eThesis - Kauppakorkeakoulun sähköiset gradut

Information Technology has become an essential driver in providing real-time accounting and business process information. At the same time, internal controls over these massive information systems have become increasingly complex and difficult to evaluate. According to International Standard on Auditing ISA 315 an auditor is responsible to identify and assess the risks of material misstatement, whether due to fraud or error, in the financial statements and assertion level, through understanding the entity and its environments, including the entity's internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatements. Standards state that the auditor shall obtain an understanding of the information system. The methodology of audit has changed towards The Risk-Based Audit Approach; which forces the auditors to consider more carefully new implied systems within audited organization.

Information technology and auditing is a widely studied field of accounting, but most commonly seen as an internal auditor's function. This research provides an insight from the auditors prospective on how accounting information systems are taken into consideration in a financial audit. The aim of this study is to address the risks that follow from recent decades' generalized use of complex accounting information systems. The results are explored through financial auditors' real life experiences. This research also tangents auditors' experiences on changes in the audit methodology. This study is structured as a qualitative research from the experiences of individual auditors. The empirical part of the thesis is based on qualitative research. The results of the interview are concluded and reflected to the theory.

The main research questions are (1) how is audit client's (auditee's) use of accounting information system considered in a financial audit and (2) from auditors' personal experiences, what risks arise from information technology? This research yielded views from both Audit Manager and IT Auditor level. Both find use of accounting information systems by their clients to be very beneficial and effective, but at the same time they are aware of the risks that are related to complex accounting information systems. The results show that in reality there are some differences to theoretical practices.