EDP auditor: Disappearing or adapting

Abstract

The EDP audit function was created in the late 1960s to span two domains - auditing and electronic data processing (EDP). General auditors were insufficiently competent to perform audit procedures and make audit judgements relating to the technical characteristics of computer-based information processing. Also, generally EDP personnel did not pay sufficient attention to controls in the design of systems. Two primary forces shaping the audit profession are, changing information systems technology (MIS Environment) and increasing management and auditor accountability (Regulatory Environment). The changing MIS environment has had the most visible and direct effect on the EDP audit function. Rapidly changing technology requires the EDP audit profession to anticipate needed changes in internal controls, control methods and audit techniques. Changes in the MIS environment include not only hardware and software but also new approaches to applications development, and re-orientation of MIS management toward applications which support organizational strategies. The EDP audit profession has been subject to increasing competitive pressure as well (Competitive Environment). Major implications for auditors and organizations as a result of these environmental forces include: technological bottlenecks in the audit, substantial new organizational exposures, eroding of traditional product and service markets, the advent of new product and service opportunities, and changing auditor skill and knowledge requirements. Thus, there exists a real and pressing need for external, internal and government audit entities to reorganize for a changing audit environment. It is also important that the responsibilities of the general auditor and EDP auditor be realigned in order to facilitate their effective deployment. Key considerations include: (1) general auditors are better equipped to access data directly and to assess computer application controls without the support of an EDP audit specialist, and (2) the audit of more complex hardware and software architectures require highly skilled technical specialists. Thus, individual EDP auditors may have to decide whether to rejoin the ranks of the general auditors or become more highly, technically specialized.