ABSTRACT

Purpose:

Present a conceptual model for the adoption of technological tools in continuous audit projects.

Design/methodology/approach:

This research is constituted from the perspective of a qualitative approach with a descriptive nature, divided into two phases. In the first phase, a Systematic Literature Review was conducted focusing on technological tools and Continuous Audit Projects, in the second phase, field research was conducted through in-depth interviews with professionals related to the theme.

Findings:

The results indicated the main benefits and challenges encountered in the adoption of technological tools in Continuous Audit Projects. The results pointed out the nine main factors, among them, the enabling elements for the adoption of technological tools in Continuous Audit Projects.

Research limitations/implications:

The study is limited to identifying the technological tools in Continuous Audit Projects.

Originality/Value:

Despite the existing technological tools, it is still incipient in the literature researched to identify the challenges and barriers faced by organizations to support the projects of Continuous Audit Projects.

Practical implications:

This research offers a conceptual model as a guiding instrument for the adoption of technological tools in Continuous Audit Projects for organizations inserted in an Internal Audit context. The model presents the main enabling elements that ensure the environment necessary for the development of the project to those involved in Continuous Audit Projects.

Keywords:
Continuous audit projects; Project management; Technological tools; Technological Transformation

RESUMO

Objetivo:

Apresentar um modelo conceitual para adoção de ferramentas tecnológicas em projetos de auditoria contínua.

Metodologia:

Esta pesquisa está constituída em uma perspectiva de abordagem qualitativa com natureza descritiva, dividida em duas fases. Na primeira fase foi realizada uma Revisão Sistemática de Literatura com foco nas ferramentas tecnológicas e Projetos de Auditoria Contínua e, na segunda fase, foi realizada uma pesquisa de campo por meio da realização de entrevistas de profundidade com profissionais relacionados ao tema.

Limitações/implicações da pesquisa:

O estudo limita-se a identificar as ferramentas tecnológicas em Projetos de Auditoria Contínua.

Resultados:

Os resultados apontaram os principais benefícios e desafios encontrados na adoção de ferramentas tecnológicas em Projetos de Auditoria Contínua. Os resultados apontaram os nove fatores principais, dentre eles, os elementos habilitadores para a adoção de ferramentas tecnológicas em Projetos de Auditoria Contínua.

Originalidade:

Apesar das ferramentas tecnológicas existentes, ainda é incipiente na literatura pesquisada identificar os desafios e as barreiras enfrentados pelas organizações para apoio nos projetos de Projetos de Auditoria Contínua.

Implicações práticas:

Esta pesquisa oferece um modelo conceitual como instrumento norteador para a adoção de ferramentas tecnológicas em Projetos de Auditoria Contínua para as organizações inseridas em um contexto de Auditoria Interna. O modelo apresenta os principais elementos habilitadores que garantem o ambiente necessário para o desenvolvimento do projeto aos envolvidos em Projetos de Auditoria Contínua.

Palavras-chave:
Projetos de auditoria contínua; Gestão de projetos; Ferramentas tecnológicas; Transformação tecnológica

1 INTRODUCTION

Faced with an increasingly complex and volatile business environment, companies seek and implement information systems to improve their efficiency and effectiveness (Shin et al., 2013Shin, I.-H., Lee, M.-G., & Park, W. (2013). Implementation of the continuous auditing system in the ERP-based environment. Managerial Auditing Journal, 28(7), 592–627. doi: https://doi.org/10.1108/MAJ-11-2012-0775
https://doi.org/10.1108/MAJ-11-2012-0775... ). Advances in rapidly changing Information Technology (IT) have led organizations to increase their systemic transactions, consequently a need for more timely and continuous assurance of their internal controls (Farkas & Hirsch 2016Farkas, M. J., & Hirsch, R. M. (2016). The effect of frequency and automation of internal control testing on external auditor reliance on the internal audit function. Journal of Information Systems, 30(1), 21–40. doi: https://doi.org/10.2308/isys-51266
https://doi.org/10.2308/isys-51266... ; Cardoni et al. 2020). In this context, Gotthardt et al. (2020Gotthardt, M., Koivulaakso, D., Paksoy, O., Saramo, C., Martikainen, M., & Lehner, O. (2020). Current state and challenges in the implementation of smart robotic process automation in accounting and auditing. Journal of Finance and Risk Perspectives.) affirm that very soon, it will be decisive to ensure the relevance and influence of the practice with organizations (Han et al., 2023Han, H., Shiwakoti, R. K., Jarvis, R., Mordi, C., & Botchie, D. (2023). Accounting and auditing with blockchain technology and artificial intelligence: A literature review. International Journal of Accounting Information Systems, 48, 100598.).

Inserted in this corporate context as a control area, the performances of the Internal Audit (IA) area in the corporate business environment have been affected, due to the rapid advances in the IT area occurred in the last decades (Eulerich & Kalinichenko, 2018Eulerich, M., & Kalinichenko, A. (2018). The current state and future directions of continuous auditing research: An analysis of the existing literature. Journal of information systems, 32(3), 31–51. doi: https://doi.org/10.2308/isys-51813
https://doi.org/10.2308/isys-51813... ). Thus, traditional IA projects may not be effective in dealing with the risks of a computerized and systemic corporate environment (Deloitte, 2018Deloitte. (2018). Retrieved from https://www.iia.org.uk/media/1689102/0906-iia-data-analytics-5-4-17-v4.pdf
https://www.iia.org.uk/media/1689102/090... ; Pwc, 2019Pwc (2019). Competências digitais aumentam a importância e a contribuição da auditoria interna. Estudo sobre a prática da auditoria interna 2019. https://www.pwc.com.br/pt/auditoria/assets/imagens/2019/papel-auditoria-interna-19.pdf
https://www.pwc.com.br/pt/auditoria/asse... ). Changing business conditions and an increase in systemic transactions is a reality, which has led IA to a need for more timely and continuous assessment of internal controls and the conduct of its projects (Feung & Thiruchelvam, 2020Feung, J. L. C., & Thiruchelvam, I. V. (2020). A framework model for continuous auditing in financial statement audits using big data analytics. International Journal of Scientific & Technology Research, 9, 3416-3434.).

Continuous Auditing (CA) is defined a segment in auditing, with the purpose of identifying and preventing improper behavior and transactions by automated testing (Alles, Kogan, & Vasarhelyi, 2018Alles, M. G., Kogan, A., & Vasarhelyi, M. A. (Eds.). (2018). Continuous Auditing: Concepts, processes, and practical implementation. Emerald Publishing Limited.; Lamboglia et al., 2020Lamboglia, R., Lavorato, D., Scornavacca, E., & Za, S. (2020). Exploring the relationship between audit and technology. A bibliometric analysis. Meditari Accountancy Research. doi: https://doi.org/10.1108/MEDAR-03-2020-0836
https://doi.org/10.1108/MEDAR-03-2020-08... ). Javier and Duque (2016Javier, F., & Duque, V. (2016). Continuous Audit. A new paradigm of audit? In Rocha, A and Reis, LP and Cota, MP and Suarez, OS and Goncalves, R (Ed.), 2016 11th Iberian Conference on Information Systems And Technologies (CISTI). IEEE.) present CA as a new paradigm of the IA area. The area of CA is marked by continuous assessments of risk and the control environment of organizations, enabled by technology or technology tools (IIA, 2018The Institute of Internal Auditors - IIA. (2018). Auditoria Interna no Brasil Rumo à consolidação do impacto e da influência. 1–44.). Compared to traditional audit methodologies, CA is considered a new method to increase the efficiency and coverage of audit procedures and testing (Goosen & Van Dyk, 2017Goosen, R., & van Dyk, H. O. (2017). Developing an internal audit planning framework at a strategic level by integrating continuous auditing procedures related to automated controls (Part I). Southern African Journal of Accountability and Auditing Research-Sajaar, 19(1), 59–70.; Gao & Vasarhelyi, 2019Gao, F., & Vasarhelyi, M. A. (2019). Audit data analytics: Enabling the evolution of continuous auditing. Journal of Emerging Technologies in Accounting, 16(2), 229-252.).

Marked by this environment with greater transactions, information, data and technology, the report on IA professional practice presented by PricewaterhouseCoopers (2019Pricewaterhousecoopers. (2019). Elevating internal audit’s role: The digitally fit function. 2019 State of the Internal Audit Profession Study. Retrieved from: https://www.pwc.com/us/en/services/risk-assurance/library/internal-audit-transformation-study.html
https://www.pwc.com/us/en/services/risk-... ) indicates that the lack of the use of technologies as a support in audit procedures can weaken the area, and consequently, IA projects. The report further highlights that IA areas may become outdated if they do not change their traditional approach. Thus, to stay relevant and fulfill their goal of strengthening and supporting the control environment of entities, Mokhitli and Kyobe (2019Mokhitli, M., & Kyobe, M. (2019, March). Examining factors that impede internal auditors from leveraging information technology for continuous auditing. In 2019 Conference on Information Communications Technology and Society (ICTAS) (pp. 1-6). IEEE.) suggest that IA needs to keep up with the digital pace of business through their projects.

As pointed out by Joshi and Marthandan (2020Joshi, P. L., & Marthandan, G. (2020). Continuous internal auditing: can big data analytics help?. International Journal of Accounting, Auditing and Performance Evaluation, 16(1), 25-42. doi: https://doi:10.1504/ijaape.2020.10676
https://doi:10.1504/ijaape.2020.10676... ), this trend leads companies in the IA segment to adopt technological and automation tools in their respective projects. Thus, given the existing needs in the realization of IA projects, professionals in this segment have little experience in their implementation (Hassan et al., 2023Hassan, A., Salleh, N., Ismail, M. N., & Ahmad, M. N. (2023). Empirical evaluation of continuous auditing system use: a systematic review. International Journal of Electrical and Computer Engineering, 13(1), 796.). This limitation hinders the ability of auditors to validate the requirements of Continuous Audit Projects (CAPs) (Singh & Best, 2015Singh, K., & Best, P. (2015). Design and implementation of continuous monitoring and auditing in SAP enterprise resource planning. International Journal Of Auditing, 19(3), 307–317. doi: https://doi.org/10.1111/ijau.12051
https://doi.org/10.1111/ijau.12051... ; Weins et al., 2017).

Such limitations are related to the challenges imposed on auditors in using technological tools (Warren et al., 2020Warren, M. J., Moffitt, K. C., Byrnes, P., & vagHossain, S. (2020). Continuous auditing in the era of big data: Opportunities and challenges. Journal of Information Systems, 34(2), 1-21.). Many companies have stopped adopting technology and CA due to a variety of challenges (Polizzi & Scannella, 2023Polizzi, S., & Scannella, E. (2023). Continuous auditing in public sector and central banks: a framework to tackle implementation challenges. Journal of Financial Regulation and Compliance, 31(1), 40-59.; Lin, Lin, & Chen, 2021Lin, Y., Lin, B., & Chen, M. (2021). Enhancing continuous auditing with robotic process automation: An empirical study. Journal of Information Systems, 35(1), 143-161.). Among the challenges is the lack of a project framework aimed at providing the proper facilitating and technical conditions to support the adoption of technology systems and tools in CA (Chan, Chiu, & Vasarhelyi, 2018Chan, D. Y., Chiu, V., & Vasarhelyi, M. A. (2018). Continuous auditing: theory and application. Emerald Publishing Limited.), whether it be technical aspects (Gonzalez, Sharma, & Galletta, 2012Gonzalez, G C, Sharma, P. N., & Galletta, D. (2012). Factors influencing the planned adoption of continuous monitoring technology. Journal of Information Systems, 26(2), 53–69. doi: https://doi.org/10.2308/isys-50259
https://doi.org/10.2308/isys-50259... ), financial (Singh & Best, 2015Singh, K., & Best, P. (2015). Design and implementation of continuous monitoring and auditing in SAP enterprise resource planning. International Journal Of Auditing, 19(3), 307–317. doi: https://doi.org/10.1111/ijau.12051
https://doi.org/10.1111/ijau.12051... ; Wu, Strauss, & Wang, 2021Wu, D. D., Strauss, J., & Wang, X. (2021). Blockchain and continuous auditing: Opportunities and challenges. International Journal of Accounting Information Systems, 39, 100535.), training, capacity building, or resources for systemic design adoption (Wong, 2020Wong, J. (2020). Continuous auditing: Current developments and future research directions. Journal of Accounting Literature, 44, 25-48. doi: https://doi.org/10.2308/jis.2010.24.1.91
https://doi.org/10.2308/jis.2010.24.1.91... ).

Given the exposed transformation and technological factors, that IA management has pondered on what is the best strategy to adopt the use of technological tools in Continuous Audit Projects (CAP), thus we addressed the following research question: How can the adoption of technological tools contribute to continuous audit projects? The objective of this paper was to present a conceptual model for the adoption of technological tools in CAP. This paper is organized into five sections, including this introduction. Next, a brief literature review on Continuous Auditing, Continuous Auditing Projects, and Technological Tools will be presented. Soon after, the methodological aspects will be addressed. Next, the results and final considerations will be presented.

2 REVIEW OF THE LITERATURE

This section briefly presents the concepts of Continuous Auditing, Continuous Auditing Projects, and their relationship with Technology Tools.

2.1 Continuous Auditing

Continuous Auditing (CA) is considered by many authors as the new paradigm of Internal Auditing (IA) (Kiesow et al., 2016Kiesow, A., Schomaker, T., & Thomas, O. (2016). Transferring continuous auditing to the digital age - The knowledge base after three decades of research. 24th European Conference on Information Systems, ECIS 2016.), hence the need to understand its basic concepts, the main guidelines proposed by international organizations, the need, and the importance of this method for modern auditing. Especially in a scenario of organizational environment dominated by information and communication technologies (Folador et al., 2018Folador, E. L., Fiirst, C., Baldissera, J. F., Toigo, L. A., & Capponi, N. F. (2018). Propriedades da auditora contínua e auditoria de sistemas: uma análise bibliométrica e sociométrica na base scopus. Congresso Internacional de Gestão da Tecnologia e Sistemas de Informação (Contecsi). Revista Contabilidade e Controladoria, 10(1).). Regarding its definition, Kuhn, and Sutton (2010Kuhn Jr., J. R., & Sutton, S. G. (2010). Continuous auditing in ERP system environments: The current state and future directions. Journal of Information Systems, 24(1), 91–112. doi:https://doi.org/10.2308/jis.2010.24.1.91
https://doi.org/10.2308/jis.2010.24.1.91... ) and Rikhardsson and Dull (2016Rikhardsson, P., & Dull, R. (2016). An exploratory study of the adoption, application and impacts of continuous auditing technologies in small businesses. International Journal of Accounting Information Systems, 20, 26–37. doi: https://doi.org/10.1016/j.accinf.2016.01.003
https://doi.org/10.1016/j.accinf.2016.01... ) define CA as a method of data analysis very close to real time, considering a set of predetermined rules. Thus, CA deals with an audit based on computerized systems, using technological tools for data extraction, mining, and analysis, which assesses the risks and internal controls related to business rules in the processes of an organization, through automated or semi-automated tests (KPMG, 2022KPMG Risk Advisory Services. (2022). Auditoria continua. Retrieved from https://assets.kpmg.com/content/dam/kpmg/dk/pdf/Acor/2023/04/kpmg-acor-tax-annual-report-2022.pdf
https://assets.kpmg.com/content/dam/kpmg... ).

The research of Feung and Thiruchelvam (2020Feung, J. L. C., & Thiruchelvam, I. V. (2020). A framework model for continuous auditing in financial statement audits using big data analytics. International Journal of Scientific & Technology Research, 9, 3416-3434.) confirms that with the evolution provided using technology, CA has gained speed in recent decades since this area is highly dependent on the use of technology. In this scenario, CA demonstrates a new way to identify and verify deviations and anomalies, trends, and risk indicators through automation (Costan & Nastase, 2018Costan P., L., & Nastase, L. A. P. (2018). Evolution of internal audit activity based on informational technologies in Romanian public entities. In Soliman, KS (Ed.), Innovation management and education excellence through vision 2020, Vols I -XI (pp. 2212–2219). Int bussines information manegement assoc-ibima.). Lamboglia et al. (2020Lamboglia, R., Lavorato, D., Scornavacca, E., & Za, S. (2020). Exploring the relationship between audit and technology. A bibliometric analysis. Meditari Accountancy Research. doi: https://doi.org/10.1108/MEDAR-03-2020-0836
https://doi.org/10.1108/MEDAR-03-2020-08... ) bibliometric analysis reveals three main topics concerning the use and application of technology in auditing: The adoption of CAPs, the use of software tools in the auditing profession, and the connections between systemic information and audit testing. Focusing on the use of technology generates large efficiency gains in Continuous Audit Projects and is therefore highly recommended.

Thus, the relationship of CA in organizations is with IT system designs, technology tools, data structures, and other digital resources. However, the use of tools is related to IT projects, configured by the capacity of the organization’s technological environment, thus confirming a CA environment with the existence of Continuous Audit Projects.

2.2 Continuous Audit Projects

Continuous Audit Projects (CAP) are part of the progressive shift in auditing practices toward process automation to leverage the technology base of the modern enterprise (Cangemi, 2015Cangemi, M. P. (2015). Staying a step ahead: Internal audit’s use of technology, The Global Internal Audit Common Body of Knowledge, CBOK 2015 Practitioner Survey, the IIA research Foundation (IIARF).). The emphasis on transforming the entire audit system is evident (Vasarhelyi et al., 2012Vasarhelyi, M. A., Alles, M., Kuenkaikaew, S., & Littley, J. (2012). The acceptance and adoption of continuous auditing by internal auditors: A micro analysis. International Journal of Accounting Information Systems, 13(3), 267–281. doi: https://doi.org/10.1016/j.accinf.2012.06.011
https://doi.org/10.1016/j.accinf.2012.06... ). The development of CAPs requires a fundamental rethinking of all aspects of auditing, from how data is made available, to the types of tests that will be conducted, what alarms will be handled, what types of reports will be issued, and how often they will be run (Kim & Vasarhelyi, 2012Kim, Y., & Vasarhelyi, M. A. (2012). A model to detect potentially fraudulent/abnormal wires of an insurance company: An unsupervised rule-based approach. Journal of Emerging Technologies in Accounting, 9(1), 95–110. doi: https://doi.org/10.2308/jeta-50411
https://doi.org/10.2308/jeta-50411... ; Kogan et al., 2014Kogan, A., Alles, M. G., Vasarhelyi, M. A., & Wu, J. (2014). Design and evaluation of a continuous data level auditing system. Auditing-A Journal of Practice & Theory, 33(4), 221–245. doi: https://doi.org/10.2308/ajpt-50844
https://doi.org/10.2308/ajpt-50844... ).

PAC is not only about a process of using technology, but also about changing organizational structure, data, and work practice (Sun et al., 2015Sun, T., Alles, M., & Vasarhelyi, M. A. (2015). Adopting continuous auditing: A cross-sectional comparison between China and the United States. Managerial Auditing Journal, 30(2), 176–204. doi: https://doi.org/10.1108/MAJ-08-2014-1080
https://doi.org/10.1108/MAJ-08-2014-1080... ). In organizations, CAPs promote structural change, giving an essential role to technological tools, which is an essential factor in this kind of projects (Yeh et al., 2008Yeh, C.-H., Chang, T.-P., & Shen, W.-C. (2008). Developing continuous audit and integrating information technology in e-business. 2008 IEEE ASIA-PACIFIC SERVICES COMPUTING CONFERENCE, VOLS 1-3, PROCEEDINGS, 1013–1018. doi: https://doi.org/10.1109/APSCC.2008.8
https://doi.org/10.1109/APSCC.2008.8... ). As an impact on the processes, the conduct of the projects may possess a process reengineering to adopt automation projects in CA testing (Barr, 2019; Cao et al., 2019Cao, P. M., Wu, Y., Banerjee, S. S., Azoff, J., Withers, A., Kalbarczyk, Z. T., & Iyer, R. K. (2019). Caudit: Continuous auditing of SSH servers to mitigate brute-force attacks. Proceedings of the 16th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2019, 667–682.).

The use of technology can be considered one of the major factors for CAP efficiency (Baksa & Turoff, 2010Baksa, R., & Turoff, M. (2010). The current state of continuous auditing and emergency management’s valuable contribution. ISCRAM 2010 - 7th International Conference on Information Systems for Crisis Response and Management: Defining Crisis Management 3.0, Proceedings.). This factor is paramount for the project, which comes to automate analysis and testing procedures and take advantage of the technological tools available (Gonzalez et al., 2012Gonzalez, G C, Sharma, P. N., & Galletta, D. (2012). Factors influencing the planned adoption of continuous monitoring technology. Journal of Information Systems, 26(2), 53–69. doi: https://doi.org/10.2308/isys-50259
https://doi.org/10.2308/isys-50259... ; Javier & Duque, 2016Javier, F., & Duque, V. (2016). Continuous Audit. A new paradigm of audit? In Rocha, A and Reis, LP and Cota, MP and Suarez, OS and Goncalves, R (Ed.), 2016 11th Iberian Conference on Information Systems And Technologies (CISTI). IEEE.). When it comes to tools, CA applications are being used to automate GRC activities across company functions, departments, and technology-embedded platforms (Kuhn & Sutton, 2010Kuhn Jr., J. R., & Sutton, S. G. (2010). Continuous auditing in ERP system environments: The current state and future directions. Journal of Information Systems, 24(1), 91–112. doi:https://doi.org/10.2308/jis.2010.24.1.91
https://doi.org/10.2308/jis.2010.24.1.91... ; Chiu, Liu, & Vasarhelyi, 2014Chiu, V., Liu, Q., & Vasarhelyi, M. A. (2014). The development and intellectual structure of continuous auditing research. Journal of Accounting Literature, 33(1–2), 37–57. doi: https://doi.org/10.1016/j.acclit.2014.08.001
https://doi.org/10.1016/j.acclit.2014.08... ; Pascual, 2016Pascual, E. H. (2016). Continuous auditing to manage risks in payroll [La Auditoria Continua para Gestionar Riesgos En Planilla De Sueldos]. In C. M. P. G. R. S. O. S. Rocha A. Reis L.P. (Ed.), Iberian Conference on Information Systems and Technologies, (Vols. 2016-July). IEEE Computer Society. doi:https://doi.org/10.1109/CISTI.2016.7521578
https://doi.org/10.1109/CISTI.2016.75215... ). Several emerging auditing technologies, including the use of automation software, CA techniques, integrated module auditing, installations of concurrent auditing tools, can be employed in CAPs (Van & Weigand, 2016Van Hillo, R., & Weigand, H. (2016). Continuous auditing & continuous monitoring: Continuous value? Proceedings - international conference on research challenges in Information Science, 2016-Augus(Cm). doi:https://doi.org/10.1109/RCIS.2016.7549279
https://doi.org/10.1109/RCIS.2016.754927... ; Marques & Santos, 2016Marques, R P, & Santos, C. (2016). Information systems with internal control on business processes: An approach based on an organizational engineering framework. In C. M. P. G. R. S. O. S. Rocha A. Reis L.P. (Ed.), Iberian Conference on Information Systems and Technologies, CISTI (Vols. 2016-July). IEEE Computer Society. doi: https://doi.org/10.1109/CISTI.2016.7521641
https://doi.org/10.1109/CISTI.2016.75216... ; Goosen & van Dyk, 2017Goosen, R., & van Dyk, H. O. (2017). Developing an internal audit planning framework at a strategic level by integrating continuous auditing procedures related to automated controls (Part I). Southern African Journal of Accountability and Auditing Research-Sajaar, 19(1), 59–70.).

2.3 Technological tool for Continuous Audit Projects

Continuous Audit Projects (CAP) have as their essence the use of technological tools to achieve their goals. Part of the project takes as a direction the implementation of IT tools, such as Data Analytics, Machine Learning, Robotic Process Automation, and Artificial Intelligence (AI), to support the automation and development of audit test analysis. In addition, it can be extended to the use of software and systemic configurations in the information system. In Deloitte’s annual AI report conducted in 2018, it shows that companies in Brazil state that they intend to adopt some technological tool in the next five years. These technological resources support PACs, organize and optimize the results of projects, there are currently several applications available on the market.

A comparison between the answers of the CBOK 2006 and CBOK 2015Cangemi, M. P. (2015). Staying a step ahead: Internal audit’s use of technology, The Global Internal Audit Common Body of Knowledge, CBOK 2015 Practitioner Survey, the IIA research Foundation (IIARF). surveys conducted by the IIA shows increases in the use of technological tools in auditing, especially in the use of data mining, which shows a 14% increase between these years. In addition, 53% of respondents said they are involved moderately or extensively in data mining. At the same time, 80% of CEOs say that data mining and analytics is of strategic importance to their organizations, according to the 2015 Global CEO survey conducted by PricewaterhouseCoopers (2015Pwc (2015). Estudos sobre a prática de auditoria interna 2015. Como encontrar o norte verdadeiro em um período de rápidas transformações. Retrieved from: https://www.pwc.com.br/pt/auditoria-interna/assets/pwc-estudo-sobre-pratica-profissional-auditoria-interna-15.pdf
https://www.pwc.com.br/pt/auditoria-inte... ).

Adopting DA in CAP amplifies the performance of audit processes (KPMG, 2022KPMG Risk Advisory Services. (2022). Auditoria continua. Retrieved from https://assets.kpmg.com/content/dam/kpmg/dk/pdf/Acor/2023/04/kpmg-acor-tax-annual-report-2022.pdf
https://assets.kpmg.com/content/dam/kpmg... ). Adopting tools of this size is ideal due to the ability to work with the large amount of data and frequency of monitoring tests required in projects. It contributes to the adoption of uniform procedures, increased audit independence from the organization’s information systems management, and more consistency of testing procedures.

As the automation theme increases in IA, there is an embryonic field developing by means of intelligent systems based on smart techniques that support continuous monitoring and control (Parati et al., 2008Parati, N., Malik, L., & Joshi, A. G. (2008, July). Artificial intelligence-based threat prevention and sensing engine: Architecture and design issues. In 2008 First International Conference on Emerging Trends in Engineering and Technology (pp. 304-307). IEEE.). Intelligent techniques and expert systems can be integrated with traditional auditing procedures for the purpose of analyzing collected data and for recognition patterns (Gotthardt et al., 2020Gotthardt, M., Koivulaakso, D., Paksoy, O., Saramo, C., Martikainen, M., & Lehner, O. (2020). Current state and challenges in the implementation of smart robotic process automation in accounting and auditing. Journal of Finance and Risk Perspectives.). Regarding volume, research by PwC (2018Pwc (2018). Robotic process automation: A primer for internal audit professionals. Retrieved from:https://www.pwc.com/sg/en/publications/assets/ra-robotic-process-automation-for-ia.pdf
https://www.pwc.com/sg/en/publications/a... ) estimated that 45% of work activities can be automated and that this will save manpower annually. It is strategically important for companies to start investing in innovation as it is increasingly being adopted and those who have been successful in its implementation will make huge productivity gains in their jobs.

However, theoretical frameworks are not elaborative and sufficient to capture how such deployments can be conducted in CAP. Gotthardt (2020Gotthardt, M., Koivulaakso, D., Paksoy, O., Saramo, C., Martikainen, M., & Lehner, O. (2020). Current state and challenges in the implementation of smart robotic process automation in accounting and auditing. Journal of Finance and Risk Perspectives.) in his study corroborates that the goal is simple but programming such a system that makes it happen is not simple. Currently, only 5% of companies consider themselves mature in their use of AI and 15% in their uses of RPA (Pwc, 2018Pwc (2018). Robotic process automation: A primer for internal audit professionals. Retrieved from:https://www.pwc.com/sg/en/publications/assets/ra-robotic-process-automation-for-ia.pdf
https://www.pwc.com/sg/en/publications/a... ). Thus, challenges for such tool adoption arise in CAPs, most auditors who do not have IT experience have great difficulty integrating the computer-aided audit system with their professional audit knowledge (Li et al., 2017Li, S.-H., Huang, S.-M., & Lin, Y.-C. G. (2007). Developing a continuous auditing assistance system based on information process models. Journal of Computer Information Systems, 48(1), 2–13.).

3 METHODOLOGY

This research is constituted in a qualitative approach perspective with a descriptive nature, divided in two phases: (i) a systematic literature review (SLR) focused on the CAP phenomenon and (ii) field research by means of in-depth interviews with professionals related to this type of project. Adopting an appropriate research strategy in the methodological processes allows us to reach conclusions about a given subject based on evidence (Kitchenham & Charters, 2007Kitchenham, B., & Charters, S. (2007). Diretrizes para realizar revisões sistemáticas da literatura em engenharia de software.).

We chose to start with an RSL to explore and understand two phenomena that are constantly evolving: CAP and the adoption of technological tools. The source of evidence to build the research corpus was the Web of Science (WoS) and Scopus journal bases. The keywords “Contin*” and “Audit*” were applied to cover variations of the terms. The application of filters aimed to obtain a coherent database aligned with the field of study according to the previous definition of the research. Initially, refinement filters in the categories of the bases and types of documents were applied (Article or Book Chapter or Proceedings Paper or Review), followed by filters of categories in the areas of “Management”, “Bussinnes” and “Computer Science”. No filter was applied for the year of publication of the articles.

From the reading of the titles and abstracts in the screening phase, it was identified that of the 182 initially selected, 9 did not address the concept of continuous auditing and were removed. In the eligibility stage of the articles, some inclusion and exclusion criteria were established. After reading the abstracts and introductions of the 173 previously selected articles, the final base was composed of 117 deprecated articles that formed the research corpus. The inclusion and exclusion criteria are shown in Table 1.

The result of the research was exported, and its data were prepared and analyzed later. The tables and figures were elaborated with the support of spreadsheets in Microsoft Excel format. Below will be presented the procedures for the field research.

The field research aimed to understand what challenges arise with the adoption of CAPs and the adoption of technological tools in CAPs, by conducting semi-structured in-depth interviews with managers in IA and IT with knowledge in technological tools, to explore their knowledge and aiming to balance the experiences of the interviewees in each construct of this research, thus seeking greater proximity with the observed phenomenon (Creswell, 2010Creswell, J. W. (2010). Is it time to take the first step?. Projeto de Pesquisa: Métodos Qualitativo. Quantitativo e Misto, 3.).

Qualitative research is of fundamental importance in understanding the actions of the interviewees, as they allow us to understand how they see the reality around them (Silva et al., 2010). According to Table 2, to achieve the objectives, interviews were conducted with two profiles of people related to this research, internal audit professionals and IT professionals, who have expertise in projects to adopt technological tools.

The interviews were transcribed and analyzed and interpreted with the support of the Atlas.TI software. Thus, the categorization of the data that expose the different views related to each factor of the research was carried out and analyzed (Thiollent, 2009). The analysis process employed the classification through the attribution of a code, in this case from the RSL, under the perspective “Theory Driven” that allows the comparison between other codes and frequency in the statements of the interviewees. In this sense, it is worth mentioning that in the process of analyzing the statements of the interviewees, categories of analysis emerged from the perspective “Data Driven”: guided by data. Thus, the data were interpreted in a coding process following the guidelines of Charmaz (2006). The results contribute to, from the technological tools identified and the challenges in their implementation, present a conceptual model for the adoption of technological tools in the PAC.

4 DATA PRESENTATION AND ANALYSIS

This chapter will present the results obtained after the RSL analysis process and the analysis of the field research result data.

4.1 Results of the systematic literature review

The results presented allowed establishing a line of research that started from studies focused on the emerging CAP approach, its implementation and evolution, to focus on the process of technological transformation and innovation in IA and the development of the traditional approach to the continuous method. Thus, the evolution of the discussion indicates that the transformation of traditional auditing is evident and irreversible (Lois et al., 2020Lois, P., Drogalas, G., Karagiorgos, A., & Tsikalakis, K. (2020). Internal audits in the digital era: opportunities risks and challenges. Euromed Journal of Business. and Lins et al., 2018Lins, S., Schneider, S., & Sunyaev, A. (2018). Trust is good, control is better: Creating secure clouds by continuous auditing. IEEE Transactions on Cloud Computing, 6(3), 890–903. doi: https://doi.org/10.1109/TCC.2016.2522411
https://doi.org/10.1109/TCC.2016.2522411... ).The RSL results demonstrate that there is a strong relationship of CAPs with technological tools. Each CA adoption project focuses on tests that use the data obtained by technology tools, either for automation or development (Gotthardt et al., 2020Gotthardt, M., Koivulaakso, D., Paksoy, O., Saramo, C., Martikainen, M., & Lehner, O. (2020). Current state and challenges in the implementation of smart robotic process automation in accounting and auditing. Journal of Finance and Risk Perspectives. and Feung & Thiruchelvam, 2020Feung, J. L. C., & Thiruchelvam, I. V. (2020). A framework model for continuous auditing in financial statement audits using big data analytics. International Journal of Scientific & Technology Research, 9, 3416-3434.). Based on the research corpus, we present in Table 3 the main tools identified in CA projects.

CAPs have at their core the use of technological tools to achieve their goals. Part of the project focuses on implementations of IT tools, such as Analytics, RPA, AI and ML, both for process automation and development of the analyses of the CA tests (Gotthardt et al., 2020Gotthardt, M., Koivulaakso, D., Paksoy, O., Saramo, C., Martikainen, M., & Lehner, O. (2020). Current state and challenges in the implementation of smart robotic process automation in accounting and auditing. Journal of Finance and Risk Perspectives.). According to Russom (2011Russom, P. (2011). Big data analycts - TDWI best practices report. Introduction to Big Data Analytics. TDWI Best Practices Report, Fourth Quarter, 19(4), 1–34.), Analytics is configured with data modeling and analysis techniques based on statistics, mining, and research, used for analytical procedures, applied in various business operations. The use of Analytics is directly aimed at improving analytical performance and can be demonstrated through indicators related to predetermined rules.

The evolution in technology proposes other emerging tools, Parati et al. (2008Parati, N., Malik, L., & Joshi, A. G. (2008, July). Artificial intelligence-based threat prevention and sensing engine: Architecture and design issues. In 2008 First International Conference on Emerging Trends in Engineering and Technology (pp. 304-307). IEEE.) and Gotthardt et al. (2020Gotthardt, M., Koivulaakso, D., Paksoy, O., Saramo, C., Martikainen, M., & Lehner, O. (2020). Current state and challenges in the implementation of smart robotic process automation in accounting and auditing. Journal of Finance and Risk Perspectives.) demonstrate that as the automation theme increases in IA, other intelligent systems can be adopted. Parati et al. (2008Parati, N., Malik, L., & Joshi, A. G. (2008, July). Artificial intelligence-based threat prevention and sensing engine: Architecture and design issues. In 2008 First International Conference on Emerging Trends in Engineering and Technology (pp. 304-307). IEEE.) and Gotthardt et al. (2020Gotthardt, M., Koivulaakso, D., Paksoy, O., Saramo, C., Martikainen, M., & Lehner, O. (2020). Current state and challenges in the implementation of smart robotic process automation in accounting and auditing. Journal of Finance and Risk Perspectives.) address in their works the intelligent techniques such as data mining, artificial neural networks, fuzzy logic, and expert systems that can be integrated with traditional procedures and statistical methods to analyze the data collected by sensors, recognize recognition patterns, filter and correlate events to support security, risk management, and deviation prevention.

The process of technological transformation, process automation, the use of information systems and data analytics tools, as well as the search for digital innovation are factors that challenge IA management. Such processes require planning, preparation, and changes, both in structure and mindset, and according to what was exposed in the analyzed works there are challenges to be overcome. Resulting from this conclusion, that we structured field research to understand what the main challenges and difficulties are encountered by managers in IA to implement technological tools in CAPs.

4.2 Field research results

As a result of the field research, we identified and understood the main barriers and challenges in the adoption of technology tools in CAP, as well as their benefits, especially regarding the adoption of technology tools. Likewise, the interviews allowed us to identify and describe the factors that one should consider once adopting projects of this nature or implementing the technological tools for this purpose. Thus, based on the results and information from the mapped experiences of the interviewees, we identified the main factors that should be considered when adopting technological tools in CAPs. Finally, and based on the observed results, elaborate a conceptual model to apply in adoption of technological tools in CAPs.

4.2.1 Data collection procedures

In the data collection phase interviews were conducted with two groups of professionals, the first being managers in the IA area (Directors, Managers, Coordinators and Specialists) and the second being IT professionals (Managers, Coordinators and Specialists) with knowledge in the technological tools related to this research. The purpose is to obtain the two optics, both from the IT developer and the audit expert, to describe what are the benefits of these tools in CAPs, recognize the main challenges encountered in the adoption of these technological tools, and identify the main factors that should be considered when implementing technological tools in CAPs.

In the data collection stage, criteria for the definition of the interviewed group were previously established, as shown in Table 4. In this research, the criteria of experience in working with technological tools and CAP were considered. Therefore, we chose professionals who work in the management of the audit and IT areas, and who have professional experience with technological tool implementation projects.

The interviews were recorded, transcribed, and spreadsheeted, so that they could be coded. In-depth interviews focus on extracting from the interviewees their lived experiences, facts that occurred while participating in projects, opinions, and points of view (Turner, 2010). To analyze the qualitative data from the interviews we used the Atlas.TI software, suggested by Chamaz (2006), which uses a process to analyze the extracted codings and form categories. Thus, for this research, it was performed the categorization of data that highlight distinct and related views to each research theme (Thiollent, 2009).

As part of the process of using the Atlas.TI software, it was possible to establish the relationship of codes and the understanding of a coefficient to build a concurrence in the applied context (Friese, 2019). This process is known as the Grounded Theory method, which follows through coding for the purpose of meaning from a corpus of analysis.

4.2.2 Analysis of Results and Discussion

This section presents the results obtained from the interviews conducted with professional managers in the IA area and in the IT area, both with knowledge in technological tools. To this end, based on the data collected from the interviews, analyses were performed in the Atlas.TI software on each co-occurrence code found, and later discussed and presented based on the benefits, challenges, and factors necessary for the adoption of technological tools in CAP.

Technology Tools and Data Analytics

During the interviews, it was evident that the use of technological tools is relevant for PACs, mainly for the purpose of accessing and analyzing transactional data from operations. Such exposure is considered in the speech of E2, E3 and E4:

“(...) The first tools adopted in PAC are of data analysis, such as Data Analytics, which allows integration with the database, data extraction and automation. Nowadays the search is to automate and speed up the process, this issue of tools that link the process control base and the organizational systemic structures is very important to have the tool to access the data” (E2). “We adopted the ACL tool, which is a Data Analytics, linked to another tool called Direct link which is a connector of the DA with the information from our SAP, but the rest of the analysis is done all via analysis scripts within ACL” (E3). “The DA tools such as ACL came as a first solution some time ago, ACL appeared about 15 years ago, and is a tool for data extraction and processing, it came to assist in the analysis of large volumes of data, to work with tables with more than 35,000 lines, and finally solved the Excel limitation. In this type of tool, what you program and execute brings the results” (E4).

With the interviewees’ speech it was possible to confirm the aspects pointed out in the literature by authors such as Rezaee et al. (2017) and Feung and Thiruchelvam (2020Feung, J. L. C., & Thiruchelvam, I. V. (2020). A framework model for continuous auditing in financial statement audits using big data analytics. International Journal of Scientific & Technology Research, 9, 3416-3434.), that the current increasingly complex and volatile IT-based scenario drives companies to adopt information systems and technological tools to improve their efficiency and effectiveness. In addition, the relationship can enable tools for audit testing, a key factor for advanced PACs. As addressed by Rezaee et al. (2001Rezaee, Z., Elam, R., & Sharbatoghlie, A. (2001). Continuous auditing: The audit of the future. Managerial Auditing Journal, 16(3), 150–158. doi: https://doi.org/10.1108/02686900110385605
https://doi.org/10.1108/0268690011038560... ) and Kiesow et al. (2014), data review facility techniques and tools are likely to become more relevant in CAPs.

Business Process and Requirements Definition

To achieve the expected results with PAC, in the planning phase it is necessary to understand the business processes and rules. This phase is primary to think about the adoption of tools and solutions in their respective projects. One of the challenges pointed out in the CAP by the interviewees is that they talk about the adoption of tools and not the need and objective of the project. For this it is necessary to have people on the project team who know the process and have mapped the systems involved. Knowing the rules behind the business is also relevant to the development of a CAP. In the view of the IT Managers, the knowledge of the business processes is fundamental, as highlighted in the speech of E1, E2, and E12: “We need to have the business area involved, to have people from IT and from auditing to prepare the continuous audit. You need to know the business technology, you need a person from the business area, you need to be clear about the business process in general” (E1). “First, to build a script you need people available to understand the business process, to understand where the information is, what the business rules are, so all this needs people available, we can’t do this project alone, we need the areas mainly to understand the business process” (E2). “We need to have three major factors. First: we need to have good people inside the project, who understand very well the whole process and that involves all this part of the continuous audit project, these people will serve as a parameter to do the modeling and the architecture of the tool, what is the best way to put the information inside a structure” (E12).

When looking at the literature, the topic of requirements definition and process understanding is not explored, however, it can be seen from the research interview that they are relevant and essential factors in every CAP project, highlighted in the statement of E1: “To be able to meet a business project, the first step is actually a survey of requirements, before talking about a tool, you have to talk about the business rule and the project need. It is necessary to know the processes before starting to adopt tools, and in this context the business rules can be identified. By having this clarity of concepts, one can define the objective and the requirements for the development of CA tests.

Data Extraction, Data Availability and Quality

The results show that it is necessary to identify the source of data and which information will be used in CAPs, as can be seen in the words of E5: “When we are going to do a continuous audit, we have to have a notion of the possibility of extracting the information from that process in order to have an assessment, and it can be any kind of assessment, but one that includes the entire population. This phase of identifying the origins of the data, the analysis of the data exposure needs to be part of the project planning, since each organization can consider and adopt different means of treating the data.

The interviewees’ statements demonstrate how data is indispensable in CAPs, corroborating Kuhn and Sutton (2010Kuhn Jr., J. R., & Sutton, S. G. (2010). Continuous auditing in ERP system environments: The current state and future directions. Journal of Information Systems, 24(1), 91–112. doi:https://doi.org/10.2308/jis.2010.24.1.91
https://doi.org/10.2308/jis.2010.24.1.91... ) research. The authors’ research emphasizes that CA is a method of data analysis and knowing the sources of this data is necessary to achieve project accomplishment. Complementary, the proper use of data is relevant and confirms the need for the adoption of extraction and DA tools. Correlating with Code 1 Joshi & Marthandan (2020Joshi, P. L., & Marthandan, G. (2020). Continuous internal auditing: can big data analytics help?. International Journal of Accounting, Auditing and Performance Evaluation, 16(1), 25-42. doi: https://doi:10.1504/ijaape.2020.10676
https://doi:10.1504/ijaape.2020.10676... ) point out that understanding the data and adopting DA tools is the first step of CAPs. Accessing the data independently and holistically brings benefits and optimizes audit testing.

Process Automation and Tools Benefits

Part of the literature in this research on CAP has focused on the automation of audit testing, with the aim of increasing its scope and project results. The focus is on gaining agility and performance in the execution of CAPs, broadening the analysis and the universe of data. This scenario was highlighted in the statements of interviewees E7, E6, and E2. “The advantages of the tools is to bring automation; when you are inside the ecosystem of information and data, you can bring several connections and even insert other tools. Building a custom automated test flow allows you to take more time with exception analysis” (E7). “Through technological tools you can leave the audit tests automated, everything is documented and traceable, besides keeping the original base integral, analyzing 100% of the records in less time” (E6). “Automation is the focus, the goal of having automated tests is to speed up the process. The question of adopting tools that connect the process control base, the organizational structures and the data is very important, I see that if you have the data the automation will be to connect the system structure and determine the analyses” (E2).

The speeches presented reinforce the assumptions of the research of Parati et al. (2008Parati, N., Malik, L., & Joshi, A. G. (2008, July). Artificial intelligence-based threat prevention and sensing engine: Architecture and design issues. In 2008 First International Conference on Emerging Trends in Engineering and Technology (pp. 304-307). IEEE.). The authors state that CAPs are undertakings to generate automation in the analysis processes. When making a parallel with the importance of process automation codes and IT competencies, using data with quality, Feung and Thiruchelvam (2020Feung, J. L. C., & Thiruchelvam, I. V. (2020). A framework model for continuous auditing in financial statement audits using big data analytics. International Journal of Scientific & Technology Research, 9, 3416-3434.) determine that it becomes a strategic differential for the IA area to be able to automate data extractions and perform continuous audits independently.

IT Skills and Training and Capacity Building

The studies by Singh and Best (2015Singh, K., & Best, P. (2015). Design and implementation of continuous monitoring and auditing in SAP enterprise resource planning. International Journal Of Auditing, 19(3), 307–317. doi: https://doi.org/10.1111/ijau.12051
https://doi.org/10.1111/ijau.12051... ) and Appelbaum (2016Appelbaum, D., Kozlowski, S., Vasarhelyi, M. A., & White, J. (2016). Designing CA/CM to fit not-for-profit organizations. Managerial Auditing Journal, 31(1), 87–110. doi: https://doi.org/10.1108/MAJ-10-2014-1118
https://doi.org/10.1108/MAJ-10-2014-1118... ) point out that audit areas of varied companies in the market have stopped adopting technological tools in PCA, motivated by a variety of barriers such as lack of fundamental IT skills. The statements can be verified in the words of interviewee E3: “First thing to consider when you are going to design and set up an analysis script, is to have the available skills of people to develop; we need people who understand where the information is, who understand the system that contains the data, basically IT knowledge. We cannot do these projects alone we need the areas mainly IT to understand and execute PAC” (E3).

Thus, to develop a PAC and overcome the challenge of not having the necessary knowledge for the project, the project team, besides having people who know the process, the business rules and auditing, needs people who know technology, systems, and technological tools. Interviewee E12 states: “We need to have three major factors necessary for CAP. We need to have people inside the project, who understand IT to serve as a parameter to do the modeling, the architecture of the tool to be used, determine the best way to put the information inside the tool and design the analysis scripts” (E12).

When analyzing the interviews, it is possible to notice that there is an emphasis on the IT competencies factor in relation to projects. Except for interviewee E8 who emphasized information systems, all the others pointed out IT skills as a critical and indispensable factor for CAP. Although they agree on the need, not all interviewees addressed the issue of training and capacity building. On the other hand, all the interviewees agree on the need for team members who have the necessary skills for the development, that people who are familiar with the technology to be adopted as a tool, as well as those who know the established information systems, should be involved in the project. E12 points out that he needs IT competencies in the team to overcome the challenges:

First it is necessary to identify who are the key people in IT and audit, at least two people from each area; second: establish a strategy to work together for the best solution, it is not easy, it is a challenge (...), you have to work together, the improvement has to be of the process, you have to have visibility of the data, of the people, being able to avoid future incidents, a drop in production of the audit. Third: the IT team itself, which has to be more than reactive, help to be more predictive, making the data available so that it can be there and serve as analysis for the audit.

Governance and Tool Cost

In the literature, Governance and Cost are little explored, there is no direct approach on these topics in CAP studies, nor an application guideline. Considering the interview data, E8 mentions that it is important to consider the cost factor in the pre-project related to a CAP, E11 portrays that the budget approval is important and should consider the cost calculation related to the tools: “A market analysis is important to understand what we can implement according to what is needed. Go to the market to understand what exists and what will meet the need, considering the cost for the project. See all the tools that are most used and that are closest to meet our needs and evaluate the cost and benefit” (E11). “Three points should be thought about, first for the adoption itself, raising the money to buy the solution; you have to look at the market and see what they have available and the cost of the tool. Then, then you need to consider the maintenance and support of that technology. It is quite important when you are going to implement tools, you need to think about the total life cycle of that solution.

The results allowed us to evaluate the main relationships of the constructs and codes generated, as well as their degree of relationship within the codifications identified in the field research. It was possible to elaborate the stages and flow, considering the initial codes that guide the main factors to consider that contribute to solving the objectives of this research. The mentioned analysis allowed the identification of a set of factors that should be considered in CAPs, both in the adoption of technological tools and for project management. The results additionally allow us to understand the main challenges in the adoption of tools and their resolutions in CAPs, as experienced in practice by the related professionals in this type of project. The factors presented in Table 5 are considered enabling factors for the execution of a CAP. These conditions include aspects of the organizational, technological, technical, and financial environment that are designed to remove challenges from the project.

When facing Table 5, it is noticed that CAPs do not reach the expected levels or present tool adoption in CAP in practice, are directly linked to the factors identified in this research implications throughout the project, it is usually because such projects have failed to contemplate the relevant factors for tool adoption, data, or competence. The contribution of this research is related to the project factors identified and their respective relevance to the effectiveness of CAPs, and which should be defined before proceeding with the adoption of technological tools.

Moreover, because of the literature review and the field research, it was possible to identify the main challenges that arise throughout CAPs in relation to the adoption of technological tools. Through the empirical knowledge of the interviewees, this research allowed us to identify the factors that should be considered as facilitators and the main challenges in the adoption of technological tools in CAPs. Thus, we highlight how the identified factors respond to the main challenges that may arise in CAP, presented in Table 6.

As noted by Ezzamouri and Hulstijn (2018Ezzamouri, N., & Hulstijn, J. (2018). Continuous monitoring and auditing in municipalities. In Zuiderwijk, A and Hinnant, CC (Ed.), Proceedings Of The 19th Annual International Conference On Digital Government Research (Dgo 2018): Governance In The Data Age (pp. 124–133). ASSOC COMPUTING MACHINERY. doi: https://doi.org/10.1145/3209281.3209301
https://doi.org/10.1145/3209281.3209301... ) and Jans and Hosseinpour (2019Jans, M., & Hosseinpour, M. (2019). How active learning and process mining can act as Continuous Auditing catalyst. International Journal of Accounting Information Systems, 32, 44–58. doi: https://doi.org/10.1016/j.accinf.2018.11.002
https://doi.org/10.1016/j.accinf.2018.11... ) the development of CAPs requires a design framework that allows the adoption of information systems-based technology tools so that it can automate audit testing through data analysis. The relationship of CA in organizations happens with IT projects as well as other digital resources, which requires detailed planning considering all the aspects cited earlier in this research.

Given the above regarding the transformation challenges and technological factors that IA management has faced on how to adopt the use of technological tools in CAP, it was possible to elaborate a conceptual model to guide people interested in planning and executing such projects. The results made it possible to identify the main technological tools used in CAPs, as well as the main factors to consider when adopting these tools. In addition, the conceptual model aims to minimize the challenges faced by professionals in these projects, as well as guidelines for organizations to overcome them. The conceptual model (Figure 1).

The overview of the adoption of technological tools in CAP encompasses changes that are part of the technological transformation within the IA department, both in terms of audit procedures and the methods of approach for analysis and testing. The conceptual model synthesizes and extends existing research on the key factors to consider when conducting these projects. Close with a sentence that highlights what can be extended.

As seen in Figure 1, the technological transformation required through IA projects is intrinsically related to IT competencies. This requirement provides the necessary guidelines and guidance to the project’s Governance levels and the development team itself, to drive the adoption of technology tools in CAPs. Therefore, the proposed conceptual model with the necessary project factors and the steps to be considered becomes a relevant instrument that helps in PAC planning.

Furthermore, the conceptual model demonstrates the basic elements that are part of the necessary factors and that facilitate the adoption of technological tools. To define and adopt a technological tool, it is first necessary to define the development requirements aligned with the objective of the CAP, thus allowing to answer what it is desired to achieve and in which business process the project is contained. This vision will allow understanding the business rules and the technological tools behind the processes, thus considered an essential factor to understand the origin of the information and data that will be necessary for the PAC. These elements allow the availability and quality of the data to be evaluated, a key factor that makes the project development feasible and directs which type of technological tool can be adopted.

Thus, the conceptual model contributes to understand the needs and objectives of the project, as well as the factors and elements to define which technological tools will be used in the CAP. In addition, the conceptual model can contribute to the transformation of the department, providing a preventive environment to face the project challenges and ensure its completion within the planned schedule.

5 FINAL CONSIDERATIONS

At the end of this research, it was possible to evidence, through in-depth interviews with AI and IT professionals, which factors should be considered in the adoption of technological tools in the context of CAP. In-depth interviews were conducted with 7 project professionals in AI and 7 project professionals in IT, which made it possible to understand in a comprehensive and in-depth way the phenomenon studied.

The in-depth interviews highlighted the main benefits and challenges encountered in the adoption of technological tools in CAP. The results pointed out the nine main factors, among them, the enabling elements for the execution of a CAP, as shown in Table 5. It is evident in Table 5 how these factors and elements are related in the technological transformation among AI. Based on the empirical knowledge of the interviewees, 8 main challenges highlighted in Table 6 were identified. The realization of this stage met the second specific objective of this research which was “Recognize the main benefits and challenges found in the adoption of technological tools in CAP”. The empirical knowledge presented supports management to prepare to prevent these challenges, through the application of the enabling elements and essential factors in the CAP.

Following the research, the results of the interviews were confronted with the previously analyzed elements of the RSL, thus allowing to evidence the enabling elements and the main challenges of organizations on how to adopt the use of technological tools in CAP. This stage strengthened the elements presented in Tables 5 and 6, allowing to establish a logical process for organizations with PAC to plan in relation to the adoption of technological tools, thus giving rise to the proposed conceptual model, previously presented in Figure 1, and thus respond to the objective of the research that was “Present a conceptual model for the adoption of technological tools in PAC”.

Based on the steps, it can be said that technological transformation in CAPs is related to the adoption of technological tools. The RSL provided, aligned with the answers of the interviewees, the main enabling elements, and the challenges in CAPs in organizations. It can then be concluded that the adoption of technological tools contributes to CAPs.

Regarding the practical contributions, this research offers a conceptual model as a guiding instrument for the adoption of technological tools in CAP for organizations inserted in an IA context. The model contributes by presenting to those involved in CAP the main enabling elements and the challenges of adopting technological tools in CAP, serving as a tool to be used as a basis for the execution and definition of the adoption of technological tools, considering the project requirements.

Additionally, the presented model enables the most appropriate selection of technological tools, both internal and external to the organization, for planning and carrying out CAP. The proposed conceptual model can be used to demonstrate the IT competencies required for the use of certain technological tools, proactively serving for planning training to those involved in CAP of possible technological tools.

Finally, the model contributes to the Project Governance standards and guidelines of the organizations. The model presents Project Governance with the necessary project factors and steps to consider for planning the CAP, from its planning phase and understanding the business requirements, through analysis of the enabling elements, challenges, and the IT competencies needed by all CAP stakeholders.

From a theoretical perspective, this research contributes to present the essential elements to adopt technological tools in CAP. The results obtained in this research indicate the main technological tools to be used in CAP, as well as the challenges faced in projects of this nature. Technological tools play an important role in IA organizations, being related to Project Governance, and consequently, to the effectiveness of CAP, one of the findings of this research.

As secondary contributions, RSL is presented, which consolidates the studies on the adoption of technological tools, presenting highlighting the most prolific authors, the enabling categories, and the challenges in CAP environment. Finally, the RSL presents the main technological tools and resources for the adoption of technological tools in CAP. It is understood that the sources of information used in this research becomes, thus, a limitation of its results, since qualitative research offers a type of result that cannot be generalized, i.e., it is not possible to say that an entire population thinks in a certain way, based on the answers offered in a qualitative procedure, however the rigor applied allows us to conclude based on the results of Data and Theory Driven. As future studies, we suggest research with a greater number of professionals and companies with PAC projects to make a comparative study between companies.

References

Edited by

Edited by

Publication Dates

History