the analyst’s information set (Chu & Ki, 2019).

Thirdly, we also apply the factor analysis to differentiate in IT audit quality perceptions between two distinct groups of Big4 and non-Big 4 auditors. The findings are expected to help audit managers to improve audit quality.

The remainder of the study is arranged as follows. Section 2 provides a literature review. Section 3 follows by presenting the research methodology. Section 4 presentsand discusses results. Section 5 represents conclusion of the research.

2. Literature Review

Although there is no common universal definition of IT audit, the definition of IT audit applied within this paper will be in line with INTOSAI (2019) ISSAI 5330. An IT audit can be defined as the examination and evaluation of an organization‟s information technology infrastructure, policies and operations. The IT audit can be considered as the process of collecting and evaluating evidence to determine whether a computer system safeguards assets, maintains data integrity, allows organizational goals to be achieved effectively and use resources efficiently. Like other types of audit, such as financial audit and operating audit, IT audit also focuses on purposes of protecting assetsand/or the effectiveness and efficiency of activities embedded in information technology environment. The auditing literature generally discusses the notion of quality in terms of effectiveness (Arena & Azzone, 2009; Dowling, 2009) and efficiency (Ghosh & Moon, 2005). Accordingly, the meaning of effectiveness, efficiency and quality of audit engagements is a fundamental goal of IT audit process.

Over the decades ago, attempts have been made to better define and explore insight into audit quality meaning. The audit quality was divided into various categorizes, for example, supple-side and demand-side (Reisch, 2000). Chae, Nakano, and Fujitani (2020) use Big4 auditors as a proxy for audit quality measure. Rahman, Reah, and Chaudhory (2019) stated that Big4 audit firms have better audit quality than others and mostly depend on their reputation and size. The debates over the audit quality issues have finally ended up with an introduction of a standardized framework developed by Public Company Accounting Oversight Board (PCAOB, 2015a). This common framework that has been used by PCAOB and the International Auditing and Assurance Standard Board(IAASB) releases 28 potential indicators fall into three elements: audit professionals, audit process and audit results (PCAOB, 2015a). However, PCAOB also encourage researcher to identify other potential audit quality indicators(AQIs). A majority of research, such as, Brown, Gissel, and Gordon (2016), based on the audit professionals and audit process to illustrate six categories of AQIs namely: auditor mood or affect, auditor knowledge and confidence, individual auditor activity, audit team activity, audit firm environment and audit firm activity. Knechel, Krishnan, Pevzner, Shefchik, and Velury (2013) captured the audit quality from the audit committee perspective and identified variety of attributes that may influence audit quality.

When it comes to IT audit quality literature, the literature review suggests many determinants as the same as factors that may impact financial audit quality. The potential reason is IT audit process is similar to the financial audit. Previous research related to IT audit quality have explored the potential impact of the IT related activities of auditors and the use of computer-based tools(Burton, 2000; Janvrin, Bierstaker & Lowe, 2009) the effect of internal control reliability on IT audit hours and fees(Daigle, Kizirian, & Sneathen, 2005); the reliance of auditor on IT control system to detect misstatements(Messier, Eilifsen, & Austen, 2004). For example, Sherer and Paul (2014) illustrated that “IT audit scoping” and “IT audit planning” have significantly impact on IT audit quality. The authors also suggested an auditee could improve IT audit quality of outsourced IT control by directly evaluating the service provider in its location and supplementing these with auditors reports attesting the reliability of the design and operating effectiveness of outsourced IT control.

Additional prior research on IT audit quality focus on factors coming from auditors and auditing firms that can be identified as external factors. Recently researchers have explored the IT proficiency of auditors and the importance of IT knowledge for assuarance practitioners as one critical component of IT audit (Wilkinson, 2004; Curtis & Payne, 2008). Majdalaweih and Zaghloul (2009) conducted a survey revealed that 87 percent of respondents agree that IT auditors can play a major role in helping to ensure successful IT project. Additionally, Vasaherlyi and Romero(2014) found that auditing firms have different cultures, practices and employee competencies and hence affect the use of technology to varying degrees. They indentified a slight difference between two groups of Big4 and non-Big4 firms and suggest that further research should include more auditing firms, different types of practices and different employee teams.

Havelka and Merhout (2008) towarded developing a theory for the IT audit process utilized group data gathering techniques with IT auditors to create a framework of logical factors, internal and external, related to IT audit quality. They identified a large of over 260 attributes that were suggested by auditors, however, they did not provide any further evidence to support these logical factors. To some extent, they have some concepts that could be similar to financial audit quality.

A research by Havelka and Merhout (2008) extended the prior works and they intergrated others attributes from the general audit quality domain and relevant items in the financial audit quality domain. They present 13 factors of both internal and external side, namely: independence, accounting knowledge and audit skills, business process knowledge, responsiveness, fieldwork and audit procedures, business scale and audit scope, auditability, auditor experience, IT and controls knowledge, planning and methodology, resource availability, auditee relationship, business environment.

3. Research Methodology

The purpose of the research is to refine and validate attributes suggested in literature review and prior research(Sutton & Arnold, 201; Worrell, Digangi, & Bush, 2012; Stoel, Havelka & Merhout, 2012; Havelka & Merhout, 2012). In addition, understanding the relative perceived important of factors and the attributes provides an opportunity to focus on critical concern and illustratesrecommendations. We also would like to explore the differences in perception about IT audit quality between two participants groups of Big 4 and non-Big 4 auditors. The reason behind the comparison is that Big4 auditing firms dominantly operate in IT audit, thus they gained more experiences than non-Big4 firms.

Starting with various research results on audit quality, we then based on prior surveys and other research where IT audit quality attributes have been identified. We conducted in depth interviews with knowledgeable and experienced practitioners and academic researchers to evaluate each indicator of factors on IT audit quality in the context of Vietnam. Finally, we present 13 factors with 54 items in 3 groups: internal factors of auditors/audit teams, internal factors of auditing firms and external factors. The questionnaire is structured in two main parts: Personal information and Survey questions. The first part of personal information includes question of respondent’s position, audit firm, gender and number of year working. The second part divided into three sections representing three groups of 13 factors was operationalized using the following proxies adapted from Havelka and Merhout (2008); Carcello, Hermanson and McGrath (1992); Lowenshon, Johnson, Elder, and Davies (2007) as following:

(1) Independence factor includes seven items: (i) The audit team maintains independence in appearance and in fact; (ii) The audit team has strict quality control procedures; (iii) A thorough study of internal controls is performed; (iv) The audit team focuses on facts, does not act as an advocate for the auditee; (v) The audit team members conduct the audit field work in an appropriatemanner; (vi) The audit team members have high ethical standards; (vii) Audit team members never engage in any actions that would compromise their independence.

(2) Accounting knowledge and audit skills factor includes five items: (i) Audit team members are knowledgeable about accounting; (ii) The audit team makes extensive use of statistical techniques in conducting the audit; (iii) The audit team's understanding of the accounting system is adequate; (iv) The majority of audit team personnel have passed the CPA exam; (v) The audit team members are competent in their knowledge/application of GAAP and GAAS.

(3) Business process knowledge includes three items: (i) Audit team members are knowledgeable about business practices and processes in the industry; (ii) Audit team members are knowledgeable about your business practices and processes; (iii) The audit team has the necessary industry expertise to effectively audit your company.

(4) Responsiveness factor consist of three items: (i) The audit group effectively works in a team environment with the auditee organization; (ii) The audit team is responsive to the auditee's needs; (iii) The audit team is agreeable to completing the audit within management's timeframe.

(5) Fieldwork and audit procedures factor consist of four items: (i) The audit team utilizes common documentation templates and forms; (ii) Audit team has strict sign off procedures for completed audit steps; (iii) Fieldwork is reviewed by a higher level audit team member; (iv) Prior audit work notes and results are available for review.

(6) Business scale and audit scope factor includes two items: (i) Inclusion of geographically and culturally dispersed business units and processes in the audit, and (ii) Number of business units, processes, or systems involved in audit.

(7) Auditability factor consist of three items: (i) Auditee provides competent support to assist in data gathering; (ii) Well defined organizational standards and processes (of auditee) with adequate documentation; (iii) The audit team has access to unique resources (people, databases, tools) for specialized audit requirements.

(8) Auditor experience includes three items: (i) The audit team has an appropriate amount of prior experience in auditing your company; (ii) Lead audit manager has worked in your industry for at least 2 years; (iii) Lead audit personnel have been on your audit at least 2 years.

(9) IT and controls knowledge includes five items: (i) The audit team provides valuable suggestions to management; (ii) Audit team members are very knowledgeable about internal controls and business processes; (iii) Audit team members are very knowledgeable about information security and data processing; (iv) Audit team members are very knowledgeable about information technology and accounting systems; (v) The majority of audit team has passed the certified information systems auditor (CISA) exam.

(10) Planning and methodology factor consist of six items: (i) The audit is adequately planned; (ii) The audit team utilizes a robust audit methodology to plan and manage the audit; (iii) Risk-based audit approach is used to develop audit plan, and risk assessment model is understandable; (iv) Audit manager is active in planning and conducting the audit; (v) Audit objectives, scope and plan are documented and agreed to by auditee and audit team; (vi) Frequent communication between audit manager and management.

(11) Resource availability factor includes five items: (i) Ability of audit team to gather independent data without reliance on auditee; (ii) The audit team members maintained a skeptical attitude throughout the audit engagement; (iii) Computer-assisted auditing tools (CATs, e.g. ACL) are used for testing and analysis; (iv) The audit team is diverse (e.g., thoughts; ways of doing work; background; experiences); (v) Sufficient resources exist to meet audit scope and timeframe.

(12) Auditee relationship factor includes three items: (i) Auditee understands the audit process and purpose of the audit; (ii) Audit team effectively utilizes issue and conflict resolution practices; (iii) Audit team has good communication skills.

(13) Business environment factor consist of five items: (i) The amount of organizational change occurring within the auditee’s organization; (ii) The use of outsourcing within the business processes or systems being audited; (iii) The level of regulatory compliance required within the auditee's industry; (iv) The level of automation within the organization, process or system being audited; (v) The existence of well-defined audit trails within the auditee organization and systems being audit.

A Linkert scale questions ranging from 1 = no impact, 2 = slightly impactful, 3 = moderately impactful, 4 = very impactful, 5 = extremely impactful were applied.

We conducted 2 types of data collections including direct and on survey. For direct survey, we sent directly to auditors at the training classes organized by State Securities Exchanges Commission. An online survey was established and Google doc link was provided to the Big4 and non-Big4 auditors. We received 138 survey responses in that 90 auditors (65.2%) came from Big4 and 48 auditors (34.8%) from non-Big4 firms. Most of the respondents are experienced auditors who have at least 3 years. Moreover, most of them are General Director, Manager, Senior and Senior in charge of audit team. These qualities appear to indicate that we collected a pool of auditors with wide ranging experience.

In order to determine the relationships between individual item and identified factors, we need to perform the factor analysis. One issue concerning to factor analysis result is sample size. We based on two methods for determining an appropriate sample size that are: the ratio between responses and items, and an absolute number of responses (Guadagnoli & Velicer, 1988). The first approach suggests analysts should choose a certain number of unique responses. The second approach of “absolute number of response” states that the sample estimate likely represents the population when samples reach a certain size. The suggested sample sizes start at 100 responses. Sample size of this study qualifies the requirement of this guidance and includes of 138 respondents.

4. Results and Discussion

4.1. Cronbach’s Alpha Test

Table 1 shows the alpha coefficient for the 54 items is 0.966, suggesting that the items have relatively high internal consisteny with the specific sample (Henseler, 2010).

Table 1: Reliability statistics

OTGHEU_2020_v7n4_41_t0001.png 이미지

Table 2 presents items-total statistics results, any item with total correlation less than 0.3 and Cronbach Alpha less than 0.6 should be eliminated from the scale. The final column “Cronbach Alpha if item deleted” shows the result that removal of any question would result in a lower Cronbach Alpha. Therefore we would keep the set of questionnaire. Moreover, the Cronbach Alpha values above 0.6 and 0.7 are considered fitting in exploratory studies(Hair, Hult, Ringle, & Sarstedt, 2014).

Table 2: Items - total statistics

OTGHEU_2020_v7n4_41_t0002.png 이미지

4.2. Exploratory Factor Analysis (EFA)

EFA is applied to assess the convergent and validity of the constructs. Before conducting EFA, we obtain a test for significance the correlation matrix for the variables being analyzed in order to decide whether factoring the variables is appropriate. Table 3 shows the tests that indicate the suitability of the data for structure detection. KMO returns value between 0 and 1, specifically from 0.8 to 1 indicate the sampling is adequate. High values that are close to 1.0 generally indicate that the factor analysis is useful with data.

Table 3: KMO and Barlett‟s test result

OTGHEU_2020_v7n4_41_t0003.png 이미지

4.3. Evaluation of IT Audit Quality Indicators Between Groups

In order to identify the importance level of each attributes, the first analysis on data focused on analyzing the average score of individual attributes (questions) rated by all respondents and determine the highest and lowest rated attributes. Table 4 identifies the top ten highest rated attributes. As can be seen, each individual attributes in important as all have mean.

Table 4: Impact level of ten highest items on it audit quality

OTGHEU_2020_v7n4_41_t0004.png 이미지

The general focus of the highest rated attributes is on accounting knowledge and audit skills, which is agreed by both Big4 and non-Big4 auditors. There are three items of accounting and audit skills factor are considered to have the strongest impact to IT audit quality. The result is consistent with Carcello, Hermanson, and McGrath (1992) found accounting and audit expertise and partner involvement as the highest rated items. However, in comparison to Stoel, Havelka, and Merhout (2012) the most important attribute is on audit planning and fieldwork. This may indicate that the quality of IT audit mostly depends on the competent of auditors. In addition, auditors are suggested to gain good knowledge not only about an organization‟s information technology infrastructure, policies and operations but also about unique business practices and processes in the industry that an IT system embedded.

Independence appears to be an important factor. It includes items related to threats to the independence of auditors and proper conduct of performing internal control tests. In practice, the framework on ethics IESBA code (International Ethics Standards Board for Accountants) states that in the case of public interest entities, the audit firm shall not design or implement IT services that form a significant part of the internal control or generate information on which the firm will express an opinion.

Auditability includes two items regarding to external factors that come from the organization, which is being audited (auditee). It indicates that if the auditors may be well supported with adequate documentation by auditee, the IT audit quality will be enhanced. We generally find the idea that the factors related to auditee may affect the IT audit quality. This result has not been necessarily identified in literature review, but only Stoel, Havelka, and Merhout(2012) stated that. These two attributes are slightly different between two existing groups of Big4 and non-Big4 auditors. While these items are supposed to be in top three highest impact by non Big4 auditors, the rate of Big4 auditors shown as having less impact on IT audit quality. As audits become increasingly required to be independence by framework, these results suggest that Big4 participants seem to be more independence of mind and in appearance with their clients than non-Big4.

Another important attributes found was belonged to Fieldwork and Audit Procedure represents the audit team use of appropriate templates, forms, tools and proper documentation and authority procedures for each step in the audit. Prior researches do agree with this result and illustrated that the conduct of fieldwork is positively associated with audit quality as a whole and IT audit quality specifically (Carcello, Hermanson, & McGrath, 1992; Stoel, Havelka, & Merhout, 2012). Interestingly, although the item of “Fieldwork is reviewed by a higher level audit team member” was eliminated in the research of Stoel, Havelka, and Merhout (2012), it appears to be important factor affecting IT audit quality. This result gives us a general idea that review by a higher level within an audit team may be a key step to assure the quality of IT audit.

The last two items on the list relate to IT control and knowledge factor. Although, we focus on IT audit, both respondents do not rate the indicators of IT knowledge and activities high. It could be the fact that the IT control is a part of internal control and auditors need to evaluate when assessing internal control system as a whole. It appears to be surprising, as we do not found the specific attributes of IT factor identified in prior research.

Different form previous studies (Stoel, Havelka, & Merhout, 2012), no item has been eliminated from the scale. Especially, question 18 refers to “Fieldwork is reviewed by a higher level audit team member” is high ranked by two groups of respondent.

4.4. Evaluation of IT Audit Quality Factor Analysis Between Groups

The mean perceived indicators importance results are based on a single pooled sample could lead to be different in perspectives within factors. We therefore perform a test of overall perceived importance of IT audit factors on IT audit quality. Table 5 presents the mean perceived importance of group factors in that the internal factors of auditing firms have the strongest impact to IT audit quality, the internal factors of auditors and external factors following respectively. With the average score of approximately above 4.0, very impactful level in our scale(1 = no impact, 5 = extremely impactful), all three group factors relatively impact on IT audit quality. There has been a slight difference between two respondents as Big4 auditors depend much on factors of auditing firm

Table 5: Impact level of group factors to it audit quality

OTGHEU_2020_v7n4_41_t0005.png 이미지

Table 6 shows the mean perceived of each 13 IT audit quality factors based on all respondents and ranked based on two existing group: Big4 and non-Big4 auditors. Overall, both 13 sub-factors have individual ranked score of over 3.0 at impactful level in our scale (1 = no impact, 5 = extremely impactful), indicating that all these impact the IT audit quality. Firstly, similar to the previous section of analyzing indicators individually, Independence and Accounting knowledge and audit skills have been shown as the most important factors. As found in the literature review, the Independent concept has been recognized as important in various prior researches on audit quality. And since external auditors perform many assurance services, the Independence is critical. The result also shows that the auditors need to have enough competent and professional skills when conducting an audit, especially within an IT environment that requires high quality.

Table 6: Impact level of factors to it audit quality

OTGHEU_2020_v7n4_41_t0006.png 이미지

Other factors such as Planning and methodology, Fieldwork and audit procedures, Auditor experience with auditee, are reported to be important factors, however, there are slightly differences between two existing groups. Big4 auditors ranked the importance of planning and methodology as higher than non-Big4 auditors; this may indicate that the integration and complexity of IT system requires sound planning and a strong methodology to perform high quality IT audits.

In contrast, the non-Big4 respondents evaluate the Accounting knowledge and audit skills to be more important than Big4 respondents illustrating that when audit become increasingly integrated between financial and IT system, these practitioners need to be aware of the differing perspectives on IT audit quality. Practically, the IT audit task is dominantly occupied by Big4 firms where competent and experienced auditors frequently deal with specific IT audit. We also interpret the result to suggest that IT audits require further understanding the unique systems as well as the IT systems within an organization.

The bottom items as Resource availability, Business process knowledge and experience and Business scale and audit scope are similarly ranked by two groups of participants. The ranked score of these factors around 3.0, the neutral point in our scale indicating that they impact the quality of IT audit.

4.5. Discussion and Recommendations

The demand for IT audit has increased with additional high expectation on quality of IT audit. In Vietnam, IT audit is a relatively new industry which is dominant by Big4 companies and mostly performed under types of financial audit or internal audit services. There still has not been an official regulation to assess and control the quality of IT audit. In 2018 State Audit Office of Vietnam has released a draft of guidelines to IT audit in practice. Based on the ISSAI 5300 of INTOSAI, the draft divided into 3 parts: auditing on IT system, IT project and IT environment. The documents are expected to help auditors improving quality of IT audit. However, it is necessary in need of a research may reflect determinants associated with IT audit quality.

In the context of Vietnam, this study has a focus of identifying and evaluating factors are considered to impact the IT audit quality in prior research. The result illustrates 13 factors associated with IT audit quality. This is in line with Carcello, Hermanson, and McGrath (1992); Havelka and Merhout (2012); Stoel, Havelka, and Merhout (2012) studies that confirmed that these factors influence the quality of IT audit. By contrast to prior research, our result shows that the 54 attributes have been remained unchanged and each of items has influenced on IT audit quality. Auditors (both Big4 and non Big4) operating in Vietnam auditing firms evaluated Independence and Accounting knowledge and Audit skills have strongest impact. Basically, we may conclude that Independence is the most important issue regarding auditors’ performance in practice. Guidlines and frameworks also emphasize on this concern as the integrated nature of IT within many aspects of the business may require greater reliance on internal IT and business personnel to assist with data collec-tion and analysis. Accounting knowledge and Audit skills focuses on compentent and professional skills of auditors to understand how IT is supporting the business and accounting system as a whole and specific IT issues.

We also identify differences in perspectives of two groups of existing auditors. The empirical studies shows that the differences addressing into six areas: Planning and Methodology, Fieldwork and Audit procedures, Auditability, Responsiveness, Business Environment and Business process knowledge and experience. These differences come to us with a suggestion that it may be useful for audit firms to ensure the IT audit personnel acknowledge the purpose, scope and activities of the business processes as well as the embedded IT system. This concern is especially for non Big4 firms where IT audit process and control is less standardised than Big4 firms.

Based on the empirical result, we would like to propose some recommendations in the context of Vietnam.

Firstly, Independence is considered as the most important factor to the quality of IT audit. The auditors therefore need to be independence of mind and independence in appearance. The auditors must be free from situations and relationships that make it probable that a reasonable and informed third parties would conclude that objectivity either is impaired or could be impaired. This also means that auditors must be straightforward and honest and that give fair and impartial consideration to all matters that are relevant to the task in hand. When it comes to audit firms, Independence considerations require firms to identify threats, evaluate and apply safeguards, when necessary, to eliminate the threats to Independence or reduce them to an acceptable level.

Secondly, auditors must be aware that professional competence and due care. As result illustrates, auditors must maintain professional knowledge and skill, especially in IT area, at the level required to ensure that a client (auditee) or employer receives competent professional service based on current developments in practice, legislation and techniques, and act diligently and in accordance with applicable technical and professional standards. It audit team members are not well equipped in IT audit, they should seek external advice from external profession.

Finally, audit firms should enhance IT audit quality control itself by developing corporate governance regulations, professional or regulatory monitoring and disciplinary procedures, properly prepare audit planning and audit methodology which emphasizes on test of control to evaluate risks within IT system. Audit firms may also apply external review by legally empowered third party of the reports, returns, communication or information produced by a professional chartered accountant.

5. Conclusion

In conclusion, although this research focuses on IT audit quality, it follows logically many concepts identified in the frameworks, theory and practice to apply in many types of audits. The research also reached the objectives to assess and evaluate factors identified in literature review into the context of Vietnam. Based on the result, research team would like to present some recommendations to enhance IT audit quality. The identification of this research may benefit various interested stakeholders such as audit firms, regulators, and academic researchers. The audit firms should consider factors to continuously improve IT audit quality. Academic researchers may benefit from the study by utilizing a concept of IT audit and conduct further analysis on this area. Regulators as State Audit Office and the Government also base on the result to regulate macroeconomic stainable.


  1. Arena, M., & Azzone, G. (2009). Internal audit effectiveness: relevant drivers of auditees satisfaction. International Journal of Auditing, 13(1), 43-60.
  2. Burton, R. N. (2000). Discussion of Information Technology-Related Activities of Internal Auditors. Journal of Information Systems, 14(1), 57-60.
  3. Brow, V., Gissel, J., & Gordon, N. D. (2016). Audit quality indicators: perceptions of junior-level auditors. Managerial Auditing Journal, 31(8/9), 949-980.
  4. Carcello, J., Hermanson, R., & McGrath, N. (1992). Audit quality attributes: the perceptions of audit partners, preparers and financial statement users. Auditing Journal Practice Theory, 12(11), 1-15.
  5. Chae, S. J., Nakano, M., & Fujitani, R. (2020). Financial reporting opacity, audit quality and crash risk: evidence from Japan. Journal of Asian Finance, Economics and Business, 7(1), 9-17.
  6. Chu, J. & Ki, E. S. (2019). Do auditor's efforts of interim review curb the analyst forecast's walkdown? Journal of Asian Finance, Economics and Business, 6(2), 45-54.
  7. Curtis, M. B., & Payne, E. A. (2008). An examination of contextual factors and individual characteristics affecting technology implementation decisions in auditing. International Journal of Accounting Information Systems, 9(2), 104-121.
  8. Daigle, R. J., Kizirian. T., & Sneathen, L. D. J. (2005). Systems controls reliability and assessment effort. International Journal of Auditing, 9(1), 79-90.
  9. Dnishev, F., & Alzhanova, F. (2016). Globalization of technological development and opportunities for national innovation systems of developing countries. Journal of Asian Finance, Economics and Business, 3(4), 67-79.
  10. Dowling, C. (2009). Appropriate Audit Support System Use: The Influence of Auditor, Audit Team, and Firm Factors. The Accounting Review, 84(3), 771-810.
  11. Guadagnoli, E., & Velicer, W. (1988) Relation of sample size to the stability of component patterns. Psychological Bulletin, 103(2), 265-275.
  12. Ghosh, A., & Moon, D. (2005). Auditor tenure and perceptions of audit quality. The Accounting Review, 80(2), 585-612.
  13. Hair, J. F., Hult, G. T. M., Ringle, C. M. and Sarstedt, M. (2017). A Primer on Partial Least Squares Structural Equation Modeling (PLS-SEM) (2nd ed.). Thoudsand Oaks, CA: Sage Publishing.
  14. Havelka, D., & Merhout, W.J. (2008). Information technology auditing: a value-added IT governance partnership between IT management and audit. Journal Association of Information Systems, 23(26), 463-483.
  15. Havelka, D., & Merhout, W. J. (2012). Internal information technology audit process quality: theory development using structured group processes. International Journal of Accounting Information Systems, 14(3), 165-192.
  16. Henseler, J. (2010). On the convergence of the partial least squares path modeling algorithm. Computational Statistics, 25(1), 107-120.
  17. INTOSAI (2019). Guidance on audit of information systems. Retrieved August 1, 2019 from
  18. Janvrin, D., Bierstaker, J., & Lowe, D. J. (2009). An investigation of factors influencing the use of computer-related audit procedures. Journal of Information Systems, 23(1), 97-118.
  19. Knechel, W. R., Krishnan, G. V., Pevzner, M., Shefchik, L. B., & Velury, U.K. (2013). Audit quality: insights from the academic literature. Auditing-a Journal of Practice & Theory, 32(1), 385-421.
  20. Lowensohn, S., Johnson, L., Elder, R., & Davies, S. (2007). Auditor specialisation, perceived audit quality and audit fees in the local government audit market. Journal of Accounting Public Policy, 26(6), 705-732.
  21. Majdalaweh, M., & Zaghloul, I. (2009). Paradigm shift in information systems auditing. Managerial Auditing Journal, 24(4), 352-367.
  22. Messier, W. F. Jr., Eilifsen, A., & Austen, L. A. (2004). Auditor detected misstatements and the effect of information technology. International Journal of Auditing, 8(3), 223-235.
  23. PCAOB (2015a). Concept release on audit quality indicators (Release No. 2015-005). Retrived October 8, 2019 from
  24. Rahman, M. M., Meah, M. R., & Chaudhory, N. U. (2019). The impact of audit characteristics on firm performance: an empirical study from an emerging economy. Journal of Asian Finance, Economics and Business, 6(1), 59-69.
  25. Reisch, J. (2000). Ideas for future research on audit quality. The Audit Report, 24(1), 1-13.
  26. Sutton, S. G., & Arnold, V. (2013). Focus group methods: using interactive and nominal groups to explore emerging technology-driven phenomina in accounting and information systems. International Journal Accounting Information System, 14(2), 81-88.
  27. Sherer, S. A., & Paul, J. W. (1993). Focusing audit testing on high risk software modules: a methodology and an application. Journal of Information Systems, 7-20.
  28. Stoel, D., Havelka, D., & Merhout, W. J. (2012). An analysis of attributes that impact information technology audit quality: a study of IT and financial audit practitioners. International Journal of Accounting Information Systems, 13(1), 60-79.
  29. Vasarhelyi, M. A., & Romero, S. (2014). Technology in audit engagements. Managerial Auditing Journal, 29(4), 350-365.
  30. Weidenmier, M. L., & Ramamoorti, S. (2006). Research opportunities in information technology and internal auditing. Journal of Information Systems, 20(1), 205-219.
  31. Wilkinson, D. (2004). The CICA's IT competency model. International. Journal of Accounting Information Systems, 5, 245-250.
  32. Worrell, J. L., Digangi, P. M., & Bush, A. A. (2012). Exploring the use of the Delphi method in accounting information systems research. International Journal Accounting Information Systems, 14(2013), 193-208.
  33. Yang, D. C. (2004). The evolution of IT auditing and internal control standards in financial statement audits: the case of the United States. Managerial Auditing Journal, 19(4), 544-555.

Cited by

  1. Determinants of E-invoice Adoption: Empirical Evidence from Vietnam vol.7, pp.7, 2020,
  2. Evaluation of Auditors' Professional Skills in Local Auditing Firms in Hanoi vol.7, pp.9, 2020,
  3. Information and Communication Technology Adoption in Small- and Medium-Sized Enterprises: Demographic Characteristics vol.7, pp.10, 2020,
  4. The Effect of Non-Audit Services on Auditor Independence: Evidence from Vietnam vol.7, pp.12, 2020,
  5. Factors Affecting the Internal Audit Effectiveness of Steel Enterprises in Vietnam vol.8, pp.1, 2020,
  6. Components Constituting the Audit Expectation Gap: The Vietnamese Case vol.8, pp.1, 2020,