An internal audit expectation gap: South African Revenue Services project audit engagements
- Authors: Sekhwela, Mmanapo Bella
- Date: 2020
- Subjects: Electronic data processing -- Auditing , Business enterprises -- Computer networks -- Security measures Information technology -- Security measures Computer security
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/47139 , vital:39815
- Description: South African Revenue Services (SARS) was established as a quasi-government organisation with a mandate to efficiently and effectively collect revenue based on the export, import, movement, manufacture and storage of specific goods. Information Technology (IT) governance is strategically important to SARS in that its business processes are technology driven and that technology projects are implemented to support the SARS strategic objectives. In alignment to the King code for corporate governance and ethical business practices, an Internal Audit Function (IAF) as a regulatory requirement of all public sector entities in South Africa exists at SARS. The aim of the research was to evaluate the perspectives of SARS stakeholders regarding the organisation’s IT project auditing process. The study focused on gathering data from various SARS stakeholders involved in the delivery of IT projects and IT projects auditing. Through a qualitative research approach, interviews were conducted with practitioners such as Internal Auditors, Internal Audit managers, and executives as well as project managers and ownersso asto obtain a holistic understanding of stakeholder expectations of an IT project audit. An analysis of the data collected led to the deduction of recommendations meant to enhance stakeholder perceptions of the IT audit function within SARS. The study found that there is a perceived value derived from IA reviews of IT projects. The findings also revealed that rather than lack of resources and expertise, skill set deficiencies were the major setback in achieving IA goals. The findings further revealed that there are deficiencies in the quality of IA reports. Some of the main recommendations were to expand the scope of the Internal Audit roles, intensify engagements of Internal Audits by the Enterprise Project Management Office (EPMO), improve the quality of reports, and capacitate Internal Auditors with reporting skills. This study presents a modest contribution that is expected to enrich knowledge on how to audit IT projects. Moreover, the study contributes towards a methodological position of design science by producing results from a smaller sample augmented by interview results in an environment characterised by smaller populations so that inferences can be made.
- Full Text:
- Date Issued: 2020
Information technology audits in South African higher education institutions
- Authors: Angus, Lynne
- Date: 2013 , 2013-09-11
- Subjects: Electronic data processing -- Auditing , Delphi method , Education, Higher -- Computer networks -- Security measures , Information technology -- Security measures , COBIT (Information technology management standard) , IT infrastructure library , International Organization for Standardization
- Language: English
- Type: Thesis , Masters , MSc
- Identifier: vital:4615 , http://hdl.handle.net/10962/d1006023 , Electronic data processing -- Auditing , Delphi method , Education, Higher -- Computer networks -- Security measures , Information technology -- Security measures , COBIT (Information technology management standard) , IT infrastructure library , International Organization for Standardization
- Description: The use of technology for competitive advantage has become a necessity, not only for corporate organisations, but for higher education institutions (HEIs) as well. Consequently, corporate organisations and HEIs alike must be equipped to protect against the pervasive nature of technology. To do this, they implement controls and undergo audits to ensure these controls are implemented correctly. Although HEIs are a different kind of entity to corporate organisations, HEI information technology (IT) audits are based on the same criteria as those for corporate organisations. The primary aim of this research, therefore, was to develop a set of IT control criteria that are relevant to be tested in IT audits for South African HEIs. The research method used was the Delphi technique. Data was collected, analysed, and used as feedback on which to progress to the next round of data collection. Two lists were obtained: a list of the top IT controls relevant to be tested at any organisation, and a list of the top IT controls relevant to be tested at a South African HEI. Comparison of the two lists shows that although there are some differences in the ranking of criteria used to audit corporate organisations as opposed to HEIs, the final two lists of criteria do not differ significantly. Therefore, it was shown that the same broad IT controls are required to be tested in an IT audit for a South African HEI. However, this research suggests that the risk weighting put on particular IT controls should possibly differ for HEIs, as HEIs face differing IT risks. If further studies can be established which cater for more specific controls, then the combined effect of this study and future ones will be a valuable contribution to knowledge for IT audits in a South African higher education context.
- Full Text:
- Date Issued: 2013