A Short Essay

CHALLENGES TO INFORMATION TECHNOLOGY-BASED AUDITS

Support from IT/IS Auditors for Financial Audit Assignment in the Public Sector
By: Agung Kurniawan

Challenges to Information Technology-Based Audits

Information technology-based audits implies that a variety of tools or
devices is used in the field of information technology that constantly evolves, in
order to support the audits. Information technology-based audits may refer to the
use of electronic information systems to access and process data, as well as the
use of a wide variety of audit application programs (software) to perform an audit.
Information systems/ information technology has been used in most of the
activities related to state/local finance governance. Both the revenue system and
the expenditure system in the state and in local governments have adapted
massive and extremely fast development in information technology. In so doing,
the role that information technology-based audits play is becoming increasingly
vital.
The use of electronic
information systems for data
access and processing is
known as e-audit. E-audit
allows the auditor to be
Any auditors appointed to perform an audit
connected with the auditee
based on the Audit Standards shall collectively
and remote data access can
have sufficient skills for the audit that they
be directly processed by the
perform, for an example:
auditor. To perform an audit,
If the audit requires an extensive review of an
it is very possible that both
information system, then the audit team shall
the e-audit or the field audit
have qualified auditor with skills in the field
requires variety of data
of information technology audits.
processing applications. Its
called
Computer-Assisted
Audit Techniques (CAATs).
The example of CAATs is using Microsoft Excel application program or more
advanced application programs to perform further examinations using forensic
audit tools.
Statement on Auditing Standards (PSP) 01
Paragraph 10 letter d number 2) in State
Finance Audit Standards (SPKN) reads:

CAATs is defined as the use of certain software that an auditor employs to

perform an audit and to attain the objective of the audit. The most important
technique of CAATs is Generalized Audit Software (GAS), a device for data
processing and analysis. CAATs are used to collect/ analyze data as well as
document and report the audit.
Tools used in CAATs include data processing software such as ACL,
Arbutus Analyzer and SQL Server. While for the purposes of investigations that
require digital forensics, a number of application programs such as Forensics

Challenges to IT/IS Auditors in The Transformation of Information System

Page 4

A Short Essay

Data (using several application programs like En case, Safe Back, Norton Ghost),
Password Recovery Toolkit, restoring data after a user deletes the data (like
WipeDrive and Secure Clean) and discovering changes in digital data (DriveSpy)
are commonly used.
In addition to the use of various tools of information technology and data
processing (both hardware and software) as mentioned above, auditors required to
have competence in information technology/ systems. Auditors in the environment
of state finance are also necessary to meet this competency requirement.
The state/local financial governance continues to develop. The use of
information technology in various sectors of the government becomes more
extensive. Electronic public services, the use of non-cash/ bank-to-bank payment
systems, and fully computerized systems of governmental accounting require the
control of state auditors who have competence in the field of information
technology. These challenges to information technology mastery are issues that
are currently included as one of the major challenges to auditors in the state
finance environment.
Reflections on Technology-Based Audits Implemented by BPK and Indonesia
State Audit Board of The Republic of Indonesia (BPK RI) seeks to optimize
the use of information technology to help prevent corruption, collusion and
nepotism in state institutions. The information technology that is used, among
others, includes electronic audit systems such as e-audit, and the use of
information technology application programs to help complete audit assignments.
Through the National Synergy on Information Systems (Indonesian: Sinergi
Nasional Sistem Informasi or SNSI), BPK carry out an examination with the
assistance of information technology (electronic audits) which is expected to be
more efficient and effective. Through electronic audits or e-audit, BPK can
encourage increased transparency and accountability in public finance
management.
BPK has signed an agreement on the implementation of electronic data
access with most of local governments across Indonesia. Almost all ministries and
agencies at th state level have also done the same thing. BPK have also provided
online access with a total number of 177 State Treasury Service Offices
(Indonesian: Kantor Pelayanan Perbendaharaan Negara or KPPN) all over
Indonesia.
BPK auditors also have begun using application programs and computerassisted audit techniques. Especially for investigative audits, BPK have also
utilized forensic audit software.
However, the use of information technology devices is still very limited
because of inadequate training activities for these BPK auditors. The number of
auditors who can operate information technology application programs
specifically designed to assist their audit assignment is also still limited unevenly
distributed in all departments that require these auditors.

Challenges to IT/IS Auditors in The Transformation of Information System

Page 4

A Short Essay

In addition, the proof to demonstrate competence of BPK RI auditors in the

information technology-based audits through certification is also very limited. For
an example, there are a few number of auditors in BPK RI who have received
training and attained the Certified Information Systems Auditor (CISA)
certificate.
Meanwhile, in Indonesia, other institutions that have implemented
technology-based audits are the Ministry of Finance (Indonesian: Kementrian
Keuangan) in their tax audits and Corruption Eradication Commission
(Indonesian: Komisi Pemberantasan Korupsi or KPK) in some of their
investigation to the audits in corruption cases.
Alternative Solutions to the Increased Capacity of Information TechnologyBased Audits in BPK and Indonesia
Research by Kim et. al. on IT acceptance in the profession of internal audits
suggests that
for
simple
technological
features, it is
the perception of the
usefulness
which significantly
Training for auditors on the
affects
the
acceptance, while
mastery
of
information
advanced
features, it is the
technology application programs
perception of
the level of
organized
by
BPK
is
still
very
ease
which
affects more
dominantly.
These
limited and there are a few
findings
suggest that to
number of auditors who have
increase the
use
of CAATs,
certified information system with
management
should
uneven distribution among
develop a good
training
departments.
program
to
improve
the
level of ease
associated
with
the use of CAATs.
In line with the
research and
illustrations of various things
related
to
technology-based audits both in BPK and Indonesia, some alternative solutions to
the increased capacity of information technology-based audits include:
1. BPK RI need to more intensively disseminate information and communicate to
all auditors on a continuous and sustainable basis to make technology-based
audits can be internalized among all the auditors. Therefore, it is expected that
in the future there will be no resistance and fears, even information technologybased audits might be considered as a necessity for any auditors;
2. BPK need to prepare adequate infrastructure and facilities, as well as the
appropriate technology to support more extensive application of technologybased audits (both licensed software and capable hardware);
3. BPK RI auditors need to continue developing their auditing capacity to master
a wide variety of technology-based audit software and to update the IT
competence of their auditor on a continuous and well-programmed basis. This

Challenges to IT/IS Auditors in The Transformation of Information System

Page 4

A Short Essay

4.

5.
6.

7.

8.

can be done by providing appropriate training and as many as opportunities for

the auditors to attend the training;
Efforts to disseminate knowledge from the auditors who have acquired
education and training related to technology-based audits to (at least) their
other fellow auditors in their department should always be encouraged by the
management of the department in order to carry out a more massive transfer of
knowledge;
Increasing the number of auditors with qualification and certification in the
field of audit systems/ information technology, such as CISA, Certified in
Risk and Information Systems Control (CRISC), and the like;
BPK RI also need to expand and increase the number of information
technology-based audit assignments in order to provide opportunities for
inspectors who have acquired the ability to perform IT-based audits and to
implement the expertise that they have while enhancing the quality of the
audits performed by BPK;
Especially for the implementation and development of e-audit in BPK, the
following things are necessary:
a. more detailed rules that govern the implementation of e-audit;
b. improved co-operation between all the auditees and stakeholders to expand
the implementation of e-audit;
c. preparing adequate infrastructure and database to support e-audit
implementation;
d. preparing an adequate internal control system in order that the
implementation of e-audit is not misused for ones vested interest;
e. intense dissemination of information related to the application of e-audit
and the use of information systems by auditees
BPK RI and a wide variety of auditing institutions as well as other professional
organizations/ institutions in the field of audits need to more frequently
schedule a meeting and discussion to develop information technology-based
audits.

( agung- BPK RI, West-Java Province Representative - 2014)

Challenges to IT/IS Auditors in The Transformation of Information System

Page 4