An Examination of Auditor Planning Judgements in a Complex Accounting Information System Environment *

This study investigates the effects of computer assurance specialist (CAS) competence and auditor accounting information system (AIS) expertise on auditor planning judgements in a complex AIS environment. Recent professional standards state that auditors need to change their audit strategies in reaction to the all-encompassing changes in their clients’ AIS (American Institute of Certified Public Accountants [AICPA] 2001, 2002). Information technology (IT) applications, such as enterprise resource planning (ERP) systems, are significantly changing the ways in which companies operate their businesses (e.g., business process reengineering) and auditors perform their duties (Helms 1999; Public Oversight Board [POB] 2000). For example, the implementation and utilization of ERP systems at many major corporations can increase audit-related risks such as business interruption, data base security, process interdependency, and overall control risk (Hunton, Wright, and Wright 2004). As technological developments continue, auditors must expand their AIS knowledge and skills in order to perform effective and efficient audits (POB 2000; Kinney 2001; AICPA 2002). Prior research suggests that expertise in the AIS domain may make auditors more cognizant of AIS-specific risks and provide them with the sophisticated audit skills required in such settings (Lilly 1997; Hunton et al. 2004). To our knowledge, our study is the first to examine whether auditors’ AIS expertise levels affect their risk assessments and subsequent testing decisions in a complex AIS setting. Statement on Auditing Standards (SAS) No. 94 (AICPA 2001) suggests that a CAS be assigned to assist in the audit of computer-intensive environments. CAS (also referred to as information systems audit specialists and IT auditors) provide