Reply to Discussion of Information Technology-Related Activities of Internal Auditors
In this article, the authors present their opinion on a discussion of their paper concerned with information technology (IT) related activities of internal auditors. Their paper was reviewed and discussed by both a practitioner, R. N. Burton and an academic, C. Jackson. In general, the discussants found the results in their paper to be "pretty much as expected" from his experience in practice. The authors agree that the results are not surprising. Dr. Burton makes several valuable suggestions for future research. He suggests several other organizational characteristics that might affect the evaluation of IT by internal auditors, such as the experience and training of the internal audit staff, the maturity of the internal audit department within the company, the size of the department relative to the size of the organization, restrictions on the scope of the department through the existence of other groups (e.g., risk management, TQM), and the extent and type of audit functions outsourced. Professor Jackson questions the selection of the IFAC document as the source for the IT evaluations, tests, and objectives. While each of the documents has merits, the IFAC terminology was selected because the American Institute of Certified Public Accountants has supported the statement and indicated that the categories used are "universally applicable" and the IFAC document provides details of specific evaluations and the tests within each evaluation.