IT auditing activities of public sector auditors in Malaysia

Abstract

Information technology (IT) has become an increasingly important tool for the Malaysian government to improve the
delivery of its services. However, advances in information technology continuously render control procedures
obsolete. Indispensably audit methodology has to evolve to keep abreast with the change in technology. This study
investigates the IT practices of the public sector auditors in Malaysia. We examine IT evaluation based on IT audit
objectives, organisational characteristics, competency of auditor and usage of Computer Assisted Audit Tools and
techniques (CAATTs). Self-administered questionnaires were mailed to 400 public sector auditors providing a
usable sample size of 73. The results show that application processing control and data integrity, privacy and
security control were the most frequent evaluations performed by public sector auditors. The most frequent IT audit
objective is the evaluation of compliance with policies, procedures and evaluation of internal control and these
objectives are performed differently in different divisions. CAATTs have been used most frequently as a problem
solving aid. Several appealing patterns emerged from the eight regression models. The findings provide important
implications for research on IT and public sector auditing.