Sage Journals: Discover world-class research

Abstract

The audit is fundamental to the reputation of the organization and to maintain its investors’ confidence, because it asserts the conformity of financial statements with good accounting practices. Therefore, information technology (IT) auditors are indispensable, since IT is pervasive. IT auditing training focuses on technical skills. However, it appears that good relationships between IT auditors and auditees are crucial to carrying out an IT audit engagement. This phenomenological study is based on interpretative phenomenological analysis. It explores what IT auditors experience, feel, and live in the context of difficult relationships and disagreements with auditees, and how this difficulty impacts these auditors, their audit engagements, and their career. The results highlight five categories of pressures on IT auditors within the scope of audit engagement. Moreover, the results indicate that the experience of the IT auditor and the support from his or her superiors are two factors which have significant influence on how the pressures are experienced. The results also suggest that the pressures experienced affect the IT auditors morally and physically and can impact the auditor’s career ambitions.

Keywords

IT audit pressure auditor–auditee relationship lived experience phenomenology interpretative phenomenological analysis

Introduction

Economic news in recent decades places great importance on the publication of the financial results of large organizations. The auditor role is fundamental to financial information reliability, and therefore, the confidence of investors, governments, and other stakeholders. Auditing involves conducting assessments, verifications, controls, and investigations and collecting evidence to determine the extent to which the company meets regulatory standards and requirements.¹

Pervasiveness of information technology (IT) and of large information systems like enterprise resource planning has increased auditing complexity. As a result, it is necessary to integrate an IT auditor into the audit engagement teams.² The IT auditor will evaluate the adequacy and effectiveness of the organization’s IT controls, such as procedures, guidelines, and policies. Sensitive or significant nonconformities can deteriorate the relationship between the auditor and the auditee.

The often-difficult working relationship between auditors and the companies they audit has been at the center of several research projects the majority of which relate to audit independence.^1,3
–5 However, the impact of these relationships on the mandate, the careers, or even the lives of the auditors involved is not addressed. Thereby, this article will study these relationships and will focus on IT auditing.

The auditor, by the nature of his or her work, plays the dual role of advisor and assurance provider with the entities audited.⁶ A partnership relationship must be maintained with the audited entity, the purpose of which is to bring value to the organization by providing advice on risk mitigation and improving controls.⁵ With respect to the audit, auditor relationship with the audited entity is more difficult, as he or she acts as a controller in identifying weaknesses in control and errors or omissions.¹ It may also happen during an audit that the auditor and the audited entity disagree on how a process is executed or understood. Both parties therefore face diverging interests. Auditors are therefore often subject to pressures of various kinds that could undermine their independence, competence, or objectivity.⁷ Generally, these are maneuvers (the pressures) used by the auditees to put the auditor in a difficult position in order to hinder his or her work.

The pressures thus experienced are likely to affect not only the audit work but the auditors life.⁸ Our concern is therefore to know what auditors experience, feel, and live in the context of difficult relationships and disagreements with auditees and how these difficulties affect them throughout their careers. A phenomenological interpretive study of the relations between auditors and auditees is relevant here, because our interest is focused on the experience of these difficult relations and disagreements.

Our concern is to investigate what IT auditors experience and feel because of the difficulties they encounter in their dealings with auditees and how all of this impacts them personally, as well as their audit mandates and careers. IT auditors are responsible for analyzing and evaluating the information systems of an organization to ensure accurate and secure information, efficient processes, and compliance with applicable regulations. If problems are identified, they have to escalate their findings to relevant organization’s stakeholders and can provide solutions to improve or modify processes and systems.

Specifically, we aim to understand the following.

RQ1: How IT auditors feel and experience pressures in different IT audit mandates.

RQ2: How the pressures are impacting the IT auditors, their different IT audit mandates and careers.

RQ3: How IT auditors maintain a good level of objectivity and performance under pressure.

This article is divided into four sections. The second section reviews the pertinent literature. The third section details the methodology and approach used in this research project. The fourth section presents the results of the study, and the fifth section is devoted to the discussion of the results. It ends with a conclusion that summarizes the results emerging from the study, including the limitations of the study and possible subsequent research.

Related work

The Information System Audit and Control Association (ISACA) defines audit as

a systematic process by which a team or a qualified and independent person objectively obtains and evaluates the evidence related to assertions about the process, in order to form an opinion on the subject and to make a report on the degree of implementation of the assertions.⁹

Auditing activities can be done by either an external party—external auditing—or an internal party—internal auditing. Typically, external auditing is concerned with the validation of financial statements.² Internal auditing, once limited to the financial concerns, now also includes all operations and important functions of organizations. According to the Institute of Internal Auditors (IIA), internal audit is an independent and objective activity that provides an organization with confidence in the degree of control over its operations, provides advice on how to improve them, and helps added value.¹⁰

The search protocol used for the literature review is summarized in Table 1. It was realized in 2018, using online search tools like Academic Search Complete, Google Scholar, and Proquest. At the end of our initial literature search, we found that literature specifically dealing with the pressures experienced by IT auditors in their dealings with auditees is rare and oriented toward IT auditor independence.^11
–13 To obtain a broader view and some insight for our research, we therefore extended our literature review to include the relationships of internal auditors and financial auditors with auditees. IT auditors usually work in conjunction with internal auditors and financial auditors. Therefore, the following sections provide other perspectives that feed our research.

Table 1.

Literature search protocol summary.

Databases	Search strings
Compendex & Inspec Knovel Scopus Web of Science EBSCOhost Google Scholar IEEE Xplore Wiley Online Library SpringerLink Elsevier	Pressure IT Auditor Pressure ICT Auditor Pressure information technology Auditor Pressure information system Auditor Pressure IT Auditor OR Relationship AND Auditees Pressure IT Auditor AND Relationship AND Auditees Information system Auditor AND Relationship AND Auditees Information system Auditor AND cooperation AND Auditees Information system Auditor OR cooperation AND Auditees Information technology Auditor AND cooperation AND Auditees Information technology Auditor OR cooperation AND Auditees Information technology Auditor AND Stress AND Auditees Information technology Auditor OR Stress AND Auditees Information system Auditor AND Stress AND Auditees Information system Auditor OR Stress AND Auditees Information technology Auditor AND difficulties AND Auditees Information technology Auditor OR difficulties AND Auditees Information system Auditor AND difficulties AND Auditees Information system Auditor OR difficulties AND Auditees Information technology Auditor AND difficulty AND Auditees Information technology Auditor OR difficulty AND Auditees Information system Auditor AND difficulty AND Auditees Information system Auditor OR difficulty AND Auditees

Databases

Search strings

Compendex & Inspec

Knovel

Scopus

Web of Science

EBSCOhost

Google Scholar

IEEE Xplore

Wiley Online Library

SpringerLink

Elsevier

Pressure IT Auditor

Pressure ICT Auditor

Pressure information technology Auditor

Pressure information system Auditor

Pressure IT Auditor OR Relationship AND Auditees

Pressure IT Auditor AND Relationship AND Auditees

Information system Auditor AND Relationship AND Auditees

Information system Auditor AND cooperation AND Auditees

Information system Auditor OR cooperation AND Auditees

Information technology Auditor AND cooperation AND Auditees

Information technology Auditor OR cooperation AND Auditees

Information technology Auditor AND Stress AND Auditees

Information technology Auditor OR Stress AND Auditees

Information system Auditor AND Stress AND Auditees

Information system Auditor OR Stress AND Auditees

Information technology Auditor AND difficulties AND Auditees

Information technology Auditor OR difficulties AND Auditees

Information system Auditor AND difficulties AND Auditees

Information system Auditor OR difficulties AND Auditees

Information technology Auditor AND difficulty AND Auditees

Information technology Auditor OR difficulty AND Auditees

Information system Auditor AND difficulty AND Auditees

Information system Auditor OR difficulty AND Auditees

IT: information technology.

Internal auditing perspective

In the context of an internal audit, the literature qualifies the relationship between auditors and auditees as a partnership. This has been endorsed by the implementation of several laws at the international level. These laws include the Sarbanes–Oxley Act, known as the SOX Act, passed by the US Congress and Senate in the United States in 2002, and the Financial Security Act, known as the LSF, adopted by the French parliament in 2003.¹⁴ The implementation of these requirements has led to the strengthening of internal audit services in order to support organizations in this new direction.¹⁵ Internal audit acts as a partner with management, and the advice it provides on all activities, operational and strategic processes is an added value for the organization.³

The relationship between auditors and auditees, in the context of internal auditing, also appears as a win-win partnership in which the expectations of both can be met.⁵ Their qualitative study focuses on the relationship between internal audit and senior management, specifically on the expectations and perceptions of one in relation to the other. Based on a broad range of qualitative data, they conclude that senior management expectations have a significant influence on the internal audit. Also, internal audit can meet most of these expectations, which in turn allows senior managers to support them.

The conflicts between internal auditors and auditees are rooted in the differences that oppose them and that can lead to hostile reactions. An Australian study revealed several discrepancies between CEOs and Chief Audit Executives in areas covered by internal audit.¹⁶ The areas that were most strongly supported by CEOs were not necessarily those in which internal audit managers indicated that they spent a proportional portion of their time.⁵

In 2015, the IIA Research Foundation published a study on the political pressures on internal audit. This study used interviews, focus groups, and a questionnaire administered to the internal audit managers; it assumes that internal auditors may be subject to political pressure during missions to sensitive areas or when reporting findings. The results highlight the types of pressures faced by internal audit managers and their magnitude. For example, of approximately 500 internal audit managers who participated in the study, 54.7% were asked to omit or amend a major audit finding at least once.¹⁰

Financial auditing perspective

Some authors present the auditee as superior to the auditor in labor relations during an audit. Indeed, the competence of the auditor is collective, because it depends closely on the work of a team in which the auditee is implicitly an indispensable member.⁴ In a way, the auditor can do nothing without the auditee, because it is the latter who provides him with the information that allows him to valorize his skills. The superiority of the auditee over the auditor is also justified through the theory of exchange.¹⁷ In the context of the external audit, the superiority of the auditee is explained by their control over the assignment of auditors, which may be to the detriment of a particular auditor. The superiority of the auditee can also be intellectual⁴; this perspective is conceivable insofar as companies have specialists and they have a perfect knowledge of the processes and techniques used in the audit work. Thus, they do not fear the auditors.

This can lead to a conflict to the point that auditors and auditees rub shoulders and interact while their objectives are different.¹ Their differing interests may create feelings of fear and hostility. He also identifies some factors that favor the appearance of threatening behaviors, in this case distrust, fear, client knowledge of financial difficulties, the existence of financial malpractice, or even the need to establish a provision. These conflicts generally result in pressure on the auditor. A study tackled this question by referring to more or less subtle maneuvers of clients aimed at auditors in their investigations.⁴ The hostility of the auditee toward the auditor may also result in intimidation and is likely to upset and destabilize the auditor.¹⁸

The nature of the auditors–auditees relationship has been studied, and it has been identified that it may happen when a conflict emerges, thus offering to the auditee the possibility to obstruct the smooth conduct of the audit through pressure on the auditor.⁴ Supported by semi-structured interviews with auditors, these pressures are grouped into two categories and presented in Figure 1.

Figure 1.

The two major categories of pressure that exist in the literature.

One of the consequences of the auditees’ pressure on the auditors is the questioning of the independence of the audit profession. With the appearance of the financial scandals of the 2000s, the auditor is regularly suspected of colluding with the auditees at the expense of the beneficiaries of the financial information. It is for this reason that trust in the auditor seems to have deteriorated a lot, as the auditor is often seen as complicit with the auditee.¹ Furthermore, the harsh economic environment of the 2007–2009 recession may have weakened auditors’ independence for clients likely to exert pressure on auditees.⁷

The auditor’s relationships with various external stakeholders, such as regulators, legislators, investors, shareholders, or the public, can have an impact on his or her ability to demonstrate independence.¹⁹ The role of the auditee in the mission is therefore decisive and its behavior can deteriorate the climate and the working environment, making the work of the auditor painful and laborious. A study conducted in France identified 12 auditee behaviors that can negatively affect the quality of the audit, including fee negotiations, late programming of the auditor’s intervention, provocation and irritation, unavailability, and avoidance.²⁰

A new perspective is necessary

We have extended our literature review to include the relations between auditees and internal auditors or financial auditors. This review of the literature shows that auditors in general are under pressure. Although these relationships have been studied for internal auditors and financial auditors, there is very little for the IT auditor. The IT auditor has a job that is related to these auditors, but based on a different body of knowledge. In addition, the IT auditor will be in contact with a different subset of stakeholders, with a much more technological profile.

On the other hand, the studies identified in this literature review do not use a phenomenological method. As such, even if the pressures on the auditors are approached, they are usually limited to the nature of the pressures, without considering what the auditor lives during these moments. Moreover, when the consequences of the pressures are addressed, they are most often oriented toward the impacts on the quality of the audit and the independence of the auditor. Thus, a phenomenological analysis of the pressures experienced by IT auditors in auditor–auditee relations is of great relevance. Indeed, it will give us an idea of how auditors feel and experience pressure from auditees, help us to understand the impact of this on them and their work, and to see how they manage in such situations.

Methodology

As stated previously, the objective of this study is to explore what IT auditors experience, feel, and live in the context of the jobs. Given the paucity of the existing literature on the subject, it was decided to conduct an exploratory study. Moreover, given the exploratory intention of the study as well as the desire to capture of a rich portrait of what IT auditors experience, feel, and live in the context of the jobs, a research methodology designed for capturing rich experiences was chosen: phenomenology.

Hermeneutic phenomenology

To better understand how IT auditors experience the pressures in their relationships with the auditees during the various audit engagements, as well as the impacts of the said pressures on them, their audit work, and their career, we opted for hermeneutic phenomenology as a research methodology. According to the research methodology, after data collection (with interviews), through analysis, the meaning of participants experiences is identified and combined with the researcher’s understanding of the phenomenon.²¹ In order to guide the data analysis, interpretative phenomenological analysis (IPA) was used.²²

Participants selection

When conducting an exploratory qualitative study, it is not the quantity of the cases that is important but rather the richness of the cases. For adequate sampling, a researcher must rely on his or her personal judgment, guided by the purpose of the study, to identify participants who have experienced the phenomenon under study.²³ A detailed account of a few cases is usually enough to discover the basic elements of a phenomenon.²⁴ The use of non-probabilistic and homogeneous sampling has also been proposed in the literature.²⁵ Thus, through intentional sampling, it becomes obvious for the researcher to find a small number of participants for whom the research question is significant. An adequate sample size between three and six participants is recommended for a good study.²⁶

Given the objective of this study, the inclusion criteria for participants were as follows:

have at least 1 year of professional experience in IT auditing;

have experienced pressure during one or more audit engagements;

demonstrate an interest in exploring and discussing their experience as part of a research project; and

be able to describe their experience, their thoughts, their feelings related to a difficult audit situation.

Participants were recruited via the professional network of the researchers. For this study, five IT auditors were selected, as recommended in the literature.^26,27

Interviews

In order to gather rich data, semi-structured interviews were used; consequently, an interview guide was designed. The interview guide was designed in order to cover various facets of the participants’ experiences while taking in consideration the sensitive nature of some facets as well as the possibility for exploring emerging ideas from the participant’s answers. ^25,26

In order to conduct the interview, the interviewer memorized the interview guide and reviewed it before the beginning each interview; the goal being not to have to refer to it every time during the interview. During the interview, the interviewer played facilitative role in order to create a free-flowing discussion; hence, the order and the exact formulation of the questions was not rigidly followed in the same way for all participants. In order to stay focused on the dialogue, the interviews were recorded. Each interview lasted for approximately 60 min. Data collection was done in order to respect the confidentially of participants.

IPA is a recent qualitative research method that was introduced to the scientific world in the United Kingdom in the 1990s.²² The IPA belongs to the hermeneutical tendency of phenomenology; indeed, it helps to understand how meaning is given to experiences lived by individuals. In this approach, the researcher is personally involved in the analysis, which places the IPA in an “interpretative” perspective in line with Heidegger’s hermeneutic phenomenology.²² The IPA analysis uses a double hermeneutic in which the researcher and the participant are involved. Here, the participant, thanks to the help of the researcher during the interview, accesses his experience, gives him meaning, and shares his understanding; while, the researcher is engaged in the process of analysis, which helps to ensure a coherent hermeneutic perspective to the study. The IPA analysis process is both idiographic and inductive.

Themes construction

The IPA cycle is divided into four phases: search for themes, connection of themes, case analysis, and search for recurring patterns.^26,27 In the context of this study, when moving from case to case, in addition to identifying new themes, care was taken to identify excerpts that helps give more meaning to themes identified in previously cases. Once all the cases were analyzed (and reanalyzed), a global and transversal analysis was done in order to identify recurring themes (and patterns). As suggested by the literature, the following guidelines were used to identify final themes:²⁸

Themes emerging from three or more participants were kept;

Themes mostly emerging from at least one participant and slights discussed by other participants; and

Themes mostly emerging from only on participants but deemed significant for the study.

Research quality

Four key criteria can be used to evaluate the quality of a study using IPA.²⁷ Firstly, the study must be unambiguously phenomenological, hermeneutic, and idiographic. Consequently, the study must focus on the experiences of subjects, the study be about the interpretations of meaning, and the study must begin with a detailed analysis of a particular case; and, from the particular case, the researcher must explore in detail the similarities and differences between other cases. Secondly, the study must be transparent in that it must make apparent what was done. Thirdly, the results of the analysis must be consistent, plausible, and interesting. Here, consistency is generally assessed by the reader who, through a critical perspective, assesses whether the foundation and characteristics of an IPA are apparent in the approach and the report. The excerpts should show the density of the themes and their importance in the body of data. Each theme should be sufficiently and obviously illustrated by excerpts from participants’ transcripts. This study respects the four criteria.

Results

This section presents the results of the IPA of the data and provides answers to the questions below.

RQ1: How do IT auditors feel and experience pressure in different IT audit mandates.

RQ2: How do IT auditors maintain a good level of competence, objectivity, and performance while under pressure.

RQ3: How are the pressures on IT auditors affecting their IT audit mandates and careers.

Pressures experienced by IT auditors

In this article, we put into writing the inherent meanings of our participants’ experiences. To do this, the themes uncovered during the cross-sectional analysis are translated into narrative, while also taking care to explain, illustrate, and qualify them. These results provide a portrait of the challenges that IT auditors are regularly subjected to during audit engagements, followed by a discussion of the repercussions of these pressures that highlights the factors mitigating their impacts. In the end, it is shown that to maintain a good level of performance, auditors must take steps to ensure the prevention and management of pressure during their mandate. The original data were captured in French; consequently, what will be present and discussed are translations of the statements made by the interviewees.

Auditees put different pressures on IT auditors to ensure that the audit does not reveal any unsatisfactory situations or results in the smallest possible number of unsatisfactory situations.

Table 2 presents the quotes supporting the following statements.

Table 2.

Quotes for portrait of IT audience experience.

Distorted facts/words

“[…] I said to the auditee, ‘Look in your procedure; here you say that you do that, but you don’t do it; so that’s going to be an observation’. But even before I wrote it, well, the auditee called its manager and said there I was telling them what to do. […] But no, it’s not what I said; I said ‘This shouldn’t be done this way, but it is. You should change either the documentation or the way of doing things’. […] That was to remove the observation. They tried something not to have an observation.”

Misleading facts

“[…] Let’s say there is a legal obligation to make an annual access review. But they did not do it; then, they say ‘Yes, yes, we did it’. […] After three to four months when we search to find the evidence, ah! Well, they no longer have it […] But we know for a fact that they don’t do it.”

Wilful misunderstanding of expectations and objectives by the auditees

“[…] since it was SOX, it was much more demanding; the requirements are higher than for ordinary checks. So, the client thought we were exaggerating our expectations, asking for a lot of evidence, doing too much testing and asking too much.”

Discrediting the IT auditor

“[…] there are people at IT who use their power to say that, ‘Well, I think she [the auditor] does not show independence, her independence is not there’. That meant that I had to justify my actions all the time.”

“[…] it is certain that they aim to question the work that is done. Basically, one of the tactics of the auditee is to discredit the auditor: ‘The work was not conscientious enough, the work was not done with the required depth, the interviews were not conducted with the right people, the evidence gathered is incomplete, the analysis that has been done is not adequate’.”

Wilful ignorance of the requirements

“[…] people who are in control of a situation, who know they didn’t do it; instead of saying they didn’t, they’ll say, ‘Oh! I didn’t know it had to be done’. This is ignorance.”

Challenge of the findings by the auditee

“The pressure comes more from the fact that there is a confrontation with the adequacy of the findings. The person [auditee] will tend to want to challenge, discuss the adequacy of the report that has been made and presented to him. […] And so at that moment, the pressure comes more from proving the origin of the statement.”

Reduced impact of observations

“[…] we have all the evidence; but here they will try to…I wouldn’t say censor; but they are going to try to make a deal for your observation.”

“[…] for example, you make an observation and you write the following, ‘We recommend that your procedures be more complete’. They will say, ‘No! They are complete. It’s because you don’t understand. I think that your sentence isn’t adequate. You should change it and say “desirable”’. You know, they want you to change your observation, to try to give it less punch. […] You know, we recommend that he a change be made; but then, they will say, ‘No, it’s more a suggestion here’. You know, so that basically, the strength of observation decreases.”

Inadequate documentation, or adequate documentation but provided with delays

“The pressures that happen often, it’s especially that when you request information (for example) and then the documents do not arrive. Then finally, they send us the documents, but that’s really not what we asked for. When we come back them, it becomes an endless discussion. They talk in circles, meaning that we did not ask good questions.”

Refusal of the audit mandate

“I even had a director who didn’t want to see me anymore, he didn’t want me to come and audit them because he thought I was too hard on them. That affected me; because I say to myself, I wasn’t there for that.”

IT: information technology.

Auditees sometimes resort to accusations based on distorted or deceptive facts to put pressure on auditors to induce them to withdraw observations and thus maintain a good image within their hierarchy. These auditees do not hesitate to resort to unorthodox means to get by, such as reporting misleading facts or feigning misunderstanding of expectations and goals.

Pressure sometimes takes the form of discrediting the IT auditor and his or her work. Auditees try to present IT auditors into being careless, irresponsible, unprofessional, and unable to do their job properly. To force the auditor to withdraw an observation, the auditees sometimes willfully ignore the reality: They give the impression of not knowing what had to be done in a situation over which they are supposed to have perfect mastery.

The pressures arising from audit engagements primarily affect the IT auditors themselves. The repercussions are usually experienced in a very personal way. Mandates as such can also be negatively impacted by increased duration and difficult relationships with the auditees.

The pressures on IT auditors come in many forms. The repercussions are expressed both psychologically and physically. Emotions such as pain, disappointment, frustration, anxiety, and anger can lead to real physical trouble. These emotions translate into physical symptoms such as insomnia, fatigue, and apprehension. These combined factors may develop to the point of causing the auditor to be dissatisfied with his or her work, fear of recidivism, or lack of self-confidence. Sometimes changes in the personality of the auditor can be observed. The audit work then becomes onerous and much more like a daily battle, generating direct conflicts between the auditors and the auditees. The supporting quotes are presented in Table 3.

Table 3.

Quotes for psychological and physical impacts on the IT auditor.

Emotions (frustration, anger, anxiety, and disappointment)

“Well, it’s definitely frustration, frustration and anger, it’s clear.”

“[…] personally, at emotional standpoint, it is sure that well, you become hot. Especially that the partner is not happy that it has been escalated up to him. So, that’s sure to cause stress […]”

“Well, as I told you earlier, what happens is sometimes the disappointment that it gives and also…, it’s the disappointment […]”

Dissatisfaction

“I think the impact of the feelings is more important as time goes by. […] In the day-to-day, you’re just too involved. But in the long run, those feelings become a sense of dissatisfaction because you get the sense that people don’t value the work you are doing, and don’t want it.”

Conflicts

“I even had a director who didn’t want to see me anymore, he didn’t want me to go and audit them because he thought I was too hard on them. That affected me; […] But yes, it eventually came to my ears; then it bothered me a little…, enormously even; I can’t say a little here, very much; to see that there were my colleagues, or former colleagues who didn’t want me to go and audit them.”

Insomnia

“[…] when I come back the next day to work, then…I’m more at risk. You know, I’m less defensive because I’m a lot more tired.”

Loss of self-confidence

“The negative impact is the fear that, you are that type of person you become less confident. So, I had people in my team that, as they faced some situations, they became less confident in the situations they were in.”

Change of personality

“I became more rough. In the sense that in my town I became more critical and became more rough. I don’t know, so I gave you an example, I didn’t need to be nice.”

IT: information technology.

Competence, objectivity, and performance while under pressure

Performing a state-of-the-art IT audit requires a return to the auditees to validate the listed anomalies. From then on, the confrontation becomes inevitable, because the auditees make use of all the possible means to invalidate the observations. This places IT auditors in difficult discussions where they need to argue that their findings are well supported by evidence. IT auditors also experience pressure, because the auditees want the revealed anomalies to be presented with as little impact as possible. Auditees often try to avoid immediately providing IT auditors with requested documents, forcing delays, and repetitive requests. It even happens that the auditees refuse to host the audit mission in their department.

Pressures on the auditors also directly affect the outcome of the work. Extra efforts may have to be made to find appropriate responses to difficult situations. The fear of recurrence of these situations creates a certain fear for the auditor and forces him or her to make additional efforts in preparation and execution. All these additional efforts materialize in an increased duration of the mandates and add to the onerousness of the task. However, when pressures are well managed, they can lead to better preparedness. The supporting quotes are presented in Table 4.

Table 4.

Quotes for impact on audit work.

IT audit mandates and careers

IT auditors have developed a preventive approach that aims to develop the know-how and attitudes that make it possible to better limit and manage. The ultimate goal is to ensure that the pressures are not an obstacle to achieving the objectives of the audit. The importance of prevention and pressure management is also reflected in the density and intensity with which participants approach these themes; this is confirmed by the fact that all the participants spoke sufficiently about pressure management and three of the five participants spoke about its prevention.

IT auditors adopt attitudes and preventative practices to avoid pressure. One of these practices is to ensure that the audit report adequately presents the findings in their context and that they are properly evaluated. The temptation to be dragged into the sensationalism provided by the discovery of a serious anomaly is great. In addition, in order to keep the collaboration of the auditees, the auditor must therefore remain professional by reporting anomalies in an appropriate manner and avoid the element of surprise. For this purpose, the findings must be validated and reported back to the different hierarchical levels concerned.

The risk of pressure on IT auditors is high when the teams being audited have an important workload. Thus, the latter will benefit from emphasizing the more critical aspects. This will lead to less solicitation of the audited teams in the areas where the risks are lower, allowing to limit the workload of these teams and pressures experienced on both sides.

It is also necessary for the IT auditor to understand the context in which he works, in order to better take it into account in his relations with the auditees and avoid unnecessary pressure. The audit process in general is formal and procedural. For the IT auditor, the usual steps are mastered, and as a result, the temptation to remain attached to procedures to the detriment of relationships with the auditees is great. Establishing and maintaining good relationships with the auditees is one of the key factors in the success of an audit engagement. Even if good relationships are in place, it is possible that discomforts, likely to become a source of pressure, appear. In such a situation, the IT auditor must communicate with the auditee as soon as possible in order to address the situation.

In most cases, IT audit work leads to the discovery of anomalies that need to be corrected. Since these findings are not the ultimate goal of the audit, the IT auditor must focus on collaboration and cordial relations with the auditees and begin his or her engagement with sound assumptions. At the time of the presentation of the findings, the IT auditor may also be required to cover the auditee in order to avoid the latter being exposed to undue pressure from the recipient of the report, which ultimately would be passed on to the IT auditor and the audit work.

Auditees often welcome being involved in recommendations for improvements to remedy the anomalies detected. This will prevent avoidable pressures on the auditor. The supporting quotes are presented in Table 8.

Table 8.

Quotes for preventing pressure.

Report of findings according to the context

“So, it is important to get the approval of each level, before presenting to the board of directors. Although the auditor is independent to present to the board or the audit committee, it is important to have the points validated so everyone is aware of the context, that everyone knows the nature of the gaps, and what gave rise to it; because all of them will have to justify themselves afterwards.”

Just measuring of the findings

“I think what would be a danger to the auditor is to want to make a splash. To want to strike a long ball, to make a splash, to find the ‘gap’, to find something very serious in the organization. If you want to try to do that, then it can be dangerous; it can undermine the relationships we have internally.”

Foster collaboration

“[…] That’s what key is for the internal auditor, more about being collaborative, about helping the organization than about judging people and people.”

“[…] if we want the findings to move through the organization, what we need to preserve in an organization is the relationship we have with our co-workers. Because we are an internal auditor, I can’t have fun throwing ‘nuclear bombs’ everywhere. Because I am going to lose the collaboration of people, they will limit me in the participation that I will have on the projects, they will be perhaps less opened afterwards to be able to collaborate with the teams of internal audits.”

Findings on more critical aspects

“In this example in particular, it had to think harder about the scope of our work, and to have a more focused, risk-based approach and to see what was really essential, and to predict according to what was essential, the things that had the high risks. Things that were other than high risk, I was less demanding let’s say. So, it forced me to better prioritize the work to be done in the audit.”

Understanding the situation of the auditee

“[…] it’s easy to demand the best practices; but it is difficult if you have to do it while by being sensitive to the real life of people. So, you have to place yourself in their place to understand…What is the daily life, what they live, the challenges, why it’s not always feasible or achievable, realistic to do things according to best practice.”

Humane approach with the auditee

“[…] when you do a check, you can’t just come up with your work plan, your document requests, your package of questions, and do a check like a machine; it really takes, when I talk about ease with people, to have this human contact with people; you have to know how to reach people beyond the audit, the objectives of the audit. So, establish a personal relationship; of course, it’s not that you become friends, but still establish personal contact.”

Adequate communication with the auditee

“What it had taught me was the importance of communicating with customers; and when I talk about communication, I’m not just talking about requests for documents […]; it’s really about being on the lookout for what the customer is going through and really being sensitive to behaviours, body language, and really knowing what the customer think and feels. And so, really be listening to […] the customer. And, as soon as you feel any discomfort among the customers, try to address it as quickly as possible.”

Adopting the right working hypotheses

“The basic premise is that people do their job, are competent and so there may be absolutely nothing that comes out of a verification mission. There are often things that come out of there; but still, the basic premise is not that we will find stuff.”

Protecting the auditee if necessary

“[…] then sometimes, you have the audit committee ‘shooting’; because when you are at the deadline and that you knew he would not be there, you do not want the auditee put on the ‘spotlight’, to explain to the audit committee why that do not work. That’s what you say, but look at it is because of the situation, of such, such and such situations; now, it’s postponed in a year; then, I’m comfortable with it. Sometimes, it is to ‘back up’ the auditee too; then, to understand the reality of everyone, then to try to be able to separate things.”

Involving the auditee in the recommendations

“I’m trying to get them involved in the improvements. Suppose I see something that doesn’t work, I try to discuss it with the auditee to say, ‘Look, how do you see that? What would you do?’ Then, if there are parts of recommendations that come from him, but I would write them clearly. […] Then, it can be true because he can have better ideas than me often. Exactly, he’s been here a long time and he knows his job; they are people who are there for a reason, because they are able to do it. I think you have to capitalize on having a lever for that purpose.”

To cope with the pressures, IT auditors have developed mechanisms that allow them to manage these circumstances. One of the tactics used to put pressure on the IT auditors described above is discrediting their work and themselves. In these circumstances, it is common for the auditees to attempt to turn discussions to the auditor’s person or the way the audit was conducted and not the reality of the facts that were identified during the audit mandate.

To deal with the challenge of the auditees, the IT auditors must provide the proof or evidence supporting what they present as observations and defend their point of view in a respectful and ethical fashion. Negotiation is generally the instrument that allows IT auditors to find common ground with the auditees on audit findings and recommendations. Genuine communication with the auditee helps to defuse the conflict.

The IT auditor must be vigilant, calm, and not become trapped in inappropriate debate. However, when such debates have been initiated, IT auditors can interrupt and postpone their discussions with the auditees, in order to avoid aggravating the difficult situations, which will otherwise become more complex to manage afterward. To get out of certain pressure situations, IT auditors call on their hierarchy or the hierarchy of the auditee. This is called “escalating.” It is a question of keeping the solicited hierarchy/hierarchies alerted until the dispute is solved. It also happens that the assistance of the superior is solicited, without the latter being directly involved in the resolution of the dispute. Indirect hierarchical support defuses the pressures experienced by the IT auditor. In a similar way, coworkers allow the IT auditor to vent his frustrations privately, rather than directing them toward the auditees. Also, certain traits of personal character such as self-control, listening, patience, or the ability of the IT auditor to disconnect from events help him or her cope better.

Despite these defensive mechanisms, the IT auditor must be flexible and consider discussions being less rigid. This “grey zone” technique allows the context to be analyzed to see if there are any elements that can be presented as mitigating circumstances. This technique will allow easier acceptance of a finding whose financial and organizational issues are important. The supporting quotes are presented in Table 9.

Table 9.

Quotes for managing pressures during an audit.

Debating facts

“So, the auditee will always try to discredit the auditor; it is certain that when one tries to discredit a person, it becomes almost a personal debate and is no longer on the work, but rather on the individual and therefore at that moment, it is important to bring back the debate on the facts rather than the work itself that was conducted by the auditor. So, bringing the debate back to the evidence rather than the people.”

“It’s about preparing your case, making sure it’s properly documented so that we can debate and bring back the debate on the facts rather than the way the work was done.”

Providing proof or evidence

“There needs to be more evidence; then, it must be demonstrated with proof. Because normally in audit, we are not obliged to present our proof; we normally say, ‘Look at it, we observed in access management that you had 40% of your accesses that are not correct’. […] While with the difficult auditee, […] you have to say that of the 40% there are 10 in this sector […] and so forth…”

Negotiation

“[…] at the end of the audit, naturally we leave our observations, our recommendations and it happens quite often where the client does not agree with our observations and still does not agree with our recommendations. So, there is always this discussion, debate with the client to agree to the observation […]”

Genuine communication

“[…] So, what had it taught me? This is the importance of communication. And in this particular case, I made an agreement with my contact at the customer, ‘If there are things that you do not like at this point, to talk to me about it before escalating it. Because it’s so much better that we solve it between us instead of escalating like that’. So, I kept a much closer communication with this person.”

Leaving the discussion before it degenerates

“[…] us, our rule here, is that when we see that is heating up too much, instead of continuing to argue, continue to defend, well, it is to leave the place, then resume the discussion at later time. This is my attitude that I have at this time. ‘It doesn’t work well, look, we’re going to sit and then we’ll talk another time. I think we did not go to in the right direction […]’”

Hierarchical escalation

“I keep escalating until I get what I need, I try sincerely to reach the person, by phone, by email, I try a couple of times, if get no response, if the person doesn’t provide me the same credit, then I show them, I escalate. And this is where being in internal audit is probably a little bit simple because your management seats at a higher level of the organization. So, you are able to press down.”

Indirect hierarchical support

“At a given moment, you go overboard then, you see your manager. Then you say, ‘I can’t take it anymore. You do the job, because now, before I explode […]’ Then he says, ‘OK, it that makes you feel better. Now, what do we do?’ Then we write the document; and we write an email that is read again by several people in the entourage so that it is the most correct; […] we must always pay attention to what we say.”

Venting frustrations

“[…] you must not be rude. It makes you pay attention; in fact, we calm down and then we go…in the end we let off steam, we have good managers, we let off steam in front of them. Then they say OK if it makes you feel good.”

Character traits

“You have to listen to it, you have to be patient. That’s it. That’s the hardest thing, sometimes it’s patience.”

“[…] control of yourself, then your self-esteem. Yes, it is important. Then, to think that it’s a job is not your life, it’s your job. […] Self-control is also important.”

Flexible approach

“[…] that it is someone who knows how to make the difference, that it is not someone too rigid, but that it is someone of flexible.”

Grey zone technique

“When you come back into this grey zone, it’s quite nuanced discussions, sometimes complex in this grey zone. What we often do, almost always, is that we prepare a memo to describe our reasoning; to say why despite this gap or these gaps we think we can always rely on controls. […] So it is necessary that the memo is robust enough and that it is supported by evidences, by something; So, it’s not just a story you tell.”

Discussion

At the current stage of this study, it is necessary to discuss a number of elements in order to answer the questions raised by the specific objectives related to the research question.

The purposes here are to explain the results presented in the previous chapter and to describe the scientific significance that follows from the initial objectives. Thus, the discussion of the results will revolve around the following elements.

the pressures experienced by IT auditors;

how IT auditors feel and experience pressures during various mandates;

the impact of different pressures on the auditors, their audit mandates, and their careers; and

the means by which IT auditors maintain a good level of competence, objectivity, and performance under pressure.

The pressure experienced by the auditors is presented in the literature as the maneuvers used by the auditees, which aim to hinder in a more or less subtle way the auditor in his investigations, in order to prevent him or her from manifesting his intrinsic competence.⁴ Stories describing the situations experienced by all participants in our study confirm that similar pressures are also exerted by auditees on IT auditors during audit engagements. Table 10 presents five (5) categories of pressures on IT auditors as part of the audit mandates identified in this study. Many of these pressures are mentioned in the literature, in the general context of auditor pressures on the part of the auditees.¹

Table 10.

Pressures grouped by categories.

Categories	Pressures
Accusations based on unproven facts	Reporting false or misleading facts involving the IT auditor to the hierarchy Reporting findings to the auditor’s hierarchy based on a misunderstanding of the circumstances
Discrediting the auditor and his or her work	Questioning or doubting: The quality of the approach used during the audit The source of the audit evidence analyzed during the audit The quality of the analysis The independence of the IT auditor The professionalism of the IT auditor
Pretending to ignore the reality	To give the impression of not knowing what must be done in a perfectly controlled situation
Attempting to change the report	Challenging and discussing the adequacy of the findings Attempting to remove or modify a finding Attempting to change a recommendation
Attempting to obstruct the audit	Late submission of evidence Communication of erroneous evidence Trying to oppose the completion of an audit

IT: information technology.

The elaboration of the abovementioned pressures by concrete examples from participant experiences greatly contributes to the achievement of our overall goal. This allows anyone who wants to embrace an IT auditor career to get an idea of the reality of this business and to consider what kind of situation he or she might face. It also serves as a basis for thinking about the impact of pressures on IT auditors, how IT auditors are affected by and experience these pressures, and the means and mechanisms they use to cope in these different situations. The study of the relationship between IT auditors and the auditees was aimed, among other things, at understanding how IT auditors feel and experience the pressures that arise in different audit mandates, as well as how these pressures impact their mandates, their careers, and themselves.

The results of our study highlight two important factors related to the experience of pressures emanating from the auditees and how they impact the IT auditor. This is the experience of the IT auditor and support from his hierarchy. With respect to the experience of the IT auditor, our study suggests that the way in which pressures from the auditees affect the IT auditor is related to his or her previous experience of these pressures. Therefore, the probability that the IT auditor who has little experience of being greatly affected is high; conversely, the probability is low for the IT auditor who has more experience, as he will be very little affected or almost indifferent.

Here, experience can be understood as knowledge or practice acquired in contact with certain realities or by long practice. It usually results in increased knowledge of the person concerned. Repeated pressure from the auditees is a source of learning for the IT auditor. Thus, over time, he or she learns how to deal with conflicts and negative emotions resulting from pressure. This is in line with the findings of another study: In order to avoid making the same mistakes twice, several internal audit managers carried out ex post facto analysis after harsh political pressure to look at what worked or what didn’t. The same study claims that a large number of internal audit managers feel that they have learned from the pressures they have experienced, and therefore know what to do and what not to do.²⁹

The IT auditor–auditee relationship is often conflictual and accompanied by negative emotions in the IT auditor; on an emotional level, work experience plays a key role in improving emotional intelligence.³⁰

Thus, in the face of repeated emotional difficulties, the auditor learns to control his or her feelings to discern those that may be harmful if he uses them to guide his thoughts and actions. It has been suggested that a close link between emotional intelligence and the successful resolution of conflicts exists.³¹ It has also been reported that people with strong emotional intelligence preferred to seek collaborative solutions in the event of conflict.³² The experience of the IT auditor would allow her to keep control in a pressure situation to find a good solution, while reducing excesses related to emotions.

Our study highlights the fact that the impact of pressure on the IT auditor and the way in which he or she experiences them depends on the level of support from their hierarchy. This suggests that the period of pressure is shortened and generally has fewer consequences when the IT auditor is supported by his or her hierarchy. The advice and guidance of a supervisor is useful to the IT auditor and invaluable to the inexperienced auditor. Also, in a situation of pressure that could have had serious consequences for the IT auditor, both professionally and personally, the support of his or her supervisor is likely to stem the pressure of the auditees and limit its impact. In this regard, it is noted in the literature that if a manager or executive tries to put pressure on the head of internal audit, a general director (or any other senior manager), who understands and supports the unique role of internal audit, can intervene to defuse the situation quickly.²⁹ This is closely related to what our results suggest.

One of the specific objectives of our study was to understand how the pressures experienced by IT auditors affect them, their audit mandates, and their careers. Thus, during the data collection, participants were asked questions in order to identify the repercussions of the pressures they experienced. In the light of the results of our study, the major topics related to the impact of pressure on the IT auditor relate to the emotional, sentimental, physical, and professional levels.

The results of our study suggest that unpleasant emotions and feelings are elicited in the IT auditor as a result of pressure from the auditee, and our interviews highlighted some of these feelings and emotions. They also confirm the existence of conflicts between IT auditors and auditees. It is evident from the narrative of the majority of participants in this study that there are tensions in the auditor–auditee relationship. This situation, considered to be conflictual, is justified in the literature by the “theory of real conflicts,” which states that when persons belonging to different groups interact for a certain period of time, these relationships affect their feelings and give rise to friendship, hatred, aggression, or compassion; in short, these people rarely come out indifferent to each other.³³ In addition, conflictual relationships and the threatened self-image are sources of emotional discomfort in many situations, whether at work or in everyday situations.³⁴

Our study identified feelings and emotions such as pain (psychological), frustration, anger, disappointment, fear, distrust, dissatisfaction, apprehension, and lack of self-confidence, as experienced IT auditors during and/or after the experience of pressure; they represent the emotional impact of the pressures from the auditees. It is observed in the literature that work stressors have a direct relationship with sleep disorders.³⁵ A relationship between work stress and insomnia has been identified such that people with relatively high work-related stress often experience insomnia.³⁶

All of this is consistent with the results of our study, which suggest that the moral distress and frustrations caused by the pressures on the auditee can cause insomnia and fatigue in the IT auditor.

The Merriam-Webster Dictionary defines “fatigue” as a weariness or exhaustion from labor, exertion, or stress. Here, fatigue felt by IT auditors is seen as a burnout following prolonged efforts or intense intellectual work aroused by pressure. As a result, the tense climate between the IT auditor and the auditee often arises from conflict, leading to poor working conditions that can lead to frustration and distress.

The results of our study suggest that pressure from the auditees can extend the duration of the audit mandate and imply that the IT auditor is making additional efforts to complete his work. They also suggest that IT auditors expend more effort to prepare audit engagements after being pressured by the auditees.

The pressure that auditees place on IT auditors forces them to invest more effort in providing explanations and clarifications to the questions raised and to collect additional audit evidence in order to clearly justify the findings in question. In addition, the feeling of apprehension aroused by the pressure encourages the auditor to invest more in the preparation of audit mandates, because they are afraid to see a recurrence of the pressure already experienced and prepare in advance for this eventuality.

All of this justifies the idea that the pressures on IT auditors lengthen the timeframe and involve additional efforts in fulfilling the mandate. It also justifies the significant efforts that can be made by the IT auditor in the preparation of audit mandates.

Relationships between IT auditors and auditees are regularly filled with tension. Auditees in general are wary of auditors; this attitude usually leads to negative and uncooperative behavior toward the auditor. Thus, the auditor–auditee relationship becomes difficult and painful.³⁷

Our study suggests that this difficult relationship is a limiting factor for the IT auditor’s career. As a result, it seems difficult, if not impossible, for the IT auditor to return to a career in one of the IT departments he usually audits. Also, in the long run, the tensions and pressures experienced by the auditors may make them leave the IT auditor career.

According to the IIA, “competence” refers to the knowledge, skills, and other abilities that the auditor needs to be able to effectively carry out his or her professional responsibilities.¹⁰ Let us note here that the problem is not based on the incompetence of the IT auditor, but rather on his ability to demonstrate that he is competent. Indeed, one of the objectives targeted by the pressures of the auditees is to prevent him or her from manifesting their intrinsic competence.⁴ ISACA’s auditing standards define “objectivity” as the ability to exercise judgment, express opinions, and make recommendations impartially. Globally recognized audit organizations such as ISACA, IIA, and IFACI present competence, objectivity, and independence as key pillars of good audit performance.

One of the legitimate questions raised by the pressures experienced by IT auditors from the auditees was how do IT auditors manage this? Or how do they keep a good level of competence, objectivity, and performance in pressure situations? The results of our study reveal that IT auditors do prevention and pressure management in order to maintain their skills, performance, and objectivity. They also suggest that some of the personal character traits of the IT auditor have a significant influence on the management of pressure.

This study identifies listening skills, patience, self-control, sincerity, ability to disconnect, and flexibility as the personal character traits that help the IT auditor to better manage the pressures exerted by the auditees.

Table 11 presents the different prevention and pressure management strategies developed by IT auditors.

Table 11.

Prevention and pressure management strategies.

Categories	Strategies
Prevention of pressures	Understanding the context of the auditee organization Adopting a human approach to relations with the auditees Establishing and maintaining adequate communication with the auditees Proposing improvements in collaboration with the auditees Adopting the right working hypotheses Avoiding the sensational Not exposing the auditees to the vindictiveness of the managers (protecting the auditees if necessary) Reporting findings in context Communicating findings from the lowest hierarchical level (the auditee himself) to the highest Fostering collaboration earlier than personal achievements Adopting a risk-oriented audit approach
Management of pressures	Leaving the discussion before it escalates Directing debates about facts, not people Soliciting the intervention of the hierarchy to resolve the dispute Letting off steam with supervisors or colleagues Providing evidence to support the anomalies raised by the IT audit Defending one’s opinion and negotiating Having a genuine conversation with the auditees about the situation Conducting extra-professional activities to disconnect from the pressure

Conclusion

Our project focused on studying the relationship between IT auditors and the auditees, as well as their impact on auditors, their audit mandates, and their careers.

The overall goal was to explore and document what auditors experience, feel, and live in the context of difficult relationships and disagreements with the auditees, as well as how this challenging context impacts them, their audit mandates, and their careers; the aim being to inform and better protect future auditors in order to face the realities of the profession in which they wish to engage.

The results of this study provided a portrait of the pressures experienced by IT auditors; in this portrait, each pressure exerted by the auditees identified at the end of the analysis is described in the words of the participants.

The first specific objective of the study was to understand how IT auditors feel and experience pressure in different audit mandates. The results of the study suggest that the way in which the pressures of the auditees is experienced and felt depends greatly on the previous experience of the IT and the degree of support that his hierarchy gives him in this circumstance. We concluded that the more experience and/or support of the hierarchy the auditor has, the less affected he is, and the less experienced and less supported by her hierarchy, the more affected she is.

From the results of the study, it was found that the pressures on the IT auditor were emotional, psychological, physical, and professional. The results highlighted eight (8) negative emotions or feelings experienced by IT auditors as a result of pressures from the auditee. On the physical side, the study reveals that the moral distress and frustrations caused by pressures from the auditees can provoke the IT auditor into insomnia and fatigue. It also highlights the impact that the pressures exerted by the auditees have on audit mandates: They can extend the duration of the mandate and involve additional efforts by the IT auditor to complete it. Regarding the career, it seems difficult, if not impossible for the IT auditor to enter a career in one of the IT departments he or she usually audits.

The last specific objective of our study was to understand how auditors maintain a good level of competence, objectivity, and performance in the pressure. The results of the study show that to achieve this end, IT auditors do prevention and pressure management as part of their IT audit activities. We identified eleven (11) pressure prevention strategies and eight (8) pressure management strategies used by IT auditors.

Moreover, these same results suggest that certain personal character traits of the IT auditor have a significant influence on pressure management. For this purpose, the study has identified seven (7) personal character traits, including listening skills, patience, and self-control, which help the IT auditor better manage the pressures from the auditees.

The method used in this research project, IPA, explores the participants’ experiences and the meaning they give them.²⁷ This approach considered innovative given the scarcity of phenomenological studies of auditor–auditee relationships.

The benefits of this study

The purpose of our study was to inform and protect future IT auditors on the realities of the job. In this regard, the results of our study constitute an important documentation of the reality of the pressures in the world of IT auditing, and their emotional, physical, and professional repercussions, as well as on the possible strategies for their prevention and management. These results extend and enrich the scientific community’s understanding of the subject.

Also, these results would be useful in the initial and ongoing training of IT auditors to better prepare them to cope with the pressures of the auditees, because it is now clear that pressure prevention and management are part of the day-to-day business of IT auditors.

Moreover, in order to perfect and examine from other angles the related issues of the experience of IT auditors’ pressure from auditees, a research program could be put in place to enable IT auditors to gain leverage of the scientific research in this area.

The limitations of this study

Given the exploratory nature of this study, it does not allow us to generalize the conclusions. In order to generalize the results, a larger sample size must be considered. While internal and external audits are useful for the proper functioning of organizations, and the skills required to practice both professions are similar, they also differ. The internal auditor is part of the organization he or she audits, and his or her activities focus on the company’s processes, while the external auditor is not part of the organization, and their activities are limited to the financial statements. Considering these differences, our study has a second limit: the results obtained and the various conclusions derived from them do not make it possible to identify the specific pressures that are applicable exclusively to the internal audit versus the external audit.

Although all of the participants in our study had extensive IT audit experience, the researcher noted in the data collection that two participants were not dedicated full-time IT auditors and were performing financial statements audits in parallel. This could have affected our results to the extent that the purpose of the study was to examine the specific case of the experiences of the pressures of IT auditors.

In order to enrich scientific knowledge in relation to what the auditors’ experience, feel, and live in the context of the pressures exerted on them by auditees, subsequent research projects arising out of this study should be considered. For instance, the analysis method used in our study does not allow analysis with a large number of participants; thus, it would be important in the future to conduct similar research using quantitative methods to see to what extent the conclusions obtained in this study can be generalized to a large sample.

In addition, the results of our study show the significant role of experience and supervision in managing and experiencing pressures. It would be useful to identify the particular aspects of experience and supervision that are important. It would also be important to identify the mechanisms used by IT auditors to acquire management and pressure prevention techniques. This would be an asset to the use of the prevention and pressure management strategies presented in this study.

The results of our study also address the emotional aspects and suggest that it may sometimes be necessary to relieve internal tensions with a colleague. Emotional competence is relevant here. In future studies, one could examine the impact of emotional skill development and emotional burden regulation on the experience of pressures by IT auditors. Moreover, many other studies are possible, especially on the impact of know-how in conflict management, emotional intelligence, the personality of the auditor, or some personal character traits such as patience, mastery of self, and so on on the experience of pressures.

Finally, while this study focused on the lived experiences of IT auditors, future research should compare the similarity of these results with those of general auditing and evaluation specialists.

Footnotes

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This work was supported by an RGPIN grant from the Natural Sciences and Engineering Research Council of Canada.

ORCID iD

James Lapalme

References

Sakka

L’autideur: complice ou victime de l’audit? La place de la dimension européenne dans la Comptabilité Contrôle Audit. Strasbourg, France, pp. cd-rom, 2009.

Kanellou

Spathis

. Auditing in enterprise system environment: a synthesis. J Enterprise Inform Manage 2011; 24(6): 494–519.

Bou-Raad

. Internal auditors and a value-added approach: the new business regime. Manage Audit J 2000; 15(4): 182–186.

Colasse

. Auditer, une mission impossible? Sociétal 2000; 39: 38–39.

Sarens

De Beelde

. The relationship between internal audit and senior management: a qualitative analysis of expectations and perceptions. Int J Audit 2006; 10(3): 219–241.

Carlin

Gallegos

. IT audit: a critical business process. Computer 2007; 40(7): 87–89.

Ettredge

Fuerherm

Guo

, et al. Client pressure and auditor independence: evidence from the “great recession” of 2007–2009. J Account Public Policy 2017; 36(4): 262–283.

Greenhaus

Bedeian

Mossholder

. Work experiences, job performance, and feelings of personal and family well-being. J Vocat Behav 1987; 31(2): 200–215.

ISACA. CISA review manual 2013. Schaumburg: Information Systems Audit and Control Association, 2012.

10.

Institute of Internal Auditors (IIA). Normes internationales pour la pratique professionnelle de l’audit interne - Édition 2017. Paris: Institut français de l’audit et du contrôle interne, 2017.

11.

Gelbstein

. Auditor: about yourself (and how others see you). ISACA J 2015; 2.

12.

Gelbstein

. The soft skills challenge, Part 3: dealing with conflict. ISACA J 2015; 6.

13.

Stoel

Havelka

Merhout

. An analysis of attributes that impact information technology audit quality: a study of IT and financial audit practitioners. Int J Account Informat Syst 2012; 13(1): 60–79.

14.

Seganish

Holler

. Complying with the Sarbanes-Oxley ethics requirements. Int Audit 2004; 19(4): 22–27.

15.

Gramling

Maletta

Schneider

, et al. The role of the internal audit function in corporate governance: a synthesis of the extant internal auditing literature and directions for future research. J Account Lit 2004; 23(5): 194–244.

16.

Cooper

Leung

Mathews

. Internal audit: an Australian profile. Manage Audit J 1994; 9(3): 13–19.

17.

Nichols

Price

. The auditor-firm conflict: an analysis using concepts of exchange theory. Account Rev 1976; 51(2): 335–346.

18.

Shaub

. The impact of the Sarbanes-Oxley act on threats to auditor independence. Res Prof Respons Ethics Account 2005; 10: 123–138.

19.

Compernolle

. La construction collective de l’indépendance du commissaire aux comptes: la place du comité d’audit. Comptabilité-Contrôle-Audit 2009; 15(3): 91–116.

20.

Sakka

Manita

Les comportements de l’audité affectant la qualité de l’audit: Une étude exploratoire sur le marché Français. Comptabilités, économie et société. Montpellier, France, pp. cd-rom, 2011.

21.

Wojnar

Swanson

. Phenomenology: an exploration. J Holist Nurs 2007; 25(3): 172–180.

22.

Smith

. Reflecting on the development of interpretative phenomenological analysis and its contribution to qualitative research in psychology. Qual Res Psychol 2004; 1(1): 39–54.

23.

Groenewald

. A phenomenological research design illustrated. Int J Qual Method 2004; 3(1): 42–55.

24.

Starks

Trinidad

. Choose your method: a comparison of phenomenology, discourse analysis, and grounded theory. Qual Health Res 2007; 17: 1372–1380.

25.

Smith

. Semi-structured interviewing and qualitative analysis. In: Smith

Harre

Van Langenhove

(eds) Rethinking methods in psychology. London: Sage, 1995, pp. 9–26.

26.

Smith

Osborn

. Interpretative phenomenological analysis. In: Smith

(ed.) Qualitative psychology: a practical guide to research methods. London: Sage; 2007, pp. 53–80.

27.

Antoine

Smith

. Saisir l’expérience: présentation de l’analyse phénoménologique interprétative comme méthodologie qualitative en psychologie. Psychologie Française 2016; 62(4): 373–385.

28.

Smith

. Evaluating the contribution of interpretative phenomenological analysis. Health Psychol Rev 2011; 5(1): 9–27.

29.

Miller

Rittenberg

. Pression politique sur l’audit interne – comment rester efficace? Altamonte Springs: Institute of Internal Auditors Research Foundation (IIARF), 2015.

30.

Cook

Darlene Bay

Myburgh

, et al. Emotional intelligence: the role of accounting education and work experience. Issues Account Educ 2011; 26(2): 267–286.

31.

Goleman

. Working with emotional intelligence. New York: Bantam, 1998.

32.

Jordan

Troth

. Emotional intelligence and conflict resolution in nursing. Contemporary Nurse 2002; 1(1): 94–100.

33.

Levine

Campbell

. Ethnocentrism: theories of conflict, ethnic attitudes and group conflict. New York: Wiley, 1972.

34.

Cahour

Lancry

. Émotions et activités professionnelles et quotidiennes. Le Travail Humain 2011; 74(2): 97–106.

35.

Kalimo

Tenkanen

Härmä

, et al. Job stress and sleep disorders: findings from the Helsinki heart study. Stress Health 2000; 16(2): 65–75.

36.

Kim

Min

, et al. Association between job stress and insomnia in Korean workers. J Occupat Health 2001; 53(3): 164–174.

37.

Churchill

Cooper

. A field study of internal auditing. Account Rev 1965; 40(4): 767–781.

Relationship between information technology auditors and auditees and their impacts on auditors

Abstract

Keywords

Introduction

Related work

Internal auditing perspective

Financial auditing perspective

A new perspective is necessary

Methodology

Hermeneutic phenomenology

Participants selection

Interviews

Themes construction

Research quality

Results

Pressures experienced by IT auditors

Competence, objectivity, and performance while under pressure

IT audit mandates and careers

Discussion

Conclusion

The benefits of this study

The limitations of this study

Footnotes

Declaration of conflicting interests

Funding

ORCID iD

References