Purpose – This paper aims to analyse the relationship between the senior management and the information technology (IT) auditing undertaken in Italian banks, focusing specifically on the internal IT auditing. The purpose of this paper is to investigate senior executives’ expectations regarding IT auditing, the techniques IT auditors apply to meet these expectations, the degree to which senior managers are satisfied with the auditing and the expectation gap. Design/methodology/approach – We conducted 22 interviews with senior managers and IT auditors of seven Italian banks, comprising large and small financial institutions, to gain data for our analysis. Findings – We found that overall, the IT auditors’ contributions satisfy senior managers, even though they still see room for improvement. They expect more support for the IT governance processes, specifically for the alignment between IT investments and business needs and between IT risk management and the value that IT resources provide. In addition, they want IT auditors to focus more strongly on IT security. To meet these expectations, IT auditors would have to improve their technical and non-technical skills. These skills will allow them to expand their activities, to be more proactive and to take on effective roles in IT governance processes. Originality/value – This study contributes to the existing literature by providing insights into the internal audit function’s evolving role and into banks’ IT audit activities. It also provides a valuable insight into senior management’s expectations regarding the role IT audit activities should play to support the profession and the banking policymakers, thus providing a better understanding of IT audit activities and improving these activities’ role
Do IT audits satisfy senior manager expectations?: A qualitative study based on Italian banks
LAMBOGLIA, RITA;
2015-01-01
Abstract
Purpose – This paper aims to analyse the relationship between the senior management and the information technology (IT) auditing undertaken in Italian banks, focusing specifically on the internal IT auditing. The purpose of this paper is to investigate senior executives’ expectations regarding IT auditing, the techniques IT auditors apply to meet these expectations, the degree to which senior managers are satisfied with the auditing and the expectation gap. Design/methodology/approach – We conducted 22 interviews with senior managers and IT auditors of seven Italian banks, comprising large and small financial institutions, to gain data for our analysis. Findings – We found that overall, the IT auditors’ contributions satisfy senior managers, even though they still see room for improvement. They expect more support for the IT governance processes, specifically for the alignment between IT investments and business needs and between IT risk management and the value that IT resources provide. In addition, they want IT auditors to focus more strongly on IT security. To meet these expectations, IT auditors would have to improve their technical and non-technical skills. These skills will allow them to expand their activities, to be more proactive and to take on effective roles in IT governance processes. Originality/value – This study contributes to the existing literature by providing insights into the internal audit function’s evolving role and into banks’ IT audit activities. It also provides a valuable insight into senior management’s expectations regarding the role IT audit activities should play to support the profession and the banking policymakers, thus providing a better understanding of IT audit activities and improving these activities’ roleI documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.