A Blockchain-Enabled Framework for Improving the Software Audit Process
Abstract
:1. Introduction
- Proving the detailed overview/taxonomy of the audit process, including audit types, features, principles, and steps of conducting the audit process;
- Reviewing and evaluating the research on the influence of BCT on auditing;
- Proposed SSFTA as a framework that would aid auditors in using 5G, Cloud, and BCT to enhance company information systems, save time, and avoid fraudulent activities during software auditing;
- Using smart contracts and digital ledger (DTL) for transparency and accountability.
2. Preliminaries and Related Work
2.1. Software Auditing
2.1.1. When to Perform a Software Audit
- Doing SA on a regular basis might become a standard practice for businesses. These audits may take place once or twice a year. For instance, a project manager might initiate an audit to review the current state of the project and verify that everything is running as intended;
- One of the first places SA may be put to use is during the onboarding process for a new team. Before starting a new project, it is important to have a complete picture of the current project scenario. This may not be an exhaustive investigation into the finer points of the project, such as whether or not the necessary permits have been acquired. However, SA is an important part of the onboarding process since it might reveal hidden details about the project;
- When things are not going as planned and certain components of the program are not functioning as expected, but the root cause is unknown, an audit might be conducted. Potential issues may be discovered during an audit, and obstacles that have been preventing the project from moving forward can be removed.
2.1.2. Advantages of Doing Software Audits
- SA aid in maintaining software quality and identifying improvement opportunities. It allows an organization to maintain all programs functioning smoothly. The audit may reveal the necessity to acquire additional technologies that may further enhance the software’s quality;
- During an audit, the status of existing licenses may be determined, allowing for more efficient software use. This will guarantee that the company maximizes the use of its existing licenses. The audit will also determine whether or not the licenses are current;
- If the program needs certain proprietary tools to work effectively, it is important to undertake a comprehensive audit to determine whether the tools you want to acquire will be compatible with all the ones already existing. An audit at this point will guarantee that you acquire products that are suitable for company objectives and improve business operations;
- During the audit, it is possible to determine whether the software conforms to industry standards, and if it does not, the audit may recommend improvements that would enhance the program.
2.1.3. Types of Software Audits
Software Quality Audits
Software Security Audits
Usability and Accessibility Audits
2.2. Blockchain Technology
2.2.1. Smart Contracts: Evolution of Blockchain
2.2.2. Blockchain Use in Auditing
2.3. Related Work
3. Proposed Methodology
Algorithm 1 Audit Process using blockchain DTL and smart contract |
Let |
; |
; ; ; |
; ; |
1. |
2. |
3. |
4. |
5. |
6. |
7. |
8. |
9. |
10. |
11. |
12. |
13. |
14. |
15. |
16. |
17. |
18. |
19. |
20. |
21. |
22. |
23. |
24. |
25. |
26. |
27. |
28. |
29. |
30. |
31. |
32. |
33. |
34. |
35. |
Practical Implications of the Proposed Framework
4. Results and Discussion
- Comparison with existing studies
- b.
- Weaknesses and limitations of the proposed methodology
- Following are the limitations and weaknesses of the proposed methodology
- We did not find enough studies on software audit using blockchain, so it was difficult to find the parameters based on which proposed framework SSFTA may be compared with existing research
- Blockchain technology is still new and has not been tested on a large scale yet, which is a big problem for its potential to change the world. Therefore, to implement SSFTA in real settings, much training and organizational support are required.
- The proposed framework was evaluated using a case study with 12 respondents only (although the sample was representative), which is a small sample, and results cannot be fully generalized for the whole population.
- Organizations need enough resources to implement the proposed framework.
- c.
- Reliability of obtained observations
5. Conclusions and Future Work
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Li, H.; Dai, J.; Gershberg, T.; Vasarhelyi, M.A. Understanding usage and value of audit analytics for internal auditors: An organizational approach. Int. J. Account. Inf. Syst. 2018, 28, 59–76. [Google Scholar] [CrossRef]
- Adamyk, O.; Adamyk, B.; Khorunzhak, N. Auditing of the software of computer accounting system. In Proceedings of the 14th International Conference on ICT in Education, Research and Industrial Applications. Integration, Harmonization and Knowledge Transfer, Kyiv, Ukraine, 14–17 May 2018; pp. 251–262. [Google Scholar]
- Moffitt, K.C.; Rozario, A.M.; Vasarhelyi, M.A. Robotic process automation for auditing. J. Emerg. Technol. Account. 2018, 15, 1–10. [Google Scholar] [CrossRef] [Green Version]
- Omoteso, K. The application of artificial intelligence in auditing: Looking back to the future. Expert Syst. Appl. 2012, 39, 8490–8495. [Google Scholar] [CrossRef]
- Curtis, M.B.; Payne, E.A. Modeling voluntary CAAT utilization decisions in auditing. Manag. Audit. J. 2014, 29, 304–326. [Google Scholar] [CrossRef]
- Bradford, M.; Henderson, D.; Baxter, R.J.; Navarro, P. Using generalized audit software to detect material misstatements, control deficiencies and fraud: How financial and IT auditors perceive net audit benefits. Manag. Audit. J. 2020, 35, 521–547. [Google Scholar] [CrossRef]
- Ahmi, A.; Kent, S. The utilisation of generalized audit software (GAS) by external auditors. Manag. Audit. J. 2012, 28, 88–113. [Google Scholar] [CrossRef]
- Pham, Q.T.; Truong, T.H.D.; Ho, X.T.; Nguyen, Q.T. The role of supervisory mechanisms in improving financial reporting quality by Vietnam public non-business unit. Cogent Bus. Manag. 2022, 9, 2112538. [Google Scholar] [CrossRef]
- Mökander, J.; Axente, M. Ethics-based auditing of automated decision-making systems: Intervention points and policy implications. AI Soc. 2021, 38, 153–171. [Google Scholar] [CrossRef]
- Christ, M.H.; Eulerich, M.; Krane, R.; Wood, D.A. New frontiers for internal audit research. Account. Perspect. 2021, 20, 449–475. [Google Scholar] [CrossRef]
- Al-ahdal, W.M.; Hashim, H.A. Impact of audit committee characteristics and external audit quality on firm performance: Evidence from India. Corp. Gov. Int. J. Bus. Soc. 2022, 22, 424–445. [Google Scholar] [CrossRef]
- Boskou, G.; Kirkos, E.; Spathis, C. Classifying internal audit quality using textual analysis: The case of auditor selection. Manag. Audit. J. 2019, 34, 924–950. [Google Scholar] [CrossRef]
- Krichene, A.; Baklouti, E. Internal audit quality: Perceptions of Tunisian internal auditors an explanatory research. J. Financ. Rep. Account. 2021, 19, 28–54. [Google Scholar] [CrossRef]
- Kaban, I. Central Audit Activities as a Continuous Audit Approach in the Turkish Banking Sector: A Case Study about Frauds in Savings Accounts. Öneri Derg. 2020, 15, 254–275. [Google Scholar] [CrossRef]
- Zakiah, A.N.; Agustini, D.; Twinarti, X. Application of Accounting Information System to Auditor Responsibility in Fraud Prevention. ASEAN J. Econ. Econ. Educ. 2022, 1, 19–26. [Google Scholar]
- Awuah, B.; Onumah, J.M.; Duho, K.C.T. Determinants of adoption of computer-assisted audit tools and techniques among internal audit units in Ghana. Electron. J. Inf. Syst. Dev. Ctries. 2022, 88, e12203. [Google Scholar] [CrossRef]
- Siew, E.-G.; Rosli, K.; Yeow, P.H. Organizational and environmental influences in the adoption of computer-assisted audit tools and techniques (CAATTs) by audit firms in Malaysia. Int. J. Account. Inf. Syst. 2020, 36, 100445. [Google Scholar] [CrossRef]
- Al-Okaily, M.; Alqudah, H.M.; Al-Qudah, A.A.; Alkhwaldi, A.F. Examining the critical factors of computer-assisted audit tools and techniques adoption in the post-COVID-19 period: Internal auditors perspective. VINE J. Inf. Knowl. Manag. Syst. 2022. [Google Scholar] [CrossRef]
- Hu, Q.; Asghar, M.R.; Zeadally, S. Blockchain-based public ecosystem for auditing security of software applications. Computing 2021, 103, 2643–2665. [Google Scholar] [CrossRef]
- Humayun, M. Industrial revolution 5.0 and the role of cutting edge technologies. Int. J. Adv. Comput. Sci. Appl. 2021, 12. [Google Scholar] [CrossRef]
- Humayun, M.; Jhanjhi, N.Z.; Niazi, M.; Amsaad, F.; Masood, I. Securing drug distribution systems from tampering using blockchain. Electronics 2022, 11, 1195. [Google Scholar] [CrossRef]
- Pedrosa, I.; Costa, C.J.; Aparicio, M. Determinants adoption of computer-assisted auditing tools (CAATs). Cogn. Technol. Work 2020, 22, 565–583. [Google Scholar] [CrossRef]
- Smidt, L.; Ahmi, A.; Steenkamp, L.; Van der Nest, D.; Lubbe, D. A Maturity-level Assessment of Generalised Audit Software: Internal Audit Functions in Australia. Aust. Account. Rev. 2019, 29, 516–531. [Google Scholar] [CrossRef]
- Holt, T.P.; Loraas, T.M. Using Qualtrics panels to source external auditors: A replication study. J. Inf. Syst. 2019, 33, 29–41. [Google Scholar] [CrossRef]
- Čular, M.; Slapničar, S.; Vuko, T. The effect of internal auditors’ engagement in risk management consulting on external auditors’ reliance decision. Eur. Account. Rev. 2020, 29, 999–1020. [Google Scholar] [CrossRef]
- Balios, D.; Kotsilaras, P.; Eriotis, N.; Vasiliou, D. Big data, data analytics and external auditing. J. Mod. Account. Audit. 2020, 16, 211–219. [Google Scholar]
- Mkoba, E.; Marnewick, C. Conceptual framework for auditing agile projects. IEEE Access 2020, 8, 126460–126476. [Google Scholar] [CrossRef]
- Thottoli, M.M.; Thomas, K.; Ahmed, E.R. Qualitative analysis on information communication technology and auditing practices of accounting professionals. J. Inf. Comput. Sci. 2019, 9, 529–537. [Google Scholar]
- Humayun, M.; Niazi, M.; Almufareh, M.F.; Jhanjhi, N.; Mahmood, S.; Alshayeb, M. Software-as-a-Service Security Challenges and Best Practices: A Multivocal Literature Review. Appl. Sci. 2022, 12, 3953. [Google Scholar] [CrossRef]
- Marín-López, A.; Chica-Manjarrez, S.; Arroyo, D.; Almenares-Mendoza, F.; Díaz-Sánchez, D. Security information sharing in smart grids: Persisting security audits to the blockchain. Electronics 2020, 9, 1865. [Google Scholar] [CrossRef]
- Schreiber, A.; Sonnekalb, T.; Heinze, T.S.; von Kurnatowski, L.; Gonzalez-Barahona, J.M.; Packer, H. Provenance-based security audits and its application to COVID-19 contact tracing apps. In Proceedings of the Provenance and Annotation of Data and Processes: 8th and 9th International Provenance and Annotation Workshop, IPAW 2020 + IPAW 2021, Virtual, 19–22 July 2021; Proceedings 8. pp. 88–105. [Google Scholar]
- Husain, T. An analysis of modeling audit quality measurement based on decision support systems (DSS). Measurement 2019, 275, 310–326. [Google Scholar]
- Auda, R.; Subriadi, A.; Tjahyanto, A.; Wulandari, A. Measuring software quality with usability, efficiency, and portability characteristics. IOP Conf. Ser. Earth Environ. Sci. 2021, 704, 012039. [Google Scholar]
- García-Berná, J.A.; Sobrino-Duque, R.; Carrillo de Gea, J.M.; Nicolás, J.; Fernández-Alemán, J.L. Automated Workflow for Usability Audits in the PHR Realm. Int. J. Environ. Res. Public Health 2022, 19, 8947. [Google Scholar] [CrossRef] [PubMed]
- Bonyuet, D. Overview and impact of blockchain on auditing. Int. J. Digit. Account. Res. 2020, 20, 31–43. [Google Scholar] [CrossRef] [PubMed]
- Lombardi, R.; de Villiers, C.; Moscariello, N.; Pizzo, M. The disruption of blockchain in auditing–a systematic literature review and an agenda for future research. Account. Audit. Account. J. 2022, 35, 1534–1565. [Google Scholar] [CrossRef]
- Gajendran, N. Blockchain-Based secure framework for elearning during COVID-19. Indian J. Sci. Technol. 2020, 13, 1328–1341. [Google Scholar]
- Rozario, A.M.; Thomas, C. Reengineering the audit with blockchain and smart contracts. J. Emerg. Technol. Account. 2019, 16, 21–35. [Google Scholar] [CrossRef]
- Zemánková, A. Artificial intelligence and blockchain in audit and accounting: Literature review. Wseas Trans. Bus. Econ. 2019, 16, 568–581. [Google Scholar]
- Bonsón, E.; Bednárová, M. Blockchain and its implications for accounting and auditing. Meditari Account. Res. 2019, 27, 725–740. [Google Scholar] [CrossRef]
- Cangemi, M.P.; Brennan, G. Blockchain auditing–accelerating the need for automated audits! EDPACS 2019, 59, 1–11. [Google Scholar] [CrossRef]
- Popchev, I.; Radeva, I.; Velichkova, V. The impact of blockchain on internal audit. In Proceedings of the 2021 Big Data, Knowledge and Control Systems Engineering (BdKCSE), Sofia, Bulgaria, 28–29 October 2021; pp. 1–8. [Google Scholar]
- Popchev, I.; Radeva, I.; Velichkova, V. Auditing blockchain smart contracts. In Proceedings of the 2022 International Conference Automatics and Informatics (ICAI), Varna, Bulgaria, 6–8 October 2022; pp. 276–281. [Google Scholar]
- Abdennadher, S.; Grassa, R.; Abdulla, H.; Alfalasi, A. The effects of blockchain technology on the accounting and assurance profession in the UAE: An exploratory study. J. Financ. Rep. Account. 2022, 20, 53–71. [Google Scholar] [CrossRef]
- Abreu, P.W.; Aparicio, M.; Costa, C.J. Blockchain technology in the auditing environment. In Proceedings of the 2018 13th Iberian Conference on Information Systems and Technologies (CISTI), Caceres, Spain, 13–16 June 2018; pp. 1–6. [Google Scholar]
- Han, H.; Shiwakoti, R.K.; Jarvis, R.; Mordi, C.; Botchie, D. Accounting and auditing with blockchain technology and artificial Intelligence: A literature review. Int. J. Account. Inf. Syst. 2023, 48, 100598. [Google Scholar] [CrossRef]
- De Mello, R.M.; Travassos, G.H. September. Surveys in software engineering: Identifying representative samples. In Proceedings of the 10th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, Ciudad Real, Spain, 8–9 September 2016; pp. 1–6. [Google Scholar]
- Baltes, S.; Ralph, P. Sampling in software engineering research: A critical review and guidelines. Empir. Softw. Eng. 2022, 27, 94. [Google Scholar] [CrossRef]
Acronyms | Used for |
BCT | Blockchain technology |
AI | Artificial intelligence |
ML | Machine learning |
SA | Software audit(s) |
SSFTA | Smart and secure framework for transparent auditing |
IA | Internal audit |
XA | External audit |
DTL | Digital ledger |
Ref# | Paper Contribution | Solution Provided | Research Methods Used |
---|---|---|---|
[35] | Compiled existing research on the use of blockchain for accountants | Agenda for future research | Review |
[36] | Categorizing prior research | Agenda for future research | SLR |
[39] | Explored the role of AI and BCT in auditing | Implications of AI and BCT in auditing | Review |
[41] | Explored the role of AI and BCT in auditing | Identified risks and limitations of using BCT for auditing | Review |
[42] | Explored the role of BCT in internal auditing and internal control | Identified risks and limitations of using BCT for auditing | Review and framework |
[44] | Explored BCT’s impact on accounting professions | Identified challenges of blockchain use in the accounting and assurance profession | semi-structural interview |
[45] | Explored the role of BCT in auditing | Dedicate innovation teams to use BCT to facilitate the move from standard auditing to optimized auditing | Review |
[46] | Explored the role of AI and BCT in auditing | Identified challenges of blockchain use in auditing and provided suggestions | Agency theory and stakeholder theory |
Ease of Learning |
---|
It is easy to understand the end-to-end process of software audit from SSFTA |
It is easy to understand the role of BCT/DTL and smart contracts in managing software audit |
It is easy to use SSFTA to assess the role of 5G and the cloud for software audit |
Each individual practice mentioned in SSFTA is easy to understand and unambiguous |
Some training is required before using SSFTA |
SSFTA is general and can be applied to most software companies for auditing |
Secure Auditing |
---|
Using SSFTA will make the audit process transparent and secure |
Using SSFTA would identify strong and weak areas in the company regarding secure software auditing |
The use of BCT/DTL and smart contract in SSFTA helps to prevent audit fraud |
Using SSFTA would improve our secure software audit processes |
The Structure of SSFTA |
---|
SSFTA is self-explanatory and needs no further explanation for its efficient use |
The process mentioned in SSFTA is practical and applicable in the software industry |
SSFTA covers the end-to-end software audit process and the use of the latest tools and technologies |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Assiri, M.; Humayun, M. A Blockchain-Enabled Framework for Improving the Software Audit Process. Appl. Sci. 2023, 13, 3437. https://doi.org/10.3390/app13063437
Assiri M, Humayun M. A Blockchain-Enabled Framework for Improving the Software Audit Process. Applied Sciences. 2023; 13(6):3437. https://doi.org/10.3390/app13063437
Chicago/Turabian StyleAssiri, Mohammed, and Mamoona Humayun. 2023. "A Blockchain-Enabled Framework for Improving the Software Audit Process" Applied Sciences 13, no. 6: 3437. https://doi.org/10.3390/app13063437
APA StyleAssiri, M., & Humayun, M. (2023). A Blockchain-Enabled Framework for Improving the Software Audit Process. Applied Sciences, 13(6), 3437. https://doi.org/10.3390/app13063437