A growing number of tech-oriented companies, carrying E-business activities, especially in the financial services sector, have been recently affected by accounting and corporate governance scandals. The introduction of the so-called Extended Audit Report (EAR), which, starting from 2013 has been gradually considered mandatory in developed countries, should provide a valid disclosure tool aimed at highlighting the risks associated with company processes. In this research, after carrying out a brief but systematic literature review, the emphasis is placed on the need to prepare a specific section of the audit report relating to the risks deriving from the use of new technologies, their impact on business activities, in particular for those companies whose core business consists of electronic activities (e-business). The role of auditing activities, in particular those relating to Information Technology, however, requires special skills that individual auditors are unfamiliar with. Not even the large auditing firms, the so-called Big Four, are often able to carry out an extensive and conscious analysis of IT processes. Professional figures such as those of IT Auditors are therefore particularly suitable to guarantee the compliance to the law, and the safety of the operations carried out by companies that make use of IT services. , We argue that companies operating in the E-business sector, should report (within the EAR) a separate section prepared by an expert, possibly holder of a CISA (Certified Information System Auditor) certification, issued by the most accredited international body: ISACA (Information Systems Audit and Control Association).
Extended Audit Report: Enhancing Trust and Reputation in IT Processes and across E-business Industries
De Lucia, Caterina;
2020-01-01
Abstract
A growing number of tech-oriented companies, carrying E-business activities, especially in the financial services sector, have been recently affected by accounting and corporate governance scandals. The introduction of the so-called Extended Audit Report (EAR), which, starting from 2013 has been gradually considered mandatory in developed countries, should provide a valid disclosure tool aimed at highlighting the risks associated with company processes. In this research, after carrying out a brief but systematic literature review, the emphasis is placed on the need to prepare a specific section of the audit report relating to the risks deriving from the use of new technologies, their impact on business activities, in particular for those companies whose core business consists of electronic activities (e-business). The role of auditing activities, in particular those relating to Information Technology, however, requires special skills that individual auditors are unfamiliar with. Not even the large auditing firms, the so-called Big Four, are often able to carry out an extensive and conscious analysis of IT processes. Professional figures such as those of IT Auditors are therefore particularly suitable to guarantee the compliance to the law, and the safety of the operations carried out by companies that make use of IT services. , We argue that companies operating in the E-business sector, should report (within the EAR) a separate section prepared by an expert, possibly holder of a CISA (Certified Information System Auditor) certification, issued by the most accredited international body: ISACA (Information Systems Audit and Control Association).I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.