An examination of audit task complexity & audit risk in the context of information technology architecture intricacy & stability: a survey & case study based research of medium & large Australian organisations in the area of information systems audit

An examination of audit task complexity & audit risk in the context of information technology architecture intricacy & stability: a survey & case study based research of medium & large Australian organisations in the area of information systems audit

Purpose:
This thesis leverages Audit Judgement and Decision-Making, Behavioural Sciences, Information Technology, and Informing Science research, to build on extant Audit Task Complexity and Audit Risk research.

The purpose of this work was to determine empirically, in the context of information systems audit, if Audit Task Complexity and Audit Risk are each associated with Information Technology Architecture intricacy and stability.

Design, methodology, and approach:
Departing from experimental methods generally adopted in relevant extant research, this study adopted survey and case study research methods to test the hypotheses with real-world data collected from medium to large Australian organisations.

Senior information systems auditors and key information technology personnel pertaining to 30 participating organisations, each completed self-administered
questionnaire survey instruments. The researcher completed the same survey questionnaire instruments for 21 case studies, the data for which was derived from information systems audit working papers obtained from a second-tier accounting firm.

Partial Least Squares path modelling was used for hypothesis testing as this is best suited for non-parametric and relatively small datasets.

Findings:
From hypothesis testing, the results suggest that:

1. The extent of information systems audit findings reported to Management is positively associated with the extent of Information Technology Infrastructure component quantity; and

2. The Risk of Material Systems Failure is positively associated with the extent of Information Technology Infrastructure component diversity and inter-dependency.

Research value:
Information technology environments in a number of organisations today can present a challenge to even the most experienced information systems auditors.
This research contributes to the body of knowledge pertaining to information systems audit practitioners by identifying those Information Technology Architecture and Infrastructure elements that can present a challenge to practitioners in respect of Audit Task Complexity and Audit Risk. A better understanding of these areas would invariably benefit the profession.

Research exclusions and limitations:
Information Technology Architectures comprise many business information systems. This study excludes Personal Information Systems as these systems are generally not audited by information systems auditors and hence will not have any impact on research results. Shadow Information Technology is also excluded as metrics around these environments cannot be captured effectively or reliably; this exclusion is expected to have minimal impact on results.

Measurement limitations exist around a number of variables exist due to the availability, reliability, and extent of resources required to obtain the relevant data.