INFORMATION TECHNOLOGY AUDITING PRACTICE: A CASE STUDY OF SELECTED PRIVATE COMMERCIAL BANKS IN ETHIOPIA

Abstract

The main purpose of this study was to assess the challenges of an information technology audit in the case of 16 sampled private commercial banks. A purposive sampling method was used, and data were collected using structured questionnaires. A descriptive type of research design was used, and data were collected from all IT audit employees that are working in the internal audit department of each bank. A total of 41 questionnaires were distributed to the information technology auditors of all private commercial banks, and 41 (100% response rate) were collected. The data were run with SPSS version 22, and mean analyses were carried out to assess the challenges of an information technology audit. communication barrier with the IT department; a failure to attend regular audit committee meetings; no long-term strategy to transform IT audit into a data-driven function; a failure to engage in technological projects; a shortage of skilled manpower to conduct IT audits; and security and privacy challenges. These are among the challenges identified in this study. This highlights the importance of IT audits adopting a next-generation mindset and implementing the governance, methodologies, and enabling technologies required to support today's highly dynamic and fast-moving banks. An effective IT audit framework must be able to detect these changes in order to protect the organization from potential threats. An IT audit must be able to access and govern the data being used in order to ensure that various control and compliance requirements are met. The ability to leverage advanced technologies in IT auditing, in particular, is highly dependent on the quality of the data in the bank.