ISACA Journal
Volume 5, 2,107 

Features 

Barriers and Enablers to Auditors Accepting Generalized Audit Software 

Marianne Bradford, Ph.D., and Dave Henderson, Ph.D. 

Although generalized audit software (GAS) has been shown to significantly improve the efficiency and effectiveness of audits,1, 2 many auditors do not use this technology.3, 4, 5, 6, 7 In fact, one auditor noted that, “Non-IT auditors seem overwhelmed and even intimidated by GAS tools.” The study described in this article employed an online survey of 277 auditors who use generalized audit software (GAS) to determine the factors that positively and negatively affect its usage.

Figure 1The research on GAS has tended to overlook the influence of barriers that inhibit its usage8 and has merely focused on factors that enable its use. However, the factors that serve as barriers for rejection of systems are just as worthy of study as the factors that enable acceptance of systems.9 Research has shown that barriers to a system’s use, when present, tend to dissuade users; however, they do not, by their absence, encourage use. For example, just because a system is available and reliable does not mean that it is more likely to be used. On the other hand, if a system is not reliable or available, this could lead to outright rejection by users.

Barriers to IT acceptance are significant and deserve study in their own right—both as they occur alone and as they interact with enablers.10 In practice, because barriers can bias users’ perceptions of positive factors, they may, in fact, be more influential in encouraging a user to reject the system.11 Examining both negative and positive factors in system use can provide a richer understanding of adoption factors and might, in the end, encourage greater GAS use.12, 13

Considering how important the interplay of barriers and enablers to GAS use can be, the study examined both kinds of factors when surveying IT, financial and operational auditors.

Figure 1 presents characteristics of the 277 auditors who completed the survey. The majority had at least five years of audit experience and had used GAS for more than two years. The industries most represented in the sample were public accounting, banking and finance, and government and nonprofit. Most auditors in the sample were financial auditors and most worked in an internal audit capacity. The auditors surveyed used a variety of GAS solutions, with the majority using IDEA, followed by ACL.

Factors Affecting Generalized Audit Software Use

Figure 2 illustrates both barriers and enablers of GAS use for auditors. This model is not meant to be comprehensive, but it is a starting point for considering what affects GAS usage in an audit. The survey had multiple questions to measure each of the factors shown in figure 2. Bold lines in the model indicate that the factor affects GAS use, whereas a dashed line indicates that the factor does not affect GAS use; the direction found in the study is indicated with a plus (+) sign, indicating it encourages use, or minus (-) sign, indicating it discourages use.

Figure 2

The survey included eight questions describing common uses of GAS in the audit (figure 3, which ranks the uses from highest to lowest per audit role). Interestingly, across the financial, IT and operational audit roles, GAS is used mainly for sampling during an audit, followed by data mining. Conversely, the least used application of GAS across the three audit roles is regression analysis, followed by calculating ratios.

Figure 3

The study results revealed that two established factors in prior research encourage GAS usage: perceived ease of use and perceived usefulness.

Figure 4 reveals that, across audit roles, financial auditors perceive GAS as less easy to use than the other audit roles do. The means across audit roles for perceived usefulness (figure 5) show that, overall, operational auditors perceive GAS as the most useful.

Figure 4
Figure 5

When discussing GAS, perceived ease of use has been shown to have a positive influence on the use of GAS among auditors.14 In addition, the strong positive influence of perceived usefulness has been shown to be quite significant in the context of GAS15, 16, 17, 18, 19 and is the single most important predictor among accountants of technology acceptance.20, 21, 22

The survey obtained open-ended responses as to why others might “feel differently” about these two factors. One financial auditor stated, “Many think GAS is difficult to use. Also, many don’t realize how much the software can do. Most of this has to do with lack of training.” Additionally, an IT auditor noted, “Financial and operational auditors tend to think the time required to use GAS does not justify any benefits.” Another financial auditor held the opinion that “[GAS] is seen as too expensive and too time consuming to train all of the staff. The decision is short sighted.” One operational auditor shared that “IT auditors generally have other tools that can do the same data manipulation.” Another operational auditor stated, “IT auditors are used to having query options using Structured Query Language (SQL), so [they] may not find generalized auditing software helpful.”

System problems are also shown to be a significant barrier to GAS use. In past research, slow system response times have been one such barrier because they indicate to the user that something is wrong and they threaten the user’s perception of the system as a whole.23

Regarding the use of GAS, some issues that signal system problems include difficulty extracting data, lack of system documentation and failure of the GAS to work as promised.

As stated earlier, barriers may well discourage GAS usage when they are present, but they do not necessarily encourage usage when they are absent. Having difficulty extracting data would likely affect GAS usage negatively. Ease of data extraction, on the other hand, would not automatically increase system usage because users expect that of a system. Based on the means for all of the audit roles (especially financial) shown in figure 6, it appears that data extraction problems represent the most salient barrier to GAS usage. Additionally, IT auditors perceive that documentation provided by vendors is not sufficient, likely because they are using GAS for more advanced purposes. However, overall, IT auditors perceive fewer problems with using GAS. According to one respondent, “IT auditors seem to be more comfortable using it than the other two groups. They evidently understand how to use it better than the other two groups or grasp the concepts and retain them better.”

Figure 6

Respondents cited perceived system problems with GAS. Among them, an IT auditor stated, “Those who have not previously used generalized audit software and rely on spreadsheet or database software tend not to trust GAS, think that GAS is too hard to learn and think that it will impact audit time frames.” Another IT auditor mentioned that “financial auditors have the perception that using GAS requires technical skills and, hence, it is only useful to IT auditors. However, GAS could be used by all types of auditors once they understand the functionality and what can be done using them.” A financial auditor stated that while some auditors use the software willingly and as intended, “outliers will see it as too complicated to use sufficiently.”

Another significant barrier to GAS use is perceived threat. In the study, perceived threat is defined as the extent to which auditors believe that using GAS threatens their ability to perform audit procedures or the extent to which they feel a loss of power or control over the work. An important early paper on the subject found that accountants resisted adopting a new financial system because they believed they would lose control over their data and lose power within their organization.24 The paper concluded that the new system represented a threat to employees due to a perceived loss of control, potentially resulting in workarounds, sabotage of the system or outright rejection.25

The idea of perceived threat was reinforced in a study concluding, “When a system is introduced, users will first assess it in terms of the interplay between its features and their abilities or needs. They will then make projections about the consequences of its use. If anticipated conditions are threatening (for instance, a change to how they perform their job), resistance behaviors will result.”26 The means across audit roles for perceived threat in figure 7 are low compared to the other factors in the model, which suggests that, although it is significant, auditors do not think GAS use interferes with their ability to perform their duties as much. IT auditors have the lowest sense of threat from using GAS.

Figure 7

One operational auditor surveyed noted that older, non-IT-savvy professionals tend to feel more threatened by new software tools, saying, “I think it depends on what generation they are from.” Another respondent made this point: “If an auditor is not comfortable with the analytical thinking required to successfully apply generalized audit software, they’ll tend to want to apply methods where they are in total control and the generalized audit software isn’t computing ‘behind the scenes’.” An IT auditor noted, “Those who have not previously used generalized audit software and rely on spreadsheet or database software tend to not trust generalized audit software, as their spreadsheet/database formulas are ‘tried and true’ (even if the formulas are inaccurate).”

These results point to a need for management to incorporate education, training and communication when adopting GAS. As part of a change management strategy, education is a key part of adopting any new technology. It can demonstrate the “why” of the technology’s utility.

After education comes training, which serves as the “how” in adopting the technology. Training may also serve as a response to negative feelings regarding the technology. Finally, management must communicate support for GAS usage to reduce negative perceptions toward the software.27 Communication should relay essential information on why GAS can be useful in the audit. However, communication should be a two-way street. Employees should be solicited for feedback on their concerns about the technology and should feel comfortable asking questions and expressing their concerns about its use.28

Internal vs. External Auditors

Because internal and external auditors have different responsibilities, they may perceive the relevance and importance of GAS differently. Prior studies show that internal auditors and external auditors work with GAS to different purposes and extents and may have different perceptions.29 The authors were curious about whether the survey results supported this dichotomy, so the sample was split into these two groups and analyzed separately. The results show that, indeed, internal and external auditors perceive GAS in different ways. A major difference is that internal auditors perceive more of a threat from using GAS than external auditors and, thus, may be especially sensitive to the introduction of GAS. According to one respondent, “Internal auditors are generally more resistant as they do not see how it applies to operations, but consider it more relevant for financial calculations.” Another respondent noted, “From an IT auditor’s perspective, this is the biggest hurdle in getting data analysis started and used on a regular basis in an internal audit function.” In IT-dependent environments, auditors must maintain sufficient knowledge of IT, which includes GAS.30 Internal auditors, who do not maintain their knowledge of IT, including GAS, may not be able to advance their careers in new assignments and better positions.

Splitting the data also showed that system problems are more salient for external auditors than for internal auditors. According to one respondent, “I think [external] financial auditors are hesitant to adopt something new, primarily because the Big 4 accounting firms are so focused on doing things the same way over and over and not adapting.”

Discussion and Conclusion

According to the study’s results, negative factors affect GAS usage and bias enablers. In looking at figure 1, it can be seen that both barriers (system problems and perceived threat) affect enablers of ease of use and usefulness and also usage directly (exceptions are shown with dotted lines). Determining perceived threat to be significant reaffirms the findings of the study,indicating that auditors may be resistant to GAS usage because they believe that it threatens the way they are accustomed to conducting audits and that it threatens the use of tools they are already comfortable with and trust.31 Overcoming these negative barriers may, therefore, be necessary if positive factors are going to substantially affect GAS usage.

Other findings show that:

  • Factors that inhibit usage continue to be significant even post-adoption.
  • Organizations should invest in training and other change management practices that mediate all types of barriers to using GAS.
  • Barriers to GAS use are affected by the role of the auditor—that is, internal vs. external auditor.

GAS usage among auditors remains low. This study may be of use to software vendors and auditing firms in promoting the usage of GAS among all types of auditors. Software trainers should understand the relevance of perceived threat, especially concerning loss of job control, and emphasize that GAS adds to, rather than replaces, auditors’ functions and duties. Organizations should supplement technical training (with an emphasis on extraction of data for analysis) with appropriate change management practices to decrease resistance to change. Sponsorship, coaching, communication and training are all important if GAS is to be integrated into the audit. Also, proactive resistance management is part of any change management program. This entails identifying the source of resistance early on and how objections for using GAS can be answered before they manifest themselves and become engrained in the culture of the organization.32 IT auditors in the survey sample, whether internal or external, were seen as being more confident with GAS, and one stated, “IT auditors are more apt to utilize generalized audit software as it was fully intended.”

On a positive note, survey respondents appear to believe that GAS is useful and easy to use. Trainers can use these results as evidence of the positive aspects of using GAS, especially when emphasizing that GAS enhances, rather than substitutes, auditor functions.

Endnotes

1 Bierstaker, J.; D. Janvrin; D. J. Lowe; “What Factors Influence Auditors’ Use of Computer-assisted Audit Techniques?,” Advances in Accounting, vol. 30, iss. 1, 2014, p. 67–74
2 Curtis, M.; E. Payne; “Modeling Voluntary CAAT Utilization in Auditing,” Managerial Auditing Journal, vol. 29, iss. 4, 2014, p. 304–325
3 Debreceny, R.; S. Lee; W. Neo; J. Toh; “Employing Generalized Audit Software in the Financial Services Sector: Challenges and Opportunities,” Managerial Auditing Journal, vol. 20, iss. 6, 2005, p. 605–618
4 Janvrin, D.; J. Bierstaker; D. Lowe; “An Examination of Audit Information Technology Use and Perceived Importance,” Accounting Horizons, vol. 22, iss. 1, 2008, p. 1–21
5 Payne, E. A.; M. B. Curtis; Can the Unified Theory of Acceptance and Use of Technology Help Us Understand the Adoption of Computer-aided Audit Techniques by Auditors?, USA, 2010
6 Op cit, Janvrin, Bierstaker, Lowe
7 Op cit, Payne, Curtis
8 Cenfetelli, R.; “Inhibitors and Enablers as Dual Factor Concepts in Technology Usage,” Journal of Association for Information Systems, vol. 5, iss. 11, 2004, p. 472-492
9 Goode, S.; “Something for Nothing: Management Rejection of Open Source Software in Australia’s Top Firms,” Information and Management, vol. 42, iss. 5, 2005, p. 669–681
10 Cenfetelli, R.; A. Schwarz; “Identifying and Testing the Inhibitors of Technology Usage Intentions,” Information Systems Research, vol. 22, iss. 4, 2011, p. 808–823
11 Op cit, Cenfetelli 2004
12 Bhattacherjee, A.; N. Hikmet; “Physicians’ Resistance Toward Healthcare Information Technology: A Theoretical Model and Empirical Test,” European Journal of Information Systems, vol. 16, iss. 6, 2007, p. 725–737
13 Op cit, Cenfetelli 2011
14 Kim, H. J.; M. Mannino; R. Nieschwietz; “Information Technology Acceptance in the Internal Audit Profession: Impact of Technology Features and Complexity,” International Journal of Accounting Information Systems, vol. 10, iss. 4, 2009, p. 214–228
15 Op cit, Bierstaker
16 Braun, R.; H. Davis; “Computer-assisted Audit Tools and Techniques: Analysis and Perspectives,” Managerial Auditing Journal, vol. 18, iss. 9, 2003, p. 725–731
17 Op cit, Curtis
18 Op cit, Kim
19 Mahzan, N.; A. Lymer; “Examining the Adoption of Computer Assisted Audit Tools and Techniques: Cases of Generalized Audit Software Use by Internal Auditors,” Managerial Auditing Journal, vol. 29, iss. 4, 2014, p. 327–329
20 Bedard, J.; C. Jackson.; M. L. Ettredge; K. M. Johnstone; “The Effect of Training on Auditor’s Acceptance of an Electronic Work System,” International Journal of Accounting Information Systems, vol. 4, iss. 4, 2003, p. 227-250
21 Op cit, Bierstaker
22 Op cit, Cenfetelli 2011
23 Loraas, T.; C. J. Wolfe; “Why Wait? Modeling Factors That Influence the Decision of When to Learn a New Use of Technology,” Journal of Information Systems, vol. 20, iss. 2, 2006, p. 1–23
24 Markus, M. L.; “Power, Politics, and MIS Implementation,” Communications of the ACM, vol. 26, iss. 6, 1983, p. 430–444
25 Ibid.
26 LaPointe, L.; S. Rivard; “A Multilevel Model of Resistance to Information Technology Implementation,” MIS Quarterly, vol. 29, iss. 3, 2005, p. 461
27 Curtis, M.; J. G. Jenkins; J. Bedard; D. Deis; “Auditors’ Training and Proficiency in Information Systems: A Research Synthesis,” Journal of Information Systems, vol. 23, iss. 1, 2009, p. 79–96
28 Robert Half Management Resources, “Time for Change: 5 Basic Tenets of Change Management,” 16 March 2015, https://www.roberthalf.com/blog/management-tips/time-for-change-5-basic-tenets-of-change-management
29 Op cit, Debreceny
30 Kotb, A.; A. Sangster; D. Henderson; “E-business Internal Audit: The Elephant Is Still in the Room!” Journal of Applied Accounting Research, vol. 15, iss. 1, 2014, p. 43–63
31 Op cit, Markus
32 Prosci, Five Levers of Organizational Change Management, https://www.prosci.com/change-management/thought-leadership-library/five-levers-of-organizational-change-management

Marianne Bradford, Ph.D.
Is a professor of accounting in the Poole College of Management at North Carolina State University (NCSU), USA, where she teaches enterprise resource planning (ERP) systems. Her background is with Ernst & Young in the IT Risk Assurance group. At NCSU, she is faculty coordinator for the SAP University Alliance and has been teaching business processes and controls in SAP for nine years. She is also the author of Modern ERP: Select, Implement and Use Today’s Advanced Business Systems, now in its third edition. Bradford’s research interests include ERP implementation issues, security and auditing.

Dave Henderson, Ph.D.
Is an associate professor of accounting at the University of Mary Washington (Virginia, USA), where he teaches principles of accounting, managerial accounting, accounting for decision making and control, and accounting information systems. He has nearly 20 years of experience in the information technology and accounting fields in various roles including assistant professor, financial analyst, financial systems developer and project manager. Henderson’s research interests focus on accounting information systems (AIS) technology adoption and development, Internet financial reporting, and internal auditing.

 

Add Comments

Recent Comments

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and from opinions endorsed by authors’ employers or the editors of the Journal. The ISACA Journal does not attest to the originality of authors’ content.