EDP auditor: Disappearing or adapting

Guy G. Gable, Gordon B Davis

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

The EDP audit function was created in the late 1960s to span two domains - auditing and electronic data processing (EDP). General auditors were insufficiently competent to perform audit procedures and make audit judgements relating to the technical characteristics of computer-based information processing. Also, generally EDP personnel did not pay sufficient attention to controls in the design of systems. Two primary forces shaping the audit profession are, changing information systems technology (MIS Environment) and increasing management and auditor accountability (Regulatory Environment). The changing MIS environment has had the most visible and direct effect on the EDP audit function. Rapidly changing technology requires the EDP audit profession to anticipate needed changes in internal controls, control methods and audit techniques. Changes in the MIS environment include not only hardware and software but also new approaches to applications development, and re-orientation of MIS management toward applications which support organizational strategies. The EDP audit profession has been subject to increasing competitive pressure as well (Competitive Environment). Major implications for auditors and organizations as a result of these environmental forces include: technological bottlenecks in the audit, substantial new organizational exposures, eroding of traditional product and service markets, the advent of new product and service opportunities, and changing auditor skill and knowledge requirements. Thus, there exists a real and pressing need for external, internal and government audit entities to reorganize for a changing audit environment. It is also important that the responsibilities of the general auditor and EDP auditor be realigned in order to facilitate their effective deployment. Key considerations include: (1) general auditors are better equipped to access data directly and to assess computer application controls without the support of an EDP audit specialist, and (2) the audit of more complex hardware and software architectures require highly skilled technical specialists. Thus, individual EDP auditors may have to decide whether to rejoin the ranks of the general auditors or become more highly, technically specialized.

Original languageEnglish (US)
Title of host publicationIFIP Transactions A
Subtitle of host publicationComputer Science and Technology
EditorsGraham E. Dougall
PublisherPubl by Elsevier Science Publishers B.V.
Pages253-266
Number of pages14
EditionA-37
ISBN (Print)0444817484
StatePublished - Dec 1 1993
EventProceedings of the IFIP TC11 9th International Conference on Information Security - Toronto, Can
Duration: May 12 1993May 14 1993

Other

OtherProceedings of the IFIP TC11 9th International Conference on Information Security
CityToronto, Can
Period5/12/935/14/93

Fingerprint Dive into the research topics of 'EDP auditor: Disappearing or adapting'. Together they form a unique fingerprint.

Cite this