Information Technology Governance on Audit Technology Performance among Malaysian Public Sector Auditors

: The concept of Industry 4.0 has considerably altered the way organisations operate and has impacted every aspect of life. Furthermore, the fast-growing trend of information technology (IT) transformation in organisations and huge IT investment by Malaysian government have triggered the signiﬁcance of IT risk and its related controls. Besides, technology-enabled auditing and IT-oriented audit procedures have become crucial when performing audit tasks in an electronic environment. Although many initiatives are being implemented to improve technology usage, audit technology use among auditors is still low and auditors are not attaining sufﬁcient progress in the use of technology. This implies the current strategies and policies may not effectively support technology implementation. In the same vein, the under-utilisation of technologies was reported due to inadequate governance. Thus, this study intends to investigate the impact of IT governance on audit technology performance. IT governance is a mechanism to stimulate anticipated behavior in the use of technology among the employees of an organisation. Surveys using closed-ended questionnaires were distributed to approximately 309 Malaysia public sector auditors. The results show that IT governance mechanisms such as IT strategy and management support signiﬁcantly inﬂuence the audit technology performance. IT governance does play a signiﬁcant role in assuring the successful utilisation of audit technology.


Introduction
Technological innovation has been playing a significant role in every organisation in recent years.The notion of Industry 4.0 has considerably altered the way organisations operate and this fourth industrial revolution (4IR) has impacted every aspect of life.Earlier industrial revolutions were focusing in improving manufacturing operations (Industry 1.0), mass productions using electrical energy (Industry 2.0) and automation of uniform job functions (Industry 3.0).The main purpose of Industry 4.0 is to attain betterment in term of automation and operational efficiency as well as effectiveness ( Ślusarczyk 2018).Basically, 4IR is connected with digitalization within and between people and devices as well as the use of advance technologies in accelerating the efficiency and effectiveness of operations and activities plus gaining autonomous performance in the work process through the use of machines (Paprocki 2016).Interestingly, the concept of Industry 4.0 was developed in 2011 as a government initiative by the German Federal Government in promoting technological innovation to boost the German economy.Finally, Industry 4.0 instigated much attention and become a famous mantra.
In line with the growing attention on the digitalization of work processes particularly involving public sector services, there are growing initiatives by the Malaysian government in ICT-related projects to escalate an effective and efficient public service delivery.Thus, IT-related investments have increased among government agencies and has triggered the significance of IT investment in public service delivery and the expected return from these investments is also an important concern among government agencies and citizens.However, in most of the ICT projects being evaluated, the major issue was system underutilisation in terms of functionality.The audit assessment on e-Project Monitoring II, e-PBT (e-Local Authority), and 1Bestari projects, for example, yielded interesting facts such as, underutilisation of the system functions due to lack of knowledge, lack of training, delayed in project implementation due to the additional scope of work or change requests by users, system specifications were not clearly defined, and databases were not updated due to lack of monitoring from the central agency (National Audit Department of Malaysia NADM).
Importantly, most of the issues were related to inadequate governance measures as stipulated in the circulars.The Malaysian Administrative Modernisation and Management Planning Unit (MAMPU) circular has required all government agencies to have committees to deal with ICT-related issues such as a steering committee, technical committee, and project management team.Nevertheless, in most cases, the agencies do not set up these committees because project owners assumed that the project implementation team is sufficient to manage the projects, and in cases where the committees are set up, their roles are uninformed (National Audit Department of Malaysia NADM).The key purposes associated with technology-related governance are reducing risk, assisting performance achievement, and monitoring the technology-related investments.
As organisations rely on IT to some degree to conduct their business, IT governance (ITG) has gained importance in recent years as a key aspect of governance (Bhattacharjya and Chang 2007).IT governance is important for an organisation to attain its organisation objectives specifically related to IT investment.In order to employ effective IT governance, a set of ITG mechanisms is compulsory (e.g., IT steering committee, IT organisational structure) that are able to boost actions consistent with the organisation's missions.These ITG mechanisms focus on several technological issues such as the way significant information system (IS) related practices being implemented and the way the strategies are aligned into practices (Weill and Ross 2004).IT transformation can affect the existing governance systems, leading to a reduction in the capacity and capability of IT in a public sector organisation if this transformation ignores the people and assets devoted to the systems (Al Omari and Barnes 2014).This governance is imperative to warrant the successful implementation of public service delivery to accomplish corporate goals, whereby the decision-making process and monitoring system are aligned with the organisational goals and citizen expectation (Mukhtar and Ali 2011).

Motivation of Study
Highly computerised accounting systems have had implications for current audit practices and has led to the necessity of new audit procedures to evaluate control in order to mitigate new business risks (Soral and Jain 2011).The new requirement of audit standards has increased the needs of technology-oriented audit procedures (Masli et al. 2010).As digitalisation gaining more attention in the business, auditors need to embrace analytics quickly (Protiviti 2018).Although benefit from IT-related audit procedures being widely recognised some auditors are still failing in performing technology enabled audit tasks.Furthermore, there is evidence by academic scholars of the slower adoption of technology-related auditing (Smidt et al. 2018;Bierstaker et al. 2014;Ahmi and Kent 2013) and this is supported by professional literature which suggests auditors are not attaining sufficient progress in their technology-related competency and technology-enabled audit performance (Protiviti 2016a) as well as the use of analytics in the auditing remain low (Protiviti 2018).Within the Malaysia context, the Auditor General of Malaysia has expressed in his recent concern over the under-utilisation of audit technology among public sector auditors (Buang 2015) and most of the public sector auditors are still focusing on traditional IT control rather than advanced IT controls (Mahzan and Veerankutty 2011).A study was conducted in Malaysia indicating lower audit technology usage among private auditors (Rosli et al. 2013).
However, human capital in an organisation is the crucial important factor in speeding innovativeness, performance and competitiveness (Koval'ová 2016).Significantly, the key challenges facing the audit function were the evolving technologies and risk related to information security, limited qualified human resources capabilities and skills, inadequate reporting structures for IT audit function and insufficient IT infrastructure, misalignment between technology and organisation performance, and limited audit methodology related to IT risk assessment, as well as restricted use of technology in data analytics (Protiviti 2016b).
Multiple initiatives are being undertaken to improve the use of technology among auditors, but IT utilisation among the auditors are still low.It may also indicate that the current strategies and policies may not effectively support technology implementation.Major factors that cause IT project failure re related to the inadequate governance mechanism, specifically no clear direction on IT business performance, insufficient management support, improper IT plans and a lack of IT support services (Nawi et al. 2011;Amid et al. 2012).Knowing the high-cost and low-success rate, it is crucial to understand reasons for these issues and for a strategy towards success vital to be discovered.Nevertheless, the review indicates that reasons for the slower adoption of technology-enabled auditing has yet been investigated, although the importance of audit technology in improving the auditors' task in the electronic environment has been recognised widely.
IT governance is defined as a framework that determines the decisions rights and accountability to stimulate anticipated behaviour in the use of technology.As such, effective IT governance stimulates and influences the workforces in technology usage and warrants compliance with an organisation's missions and norms (Weill and Ross 2004).Governments with ineffective IT governance may cause in low performance of technology assets such as ambiguous information quality, unproductive operational costs, delay in IT project and the closing down of its IT department (Nfuka and Rusu 2011).
Thus effective IT governance anticipates playing a role in improving the performance of technology-enabled auditing through the effective management of organisational resources.
Effective IT governance has a set of mechanisms that involve structures, process, and communication.These mechanisms involve the formation of executive teams, committees and IT support services to assure clear strategic direction is established and technology-related issues are handled appropriately.Well-disseminated IT strategies and policies are designed to ensure employees' behaviours are consistent with organisational objectives (Weill and Ross 2004).Consequently, this study anticipates inspecting the influence of these governance mechanisms on the audit technology performance.Although studies have investigated the influence of governance mechanism on IT-related activities, none of the studies have investigated the impact of IT governance on IT-related activities in audit organisation specifically for the audit task.
This study attempts to understand the influence of effective IT governance on the performance of audit technology among Malaysian external public sector auditors.Literature reviews were performed in the area related to the information system, auditing, and governance with the aim of gaining a better understanding of the value of governance of IT-related activities.The finding of the study is expected to enrich the existing body of knowledge on the significant impact of IT governance in assuring the successful utilisation of audit technology.

The Concept of Governance in Information Technology
The United Nations Development Program described governance as "the exercise of economic, political, and administrative authority to manage a country's affairs at all levels.It comprises mechanisms, processes, and institutions through which citizens and groups articulate their interests, exercise their legal rights, meet their obligations, and mediate their differences" ( UNDP, p. 12).From the auditing literature, governance "is the framework, principles, structure, processes, and practices to set direction and monitor compliance and performance aligned with the overall purpose and objectives of an enterprise" (Information System Audit and Controls Association ISACA).IT governance is a part of the wider concept of corporate governance, which emphasises the effective management and use of technology to accomplish business performance.ITG is generally denoted as a subsection of corporate governance (Heart et al. 2010).ITG is defined as a framework that determines the decisions rights and accountability to stimulate anticipated behaviour in the use of technology.Effective ITG stimulates and influences the workforce in technology usage and warrants compliance with the business vision, norms, and beliefs (Weill and Ross 2004).The IT Governance Institute (ITGI) recognises ITG as an accountability of the board of controllers and senior management and it defines ITG as "an integral part of enterprise governance and consists of the leadership and organisational structures and processes that ensure that the organisation's IT sustains and extends the organisation's strategies and objectives" (IT Governance Institute ITGI, p. 10).The key aims related to ITG are reducing risk, sustaining goal achievement, and monitoring of IT investments (Al Omari and Barnes 2014).

IT Governance (ITG) Effectiveness
Organisations with effective ITG have dynamically developed a set of ITG mechanisms that motivates behaviour in line with the organisation missions, strategies, values, norms, and culture.According to Weill and Ross (2004), effective governance only takes place when an organisation has a set of mechanisms which involve structures, process, and communication.An effective ITG comprises of IT structures, management participation, well-disseminated IT strategies and IT policies as well as clearly defined performance indicators (Nfuka and Rusu 2010).Furthermore, top management participation in IT decision making, the establishment of IT steering committees in handling IT related issues to ensure they are in line with organisational goals, and the use of key performance indicators related to IT have significantly measured the effectiveness of IT governance (Ferguson et al. 2013).IT strategies and IT plans are able to ensure that IT investments have been evaluated for relevant risk and assist the business expectation (Wilkin and Chenhall 2010;Ali and Green 2012).Some studies have found IS support service through the availability of IT experts and IS consultants play a significant role in in the successful implementation of the system (Law et al. 2010).

Audit Technology Performance
Technology-related auditing is considered among the top priority area in the audit function, particularly in the use of audit technology (Protiviti 2016a).The auditor needs to incorporate 'state-of-art' audit technology to enhance the audit process (Rose et al. 2017).The most frequently recommended audit technology often promoted by professionals and standards are Computer Assisted Audit Tools (CAATs).The most widely used audit technology, particularly during the technology enabled auditing, are: (i) test data, parallel stimulation and integrated test facility assessing the internal logic of the financial application directly and to test a program is functioning as intended and correctly; (ii) generalised audit software being used to access client electronic files, extract related data, and conduct substantive tests to examine the details of transaction and balances, and perform analytical reviews to identify unusual transactions; (iii) system control audit review files (SCARF) and embedded audit modules being installed into the system to evaluate flows of transaction and identify exceptional transactions (Hall 2015).
Thus, this study intends to develop contextualised measures and view an effective system/technology/application from the user perspective which highlights the ability of audit technology in enhancing the job performance of the auditors and increasing the quality of the audit.Additionally, the type of system being assessed is related to technology that supports the implementation of audit tasks in a digital environment focusing on the automation of individual job functions usually by a single user.Based on the literature reviews, technology/system/application effectiveness or success was evaluated based on the IS Success Model by DeLone and McLean (1992).
The measurement of IS success is critical to understands the value and efficacy of IS investment and its management (DeLone and McLean 2003).This process model consists of six interrelated dimensions namely system quality, information quality, use, user's satisfaction, individual impact and organisational impact (DeLone and McLean 1992).Audit technology performance or success was measured using 2 constructs of this model which are user satisfaction and individual impact that represent the net benefit derived from the use of technology.
A study conducted in Hong Kong among certified accountants on the successful use of accounting information systems indicated that information quality, system quality, and service quality do impact organisational performance (Gorla et al. 2010).A study examined the successful use of a mandatory taxation information system in Greek and noted that there is a strong association with system quality, information quality, service quality, perceived usefulness and user satisfaction except for system quality and user satisfaction (Floropoulos et al. 2010).From the employee satisfaction perspective, a survey was conducted among 10,000 employees and noted that service quality, information quality, user satisfaction, use, individual impact and organisational impact contribute to the successful utilisation of employee portals (Urbach et al. 2010).Reviews show that the DeLone and McLean IS Success model is robust because of the findings from studies among different users and involving different information systems indicating similar results in measuring the successful utilisation of technology.Thus, this study utilised the IS Success model to evaluate audit technology performance.
In summary, audit technology performance may further be improved when audit organisations established an effective IT governance mechanism by guiding auditors with an appropriate IT strategy and IT policy as well as assisting the auditors with an adequate IT support service.Besides, audit organisation may effectively manage IT related issues through the formation of an IT committee and being further supported by senior management.This is anticipated to encourage a positive behaviour toward the use of technology during the audit task among the auditors.

IT Governance and Performance
The implementation of ITG anticipated to improve the operational and supply chain processes efficiently within and across the organisation (Ilebrand et al. 2010); and well-organized ITG may have progressive effects on organisation performance (Weill and Ross 2004).There are some signs that the implementation of ITG mechanisms may lead organisations to manage and use the technology in business more efficiently than the organisation in which IT governance is not effective.ITG mechanisms are able to assist in risk mitigations and IT business value creation.ITG mechanisms may enhance the administration of IT-related activities by assuring technology usage is in line with business objectives, IT being managed effectively, and IT outcomes being monitored effectively.As such, an effective IT Governance mechanism able to influence organisational performance (Lunardi et al. 2014) and enhanced technology-related activities (Heart et al. 2010) and governance practices (Haes and Grembergen 2009).Liang et al. (2011) found that IT governance maturity enables strategic alignment which in turn yields better performance.Thus, effective IT governance mechanisms can improve system performance.
From the auditing context, effective IT governance mechanisms anticipate impacting the audit work process which may result in better job performance and productivity through the effective utilisation of audit technology during the audit task in the digital environment.Effective IT governance lays a foundation for the audit organisation and its workforce to follow a desirable behaviour and motivate the behaviour to be in line with the organisation's mission in providing quality audit opinions.In addition, senior management support, clear strategies, and policies as a part of a governance mechanism in controlling the organisation's activities are considered to be significant drivers for audit technology usage (Mahzan and Lymer 2014).IT support services also play a significant role in assuring the audit technology usage (Ahmi and Kent 2013) as well as supporting the cultural impact of the technology performance.Accordingly, effective use of audit technology during the audit task through the existence of effective IT governance may enhance audit task efficiency and improve the quality of audit opinion in addition to job performance.
Interestingly, studies examining the role of IT governance in IT-related activities in public sector audit organisations have been limited.Most of the literature on the role of IT governance were focused mainly on its impact towards organisation performance.No attempt was done to explore the potential of effective IT governance on individual behaviour specifically from an auditing context.Thus, this study anticipates enriching the existing knowledge by integrating the issues of IT-related investment and IT governance to highlight the importance of IT governance for the success of IT initiatives in audit organisations.

Hypothesis Development and Research Model
Agency theory is utilized to elucidate the phenomena, as literature showed agency theory being predominantly used in public sector accountability research (Schillemans and Busuioc 2015) and being very much related to governance issues such as monitoring mechanisms (Maijoor 2000).Accountability refers to relationships between two (or more) persons, where one is obliged to be responsible for his or her behaviour to the other(s), and some specific mechanisms are arranged to make him or her behave in an accountable manner (Dubnick and Frederickson 2010).Therefore, principals create some mechanisms to bind the degree of such behaviour.Furthermore, principals also observe the conduct of management with the intention of discouraging unrelated activities and introduce mechanisms to bond the interest of both parties (Peirson 1990).An IT governance mechanism was established by the government through government circulars and a high-level governing committee (e.g., parliamentary members meeting) in order to oversee the behaviour of civil servants being in line with the government mission and objectives.This IT governance mechanism acts as the mechanism on behalf of principals (i.e., government) in monitoring the behaviour of management.The Auditor General of Malaysia who represents the management is responsible for administering the organisation's activities through effective work processes and reporting such activities to the governing committees.
Implementation of ITG mechanisms may lead organisations to manage and use the technology in business more efficiently than the organisation in which IT governance is not effective.Effective ITG mechanisms may enhance the administration of IT-related activities by assuring technology is in line with business objectives, IT being managed effectively and IT outcomes being monitored effectively (Lunardi et al. 2017).Senior management support is important in creating a supportive climate and allocating sufficient resources for the successful utilisation of technologies (Wang et al. 2010;Low et al. 2011) and being significant drivers in making decisions on technology adoption in audit organisations (Mahzan and Lymer 2014;Ahmi and Kent 2013).Further, reviews indicated that IT strategy as the technology-related strategic policy is providing guidance and direction on IT-related activities (Nfuka and Rusu 2010) and IT Committee as a supporting mechanism for managing IS related activities (Ferguson et al. 2013;Ali and Green 2012) are important mechanisms for effective governance.IT support services also play an important role in assuring the usage of audit technology among the auditors (Vasarhelyi and Romero 2014).Thus, organisations should effectively govern the organisational IT-related activities with appropriate infrastructure in supporting technology utilisation among the auditors and recommended provision of an IT support service in order to enhance auditors confidence in utilising audit technology i.e., CAATs during the audit task (Bierstaker et al. 2014).This IT governance construct denotes the mechanism that inspires actions concurrent with the organisation's mission, strategy, and culture related to IT which influences the successful use of technology during the audit task.
Therefore, organisations need to focus on effective ITG before attempting to improve technology-related activities.An effective IT governance mechanism anticipated influencing audit technology performance.Accordingly, it is hypothesized that:

Hypothesis 1 (H1).
There is a positive relationship between effective IT governance and audit technology performance.
H1a.There is a positive relationship between management support and audit technology performance.
H1b.There is a positive relationship between effective IT strategy and audit technology performance.
H1c.There is a positive relationship between effective IT committee and audit technology performance.
H1d.There is a positive relationship between effective IT support service and audit technology performance.

Research Method
The unit of analysis for this study includes the public sector auditor in National Audit Department of Malaysia (NADM) who represents the majority of public sector auditors in the country.Data were collected through cluster sampling by segregating audit staffs function into administration and audit functions.After a discussion with the NADM representative, a total of 1535 auditors with organisation's email addresses were considered as targeted respondents.Using the Cohen (1988) table, the minimum sample required was approximately 306.Based on the literature, particularly involving online web-surveys in public services, 20% to 30% were presumed to be reasonable (Baruch and Holtom 2008;Saunders et al. 2009).A multistage method of data collection was conducted, whereby a total of 1518 questionnaires were emailed and personally administered.A link with the web survey was randomly attached to 1427 official e-mails, with 14 email addresses invalid, and 97 paper-based questionnaires were handed over to the auditors in audit branches in the headquarters of Putrajaya.The data collection was carried out for two months.About 309 questionnaires were collected with a response rate of 22.07%.The usable questionnaires met the minimum required sample size.SmartPLS 3.0 software was used to assess the relationship among the research constructs by performing partial least square (PLS) analysis (Hair et al. 2016) which is a structural equation modeling (SEM) technique that permits concurrent analysis within latent constructs and between measurement items.PLS-SEM was believed to be an appropriate data analysis technique as (i) this study intends to investigate the predictive association between independent and dependent variables, and (ii) new measures and structural paths were added into the conceptual model based on previous literature.
The constructs were measured using a 5-point Likert scale of 1-strongly disagree and 5-strongly agree.All instruments were adopted from previous studies and modified to meet the objective and research setting.The questionnaire consists of multiple item measurement scales adapted from previous literature.The dependent variable for this study was audit technology performance which as explained through the IS Success Model by DeLone and McLean (1992).Item measurements consist of two constructs mainly adapted from Hussein et al. (2007) which are: user satisfaction and individual impact.
IT governance is signified by IT Committee, IT strategy, IT support service and senior management support which may stimulate the implementation of technological innovation (Havelka and Merhout 2013).In the same vein, this construct denotes the mechanism that inspires action concurrent with the organisation's mission, strategy and culture that is related to IT which influences the adoption and use of technology.These measurement items have been validated on its reliability and validity in previous literature, specifically in governance and IS literature (Ifinedo 2011;Li et al. 2015).The measurement items used for this construct were modified from IS literature (Li et al. 2015;Kim et al. 2009), governance literature (Ali and Green 2012;Ferguson et al. 2013) and auditing literature (Ahmi and Kent 2013) to fit the purpose of the research context and the respective questionnaires as shown in Table 1.

G_Mgm3
Senior managements support the use of audit technology in audit task (Li et al. 2015) This research is a cross-sectional quantitative study, with hypotheses testing, and the types of investigation is a causal relationship, using questionnaires requesting auditors to provide their insight on the perceived importance of each IT governance mechanism in influencing their decision on audit technology usage.In addition, auditors were requested to rate the extent to which they agreed with the statements in the questionnaire regarding audit technology usage on their job performance.

Data Analysis
The structural equation modelling technique was a second generation multi-variate data analysis method selected to test the research model, and partial least square (PLS) using SmartPLS (Ringle et al. 2015) was employed as the statistical tool to examine the measurement and structural model as it can accommodate no assumptions on data distribution and survey research is not normally distributed (Chin et al. 2003).The assessment on the research model was firstly tested on the measurement model (validity and reliability of the measures) and secondly, the evaluations were done on the structural model (testing the hypothesized relationships) (Hair et al. 2016;Ramayah et al. 2011).Furthermore, the relationship between variables was analysed using SmartPLS 3 Software bootstrapping analysis (resampling = 2000) in order to test the level of significance, t-values for all paths.Bootstrapping analysis is used to evaluate the quality of the measurement models and the structural model results in PLS-SEM based on a set of non-parametric evaluation criteria (Hair et al. 2016).Hair et al. (2014) explained that "in bootstrapping, subsamples are randomly drawn (with replacement) from the original set of data.Each subsample is then used to estimate the model.This process is repeated until a large number of random subsamples have been created, typically more 5000.The parameter estimates (in this case, the indicator weights) estimated from the subsamples are used to derive standard errors for the estimates".

Respondents' Profile
The sample of this study consist of 309 respondents.The respondents' profile is as per Table 2.The majority of respondents were working at state government (40.4%) and federal government (34.0%)levels.Almost 76.7% respondents were female and the remainder were males (23.3%).Most of the respondents were support staff (68.0%) who are the field auditors who performed the technology-enabled auditing directly followed by middle managers (22.0%) who were involved in supervising and monitoring the work of support staff as well as senior managers (10.0%) who led and gave directions on the audit job function.Almost 87.1% of the respondents had auditing experiences 5 years and more which displays that they have the necessary knowledge to respond well.Additionally, about 45.0% of the respondents had experience using audit technology over 5 years and more, and virtually 62.1% of the auditors were perceived to have adequate IT skills.

Assessment of Measurement Model
Two types of assessments were performed in assessing the measurement model which include construct validity, convergent validity, and discriminant validity.As recommended by Hair et al. (2016) the assessment was done by examining loadings, average extracted (AVE) and composite reliability (Yeap et al. 2016).Construct validity signifies how well the results obtained from the use of measure fit the theories around which the test is designed (Sekaran and Bougie 2010).A satisfactory measurement model tends to have internal consistency reliability above the threshold value of 0.708 (Hair et al. 2014).However, Hair et al. (2016) contended that with any outer loading values between 0.4 and 0.7 although considered weak, the researchers should carefully examine the effects of item removal on the composite reliability (CR) as well as content validity of the constructs and should only consider for removal from the scale those that when deleting the indicator lead to an increase in CR.Most of the loading of items were more than 0.70 (significant at p < 0.01) and met the fit criteria.
Furthermore, the AVE value of 0.5 or higher indicates the construct achieve adequate convergent validity (Bagozzi and Yi 1988;Fornell and Larcker 1981) and the construct is able to explain more than half of the variance of its indicators.The loadings for all the items were more than 0.5 and the composite reliabilities were all greater than 0.7 (Hair et al. 2010).The AVE measures the variance captured by the indicators relative to measurement error and the AVE for this study was in the range from 0.623 to 0.979.Table 3 summarizes the results and shows that all the 5 constructs are valid measures for the respective constructs.Discriminant validity of the constructs of this study was assessed using Fornell and Larcker's technique and the heterotrait-monotrait (HTMT) technique.Measurement model has discriminant validity if the square root of AVE of each construct exceeded the correlation between the items and all other items (Fornell and Larcker 1981).The results of Fornell and Larcker's technique indicates that the square roots of the AVE of the construct (represented diagonally and in bold) are higher than the correlation (represented off-diagonally) for all reflective constructs.
Further assessment using HTMT techniques as suggested by Henseler et al. (2015) was conducted as per Table 4 which specifies that all the values were less than the HTMT.85 value of 0.85 (Kline 2011) or HTMT.90 value of 0.90 (Gold et al. 2001), thus specifies that discriminant validity has been met.In summary, the measurement model demonstrated adequate convergent validity and discriminant validity.

Assessment of Structural Model
The assessment of the structural model of this study was analysed using five-step procedures proposed by Hair et al. (2014) which includes assessment of collinearity issues; path co-efficient; coefficient of determination (R 2 ); effect size f 2 ; and predictive relevance (Q 2 ).
Even if the discriminant validity requirements are met, issues on lateral collinearity may mislead the results due to the strong causal effect (Kock and Lynn 2012).The variance inflation factor (VIF) measures the collinearity among the indicators.The result on the VIF values of each construct indicates that the score of VIF is below the recommended threshold value of 5 (Hair et al. 2014) and there were no issues of collinearity issues in the structural model.
The relationship between variables was investigated by running the SmartPLS 3 Software algorithm and was further analyses using SmartPLS 3 Software bootstrapping of 2000 was applied in order to test the level of significance and t-statistics for all path.Table 5 summarizes the results on R 2 , f 2 , Q 2 and the respective t-values and the results of the path analysis as shown in Figure 1.The results indicate that the effective IT governance component which consist of the IT strategy (β = 0.325, p < 0.05) and management support (β = 0.266, p < 0.05) were positively related to audit technology performance and explained 38.1% of the variance in audit technology performance.However, IT committee and IT support service do not influence the audit technology performance.Thus, the H1a and H1d were supported.The R 2 value was above the 0.35 value as recommended by Cohen (1988) indicating this is a substantial model.Although the p-value is being used to measure the statistical significance of each relationship between exogenous constructs and endogenous constructs, it is unable to reveal the size of the effect The results indicate that the effective IT governance component which consist of the IT strategy (β = 0.325, p < 0.05) and management support (β = 0.266, p < 0.05) were positively related to audit technology performance and explained 38.1% of the variance in audit technology performance.However, IT committee and IT support service do not influence the audit technology performance.Thus, the H1a and H1d were supported.The R 2 value was above the 0.35 value as recommended by Cohen (1988) indicating this is a substantial model.Although the p-value is being used to measure the statistical significance of each relationship between exogenous constructs and endogenous constructs, it is unable to reveal the size of the effect which also refers as substantive significance (Sullivan and Feinn 2012).To measure the magnitude of the effect size, this study employed Cohen (1988) rule of thumb which is 0.02, 0.15 and 0.35, representing small, medium and large effect.Based on the results of f 2 effect size in Table 4, it showed that only management support has small effect sizes.Hair et al. (2010) have highlighted that the effect size is problematic to establish based on the rule of thumb because the effect size depends on the model complexity and research context as well as the research field (Sullivan and Feinn 2012).
Furthermore, this study tested the predictive relevance (Q 2 ) of the model.The predictive Q 2 test is a measure to investigate the predictive power of exogenous constructs over endogenous constructs using the blindfolding technique (Geisser 1974;Stone 1974).A value of Q 2 bigger than zero for a specific reflective endogenous construct shows the path model's predictive relevance for a particular dependent construct (Hair et al. 2016).By applying the blindfolding procedure as suggested by Hair et al. (2014), the result shows that the research model has medium predictive relevance (Q 2 = 23.2%).

Importance Performance Matrix Analysis (IPMA)
As an extension of the results of this study, a post-hoc importance-performance matrix analysis (IPMA) was performed using audit technology performance as the target construct or outcome variable.The IPMA goal is to identify predecessors that have a relatively high importance for the target construct (i.e., those that have a strong total effect) but also a relatively low performance (i.e., low average latent variable scores).The aspects underlying these constructs represent potential areas of improvement that may receive high attention.IPMA contrasts structural model total effects on a specific target construct with the average latent variable scores of this construct's predecessors.The total effects represent the predecessor constructs' importance in shaping the target construct while their average latent variable scores represent their performance (Hair et al. 2016).
Based on Figure 2, it can be observed that IT strategy and management support are very important IT governance elements in determining the successful utilisation of audit technology during the audit task.Besides, both constructs also show good performance influencing the audit technology performance.The other two constructs, particularly on IT support service and IT committee.have relatively little relevance as well as intermediate performance in influencing the audit technology performance.
Based on Figure 2, it can be observed that IT strategy and management support are very important IT governance elements in determining the successful utilisation of audit technology during the audit task.Besides, both constructs also show good performance influencing the audit technology performance.The other two constructs, particularly on IT support service and IT committee.have relatively little relevance as well as intermediate performance in influencing the audit technology performance.

Discussion
The originality of this research lies in the impact of IT governance on audit technology performance since there were no studies that have investigated the proposed relationship from the context of public sector auditing.This study proves that the IT governance mechanism consists of IT strategyand management support which are important factors influencing audit technology performance among the Malaysian public sector auditors using the partial least square (PLS)

Discussion
The originality of this research lies in the impact of IT governance on audit technology performance since there were no studies that have investigated the proposed relationship from the context of public sector auditing.This study proves that the IT governance mechanism consists of IT strategyand management support which are important factors influencing audit technology performance among the Malaysian public sector auditors using the partial least square (PLS) technique in testing the hypotheses.The paper investigates the goodness of measure by assessing the reliability and validity of the measures of the constructs.The results indicate the measures used in the study exhibited convergent and discriminant validity.In addition, the reliability of the measures was assessed using Cronbach's alpha and composite reliability which indicate all the measures' reliability values are at par with the criteria set by the established scholars.
Most of the previous studies focused only on certain measures such as top management support, IT support service, IT policies and being individually tested as a factor that influences the technology usage (Buchwald et al. 2014;Grover and Kohli 2012;Tsai et al. 2015).Some literature focused on the influence of IT governance towards organisation performance/job performance/technology performance (Lunardi et al. 2014;Liang et al. 2011).This is the first study that integrates the measures related to the IT governance construct particularly on top management support, IT strategy, IT committee and IT support service which have been tested individually.An effective IT governance mechanism is able to articulate and reinforce the use of technology by aligning the organisation resources and capabilities to stimulate anticipated behaviours on technology usage (Wilkin and Chenhall 2010;Weill and Ross 2004).
The findings of the paper confirmed that IT governance is an important accountability mechanism to induce anticipated behaviour in the use of technology among the workforce.The IT governance mechanism displays direct influences on the audit technology performance.Most of the items used to measure this construct were adopted from auditing literature and IS literature on technology adoption which is being examined separately as the antecedents in technology adoption literature.
The results indicate that management support as stated in previous literature influence the technology usage (Ghobakhloo and Tang 2015).IT strategy does influence the technology usage consistent with earlier research findings (Widuri et al. 2014;Nkhoma and Dang 2013) IT committee and IT support service do not influence the technology performance which is inconsistent with earlier findings (Ferguson et al. 2013;Law et al. 2010).
Consequently, audit organisations should strengthen the IT governance mechanism by specifying the decision rights and accountability framework to encourage desirable behaviour in using IT among the public sector auditors (Weill and Ross 2004).On the other hand, management should provide adequate assistance through effective IT plans by providing adequate resources in the successful use of audit technology during the audit task.In addition, requirements and pressure imposed on the use of technology during auditing should be supported by management and a clear IT strategy should in place to achieve successful utilisation of audit technology.
Active management supports and clear roles of IT plan may ease in optimising the performance of IT initiatives (Buchwald et al. 2014).In line with this finding, effective IT governance is anticipated to optimize the audit technology usage among the public sector auditors by assisting the organisation to formulate and formalise the understanding and application of IT (Wilkin and Chenhall 2010) by means of IT strategy and IT Plan.Reviews also indicated that when organisation effectively aligned its IT activities and IT-supported process to inspire actions concurrent with organisation strategy and culture, it may improve the technology-related performance (Tsai et al. 2015).
Effective IT-related communication policies and IT plans (IT governance mechanism) are important elements (Huang et al. 2010) as well as management participation (Nfuka and Rusu 2010) to instill effective use of audit technology among public sector auditors.IT governance arrangements are able to monitor IT investment in order to sustain a desired outcome and expectation of stakeholders (Al Omari and Barnes 2014).When performing complex auditing, auditors should be given reliable assistance from IT support services thru the availability of IT expert and IT consultant (Law et al. 2010) in order to enhance audit technology usage.
Besides, when management wants to improve audit technology performance, an IT strategy should be given first priority.Thus it is important to an audit organisation to develop, disseminate and create awareness about IT strategy.Furthermore, managers should assure the technology-related activities in audit organisation are in line with the organisation IT strategy.Besides, participation and support from senior management are crucial in order to achieve better performance on audit technology usage among the public sector auditors.

Contribution
A significant theoretical contribution of this study was the introduction of the IT governance mechanism influencing the audit technology performance.This is the first study that presents and specifies some drivers of technology usage such as top management support, IT committee, and IT strategy into a construct representing IT governance which is being anticipated to boost actions consistent with the organisation's mission, approach, standards, rules and culture (Weill and Ross 2004).
Another substantial methodological implication involves the choice of statistical analysis.This research is among very few audit technology researchers which utilised PLS-SEM (SEM).By using SmartPLS 3.0 software, this research was able to establish the joint impact of IT governance and the audit technology performance.
From the managerial perspective, a public sector audit organisation should strengthen governance related to technology by developing an appropriate IT strategy and IT plan for the auditors to be guided in performing technology-related activities during the audit task.Besides, organisations should establish and strengthen the IT support services in assisting the auditors to perform their job function more effectively.Furthermore, it is important that organisations clearly indicate their requirements and priorities related to technology-related training in their IT strategy and IT plan to enhance the use of audit technology.In addition, compliance with professional standards should be scrutinised by the IT committee carefully to assure adherence to technology-enabled auditing.

Figure 1 .
Figure 1.Research model of the study.

Figure 1 .
Figure 1.Research model of the study.

Table 1 .
Measurement items for IT governance.

Table 3 .
Results of the measurement model.