This paper will evaluates the role of information technology and how it affects internal audit process in banking industry. The study will also stresses on how IT affects internal control (control environment, risk assessment, control activities, information and communication and monitoring) and provides guidelines and best practices in evaluating techniques available to effectively perform auditing tasks internally. It will addresses how technology, Information system (IS) and electronic data processing (EDP) have changed the way organizations conduct its business, promoting operational efficiency and aid decision-making. It will also spotlights many aspects of IT risks and controls and highlights whether the right people are overseeing IT risks to the degree they should. It will demonstrate the impact of technology convergence on the internal control mechanism of an enterprise. It will emphasizes that the auditor also has a responsibility to assure that the governance level of management (the audit committee and board of directors) understand risks accepted by management and the liabilities potentially transferred to board members.
BACKGROUND OF THE STUDY
Modern banking in Ethiopia introduced in 1905. At the time, an agreement was reached in between Emperor Menelik II and a representative of the British owned National Bank of Egypt to open a bank which led to Bank of Abyssinia inaugurated in Feb.16, 1906 by the Emperor. In the 30’s the bank was bought by the Ethiopian government and the State Bank of Ethiopia was established by a proclamation issued in august 1942. This bank was later disintegrated to two different banks forming the National Bank of Ethiopia and the Commercial Bank of Ethiopia. The modern banking introduced in 1905 now grew up and gives different services. To provide efficient and fast customer focused domestic and international banking services banks change their manual works to computerized system using various kinds of communication and computing technologies to carry out its day to day activities. Information technology (IT) function is responsible for designing, implementing and maintaining many of controls over an organization’s business processes. IT has a critical role in collecting, processing, and storing data that is summarized and reported in financial statements. Many organizations are becoming increasingly dependent on IT with such elements as fully integrated information systems and electronic document management becoming more popular each day. IT increases the accuracy and speed of transaction processing, and can even lead to competitive advantages for many organizations in terms of operational efficiency, cost savings, and reduction of human errors. On the other hand, there are many types of risk associated with IT; this includes loss of computer assets, erroneous record keeping, increased risk of fraud, competitive disadvantages if the wrong IT is selected, loss or theft of data, privacy violations, and business disruption.
As defined by the institute of internal auditors (IIA),”internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Internal auditor’s roles include monitoring, assessing, and analyzing organizational risk and controls; and reviewing and confirming information and compliance with policies, procedures, and laws. Working in partnership with management, internal auditors provide the board, the audit committee, and executive management assurance that risk is mitigated and that the organization’s corporate governance is strong and effective and, enhancing processes, policies, and procedures.” Internal control also can be defined as “an integral...