Abstract
Increasing public interest in corporate governance has driven organisations to review their expectations of IAF. ERP systems act as a catalyst for change in the IAF. The internal auditing practices are social constructions, where consensus is essential before something can be counted as legitimate practice in the professional system. The motivation for this study was the conviction that the changes in the IAF, as a response to ERP implementation, have not received the attention in academic research that their significance merits. In particular, it can be argued that attempts to establish new claims to knowledge provide valuable opportunities to study the processes through which such claims are linked with attempts to expand and maintain the legitimacy of professional jurisdiction.
Access provided by CONRICYT-eBooks. Download chapter PDF
Similar content being viewed by others
2.1 Introduction
The body of the literature suggests that ERP systems are able to motivate adaptation in the work of many professional groups within organisations and may threaten their legitimacy if they are not suitably adapted. However, there is no sufficient evidence related specifically to the IAF. This chapter critically analyses the multi-disciplinary literature with a particular focus on the relationship between ERP and IAF, with a view to identifying gaps in the literature. In doing so, this chapter attempts to draw out the main directions and key themes in the field to cultivate a mature and solid understanding of the phenomenon.
This review starts by evaluating the IS literature related to the role of ERP systems in changing the working environment within organisations and functions, where the IAF is one of these functions. This review helps the examination of studies of the potential impacts on the risk-control landscape that is the main concern of the IAF. Then, the literature related to internal auditing as a governance function is reviewed, shows that the IAF needs to adapt to maintain its legitimacy as a governance mechanism.
The AIS literature on the ERP systems impact on the accounting field is reviewed to draw a roadmap for studying the impact of ERP systems on the IAF. This helps in identifying the theories, methodologies and research strategies used in this area and makes suggestions appropriate to fill the research gap.
In order to determine how the IAF adaptation can be investigated, the literature related to the aspects of the IAF which might change is reviewed, whether the changes are a response to IT pressures or to governance pressures. Finally, the conclusion of the chapter is outlined.
2.2 ERP System as a Change Agent
ERP systems play an essential role in the daily operations of modern business organisations. Generally, the influences of IT on the structure and practice of many professions have long been recognised. For professional groups, new advances in IT cause a change in many aspects of their professional development (Walsham 1998). The implementation of ERP systems implies by necessity new ways of designing tasks, jobs and work modules, communications within organisations and work structures and procedures (Kallinikos 2004).
2.2.1 ERP Concept
ERP systems are one of the most important innovations in the world of IT. It has become one of the most widespread IT solutions, which is the backbone of many big enterprises in the world (Alshawi et al. 2004). According to Chung and Snyder (2000), ERP systems have been developed to be highly configurable to accommodate the needs of diverse sectors of the economy such as the manufacturing and finance sectors. Therefore, ERP has attracted increasing attention from researchers and practitioners (Momoh et al. 2010).
While ERP systems have gained relative prominence in the literature, there is dissent among academics on the nature and definition of ERP. For instance, Davenport (1998) defines it as a commercial software package that promises the seamless integration of all the information flowing through a company. Furthermore, Pawlowski et al. (1999) posit that ERP is not a term referring to a distinct object but rather an “umbrella term” referring to a range of similar products. Klaus et al. (2000) consider ERP as a development objective mapping all processes and data of an enterprise into a comprehensive integrative structure. According to Kumar and Van Hillsgersberg (2000), these systems are configurable IS packages that integrate information and information-based processes within and between functional areas. Moreover, Shehab et al. (2004) define ERP systems as business management systems that include integrated sets of comprehensive software, which used to manage and integrate all the business functions within an organisation. These sets usually consist of business applications for financial and cost accounting, sales and distribution, materials management, human resource and supply chain management. Others (e.g. Dillard et al. 2005; Trimi et al. 2005) define ERP systems as enterprise-wide packaged software applications that tightly integrate and manage information flows and business functions within and across the organisation into a single system with a shared database.
A central concept that can inform our understanding of the nature of ERP is that it is integrated information architecture, and this integration may vary in scale or scope (Chapman and Kihn 2009). According to Granlund and Malmi (2002), the level of systems integration is a continuum which goes from a collection of stand-alone systems to a completely integrated system, where a company that implements only a few modules of the ERP is somewhere in the middle of the continuum. In their case study, only the financial and accounting modules of the software had been implemented and they regard this as an ERP system.
Based on these different perspectives and for the purposes of this book, ERP systems can be defined as “Business management systems, which are module-based integrated software packages, control the seamless integrated information flow and process across functional areas within the organisation and include at least the financial and accounting module and any other module as a single system with a shared database”.
2.2.2 Organisational Change and ERP Implementation
ERP systems implementation involves broad organisational changes in business processes and significant implications for the management model, structure and individuals within organisations (e.g. Pawlowski et al. 1999; Maheshwari et al. 2010). Volkoff (1999) highlights the organisational changes brought about by ERP systems which can affect the social environment and reform the entire information infrastructure. Moreover, Robey et al. (2002) view ERP implementation as a dialectic process involving forces promoting and opposing change. Additionally, ERP has the ability to act as a force for radical social change (Lengnick-Hall et al. 2004).
Davenport et al. (2004) confirm that ERP imposes its own logic on organisations. Therefore, ERP implementation can be viewed as organisational change projects. ERP is a kind of management innovation which involves the introduction of novelty and represents a particular force of organisational change. Furthermore, Pollock and Williams (2008) provide evidence that there is always a wide gap between system capabilities and the context-specific requirements and practice of the implementing organisations. Therefore, several tensions and challenging discrepancies appear and need to be addressed after using these systems.
ERP systems are a significant factor in the users’ real lives. Different groups experience particular losses or gains from ERP implementation (Yeh and OuYang 2010). Based on the socio-technical nature of the organisational change process that arises from ERP systems implementation , several researchers have identified the need to uncover the dynamics of the organisational change process (e.g. Lyytinen and Newman 2008). Organisational actors’ values need to be considered in ERP implementation s. For organisational actors, both diversity and free choice of actions became more limited. They need to learn a new way of working, cooperating in a network system and understand how and why their processes have changed. These requirements meant that professional groups have to change how they think about their work and the types of relationships within and between organisations (Lengnick-Hall et al. 2004). According to Yeh and OuYang (2010), most ERP researchers have evaluated ERP implementation from a technological perspective and have paid less attention to managerial and human perspectives. Additionally, Davenport et al. (2004) suggest that organisations with highly advanced abilities to use information derived from an ERP have the potential to alter their job roles and change their organisational structures.
In this book, ERP systems are treated as independent products capable of initiating socio-technical organisational change process affecting the organisational actors’ practice and structures. This is not an uncontroversial stance, but it is a part of the debate in research on ERP systems (Kallinikos 2004). Additionally, investigating ERP systems in these terms does not disregard the significance which the implementation process may have in reshaping these systems to the demands of certain organisations.
2.2.3 ERP and Organisational Risks
Many studies have discussed risks associated with ERP systems from different perspectives (e.g. Adam and O’Doherty 2000; Klaus et al. 2000; Soh et al. 2000; Sumner 2000; Ragowsky and Somers 2002; Scott and Vessey 2002; Al-Mashari 2003; Huang et al. 2004; Shehab et al. 2004; Genoulaz et al. 2005; Trimi et al. 2005; Zafiropoulos et al. 2005; Ojala et al. 2006; Hakim and Hakim 2010). Most of these studies agree that ERP systems are risky and mention that risks revolve around implementation, technicality and functionality.
ERP implementation necessitates some pivotal changes in organisations based on reengineering and customisation efforts. Mabert et al. (2001) found that these efforts cause risk of resistance to change, reluctance to learn new ways of doing jobs or reluctance to accept new responsibilities, while Wright and Wright (2002) assert that these changes increase the potential for control weaknesses and may result in financial-statement errors or inaccurate internal information. Additionally, Hakim and Hakim (2010) find that the main implementation risks include: organisational risks such as the degree of required changes and capabilities in process reengineering; technical skills risks that include ability to attract and maintain qualified staff, optimal utilisation of internal employees, cross-technical training and exchange of knowledge between groups; system risks that include identifying and understanding the changes required and user risks that include system comprehension by the users, coordination among departments and resistance to change.
According to Adam and O’Doherty (2000), ERP technical risks include the tight integration of application modules and data and privacy concerns. O’Leary (2000) suggests that the interdependent nature of ERP systems ’ applications and the reliance on relational databases expose an organisation to different business interruptions than traditional systems. This is confirmed by Wright and Wright (2002) that ERP system presents risk due to the linked interdependencies of business processes and relational databases. They add that ERP systems increase security risks, which may increase financial-statement risk if access is not adequately and periodically monitored. O’Leary (2002) comments on Wright and Wright (2002) and asserts that there are key problems in the area of ERP systems controls and security. Hunton et al. (2004) provide evidence that ERP creates concerns about system security, database security and control risk because of process interdependency. So a security concern in one department may lead to jeopardising the entire ERP system. Aloini et al. (2007) assert that ERP systems impose a risk that an error in one part of the system brings down the entire system and disrupts the organisation’s business processes. Moreover, Hendrawirawan et al. (2007) suggest that integration increases the risk of fraud by users who have excessive authority.
Some authors (Adam and O’Doherty 2000; Soh et al. 2000; Sumner 2000) provide evidence that functional risks arise from the challenge of incompatibilities between systems and organisational needs in regard to processing procedures and the presentation format and the information content of the output. Although most ERP systems have been adapted to the specific business practice model, not all of them are necessarily appropriate for a specific organisation. These risks can lead to inappropriate access, missing validation procedures, inappropriate operational steps, inappropriate output formats and incorrect information content of input (Soh et al. 2000).
This review shows that ERP systems introduce more risks that are important to deal with and mitigate through proper control and audit and assurance functions. On one side, and building on Hakim and Hakim (2010) and Sumner (2000), it can be claimed that the improper adaptation, change and the improvement of capabilities and reengineering of the IAF after ERP systems implementation can be considered as organisational risks . Attracting and maintaining qualified internal auditing staff, optimal utilisation of internal auditors, inappropriate technical training and exchange of knowledge between auditors and other groups after ERP systems implementation can be considered as technical risks . System comprehension by auditors, coordination among audit department and other departments and resistance to changes can be considered as user risks.
According to Wright and Wright (2002), ERP increases the potential for control weaknesses . Therefore, it is important for those whose responsibility it is to provide assurance to be aware of these unique risks in planning and executing internal auditing. This will affect one of the main roles played by the IAF in providing assurance about the ability of the internal control systems to mitigate risks .
2.2.4 ERP and the Control System
Control risk increases when advanced technology is implemented for accounting and IS. Traditional internal controls are insufficient in preventing or detecting errors for accounting systems with advanced IT (Huang et al. 2004). ERP systems are likely to shift the locus of control and related activities . The integrative nature of ERP systems affects many control issues such as control planning, control monitoring, authorisations, reconciliations, segregation of duties and risk assessments (Rikhardsson et al. 2005). However, there is a debate on the ambivalent nature of this change (Pawlowski et al. 1999; Rikhardsson and Kræmmergaard 2005; Grabski et al. 2011). On the one hand, ERP may bring about the relaxation of control (Davenport 1998; Sia et al. 2002; Wright and Wright 2002). On the other hand, it may tighten internal control (Elmes et al. 2005; Rikhardsson et al. 2005; Rajan and Saouma 2006; Chapman and Kihn 2009).
For example, Sia et al. (2002) assert that ERP results in expanding job scopes, thus making the jobs of some employees more powerful than before, which directly contradicts the traditional control principle of segregation of duties in the auditing literature. Wright and Wright (2002) confirm that with ERP implementation , controls and security aspects are going to change.
Moreover, some authors (e.g. Bae and Ashcroft 2004; Madani 2009) discuss that implementation risks could result in inadequate new business controls because of the reengineering process. During this process, traditional controls could be eliminated without replacing them with new effective controls. Sayana (2004) finds that ERP systems are designed as configurable solutions that can operate in many countries and industries. This adaptability in the ERP can lead to internal control weaknesses by allowing options that were completely prohibited in the past. Sayana (2004) asserts that ERP systems enable data entered at one stage of the process to be forwarded to the next stage with implicit acceptance of its validity and there is often no reverification at different stages. The impact on controls is that there is no room for checking along the way.
However, some studies (Poston and Grabski 2001; Rikhardsson et al. 2005; Chapman and Kihn 2009; Emerson et al. 2009) found evidence that ERP systems facilitate the automation of some control activities , reduce manual tasks and enable stricter controls. ERP systems effectively eliminate the idea of data flow and replace it with enterprise-wide data access, thereby enhancing data security , accuracy and integrity. ERP systems enable integrated information for greater visibility of employees’ activities (Elmes et al. 2005). Orlikowski (1991) argues that control is probably tighter as the range of opportunities for individual choice is constrained, simultaneously enhancing the hierarchical visibility of the remaining choices. The integrated business processes reduce errors (Soh et al. 2000; Mabert et al. 2001), result in data interdependency where data inconsistencies are clearly flagged (Sia et al. 2002) and facilitate the matching of documents (Chapman and Kihn 2009). Rajan and Saouma (2006) confirm that the relative information advantage of the manager is a function of the implementation of ERP systems . In settings where the information generated by these systems can be monitored by the owner, more information is better as this help in solving the issue of the asymmetric information. O’Leary (2000) asserts that ERP systems enhance control through standardised information, enable standard operational processes and increase organisational formalisation and controls. ERP helps organisations control their activities by centralising information (Ragowsky and Somers 2002). Yeh and OuYang (2010) suggest that organisations need to learn how to manage and control the working environment of these systems.
Based on the previous debate, it can be stated that there is no clear understanding of the impact of ERP systems on the internal control system . This confusion about the impact of ERP systems on the internal control system affects the internal auditors’ ability to provide a reliable assurance about the control system. Therefore, internal auditors need a comprehensive view and adaptation to the new risk-control landscape after ERP systems implementation in order to gain the best results and add value to the governance practice.
2.2.5 ERP and Corporate Governance
Corporate scandals such as Enron in the USA and HIH in Australia have reinforced the need to pay careful attention to corporate governance as a mechanism to ensure that the needs of governments and shareholder are met. There is no universally accepted definition of corporate governance. In the UK, the Cadbury Report (1992, Section 2.5) describes corporate governance as the system by which companies are directed and controlled. According to the Egypt governance code, “Principles of corporate governance describe the rules, regulations and procedures that achieve the best protection of and balance between the interests of corporate managers, shareholders, and other stakeholders” (p. 4). Hermanson and Rittenberg (2003) expand the IIA’s definition of governance as follows:
Governance processes deal with the procedures utilized by the representatives of the organization’s stakeholders to provide oversight of risk and control processes administered by management. The monitoring of organizational risks and the assurance that controls adequately mitigate those risks both contribute directly to the achievement of organizational goals and the preservation of organizational value. Those performing governance activities are accountable to the organization’s stakeholders for effective stewardship. (Hermanson and Rittenberg 2003, p. 27)
Based on these definitions, the governance framework includes policies, performance measurements and controls, which direct and align work towards achieving goals. The corporate governance efforts focus on improving transparency and accountability and clarifying the division of roles between management oversight and business execution.
Where the scale and scope of ERP systems affect full business transformations, corporate governance becomes important. Carroll and Fitz-Gerald (2005) suggest that ERP systems raise the issue of corporate governance; however, they focus on the impact of the organisational governance on the ERP systems implementation . Chen (2009) suggests that ERP systems should be considered not only as IS, but also as a part of corporate governance systems and suggests that to leverage the value of ERP systems, organisations should consider the alignment of the internal control and audit function, corporate governance and information technology (IT) governance.
According to Chen (2009), governance issues are important topics in ERP research. Chen et al. (2012) conclude that after ERP implementation, the focus of internal control is shifted to cover the whole business operations not only the accounting operations. This will strengthen internal control to reinforce corporate governance. Furthermore, according to Grabski et al. (2011), ERP systems offer several benefits for risk management such as internal controls, an enhanced audit trail and compliance and governance extensions. They suggest that some critical areas deserving extended focus include the auditing in the ERP work environment especially the design of control systems and auditors’ expertise.
In order to achieve successful corporate governance, the governance structures and the governance practice should be aligned, so that the formal structures become an accepted part of practice within an organisation. ERP systems can narrow the gap between intentions and actions relating to governance processes that means the difference between the documented governance structure and the governance activities enacted in everyday organisational life.
2.3 IAF as a Governance Mechanism
Almost two decades ago, Kalbers and Fogarty (1995) found that a wide range of practitioner literature exists in the area of internal auditing, while the academic literature on internal audit practice was relatively limited. Moreover, according to Boyle (1993), academic literature on internal audit practice gave less attention to the well-structured research models that help in the understanding of contemporary internal audit practice. Page and Spira (2004) confirm that the corporate governance requirements have an impact on the IAF. Carcello et al. (2005) suggest that internal auditing is enjoying prominence and attention unlike ever before.
Nevertheless, according to Sarens and De Beelde (2006a) the existing literature, standards and practice advisors suggest that the internal auditing is influenced by several variables such as governance rules and IT developments; therefore, it needs more attention. IT cannot by itself enhance the effectiveness of corporate governance practice. The main efficiency factor depends on the way internal auditing changes its structure and practice and communicates as a response to the use of these technologies. Therefore, Allegrini et al. (2006) assert that the continuous evolution of internal auditing requires the synthesis of research findings and constant updating of the professional body of knowledge. Additionally, Sarens et al. (2011) suggest that there are promising research opportunities to critically evaluate whether the traditional internal audit activities are still sufficient to meet the contemporary needs of organisations.
2.3.1 IAF Concept
Just after the IIA establishment at 1940, internal auditing was perceived as an extension of external auditing and it was concerned strictly with accounting verification within organisations as assistance to external auditing (Kagermann et al. 2008; Bloom et al. 2009). Starting as a function primarily focused on protection against fraud and loss of assets, its scope was extended to include verifying almost all financial transactions and gradually moved from “audit for management” to an “audit of management” approach (Bailey et al. 2003). Lately, according to Bloom et al. (2009), internal auditors became management consultants examining not only accounting but also non-accounting functions.
After a debate between practitioners, academics and the accountancy professions, the IIA (1999) defined internal auditing as “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management , control, and governance processes” . This definition highlights the valuable contribution of internal auditing. It is designed to add value and improve organisations’ operations. Such a perspective expands internal auditing’s working domain to include risk management and control and governance processes. Nagy and Cenker (2002) have investigated whether the new internal audit definition really reflects the day-to-day activities of the IAF. They found that the new definition describes the current practice.
2.3.2 IAF-Related Governance Rules
Numerous standards and legal requirements address the internal audit process. In the USA, for example, these include the Sarbanes-Oxley Act (SOX 2002), NYSE Listing Standards (SEC 2003), COSO Internal Control Integrated Framework (COSO 2011), COSO Enterprise Risk Management Integrated Framework (COSO 2004), Control Objectives for Information and Related Technology (COBIT) and the Public Company Accounting Oversight Board (PCAOB). The latter suggests that a complementary benefit of its standard is “encouraging companies to invest in competent and objective internal audit functions” (PCAOB 2004, p. 10).
Prior the issuance of SOX (2002), external auditors had a main role in facilitating the implementation and auditing of internal control systems , including IT audits. However, this situation has changed after SOX (2002). First, SOX (2002, Section 404) puts the responsibility for internal control systems documentation and evaluation on the management, who have passed on much of the responsibility to the internal auditors. Second, external auditors are not allowed to provide certain services such as the financial internal audit outsourcing services (SOX 2002, Section 201). So it becomes difficult for organisations to depend mainly on external auditors in providing guidance relating to IT audits. The responsibility for the IT audits has increasingly fallen on the internal auditors of the organisation.
While in the UK standards and guidance include the Turnbull Report (1999) that has the purpose of providing guidance on certain aspects especially those dealing with internal control, risk management and internal auditing, in Europe the European Confederation of Institutes of Internal Auditors (ECIIA) has adopted a strong position towards the internal audit role in corporate governance (Paape et al. 2003).
The Basel Committee issued three publications which merit the attention of the internal auditor, especially the internal bank auditor:
-
Enhancing corporate governance in banking organisations (1999) addresses a number of issues, such as risk management and audit functions
-
“Internal audit in banks and the supervisor’s relationship with auditors” (2001) emphasises the significant role of the internal auditor in the evaluation of internal control processes
-
The internal audit function in banks (2012) promotes a strong IAF within banks.
These standards and legal and professional directions pressurise organisations to maintain a sound IAF which adds value by enhancing governance. There are challenges for internal auditing profession and activities to significantly adapt to cope with the evolution of governance requirements (Bailey et al. 2003).
2.3.3 The Governance Role of the IAF
The increasing public interest in governance issues has resulted from the financial crisis and repeated financial scandals which have driven organisations to review their expectations of the IAF (IFAC 2006). This raises the importance of the IAF as a key component of good corporate governance practice (Spira and Page 2003). Internal auditing has established its position as essential within the corporate governance field (Paape et al. 2003). Gramling et al. (2004) point out that the IAF quality has an impact on the quality of corporate governance. The internal audit central role in corporate governance has gained increasing attention, because of its importance to the internal control and risk management. These are the two important aspects of corporate governance.
Such shifts have had the purpose of increasing the value added by internal audit to organisations. However, Arena and Azzone (2009) point out that these changes require a redesigning of internal audit structure and activities. Selim et al. (2009) assert that the move away from a narrow scope of evaluating the effectiveness of internal controls towards a broader range of activities created opportunities for the profession to reexamine its structure and practice. Sarens (2009) points out that very few studies have investigated the relationship between internal audit and governance.
Carcello et al. (2005) examine the internal auditing changes during the time of the Enron and WorldCom financial disasters and the related focus on internal control and corporate governance. Their findings show that internal audit budgets , staffing levels, meetings and meeting length with the audit committee have increased noticeably from 2001 to 2002. They suggest that the IAF has changed in numerous ways during the time of the accounting scandals in the USA. They encourage additional research to examine changes in the mix of the internal audit’s activities and the structure of the IAF . Moreover, they encourage research on this topic in other countries.
The two main governance activities for internal auditing are “monitoring risks” and providing “assurance regarding controls” (Bailey et al. 2003; Hermanson and Rittenberg 2003); therefore, the next two subsections will discuss these activities .
2.3.3.1 ERP and IAF Role in Risk Management
Risk assessment and risk management are major aspects of corporate governance. The responsibility of internal auditors is mainly risk assessment and assisting management with their responsibility for risk management (Cattrysse 2005). Sarens (2009) points out that the internal audit’s role in monitoring and improving risk management has turned out to be an important contribution to corporate governance. There is evidence (e.g. Arena and Azzone 2009) of the added value from the active support of the internal auditors in risk management. Sarens and De Beelde (2006b) stress that top managers expect internal auditors to assist them in formalising risk management systems and gaining a reasonable level of awareness of risks and controls. In addition, Marshall and Magliozzi (2009) find that internal auditors have a strong desire to improve their knowledge and skills in enterprise risk management (ERM) , despite their relatively high competency levels in these areas.
The legitimacy of the internal audit strongly depends on its capability to monitor and improve risk management that is clearly referred to in the definition of internal auditing (IIA 1999). According to the IIA Position Statement (2009, p. 3), the internal auditor’s role in ERM is to “provide objective assurance to the board on the effectiveness of an organization’s ERM activities to help ensure key business risks are being managed appropriately and that the system of internal control is operating effectively”. The standards of internal auditing (IIA 2009) present substantive changes designed to enhance the internal audit’s contribution in monitoring, assessing and reporting on the effectiveness of the risk management process. Moreover, Bloom et al. (2009) assert that the COSO model (2004) has a primary objective, which is asserting the responsibility of the internal audit in identifying risks that are most likely to obstruct the organisation in achieving its objectives.
ERP systems have some risks associated with them, but also these systems offer some tools that can be used for risk assessment and management. ERP systems have introduced some new opportunities and challenges in managing internal and external risks (Saharia et al. 2008). There are some ERP-based risk management applications which have built-in diagnostic tools that test and continually monitor system activity and configuration changes (Emerson et al. 2009). Glover (1999) claims that internal auditors possess skills that are crucial particularly in the area of risk management after implementing ERP and they are well positioned to add value in this area.
Some studies investigate the ERP’s impact on the auditors’ role in managing risks (Wright and Wright 2002; Hendrawirawan et al. 2007; Saharia et al. 2008). For example, Wright and Wright (2002) suggest that it is essential for assurance providers to be aware of the unique risks associated with ERP systems. Hendrawirawan et al. (2007) find that most of the security tools offered in ERP packages are not designed to facilitate the audit. Also, there is a shortage of internal audit staff members trained in ERP security. Saharia et al. (2008) conclude that ERP systems lead to improvement in internal auditors’ ability to assess risk in all categories of operations. They find that ERP systems reduced financial risks while improving internal auditors’ capability of assessing and managing these risks. They find that ERP systems are perceived as providing internal auditors with better tools to assess and manage technology-related risks. ERP systems increase IT competence risk as they place unique requirements on internal auditors in the workplace (Parent and Reich 2009).
The internal auditors’ role in risk analysis and management for an ERP-based organisation should include (Cerullo and Cerullo 2000; Hespenheide et al. 2007; Madani 2009): recognising the range of risks in the ERP cycle being audited; connecting the identified risks with potential applications; determining the annual cost of each ERP exposure; selecting relevant internal controls for the ERP exposures by selecting cost-effective controls; advising the management on optimal resource allocation; anticipating and suggesting responses to risks and providing risk management advice.
2.3.3.2 ERP and IAF Role in Control Assurance
Internal control has been defined in several different ways in the accounting and organisational literature using such terms as “management controls” , “organisational controls” , “strategic controls” , “operational controls” and “financial controls” , which all seem to revolve around the same concept (Rikhardsson et al. 2005). The internal control concept is defined by COSO (2011, p. 1) “As a process, affected by an entity’s board of directors , management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Effectiveness and efficiency of operations, Reliability of financial reporting , and Compliance with applicable laws and regulations”. In the context of corporate governance, the key is to ensure internal controls existing to address key risks. Management implements the controls, while internal auditors play an oversight role (Bailey et al. 2003).
COSO (2011, p. 5) defines the fundamental components of internal control:
-
The control environment which is the atmosphere in which individuals conduct their control responsibilities.
-
Risk assessment of the risks that have a negative impact on achieving organisation’s objectives.
-
Control process which helps ensure that management carries out the proper activities to address risks.
-
Information on risk and control activities.
-
Communication and monitoring.
This model addresses how the control environmen t resembles the basis of any monitoring activities and refers to the context in which this control is located and operates (Bostan and Grosu 2010). COSO (2011) suggests that internal auditors play a very important monitoring role in effective internal control.
The IAF’s legitimacy strongly depends on its ability to monitor and improve internal control processes. Both monitoring and improving internal control processes are clearly referred to in the definition of internal auditing (IIA 1999). The internal auditor’s role in internal control processes has become an important contribution to corporate governance. Sarens (2009) asserts that the IAF has a positive impact on the quality of internal control processes. Many (e.g. Spira and Page 2003; Matyjewicz and D’Arcangelo 2004; Fraser and Henry 2007) highlight that internal auditors are responsible for identifying weaknesses in internal control systems. Internal auditors should identify internal control failures and provide recommendations to improve the effectiveness of the internal control structure.
Internal auditors provide assurance on the adequacy and effectiveness of controls. Cattrysse (2005) suggests that the assurance provided encompasses: organisation’s governance activities; operation and information systems , integrity and reliability of operational and financial information; safeguarding of assets and efficiency and effectiveness of operations and compliance with regulations and laws. Hirth (2008) points out that an organisation with the best IAF generally has better controls. However, this does not by necessity mean that merely having an internal audit activity ensures good controls. Rather, an effective IAF creates a higher probability of better controls.
After ERP systems implementation, the control environment , systems and mechanisms of communication are changed. ERP systems become an enabling technology for internal auditors to maintain effective control over operations and provide assurance of reliable information. Madani (2009) points out that ERP comes with advanced control and audit features, while Chapman (1998) suggests that the objectives of the internal control function remain the same and only the mechanism of controls changes. Rikhardsson et al. (2005) suggest that ERP seems to affect the aim of the internal control regarding whether it should be based on preventive controls or detective controls and how these two should be mixed. Dechow and Mouritsen (2005) conclude that internal control is not reinvented with the implementation of ERP systems but becomes a collective affair including human actors and machine actors such as the ERP system itself. Dechow and Mouritsen conclude that ERP systems separate the internal control function from the management accounting function. Thus, control is no longer in the domain of the accounting department but a collective affair where ERP systems define the logic through which the control function is performed.
In the ERP environment , internal auditors should focus on assuring good control of the value-added activities . Glover et al. (1999) claim that most areas where ERP has the greatest impact on an organisation’s competitive position are outside of finance; therefore, internal auditors have to experience controlling the non-financial side of the business since they represent the greatest opportunity and the greatest risk. Information is increasingly becoming the basis for adding business value as well as having economic value. Therefore, Rikhardsson et al. (2005) suggest that the importance of controlling access and use of information is increased. Regarding the security control, She and Thuraisingham (2007) claim that internal auditors may have a greater role in deciding the degree of the security to trade off with cost, time and complexity of operations. Arnold and Sutton (2007) suggest that the controls of main concern are related to assurance of the completeness and validity of the transactions entered into the system. Internal auditors need to focus on the ERP system process to assure a robust security plan for internal controls in order to ensure complete, accurate, authorised and valid processing of all transactions.
In the ERP systems working environment, Bae and Ashcroft (2004) claim that the assurance of the reliability of internal controls is much more critical for ERP systems. This means that auditors may need to rely heavily on computer-assisted auditing techniques (CAAT) . Lightle and Vallario (2003) claim that in ERP-based organisations, testing segregation of duties control is extremely challenging. They claim that auditors need new software tools to help them expedite the testing process; otherwise, their ability to assure controls would be compromised.
ERP systems delegate control, make it more impersonal and change the role and function of the accounting and auditing department (Rikhardsson et al. 2005). Chapman and Kihn (2009) propose that the full ERP automated integration of functions provides more transparency across the whole business process and makes individuals’ actions visible as data entered in one place flows through to others and that flow could facilitate the internal control and internal audit.
2.4 ERP in the Accounting and Auditing Literature
Implementing ERP systems requires some modifications in the existing organisational structures and procedures as well as human capital portfolios. If the level of changes fits ERP requirements poorly, then organisations will not realise the anticipated gains from the ERP. Redistribution of roles and responsibilities among groups can destroy an organisation, if it is not properly managed. Caglio (2003) finds that ERP systems implementation is an opportunity for groups to extend their knowledge basis, to reinforce their professional legitimacy and to augment their status within the organisation.
A quite distinct research agenda has been documenting various issues related to the introduction of ERP systems; however, the definition of tasks, the construction of roles and the meticulous segmentation of work are not given particular attention. Issues related to the nature of work transformations, which ERP systems impose, have been ignored in the literature. Kallinikos (2004) finds that the reconstruction of organisational functions, work duties and processes along lines that reflect the overall logic of ERP systems have only been mentioned in passing.
ERP systems influence the majority of functions in organisations (Rikhardsson et al. 2005). The organisational changes that occur through an ERP implementation have implications for accounting and controlling processes (Spathis and Constantinides 2004). With the ERP systems implementation, changes in staff relationships may take place. They may need to develop new working relationships, share information among departments, learn new skills and assume additional responsibilities (Grabski and Leech 2007). Therefore, the studies that investigated these issues in the managerial, financial accounting and auditing are analysed in the coming sections.
2.4.1 ERP Impact on Management Accounting
ERP systems are possible drivers of change with the potential to reshape management accounting . ERP systems pose both opportunities and threats for management accountants (Scapens 1998). ERP system’s impact on management accounting has been studied from different perspectives including changes in the role of management accountants (e.g. Granlund and Malmi 2002; Granlund and Mouritsen 2003; Hyvönen 2003; Caglio 2003; Rom and Rohde 2004; Jack and Kholeif 2008; O’Mahony and Doran 2008; Sangster et al. 2009); changes in management accounting methods (e.g. Granlund and Malmi 2002; Scapens and Jazayeri 2003; Lea 2007); changes in organising the management accounting function (e.g. Granlund and Malmi 2002; Hyvönen 2003; Quattrone and Hopper 2005) and the difference between the ERP and best of breed systems’ impact on management accounting function (Hyvönen 2003).
Regarding the changing role of the management accountants, some (e.g. Booth et al. 2000; Granlund and Malmi 2002; Caglio 2003; Granlund and Mouritsen 2003; Hyvönen 2003; Scapens and Jazayeri 2003; Rom and Rohde 2004; Sangster et al. 2009; Grabski et al. 2011) suggest that ERP systems have little impact on management accounting , while others claim that the management accountant’s role has evolved into business consultant (Caglio 2003; Rom and Rohde 2004). ERP systems have changed the management accountant’s role through eliminating routine tasks (Chapman and Chua 2000) and increasing analytical tasks. On the other hand, Sangster et al. (2009) support the findings of Grabski et al. (2009) in the USA that a management accountant in an ERP environment needs a strong understanding of the business processes and significant IT skills . Their results confirm the findings of Grabski et al. that ERP systems implementation results in changes in the management accountants’ role.
Moreover, O’Mahony and Doran (2008) assert that ERP is a valuable tool for assisting management accountants in fulfilling their core activities. However, the core responsibilities remain; there has been a shift in the role. ERP is a major catalyst to change the management accountants’ role as Granlund and Mouritsen (2003) based on evidence from Finland conclude that the management accountants’ roles are being redefined, although there is most likely no clear causal relation between IT and management accounting work. Overall, O’Mahony and Doran (2008) provide evidence that ERP has a positive effect on management accountants.
The results of Scapens and Jazayeri (2003) may conflict with Granlund and Malmi (2002) who find that management accounting tasks do not seem to be devolving to non-accountants. On the other hand, Newman and Westrup (2005) based on evidence from the UK show that neglecting the relationship of management accountants with ERP systems allows other groups to wrest control from management accountants and make ERPs work in their own image.
Regarding the management accounting methods, Granlund and Malmi (2002) find that ERP system implementation does not influence the cost accounting logic, the decision to adopt activity-based budgeting or balanced scorecards. Scapens and Jazayeri (2003) confirm the results of Granlund and Malmi (2002) that no sophisticated management accounting techniques have been introduced following ERP systems implementation. The results obtained by Hyvönen (2003) in Finland confirm these results that there is no correlation between the adoption of ERP systems and the use of modern management accounting techniques. On the other hand, Booth et al. (2000) suggest that ERP systems provide the incentives for adopting activity-based budgeting and balanced scorecards.
Regarding the structure of the accounting function, Granlund and Malmi (2002) conclude that ERP systems implementation has caused just a few changes, while Caglio (2003) refers to the hybridisation of management accountants. Unlike Caglio (2003), Hyvönen et al. (2009) do not conclude that the IT infrastructure influenced the relationships among the professions in any way. They find that the hybridisation of management accounting is not related directly to IT systems, but more to the organisation’s institutional logics . Management accountants’ identities and legitimacy are at stake, and the combined pressures of business orientation and automation reduce the traditional accounting practice and emphasise interpretative work. Furthermore, Scapens and Jazayeri (2003) observe a widening of the role of the management accountants and, at the same time, a reduction in the size of the accounting function. This observation is in agreement with Chapman and Chua (2003) who find that both aspects of automation and integration in ERP systems reduce the need for employing management accountants.
Regarding the change in the management accounting function, a model of the impact of ERP systems on management accounting is developed by Granlund and Malmi (2002). They suggest that ERP systems have direct effects on changes in report content, timing and scheduling, while indirect effects result from management practice changes and business processes change. They suggest that the overall effects of ERP systems in changing management accounting seem to be modest. They confirm that the ERP systems are more likely to have an impact on management accounting than vice versa. Supporting the findings of previous research (Granlund and Malmi 2002; Scapens and Jazayeri 2003), Hyvönen et al. (2009) conclude that while ERP systems have the ability to facilitate management accounting change, the willingness of management accountants to accept change is critical. The lack of flexibility in the management accounting function can be a risk since ERP systems offer a structured approach to functions which may not be appropriate for all organisations (Scapens et al. 1998).
Nevertheless, Scapens and Jazayeri (2003) explain that the changes are not the result of ERP system implementation . They view management accounting change as part of an evolutionary change process in which the ERP system implementation is one of the elements that opens certain opportunities and reinforces ongoing processes of change. It is not claimed that the ERP system is the driver of these changes; rather, it is argued that the ERP system’s characteristics such as integration, standardisation and centralisation facilitate the changes and open up certain opportunities.
Regarding the management accounting skills, management accountants need to use a variety of skills to be an integral part of the management team (O’Mahony and Doran 2008). Since the role of the management accountant has changed, the type of skills needed has also changed. There is a need for a new set of skills to be able to use ERP systems. Many of the existing skills of management accountants are seen as redundant (Scapens et al. 1998; Newman and Westrup 2005).
Regarding the change of management accounting information, Scapens and Jazayeri (2003) assert that there has been a change in the use of management accounting information with forecasts giving a more forward-looking emphasis. Rom and Rohde (2006) confirm that ERP systems have no significant relationship to reporting and analysis or to budgeting and allocation of costs. Nevertheless, a significant positive relationship is found between ERP systems’ data collection and organisational breadth of management accounting. Scapens and Jazayeri (2003) conclude that ERP systems can change the nature of functions, generate new ones and cause some old ones to vanish. Additionally, they can change the relative importance of certain functions or departments.
This review illuminates different aspects of the relationship between ERP and management accounting. It can be concluded that the organisational practice is typically changed to fit the new technology. ERP has the ability to motivate functions adaptation or to threaten the legitimacy of others, and this applies to all functions of the business. ERP is a major catalyst for change in accounting functions. Neglecting the relationship between the IAF and ERP systems allows other groups to wrest control from other functions and make ERP work in their own image.
There is a need to expand the understanding of how work practices such as the IAF are adapted to new technologies. The theories and methodologies adopted in this AIS field tend to focus on institutional theory and qualitative empirical investigations. The issues of ERP systems in developing countries such as Egypt have been a neglected area of research in the accounting literature.
2.4.2 ERP Impact on Financial Accounting
The introduction of IT into accounting systems altered methods of data storage, retrieval and control (Majdalawieh and Zaghloul 2009). It has been acknowledged that the boundaries of accounting activities and practice are undergoing significant changes. The traditional view of accounting is being questioned by the diffusion of ERP systems (Caglio 2003). While some authors argue that accountants’ traditional role is declining since accounting literacy has become easily transferable to others through ERP systems, others argue that accounting professionals are developing a broader role for themselves.
The impact of ERP systems on financial accounting has been studied from different angles. For example, the misalignment between ERP systems’ embedded practice and the practice in use has been studied. There is misalignment between the accounting rules in practice and the accounting model embedded in the ERP system (Kholeif et al. 2007). Others focus on how accounting expertise changes with the implementation of ERP systems (e.g. El Sayed 2006). From another side, Caglio (2003) explains the impact of the ERP system on accountants’ practice and positions. Moreover, the impact of the ERP systems on accounting information has been studied by Colmenares (2009). Spathis and Constantinides (2004) investigate the changes in accounting processes brought in with ERP systems implementation. Moreover, the changes brought by the ERP system implementation to the accounting profession (e.g. Newman and Westrup 2005), accounting skills (e.g. Jean-Baptiste 2009), accountants’ relationships with others (e.g. Caglio 2003; Bae and Ashcroft 2004), scope of services (e.g. Chapman and Chua 2000), accounting process (e.g. Spathis and Ananiadis 2005) have been studied.
For example, Kholeif et al. (2007) show that ERP system requires changing the procedures and documentation cycles between the organisation’s departments. The results of Kholeif et al. (2007) are consistent with Granlund (2001) who describes the resistance that followed the implementation of an ERP system, which is explained as adherence to earlier procedures.
Newman and Westrup (2005) find that ERP systems are an arena that accountants take with enthusiasm and redefine their expertise. El Sayed (2006) confirms that the routine tasks of accountants’ work are now carried out by IT and their working practices are affected by ERP. Thus, accountants’ expertise is not being eroded but their expertise is being redefined. ElSayed finds that ERP systems result in losing control over the design of accounting systems and losing discretion in applying procedures for collecting and disseminating information. However, Caglio (2003) provides evidence that even if ERP systems have led accounting professionals to lose some control over their expertise and everyday activities, standardisation has legitimised a new role for accountants and has improved the overall perception of what value the accounting function creates. Caglio concludes that accountants have experienced a phenomenon of hybridisation with the ERP system implementation.
This review illuminates different aspects of the relation between ERP and financial accounting. It can be concluded that the boundaries of accounting practice and expertise are undergoing significant changes with the introduction of ERP systems. In some cases, resistance that followed ERP systems introduction is explained as adherence to earlier models The externally imposed institutional pressures were used to resist requirements of adapting to ERP systems. In other cases, the changes brought by ERP systems have legitimised a new role for accountants and there has been an improvement in the overall perception of what value the accounting function creates.
The research in the field of the contemporary changes caused by ERP needs to broaden its consideration of the unit of study. There is a need to do more in-depth studies using a strong theoretical framework which is lacking in the field. The notable changes in accounting practice relate to the increased use of the IAF. There is a great need for more enterprise systems research in this area as the opportunities are abundant.
2.4.3 ERP Impact on Auditing
Auditors face a big problem regarding how to audit in the ERP systems environment as it is a very complex task (Sutton 2006). Internal controls are more difficult to assess for traditional auditors; therefore, ERP systems force auditors to reassess their audit models (Hunton et al. 2001, 2004). Auditors often audit around computers through just checking the input and output of information systems (Steven 1999; Cerullo and Cerullo 2000). Arnold and Sutton (2007) suggest that business processes and advanced IT are tightly coupled. Therefore, the days of auditing around the computer should have gone (Sutton 2000; Vasarhelyi and Greenstein 2003). While ERP systems are widely implemented, auditing has been slow to adapt to the latest changes (Vasarhelyi and Greenstein 2003).
Although ERP systems have been recognised as a huge change in the organisations’ IT platform, few have been interested in the required change in auditing. There are different research streams regarding the audit change brought by ERP systems. These streams include: audit experience and skills (Brazel 2005; Arnold and Sutton 2007), the use of CAAT (Chang et al. 2008; Gehrke 2010), continuous auditing (CA) (Vasarhelyi et al. 2004; Debreceny et al. 2005; Alles et al. 2006, 2008; Kuhn and Sutton 2006; Saharia et al. 2008) and internal audit change (Madani 2009).
2.4.3.1 ERP and Audit Experience
Some studies have been interested in the impact of ERP systems implementation on the external auditors’ experiences. For example, Brazel (2005) discusses developing a measure for auditors’ expertise in ERP systems, while Debreceny et al. (2005) note that extensive auditors’ knowledge of ERP programming languages is required. As a result, Arnold and Sutton (2007) are concerned with the needed change in the auditing education.
2.4.3.2 ERP and the Use of the CAATS
Some studies have been interested in developing technical audit tools to help auditing in the ERP systems work environment. For example, Chang et al. (2008) develop an auditing system for the Oracle ERP system. Their approach differs from Gehrke (2010) who designs software (AuditLab) independent of a specific ERP system. Others have developed approaches to automate audit reports preparation (Wahdan et al. 2005). Vasarhelyi et al. (2004) claim that these approaches are limited as they do not fully benefit from the new technological capability to automate and integrate various audit processes. In addition, they do not sufficiently respond to the new challenges of auditing modern organisations. Therefore, Vasarhelyi et al. (2004) claim that routine auditing tasks can be done comprehensively and cost-effectively through CA systems and through utilising ERP systems’ automation and integration. However, there are few known about integration aspects between organisations’ system and the auditors’ system.
2.4.3.3 ERP and Continuous Auditing
Continuous auditing is a real-time auditing and reporting approach (Bierstaker et al. 2001). Continuous auditing is a type of auditing by exception as the processes are considered to be correct until alarm states otherwise (Vasarhelyi et al. 2004). Two main methodologies are used to approach CA in ERP systems environments: embedded audit module (Groomer and Murthy 1989) and monitoring control layer (Vasarhelyi et al. 2004). Previous research efforts offer evidence of the viability of monitoring control layer CA approach in an ERP environment (Alles et al. 2006, 2008; Kuhn and Sutton 2006). Continuous auditing tools are rapidly becoming a key component of overall corporate governance efforts (Kuhn and Sutton 2010). Vasarhelyi et al. (2004) confirm that CA would be built on an existing ERP system; therefore, organisations which have reached full functionality using ERP systems would be the first to deploy CA systems. In the same vein, Debreceny et al. (2005) claim that ERP systems embed query tools which provide a range of embedded audit module functionality. Kuhn and Sutton (2010) elaborate on Debreceny et al. (2005) and make a comparison of characteristics for a variety of continuous auditing application design approaches.
It was not anticipated by Alles et al. (2002) prior to SOX that it will be internal not external auditors who are the main champions of CA. Internal auditors see in CA a way of reducing the personnel needed to do their existing tasks. In addition, SOX Section 201 strengthened the independence standards on external auditors and there was great concern that CA would violate it, while internal auditors faced no such restrictions. Moreover, Alles et al. (2008) suggest that the definition of CA would have to place more emphasis on the role of internal auditors.
2.4.3.4 ERP and Internal Audit
IT is very much integrated into the internal auditors’ function, and internal auditors are very interested in their organisations’ IT operations and infrastructure (Jackson 2008). Internal auditors should use IT appropriately to assure that data captured precisely and completely reflect economic events which have implications for financial information reliability (Dowling 2009). While what is good for an organisation from an IT perspective, in most cases, is not good for internal auditors because organisational IT priorities and internal audit IT priorities are not often the same. Internal auditors have their own IT priorities as they have a critical perspective on the complexities of IT risk management and auditing (Jackson 2008).
In the ERP-integrated business environment, the need for confirmed assurance of internal control and financial information shifts interest to the IAF. These systems have the potential to greatly influence internal audit structure and practice. In the ERP systems environment, Tryfonas and Kearney (2008) claim that internal auditing is laborious and there is a requirement for automating audit tasks. The complexity of an organisation’s IT infrastructure constitutes a tricky task to tackle by auditors (Majdalawieh and Zaghloul 2009).
According to Majdalawieh and Zaghloul (2009), the IAF has changed dramatically over the years and is still evolving as a reflection of the developments and changes in the technology. Bae and Ashcroft (2004) suggest that switching to real-time reporting via ERP systems is a tremendous change that has affected the role of internal auditors for which they need to be well prepared.
The belief that change in the internal audit is an essential part of the means to achieve good corporate governance, and is developing among scholars and practitioners alike; however, there is no common understanding yet developed of how such change could be achieved. Vasarhelyi et al. (2004) claim that internal audit does not sufficiently respond to the new challenges of auditing in modern organisations. There is disagreement concerning the best structure of the internal audit department as well as concerning the nature of the collaboration between internal auditors and IT auditors . Moreover, Marks and Taylor (2009) suggest that internal auditors cannot and should not abdicate the evaluation of all technology-related areas to IT auditors.
There is a debate concerning the viability of the traditional internal auditing after ERP systems implementation (e.g. Glover et al. 1999; Saharia et al. 2008; Madani 2009); however, what ERP systems require of professional groups such as internal auditors is still not clear (Caglio and Newman 1999). For example, Madani (2009) suggests that the IAF needs to be seen in a wider context. It needs to be redefined in terms of focus, scope and range of services. Sutton (2006) suggests that ERP systems have fundamentally reshaped information processing which makes major changes in the overall focus of the IAF. Saharia et al. (2008) suggest that internal auditors should acquire enough knowledge to understand how the ERP system works. While Colmenares (2009) claims that the ERP systems make the process of planning and carrying out auditing easy and increase its reliability; Hunton et al. (2004) suggest that there are significant unresolved issues facing the internal audit profession.
ERP systems force auditors to reassess their audit models. It is clear that the area of ERP systems’ impact on the auditing profession lacks enough research inquiry compared with other accounting disciples. Moreover, despite the fact that there are few research studies in auditing, most of these studies are orientated towards external auditing, are non-empirical and do not use any theoretical lens. There have been many calls for more research to address the nature of the internal auditing needed changes. The belief that IAF adaptation is an essential ingredient to achieve good corporate governance in the ERP systems environment is increasing among scholars and practitioners alike. However, there is no common understanding yet developed as of how such change could be achieved.
2.5 Conclusion
Increasing public interest in corporate governance has driven organisations to review their expectations of IAF. ERP systems act as a catalyst for change in the IAF. The internal auditing practices are social constructions, where consensus is essential before something can be counted as legitimate practice in the professional system. The motivation for this book was the conviction that the changes in the IAF, as a response to ERP implementation , have not received the attention in academic research that their significance merits. In particular, it can be argued that attempts to establish new claims to knowledge provide valuable opportunities to study the processes through which such claims are linked with attempts to expand and maintain the legitimacy of professional jurisdiction.
Internal auditing is the outcome of a complex conjunction of external and internal associated constituents. It is these connected elements that justify a function-level approach to the analysis of internal audit change . As it has been made clear, internal audit change is not a simple, one-sided response but is actively implicated in interventions. So the view that aspects of the regulatory process in internal auditing serve as mere constraints on professional practice has been challenged, calling for recognition to be given to their capabilities to facilitate the mobility of professional practice by legitimising the new internal audit structure and practice in the new technological environment. This book addresses the gaps in the literature regarding the internal auditing adaptations as a response to ERP systems implementation in one of the developing countries where there is growing attention to the corporate governance process and a diffusion of ERP systems.
References
Adam, F., & O’Doherty, P. (2000). Lessons from enterprise resource-planning implementations in Ireland: Towards smaller and shorter ERP projects. Journal of Information Technology, 15, 305–316.
Allegrini, M., D’Onza, G., Melville, R., Paape, L., & Sarens, G. (2006). The European literature review on internal auditing. Managerial Auditing Journal, 21(8), 845–853.
Alles, M., Brennan, G., Kogan, A., & Vasarhelyi, M. (2006, June). Continuous monitoring of business process controls: A pilot implementation of a continuous auditing system at Siemens. International Journal of Accounting Information Systems, 7(2), 137–161.
Alles, M., Kogan, A., & Vasarhelyi, M. (2002). Feasibility and economics of continuous assurance. Auditing: A Journal of Practice & Theory, 21(1), 125–138.
Alles, M., Kogan, A., & Vasarhelyi, M. (2008). Putting continuous auditing theory into practice: Lessons from two pilot implementations. Journal of Information Systems, 22(2), 195–214.
Al-Mashari, M. (2003). Enterprise resource planning (ERP) systems: A research agenda. Industrial Management and Data Systems, 103(1), 22–27.
Aloini, D., Dulmin, R., & Mininno, V. (2007). Risk management in ERP project introduction: Review of the literature. Information & Management, 44, 547–567.
Alshawi, S., Themistocleus, M., & Almadani, R. (2004). Integrating diverse ERP systems: A case study. The Journal of Enterprise Information Management, 17(6), 454–462.
Arena, M., & Azzone, G. (2009). Identifying organizational drivers of internal audit effectiveness. International Journal of Auditing, 13, 43–60.
Arnold, V., & Sutton, S. (2007). The impact of enterprise systems on business and audit practice and the implications for university accounting education. International Journal of Enterprise Information Systems, 3(4), 1–21.
Bae, B., & Ashcroft, P. (2004). Implementation of ERP systems: Accounting and auditing implications. Information Systems Control Journal, 5, 1–6.
Bailey, A. D., Gramling, A. A., & Ramamoorti, S. (2003). Research opportunities in internal auditing. Altamonte Springs, FL: The IIA Research Foundation.
Bierstaker, J. L., Burnaby, P., & Thibodeau, J. (2001). The impact of information technology on the audit process: An assessment of the state of the art and implications for the future. Managerial Auditing Journal, 16(3), 159–164.
Bloom, R., Luchs, C., & Myring, M. (2009, September). What’s ahead for future. Strategic Finance, 46–52.
Booth, P., Matolcsy, Z., & Wieder, B. (2000). The impacts of enterprise resource planning systems on accounting practices—The Australian experience. Australian Accounting Review, 10(3), 4–18.
Bostan, I., & Grosu, V. (2010). The role of internal audit in optimization of corporate governance at the groups of companies. Theoretical and Applied Economics, XVII(2), 89–110.
Boyle, E. J. (1993). A framework for the modern internal auditing function. Advanced in Management Accounting, 2, 227–254.
Brazel, J. (2005). A measure of perceived auditor ERP systems expertise development, assessment, and uses. Managerial Auditing Journal, 20(6), 619–631.
Cadbury Report. (1992). The report of the committee on the financial aspects of corporate governance. London: Gee & Co.
Caglio, A., & Newman M. (1999) Implementing enterprise resource planning systems ERPS: Implications for management accountants. In International Conference on Information Systems ICIS, Charlotte, USA.
Caglio, A. (2003). Enterprise resource planning systems and accountants: Towards hybridization? European Accounting Review, 13(1), 123–153.
Carcello, J., Hermanson, D., & Raghunandan, K. (2005). Changes in internal auditing during the time of the major US accounting scandals. International Journal of Auditing, 9, 117–127.
Carroll, J., & Fitz-Gerald, L. (2005). Beyond an IT project: Governance in ERP-driven business transformation. In Proceedings of the 16th Australasian Conference on Information Systems, University of Technology, Sydney.
Cattrysse, J. (2005). Reflections on corporate governance and the role of internal auditor (pp. 1–64). Roularta Media group: Antwerpen University, Belgium.
Cerullo, M., & Cerullo, V. (2000, May/June) The internal auditor’s role in developing and implementing enterprise resource planning systems. Internal Auditing, 25–34.
Chang, S., Wu, C., & Chang, I. (2008). The development of a computer auditing system sufficient for Sarbanes-Oxley section 404—A study on the purchasing and expenditure cycle of the ERP system. Information Systems Management, 25(3), 211–229.
Chapman, C. (1998). Update. Internal Auditor, 55(1), 11–12.
Chapman, C., & Chua, W. F. (2000). Information technology, organisational form, and accounting. In Proceedings of the 2nd Conference on New Directions in Management Accounting: Innovations in Practice and Research, Brussels, Belgium, December 14–16, pp. 193–211.
Chapman, C., & Chua, W. F. (2003). Technology-driven integration, automation, and standardization of business processes in management accounting in the digital economy. In A. Bhimani (Ed.). Oxford: Oxford University Press, pp. 74–94.
Chapman, C., & Kihn, L. (2009). Information system integration, enabling control and performance. Accounting, Organizations and Society, 34, 151–169.
Chen, J. (2009). An exploratory study of alignment ERP implementation and organizational development activities in a newly established firm. Journal of Enterprise Information Management, 22(3), 298–316.
Chen, H., Huang, S. Y., Chiu, A., & Pai, F. (2012). The ERP system impact on the role of accountants. Industrial Management and Data Systems, 112(1), 83–101.
Chung, S., & Snyder, C. (2000). ERP adoption: A technological evolution approach. International Journal of Agile Management Systems, 2(1), 24–32.
Colmenares, L. (2009). Benefits of ERP systems for accounting and financial management. In Allied Academies International Conference. Academy of Information and Management Sciences Proceedings, Cullowhee, Vol. 13(1), pp. 3–8.
Committee of Sponsoring Organizations of the Treadway Commission (COSO). (2004). Enterprise risk management-integrated framework. New York: COSO.
Committee of Sponsoring Organizations of the Treadway Commission (COSO). (2011). Internal control-integrated framework. New York: Coopers and Lybrand.
Davenport, T. H. (1998). Putting the enterprise into the enterprise system. Harvard Business Review, 76(4), 121–131.
Davenport, T. H., Harris, J., & Cantrell, S. (2004). Enterprise systems and ongoing process change. Business Process Management Journal, 10(1), 16–26.
Debreceny, R., Gray, G., Ng, J., Lee, K., & Yau, W. (2005). Embedded audit modules in enterprise resource planning systems: Implementation and functionality. Journal of Information Systems, 19(2), 7–27.
Dechow, N., & Mouritsen, J. (2005). Enterprise resource planning systems, management control and the quest for integration. Accounting, Organizations and Society, 30, 691–733.
Dillard, J., Ruchala, L., & Yuthas, K. (2005). Enterprise resource planning systems: A physical manifestation of administrative evil. International Journal of Accounting Information Systems, 6, 107–127.
Dowling, C. (2009). Appropriate audit support system use: The influence of auditor, audit team, and firm factors. The Accounting Review, 84(3), 771–810.
El Sayed, H. (2006). ERPs and accountants’ expertise: The construction of relevance. Journal of Enterprise Information Management, 19(1), 83–96.
Elmes, M., Strong, D., & Volkoff, O. (2005). Panoptic empowerment and reflective conformity in enterprise systems-enabled organizations. Information and Organization, 15(1), 1–37.
Emerson, D., Karim, K., & Rutledge, R. (2009). SOX and ERP adoption. Journal of Business & Economics Research, 7(4), 51–56.
Fraser, I., & Henry, W. (2007). Embedding risk management: Structures and approaches. Managerial Auditing Journal, 22(4), 392–409.
Gehrke, N. (2010). The ERP auditlab—A prototypical framework for evaluating enterprise resource planning system assurance. In System Sciences (HICSS), 2010 43rd Hawaii International Conference on Digital Object Identifier (pp. 1–9).
Genoulaz, V., Millet, P., & Grabot, B. (2005). A survey on the recent research literature on the ERP systems. Computers in Industry, 56, 510–522.
Glover, S., Parawitt, S., & Romney, M. (1999, February). Implementing ERP. Internal Auditor, 40–47.
Grabski, S., & Leech, S. (2007). Complementary controls and ERP implementation success. International Journal of Accounting Information Systems, 8, 17–39.
Grabski, S., Leech, S., & Sangster, A. (2009). Management accounting in enterprise resource planning systems. Oxford, UK: Elsevier.
Grabski, S. V., Leech, S. A., & Schmidt, P. J. (2011). A review of ERP research: A future agenda for accounting information systems. Journal of Information Systems, 25(1), 37–78.
Gramling, A., Maletta, M., Schneider, A., & Church, B. (2004). The role of the internal audit function in corporate governance: A synthesis of the extant internal auditing literature and directions for future research. Journal of Accounting Literature, 23, 194–244.
Granlund, M. (2001). Towards Explaining Stability in and around Management Accounting Systems. Management Accounting Research, 12, 141–166.
Granlund, M., & Malmi, T. (2002). Moderate impact of ERPS on management accounting: A lag or permanent outcome? Management Accounting Research, 13(3), 299–321.
Granlund, M., & Mouritsen, J. (2003). Introduction: Problematizing the relationship between management control and information technology. European Accounting Review, 12, 77–83.
Groomer, S. M., & Murthy, U. S. (1989). Continuous auditing of database applications: An embedded audit module approach. Journal of Information Systems, 3(2), 53–69.
Hakim, A., & Hakim, H. (2010). A practical model on controlling ERP implementation risks. Journal of Information Systems, 35(2), 204–214.
Hendrawirawan, D., Tanriverdi, H., Zetterlund, C., Hakam, H., Kim, H., PAIK, H., et al. (2007). ERP security and segregation of duties audit: A framework for building an automated solution. Information Systems Control Journal, 2, 1–4.
Hermanson, D., & Rittenberg, L. (2003). Internal audit organizational governance. In A. Bailey, A. Gramling, & S. Ramamoorti (Eds.), Research opportunities in internal auditing. Altamonte Springs: Institute of Internal Auditors Research Foundation.
Hespenheide, E., Pundmann, S., & Corcoran, M. (2007). Risk intelligence: internal auditing in a world of risk. Internal Auditing, 22(4), 3–10.
Hirth, R. (2008, November). Better internal audit leads to better controls. Financial Executive, 49–51.
Huang, S., Chang, I., Li, S., & Lin, M. (2004). Assessing risk in ERP projects: Identify and prioritize the factors. Industrial Management and Data Systems, 104(8), 681–688.
Hunton, J. E., Wright, A., & Wright, S. (2001). Business and audit risks associated with ERP systems: Knowledge differences between information system audit specialists and financial auditors (Working Paper), University of South Florida.
Hunton, J. E., Wright, A. M., & Wright, S. (2004). Are financial auditors overconfident in their ability to assess risks associated with enterprise resource planning systems? Journal of Information Systems, 18(2), 7–28.
Hyvönen, T. (2003). Management accounting and information systems: ERP versus BoB. European Accounting Review, 12(1), 155–173.
Hyvönen, T., Jarvinen, J., Pellinen, J., & Rahko, T. (2009). Institutional logics, ICT and stability of management accounting. European Accounting Review, 18(2), 241–275.
Institute of Internal Auditors (IIA). (1999). Definition of internal auditing. Altamonte Springs: The Institute of Internal Auditors. Accessible on-line at www.theiia.org/.
Institute of Internal Auditors (IIA). (2009). The Financial Crisis and Its Impact on the Internal Audit Profession, March, The Institute of Internal Auditors’ (IIA), The IIA Research Foundation’s (IIARF), Global Audit Information Network (GAIN), accessible on-line at www.theiia.org/
International Federation of Accountants (IFAC). (2006). Internal controls—A review of current development. Information paper: Professional Accountants in Business Committee, www.ifac.org.
Jack, L., & Kholeif, A. (2008). Enterprise resource planning and a contest to limit the role of management accountants: A strong structuration perspective. Accounting Forum, 32, 30–45.
Jackson, R. (2008, August). Top Tech Priorities. Internal Auditor, 65(4), 38–43.
Jean-Baptiste, R. (2009). Can accountants bring a positive contribution to ERP implementation? International Management Review, 5(2), 81–91.
Kagermann, H., Kinney, W., Kuting, K., & Weber, C. (2008). Internal audit handbook: Management with the SAP-audit roadmap. New York: Springer.
Kalbers, L. P., & Fogarty, T. J. (1995). Professionalism and its consequences: A study of internal auditors. Auditing: A Journal of Practice & Theory, 14(1), 64–86.
Kallinikos, J. (2004). Deconstructing information packages: Organizational and behavioural implications of ERP systems. Information Technology & People, 17(1), 8–30.
Kholeif, A., Abdel-Kader, M., & Sherer, M. (2007). ERP customization failure: Institutionalized accounting practices, power relations and market forces. Journal of Accounting and Organizational Change, 3(3), 250–299.
Klaus, H., Rosemann, M., & Gable, G. (2000). What is ERP? Information Systems Frontiers, 2(2), 141–162.
Kuhn, J. R., & Sutton, S. G. (2006). Learning from Worldcom: Implications for fraud detection through continuous assurance. Journal of Emerging Technologies in Accounting, 3, 61–80.
Kuhn, J., & Sutton, S. (2010). Continuous auditing in ERP system environments: The current state and future directions. Journal of Information Systems, 24(1), 91–112.
Kumar, K., & Van Hillegersberg, J. (2000). ERP experiences and evolution. Communications of the ACM, 43(4), 22.
Lea, B. (2007). Management accounting in ERP integrated MRP and TOC environments. Industrial Management and Data Systems, 107(8), 1188–1211.
Lengnick-Hall, C., Lengnick-Hall, M., & Abdinnour-Helm, S. (2004). The role of social and intellectual capital in achieving competitive advantage through enterprise resource planning (ERP) systems. Journal of Engineering and Technology Management, 21(4), 307–330.
Lightle, S., & Vallario, C. (2003, October). Segregation of duties in ERP. Internal Auditor, 27–29.
Lyytinen, K., & Newman, M. (2008). Explaining information systems change: A punctuated socio-technical change model. European Journal of Information Systems, 17(6), 589–613.
Mabert, V. A., Soni, A., & Venkataramanan, M. A. (2001). Enterprise resource planning: Common myths versus evolving reality. Business Horizons, 69–76.
Madani, H. (2009). The role of internal auditors in ERP-based organizations. Journal of Accounting and Organizational Change, 5(4), 514–526.
Maheshwari, B., Kumar, V., & Kumar, U. (2010). Delineating the ERP institutionalisation process: Go-live to effectiveness. Business Process Management Journal, 16(4), 744–771.
Majdalawieh, M., & Zaghloul, I. (2009). Paradigm shift in information systems auditing. Managerial Auditing Journal, 24(4), 352–367.
Marks, N., & Taylor, J. (2009). The current state of internal auditing: A personal perspective and assessment. EDPACS, 39(4), 1–23.
Marshall, R., & Magliozzi, R. (2009, February–March). The changing landscape for internal auditors in financial institutions. Bank Accounting & Finance, 43–46.
Matyjewicz, G., & D’Arcangelo, J. R. (2004). ERM based auditing. Internal Auditing, 19(6), 4–18.
Momoh, A., Roy, R., & Shehab, E. (2010). Challenges in enterprise resource planning implementation: State-of-the-art. Business Process Management Journal, 16(4), 537–565.
Nagy, A. L., & Cenker, W. J. (2002). An assessment of the newly defined internal audit function. Managerial Auditing Journal, 17(3), 130–137.
Newman, M., & Westrup, C. (2005). Making ERPs work: Accountants and the introduction of ERP systems. European Journal of Information Systems, 14, 258–272.
O’Leary, D. (2000). Enterprise resource planning systems: Systems, life cycle, electronic commerce, and risk. New York: Cambridge University Press.
O’Leary D. (2002). Discussion of information system assurance for enterprise resource planning systems: Unique risk considerations. When and how do we use heterogeneous expert opinion as a basis for research on ERP systems? Journal of Information Systems, 16 Suppl., 115–126.
O’Mahony, A., & Doran, J. (2008, August). The changing role of management accountants, evidence from the implementation of ERP systems in large organisations. International Journal of Business and Management, 109–115.
Ojala, M., Vilpola, I,. & Kouri, I. (2006). Risks in ERP project—Case study of IS/ICT management capability maturity level and risk assessment. In Frontiers of e-Business Research (pp. 1–8).
Orlikowski, W. J. (1991). Integrated information environment or matrix of control? The contradictory implications of information technology. Accounting, Management and Information Technologies, 1(1), 9–42.
Paape, L., Scheffe, J., & Snoep, P. (2003). The relationship between the internal audit function and corporate governance in the EU—A survey. International Journal of Auditing, 7(3), 247–262.
Page, M., & Spira, L. F. (2004). The Turnbull report, internal control and risk management: The developing role of internal audit. Edinburgh: The Institute of Chartered Accountants of Scotland.
Parent, M., & Reich, B. (2009). Governing information technology risk. California Management Review, 51(3), 134–152.
Pawlowski, S., Boudreau, M., & Baskerville, R. (1999). Constraints and flexibility in enterprise systems: A dialectic of system and job. In Americas Conference on Information Systems (pp. 791–793). August 13–15, Milwaukee, WI.
PCAOB. (2004). Auditing standard no. 2—An audit of internal control over financial reporting performed in conjunction with an audit of financial statements. Washington: Public Company Accounting Oversight Board.
Pollock, N., & Williams, R. (2008). Software and organizations: The biography of the enterprise-wide system or how SAP conquered the world. New York: Routledge.
Poston, R., & Grabski, S. (2001). Financial impacts of enterprise resource planning implementations. International Journal of Accounting Information Systems, 2, 271–294.
Quattrone, P., & Hopper, T. (2005). ‘A time–space odyssey’: Management control systems in two multinational organisations. Accounting, Organizations and Society, 30(7–8), 735–764.
Ragowsky, A., & Somers, T. (2002). Enterprise resource planning. Journal of Management Information Systems, 19(1), 11–15.
Rajan, M. V., & Saouma, R. E. (2006). Optimal information asymmetry. Accounting Review, 81(3), 677–712.
Rikhardsson, P., & Kræmmergaard, P. (2005). Identifying the effects of enterprise system implementation and use: Examples from Denmark. International Journal of Accounting Information Systems, 7, 36–49.
Rikhardsson, P., Rohde, C., & Rom, A. (2005). Exploring enterprise systems and management control in the information society: Developing a conceptual framework. In Presented at the 6th International Research Symposium on Accounting Information Systems, Las Vegas, USA, December 10–11.
Robey, D., Ross, J., & Boudreau, M. (2002). Learning to implement enterprise systems: An exploratory study of the dialectics of change. Journal of Management Information Systems, 19(l), 17–46.
Rom, A., & Rohde, C. (2004). Integrated information systems (IIS) and management accounting: Evidence from the Danish practice. In First International Conference on Enterprise Systems and Accounting, Thessaloniki, Greece, September 3–4.
Rom, A., & Rohde, C. (2006). Enterprise resource planning systems, strategic enterprise management systems and management accounting: A Danish study. Journal of Enterprise Information Management, 19(1), 50–66.
Saharia, A., Koch, B., & Tucker, R. (2008). ERP systems and internal audit. Issues in Information Systems, XL(2), 578–586.
Sangster, A., Leech, S. A., & Grabski, S. (2009). ERP implementations and their impact upon management accountants. Journal of Information Systems and Technology Management, 6(2), 125–142.
Sarbanes-Oxley Act. (2002). Public Law 107–204, 107th Congress 2nd (GPO, Washington, DC).
Sarens, G. (2009). Internal auditing research: Where are we going? International Journal of Auditing, 13, 1–7.
Sarens, G., Allegrini, M., D’Onza, G., & Melville, R. (2011). Are internal auditing practices related to the age of the internal audit function?: Exploratory evidence and directions for future research. Managerial Auditing Journal, 26(1), 51–64.
Sarens, G., & De Beelde, I. (2006a). Internal auditors’ perception about their role in risk management: A comparison between US and Belgian companies. Managerial Auditing Journal, 21(1), 63–80.
Sarens, G., & De Beelde, I. (2006b) Building a research model for internal auditing: Insights from literature and theory specification cases. International Journal of Accounting, Auditing and Performance Evaluation, 3(4), 452–470.
Sayana, S. (2004). Auditing security and privacy in ERP applications. Information Systems Control Journal, 4, 1–3.
Scapens, R. W. (1998). Management accounting and strategic control, implications for management accounting research. Bedrijfskunde, 70(1), 11–17.
Scapens, B., & Jazayeri, M. (2003). ERP systems and management accounting change: Opportunities or impacts? A research note. European Accounting Review, 12(1), 201–233.
Scapens, R., Jazayeri, M., & Scapens, J. (1998). SAP: Integrated information systems and the implications for management accountants. Management Accounting (UK), 76(8), 46–48.
Scott, J., & Vessey, I. (2002). Managing risks in enterprise systems implementations. Communications of the ACM, 45(4), 74–81.
SEC. (2003). NASD and NYSE rulemaking: Relating to corporate governance. Accessed February 2011 http://www.sec.gov/rules/sro/34–48745.htm.
Selim, G., Woodward, S., & Allegrini, M. (2009). Internal auditing and consult in practice: A comparison between UK/Ireland and Italy. International Journal of Auditing, 13, 9–25.
She, W.‚ & Thuraisinham, B. (2007). Security for Enterprise Resource Planning Systems. Information Systems Security, 16, 152–163.
Shehab, E., Sharp, M., Supramaniam, L., & Spedding, T. (2004). Enterprise resource planning an integrative review. Business Process Management Journal, 10(4), 359–386.
Sia, S., Tang, M., Soh, C., & Boh, W. (2002). Enterprise resource planning (ERP) systems as a technology of power: Empowerment or panoptic control? The DATA BASE for Advances in Information Systems, 33(1), 23–37.
Soh, C., Kien, S. S., & Tay-Yap, J. (2000). Cultural fits and misfits: Is ERP a universal solution? Communications of the ACM, 43(4), 47–51.
Spathis, C., & Ananiadis, J. (2005). Assessing the benefits of using an enterprise system in accounting information and management. Journal of Enterprise Information Management, 18(2), 195–210.
Spathis, C., & Constantinides, S. (2004). Enterprise resource planning systems’ impact on accounting processes. Business Process Management Journal, 10(2), 234–247.
Spira, L. F., & Page, M. (2003). Risk management: The reinvention of internal control and the changing role of internal audit. Accounting, Auditing and Accountability Journal, 16(4), 640–661.
Steven, M. G. (1999). Implementing EW. The Internal Auditor, 56(1), 40–46.
Sumner, M. (2000). Risk factors in enterprise-wide/ERP projects. Journal of Information Technology, 15, 317–327.
Sutton, S. G. (2000). The changing face of accounting and the driving force of advanced information technologies. International Journal of Accounting Information Systems, 1(1), 1–8.
Sutton, S. G. (2006). Enterprise systems and the re-shaping of accounting systems: A call of research. International Journal of Accounting Information Systems, 7, 1–6.
Trimi, S., Lee, S., & Olson, D. (2005). Alternative means to implement ERP internal and ASP. Industrial Management and Data Systems, 105(2), 184–192.
Tryfonas, T., & Kearney, B. (2008). Standardizing business application security assessments with pattern-driven audit automations. Computer Standards and Interfaces, 30(4), 262–270.
Turnbull. (1999). Internal control: Guidance for directors of listed companies incorporated in the United Kingdom. London: Institute of Chartered Accountants in England and Wales.
Vasarhelyi, M., & Greenstein, M. (2003). Underlying principles of the electronization of business: A research agenda. International Journal of Accounting Information Systems, 49, 1–25.
Vasarhelyi, M., Alles, & Kogan, A. (2004). Principles of analytic monitoring for continuous assurance. Journal of Emerging Technologies in Accounting, 1, 1–21.
Volkoff, O. (1999). Using the structurational model of technology to analyse an ERP implementation. In Americas Conference on Information Systems, Milwaukee, WI, August 13–15.
Wahdan, M. A., Spronck, P., Ali, H. F., Vaassen, E., & van Den Herik, H. J. (2005). When will a computer write the auditor’s report? Systemic Practice and Action Research, 18(6), 569–580.
Walsham, G. (1998). IT and changing professional identity: Micro-studies and macro-theory. Journal of the American Society for Information Science, 49(12), 1081–1089.
Wright, S., & Wright, A. (2002). Information system assurance for enterprise resource planning systems: Unique risk considerations. Journal of Information Systems, 16(suppl.), 99–113.
Yeh, J. Y., & OuYang, Y. C. (2010). How an organization changes in ERP implementation: A Taiwan semiconductor case study. Business Process Management Journal, 16(2), 209–225.
Zafiropoulos, I., Metaxiotis, K., & Askounis, D. (2005). Dynamic risk management system for the modeling, optimal adaptation and implementation of an ERP system. Information Management and Computer Security, 13(3), 212–234.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2017 The Author(s)
About this chapter
Cite this chapter
Elbardan, H., Kholeif, A.O. (2017). ERP, Internal Auditing and Corporate Governance. In: Enterprise Resource Planning, Corporate Governance and Internal Auditing. Palgrave Macmillan, Cham. https://doi.org/10.1007/978-3-319-54990-3_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-54990-3_2
Published:
Publisher Name: Palgrave Macmillan, Cham
Print ISBN: 978-3-319-54989-7
Online ISBN: 978-3-319-54990-3
eBook Packages: Economics and FinanceEconomics and Finance (R0)