Towards an Understanding of Board IT Governance: Antecedents and Consequences

Jewer, Jennifer

January 2009

Board involvement in Information Technology (IT) governance and the antecedents and consequences of such involvement are examined from both a theoretical and practical perspective. Practitioner and academic IT governance literature highlight the need for increased board involvement in IT governance; however, it seems that many corporate boards do not practice a formalized style of IT governance, while those that do, face significant challenges. A gap clearly is seen as in spite of the potential benefits of board IT governance and the costs of ineffective oversight, there has been little field-based research in this area, nor adequate application of theory. This research addresses this gap by developing and testing an exploratory multi-theoretic framework of board IT governance. Drawing upon strategic choice and institutional theories, and Ashby’s Law of Requisite Variety, a model of the antecedents (organization factors and board attributes) of board IT governance and its consequences (financial performance and operational performance) is both developed and tested. Unlike previous studies, board IT governance is designated as a central construct in this model rather than a secondary factor. Constructs of board IT governance and IT competency are explored and multi-item measures for both constructs are developed. Board IT governance is conceptualized as the extent of offensive and defensive board oversight activities, while IT competency is conceptualized as the extent of IT expertise (IT knowledge, experience and training) and IT governance mechanisms (structures, processes and relational mechanisms). Detailed interviews with board members enabled a preliminary examination of the theoretical framework. To further test the propositions in the theoretical framework and to validate the measures for the board IT governance and IT competency constructs, an online survey was administered to corporate directors across Canada. Exploratory Factor Analysis and Ordinary Least Squares multiple regression were used to analyze responses from 188 directors. The board IT governance and IT competency constructs were well supported by the data. In addition, the results show that the organizational factors explain 28% of the variance in board IT governance, and that board attributes explain 39% more of the variance, for a total explained variance in board IT governance of approximately 68%. The results also show that board IT governance has a positive impact on operational performance, explaining 19% of the variance in operational performance. However, the proposed impact of board IT governance on financial performance, and the impacts of ‘fit’ between role of IT and board IT governance approach on financial and operational performance were not supported by the survey results. Overall, this research makes a theoretical contribution by: focusing on the board’s role in IT governance; developing a multi-theoretical model of the antecedents and consequences of board IT governance; developing measures of board IT governance and board IT competency, and; empirically assessing the antecedents and consequences of board IT governance.

IT governance

board of directors

IT competence

corporate governance

Management Sciences

Towards an Understanding of Board IT Governance: Antecedents and Consequences

Jewer, Jennifer

January 2009

Board involvement in Information Technology (IT) governance and the antecedents and consequences of such involvement are examined from both a theoretical and practical perspective. Practitioner and academic IT governance literature highlight the need for increased board involvement in IT governance; however, it seems that many corporate boards do not practice a formalized style of IT governance, while those that do, face significant challenges. A gap clearly is seen as in spite of the potential benefits of board IT governance and the costs of ineffective oversight, there has been little field-based research in this area, nor adequate application of theory. This research addresses this gap by developing and testing an exploratory multi-theoretic framework of board IT governance. Drawing upon strategic choice and institutional theories, and Ashby’s Law of Requisite Variety, a model of the antecedents (organization factors and board attributes) of board IT governance and its consequences (financial performance and operational performance) is both developed and tested. Unlike previous studies, board IT governance is designated as a central construct in this model rather than a secondary factor. Constructs of board IT governance and IT competency are explored and multi-item measures for both constructs are developed. Board IT governance is conceptualized as the extent of offensive and defensive board oversight activities, while IT competency is conceptualized as the extent of IT expertise (IT knowledge, experience and training) and IT governance mechanisms (structures, processes and relational mechanisms). Detailed interviews with board members enabled a preliminary examination of the theoretical framework. To further test the propositions in the theoretical framework and to validate the measures for the board IT governance and IT competency constructs, an online survey was administered to corporate directors across Canada. Exploratory Factor Analysis and Ordinary Least Squares multiple regression were used to analyze responses from 188 directors. The board IT governance and IT competency constructs were well supported by the data. In addition, the results show that the organizational factors explain 28% of the variance in board IT governance, and that board attributes explain 39% more of the variance, for a total explained variance in board IT governance of approximately 68%. The results also show that board IT governance has a positive impact on operational performance, explaining 19% of the variance in operational performance. However, the proposed impact of board IT governance on financial performance, and the impacts of ‘fit’ between role of IT and board IT governance approach on financial and operational performance were not supported by the survey results. Overall, this research makes a theoretical contribution by: focusing on the board’s role in IT governance; developing a multi-theoretical model of the antecedents and consequences of board IT governance; developing measures of board IT governance and board IT competency, and; empirically assessing the antecedents and consequences of board IT governance.

IT governance

board of directors

IT competence

corporate governance

Management Sciences

Digitaliseringens betydelse för hoten gällande revisorernas oberoende : - En fråga för framtiden

Book, Jonathan, Söderström, Cecilia

January 2019

Sammanfattning Titel: Digitaliseringens betydelse för hoten gällande revisorernas oberoende - En fråga för framtiden. Nivå: Examensarbete på Grundnivå (kandidatexamen) i ämnet företagsekonomi Författare: Jonathan Book och Cecilia Söderström Handledare: Tomas Källquist och Pär Vilhelmsson Datum: 2019 – juni Syfte: Tidigare forskning visar på ett antal faktorer som kan påverka revisorernas oberoende, dock saknades mer specifikt tidigare forskning gällande digitaliseringens betydelse. Syftet är således att ge en ökad förståelse för vilken betydelse digitaliseringen har på revisorernas oberoende med fokus på vänskapshot, självgranskningshot och kompetenshot. Metod: Vår studie utgår från ett socialkonstruktivistiskt och hermeneutiskt synsätt, vi har använt oss av en kvalitativ metod eftersom vi hade för avsikt att öka förståelsen för läsaren. Vår teoretiska referensram bygger på tidigare forskning och studiens empiriska material samlades in genom tio semistrukturerade intervjuer med revisorer från två olika revisionsbyråer. För att bearbeta teoretisk referensram och empiriskt material, har en analysering gjorts med hjälp av tematisering.  Resultat & slutsats: Studien visar på att självgranskningshotet är det mest aktuella hotet och att digitaliseringen har en väsentlig betydelse på samtliga hot mot revisorernas oberoende. Det finns dessutom tecken på att kompetenshotet inte i sig är ett hot mot oberoendet utan istället en revisionsrisk. Examensarbetets bidrag: Vi har i denna studie studerat tre hot mot revisorernas oberoende med hjälp av tidigare forskning: vänskapshot, självgranskningshot och kompetenshot. Ur ett teoretiskt perspektiv fann vi att dessa hot ökar i takt med digitaliseringen. Nya kommunikationsverktyg är en bidragande faktor till att vänskapshotet ökar. Vidare fann vi med hjälp av tidigare forskning som såväl empiriskt material att rådgivning och konsultation leder till ett ökat självgranskningshot till följd av digitaliseringen. Även kompetenshotet ökar i takt med digitaliseringen, däremot fann vi skillnader mellan vår teoretiska referensram och vårt empiriska material gällande huruvida kompetenshotet är ett hot mot revisorernas oberoende eller en revisionsrisk. Förslag till fortsatt forskning: Det finns ett behov att fortsätta studera kompetenshotet mot revisorns oberoende då det ses som ett olöst blackbox-problem i och med de skilda uppfattningarna mellan vår teoretiska referensram och vårt empiriska material. Vi anser att fortsatt forskning kan ta vid vår studie och dessutom göra en mer omfattande undersökning med fler infallsvinklar som exempelvis hur normgivande organ ser på kompetenshotet. Nyckelord: Revision, Digitalisering, Oberoende, Vänskapshot, Självgranskningshot, Kompetenshot / Abstract Title: The importance of digitalization regarding the threats upon the auditors’ independence - A question for the future. Level: Student thesis, final assignment for Bachelor Degree in Business Administration Author: Jonathan Book and Cecilia Söderström Supervisor: Tomas Källquist and Pär Vilhelmsson Date: 2019 – june Aim: Previous research shows a number of threats that may affect the auditors’ independence. There was a lack in the previous research, more specifically regarding the importance of digitalization upon these threats. The aim is thus to give an increased understanding of the significance of digitalization on the auditors’ independence with a focus on friendship threat, self-audit threat and IT-competence threat. Method: Our study is based on a social constructivist and hermeneutic approach, we have also used a qualitative method since our intention was to increase the understanding of the reader. Our theoretical framework is based on previous research and the empirical material of the study was collected through ten semi-structured interviews with auditors from two different audit firms. In order to analyze theoretical framework and empirical material, a thematization was made. Result & Conclusions: The study shows that digitalization has a significant impact on all of our chosen threats upon the auditors’ independence, our study also shows that the self-audit threat is the most topical one. There are also signs that the IT-competence threat is not a threat to auditors’ independence, but more likely a threat upon the audit risks. Contribution of the thesis: We have examined three threats against the independence of the auditors through prior research: friendship threat, self-audit threat and IT-competence threat. From a theoretical view we found that the threats increase due to digitalization. We saw new communication tools as a contributing factor to the increase of friendship threat, as for the self-audit threat could we see in both prior research and the empirical material that consulting and advisory services increases due to digitalization. Regarding the IT-competence threat we saw an increasement along with digitalization, but we see a difference in prior research and our empirical material where as it is a threat against the independence or if it is a threat upon audit risk. Suggestions for future research: There is a need to continue to study the competence threat against the independence of the auditors as the black box remains unsolved due to the different opinions between our theoretical framework and our empirical material. We suggest that future research can continue where we left off and more extensive examine the threat with different angles such as opinions of norm-making bodies on the threat. Key words: Audit, Digitalization, Independence, Friendship threat, Self-audit threat, IT-competence threat

Audit

Digitalization

Independence

Friendship threat

Self-audit threat

IT-competence threat

Revision

Digitalisering

Oberoende

Vänskapshot

Självgranskningshot

Kompetenshot

Business Administration

Företagsekonomi

IT-expertens roll i revisionen : En studie om revisorns användande av IT-experter i revisionen. / The role of the IT expert in the audit : A study about the auditor's use of IT experts in the audit

Lyngen, Ida, Tellroth, Cornelia

January 2018

Introduktion: Tillsammans med den tekniska utvecklingen ställs nya kompetenskrav på revisorerna, men utbildningen av dessa kompetenser verkar dock inte ske med samma framfart som IT-utvecklingen. Det uppstår därför ett behov av IT-experter i revisionen, vilket kan påverka revisorns risk och komfort. Syfte: Studiens syfte är att skapa förståelse för IT-expertens roll i revisionen genom att utforska revisorers och IT-experters uppfattningar om revisorns användande av IT-experter i revisionsprocessen. Metod: Denna kvalitativa studie utgår från en induktiv ansats och har ett hermenutistiskt perspektiv. En intervjustudie har genomförts med syfte att utforska revisorns användande av IT-experter i revisionen. Slutsats: Vår studie visar att revisorernas användande av IT-experter beror på fem olika faktorer: IT-utvecklingen, revisorns kompetens, revisionens tillvägagångssätt, den konservativa branschen och budget. Studien visar även att revisorerna har en bristande IT-kompetens, vilket leder till fyra konsekvenser: att de inte ser risker, känner sig ”för” komfortabla, att de blir dåliga beställare och inte utnyttjar experten optimalt. Hade revisorn bättre kunnat komplettera IT-experterna med en förståelse för IT-området, hade en mer effektiv och kvalitativ revision kunnat genomföras. / Introduction: With the technological development, new competence requirements are imposed on the auditors, but the education of these skills does not appear to develop in the same speed as the technology. There is therefore a need of using IT experts in the audit, which may affect the auditor's risk and comfort.  Purpose: The purpose of this study is to create an understanding of the role of the IT expert in the audit by exploring auditors ́ and IT experts ́ perceptions of the auditor ́s use of IT-experts in the audit process.  Method: This qualitative study is based on an inductive approach and has a hermeneutic perspective. An interview study has been conducted with the purpose of exploring the auditor ́s use of IT experts in the audit.  Conclusion: Our study shows that the use of IT experts by the auditors depends on five different factors: the IT development, the auditor's competence, the audit approach, the conservative industry and budget. The study also shows that the auditors have a lack of IT skills, which leads to four consequences: they do not see risks, they feel “too” comfortable, they become bad requesters, and do not utilize the expert optimally. If the auditor had been able to better complement IT experts with an understanding of the IT area, a more efficient and qualitative audit could have been carried out.

Audit

auditor

IT

IT expert

IT competence

comfort

risk

Revision

revisor

IT

IT-expert

IT-kompetens

komfort

risk

Business Administration

Företagsekonomi

Finansiella revisorns IT-kompetens : En studie om den finansiella revisorns granskning av affärssystem / The financial auditor’s IT competence : A study about the financial audito’s audit of aninformation system

Andersson, Julia, Lindemann, Mathilde

January 2021

Informationsteknik är ett expanderande område som utvecklas i takt med den teknologiska utvecklingen. Allt eftersom samhället blir mer digitaliserat har det en betydande påverkan på den finansiella revisorn och dess revisionsarbete. Det finns tidigare forskningar och diskussioner kring hur viktigt IT-kompetens är för den finansiella revisorn på grund av den växande IT-miljön. Syftet med denna studie var att undersöka om den finansiella revisorn har tillräckligt med IT-kompetens för att granska affärssystem, förstå om eller när den finansiella revisorn tar hjälp av en IT-revisor samt undersöka vilka förväntningar som finns på finansiella revisorer. För att besvara studiens syfte och frågeställningar har en kvalitativ forskningsmetod med semistrukturerade intervjuer genomförts. Respondenterna som deltog i undersökningen var revisorer från olika revisionsbyråer samt en VD, vilket la grunden för den empiriska data som därefter analyserades med hjälp av studiens teoretiska referensram. De centrala slutsatserna som tagits fram i studien är att den finansiella revisorn anser sig själva ha tillräckligt med IT-kompetens för att utföra deras arbetsuppgifter och för att kunna utföra granskningar av ett affärssystem. Studien påvisar att om en finansiell revisor ska kunna göra granskningar av ett affärssystem krävs det grundläggande kunskaper om hur affärssystem fungerar. Studien visar även att en finansiell revisor kan ta hjälp IT-revisorer när deras kunskaper inte är tillräckliga. Det förekommer främst vid granskning av komplexa och specialanpassade affärssystem. Till sist visar studiens resultat att förväntningarna som finns på finansiella revisorer överensstämmer med kundens förväntningar. / Information technology is an expanding area that is evolving in step with technological development. As the society becomes more digital, it has a significant impact on the financial auditor and its audit work. There is previous research and discussions about how important IT competence is for the financial auditor due to the growing IT environment. The purpose of this study was to investigate whether the financial auditor has sufficient IT competence to audit information systems, to understand if or when the financial auditor engages the help of an IT auditor and examine the expectations that exist for the financial auditors. To answer the studies purpose and the formulated questions, a qualitative research method with semi-structured interviews was conducted. The respondents who participated in the study were auditors from various auditing firms and a CEO, they formed the empirical data which were then analyzed by using the studies theoretical framework. The key conclusions in the study are that the financial auditor considers themselves to have sufficient IT competence to perform their tasks and to be able to audit an information system. The study indicates that basic knowledge of how information systems work is required from a financial auditor to perform an audit of the system. The study also indicates that a financial auditor can engage the help of IT auditors when their knowledge is not sufficient. It appears mainly in audits of complex and special adapted information systems. Lastly the result of the study shows that the expectation of the financial auditor is in line with the customer’s expectations.

Financial auditors

audit

IT competence

IT auditors

information system

audit expectation gap and agency theory

Finansiell revisor

revision

IT-kompetens

IT-revisor

affärssystem

förväntningsgapet

agentteorin

Business Administration

Företagsekonomi

Organizational Agility and Complex Enterprise System Innovations: A Mixed Methods Study of the Effects of Enterprise Systems on Organizational Agility

Kharabe, Amol T.

27 August 2012

No description available.

Business Administration

Information Systems

Information Technology

Management

Organizational agility

enterprise systems

ERP

innovation assimilation

dynamic capabilities

systems agility

business competence in IT

IT competence in business

資訊委外關係管理之研究－ 企業如何利用資訊委外獲得最大綜效 / Reap From IT Outsourcing -- Effective Relationship Management

吳愷暉, Wu, Kai-Hui

Unknown Date

摘要 在資訊科技服務的市場，資訊科技委外（ITO）在市場佔有顯著的地位。過去有許多的報告研究資訊委外廠商的選擇，以及有效的合約管理方法，鮮少針對企業資訊委外合約簽訂之後，企業與委外伙伴之間的互動進行研究。然而依據許多個案報導案例顯示，大多數委外案例的失敗，不是由於雙方關係管理的不適當，就是無法滿足委外企業最初委外目標的期盼。 我們使用在過去的二十六年中臺灣資訊科技委外市場的四十個案例來研究探討如何利用資訊委外關係管理來獲取預期綜效。經過分析與研究，發現四種資訊科技委外的合作關係。這四種合作關係型態分別為：夥伴關係（Partner）、倚賴關係（Dependent）、隨需存取關係（Utility）、以及附屬關係（Subordinate）。不同的委外關係含概了不同的委外服務內容，也含概了不同的關係管理。夥伴的合作關係，企業的期望不止雙方合作達成企業的策略目標，同時也期望委外廠商支援科技創新而提升企業的市場競爭力；倚賴的合作關係，企業對委外廠商支援達成企業策略目標高度倚靠；隨需存取的合作關係，企業期望資源的取得是隨需存取，完全以成本考量；附屬的合作關係，企業則認為該委外廠商僅僅是依附於資訊中心的下包廠商，委外與否完全由企業的資訊中心自行決定。此外，本研究顯示不同的委外關係是由於不同的委外關係無法達成期盼，以及無法交付最終策略利益、經濟利益、或資訊科技利益而終止。 本論文透過文獻探討與深度個案研究，來瞭解影響不同合作關係資訊科技委外的相關因素，和期盼的資訊科技委外的結果。不同型態資訊科技委外關係的管理需要瞭解委外企業對所需服務的期望，以及在合作期間，彼此關係的管理需不斷的注意市場以及資訊科技的變化而提出相對應的策略來因應彼此合作關係，以期從中獲取最大效益。 關鍵字：資訊科技委外，委外關係，市場變化，資訊中心支援能力，委外期望。 / Information Technology Outsourcing (ITO) has gained a big share of the world IT service market. There are many studies about ITO vendor selection and contract management but a lack of understanding of the after-contract practice between the ITO parties. According to reported cases many outsourcing failures were due to either improper relationship management or unable to meet customer expectations. For effective management of this long-term inter-organizational relationship there is a need for understanding the features, affecting factors, expectations and termination of ITO relationship so that the desired outcomes can be achieved and relationship can be sustained throughout the life of the ITO. The above propositions were tested on all existing and changed ITO projects in Taiwan in the past twenty five years. A total of fourty cases were examined and the results show four kinds of IT outsourcing relationship: dependent, utility, partner and subordinate. Different kinds of ITO relationship have different expectations for the ITO services and require different management on the relationships. The dependent type ITO customers rely highly on ITO vendors for supporting strategic moves. The utility ITO customers use ITO as a utility and measure vendors by cost performance. The partner type ITO customers consult vendor for business strategic moves and urge vendor for technology innovation. The subordinate type ITO customers consider ITO vendors as a sub-contractor of IT department and leave decisions to the IT department. Those terminated cases were mainly due to conflicts in the expected and delivered outcome in the three ITO benefit areas. This study provides useful instrument for assessing major ITO factors and understanding expected ITO outcomes. ITO relationship management requires a careful understanding of the expected benefits of the service and continuous monitoring of the business and IT environment. Keywords : Information Technology Outsourcing；Outsourcing Relationship；Business Dynamics；IT Competence；Outsourcing Expectation。

資訊科技委外

委外關係

市場變化

資訊中心支援能力

委外期望

Information Technology Outsourcing

Outsourcing Relationship

Business Dynamics

IT Competence

Outsourcing Expectation

委外關係管理-影響要素，期望利益及其改變促因 / Outsourcing Relationship Management– Influential factors, expected benefits and triggers of changes

楊尚儒, Yang,Shang Ru

Unknown Date

Information technology outsourcing (ITO) has gained a big share of the world IT service market. There are many studies about ITO vendor selection and contract management but a lack of understanding of the after-contract practices between the ITO parties. According to reported cases, many outsourcing failures have been due to either improper relationship management or the inability to meet customer expectations. For effective management of this long-term, inter-organizational relationship, there is a need to understand the features, affecting factors, expectations, and termination of ITO relationships so that the desired outcomes can be achieved and relationships can be sustained throughout the life of the ITO. Based on a dynamic view of outsourcing partnerships, the ITO relationship can be assessed by customer participation, joint action, communication quality, coordination, and information sharing. Prior studies have indicated that these ITO relationship features are mainly affected by business dynamics and the client’s IT competence. Organizations expect from the ITO mainly strategic, economic, and technological benefits. When conflicts exist between expected benefits and delivered outcomes, the relationship is more likely to be terminated. The above propositions were tested on all existing and changed ITO projects in Taiwan in the past twenty-six years. A total of forty cases were examined and the results show four kinds of IT outsourcing relationships: dependent, utility, partner, and subordinate. Different kinds of ITO relationships involve different expectations for the ITO services and require different types of management of the relationships. In the dependent type ITO, customers rely highly on ITO vendors for supporting strategic moves. Utility ITO customers use the ITO as a utility and measure vendors by cost performance. In the partner type ITO, customers consult the vendor for strategic business moves and urge the vendor to engage in technology innovation. The subordinate type ITO is characterized by customers who consider the ITO vendor as a sub-contractor of their IT department and leave decisions to the IT department. Terminations of relationships were mainly due to conflicts in the expected and delivered outcomes in the three ITO benefit areas. This study provides a useful instrument for assessing major ITO factors and understanding expected ITO outcomes. ITO relationship management requires a careful understanding of the expected benefits of the service and continuous monitoring of the business and IT environments.

資訊科技委外

委外關係

市場變化

資訊能力

委外期望

information technology outsourcing

outsourcing relationship

business dynamics

IT competence

outsourcing expectations

Identifiering och bedömning av IT-relaterade risker enligt ISA 315 : En kvalitativ studie om revisorns utmaningar och möjligheter / Identification and assessment of IT-related risks according to ISA 315 : A qualitative study on the auditor’s challenges and opportunities

Pettersson, Stefan, Welday, Michael, Kateferi, Blaise

January 2023

IT-utvecklingen har förändrat företags sätt att bedriva verksamheter och den snabba förändringen som följer med IT-utvecklingen har haft en betydande inverkan på revisionsbranschen. Enligt ISA 315 behöver revisorer ha en bred förståelse för företagets IT-miljö för att kunna genomföra en noggrann revision. Samtidigt finns det en potential för revisorn att använda automatiserade verktyg och tekniker för att förbättra både kvaliteten och effektiviteten i revisionsprocessen. Det är därför avgörande att revisorer inte bara utökar sina IT-kompetenser utan också använder dessa automatiserade verktyg och tekniker på ett effektivt sätt för att möta de utmaningar och krav som följer med den moderna revisionen. Syfte: Med anledning av de nya kraven som ställs på revisorn i ISA 315 syftar vår studie till att ge oss en förståelse om vilka utmaningar och möjligheter revisorer möter under revisionsprocessen när det gäller identifiering och bedömning av IT-relaterade risker av det reviderade företaget. Metod: För att uppfylla studiens syfte genomfördes en kvalitativ forskningsmetod, en kombination av kvalitativa intervjuer och en dokumentstudie. Genom att använda dessa metoder samlades data in och insikter erhölls om de utmaningar och möjligheter som revisorer står inför vid identifiering och bedömning av IT-relaterade risker under revisionsprocessen. Resultat: Studiens slutsatser indikerar att revisorer står inför utmaningar när det gäller att förstå och anpassa sig till kraven i ISA 315, vilket kräver en djup förståelse av företagets IT-miljö och investering av tid och resurser för att utföra en grundlig revision. Revisorer behöver öka sin IT-kompetens och uppdatera sina kunskaper för att kunna utföra avancerade analyser med hjälp av automatiserade verktyg och tekniker. Vidare understryks betydelsen av professionell skepticism och behovet av att kombinera IT-kompetens med en djupare förståelse av företagets IT-miljö för att utföra en effektiv revision. Slutligen identifieras användningen av automatiserade verktyg och tekniker som en möjlighet för revisorer att hantera utmaningar i den snabbt föränderliga teknologiska miljön, vilket kan förbättra revisionens kvalitet och effektivitet. / IT development has transformed how companies conduct their operations, and the rapid changes accompanying IT development have had a significant impact on the auditing industry. According to ISA 315, auditors need to have a comprehensive understanding of a company's IT environment to perform a meticulous audit. Simultaneously, there is potential for auditors to leverage automated tools and techniques to enhance both the quality and efficiency of the audit process. It is therefore crucial for auditors not only to expand their IT competencies but also to utilize these automated tools and techniques effectively in order to address the challenges and requirements associated with modern auditing. Purpose: With reference to the new requirements imposed on auditors in ISA 315, our study aims to provide us with an understanding of the challenges and opportunities auditors encounter during the audit process regarding the identification and assessment of IT-related risks of the audited company. Method: To fulfill the purpose of the study, a qualitative research methodology was employed, using a combination of qualitative interviews and document analysis. These methods were used to collect data and gain insights into the challenges and opportunities faced by auditors in identifying and assessing IT-related risks during the audit process. Results: The study's findings indicate that auditors face challenges in understanding and adapting to the requirements of ISA 315, which necessitates a deep understanding of the company's IT environment and investment of time and resources to perform a thorough audit. Auditors need to enhance their IT competence and update their knowledge to conduct advanced analyses using automated tools and techniques. Furthermore, the importance of professional skepticism is emphasized, along with the need to combine IT competence with a deeper understanding of the company's IT environment to carry out an effective audit. Lastly, the use of automated tools and techniques is identified as an opportunity for auditors to address challenges in the rapidly changing technological landscape, enhancing the quality and efficiency of the audit process.

Audit

ISA 315

IT systems

IT applications

IT environment

IT competence

AI

general IT controls

professional skepticism

Revision

ISA 315

IT-system

IT-applikationer

IT-miljö

IT-kompetens

AI

allmänna IT-kontroller

professionell skepticism

Business Administration

Företagsekonomi