Managers’ Perception on the IT Audit Recommendations: The Effect of Risk Significance, Ease of Implementation and Added Value on Implementation of Recommendations


  • Armend Salihu Faculty of Contemporary Science and Technology, South East European University (SEEU), Tetovo, Republic of North Macedonia
  • Hamdi Hoti Faculty of Economic, University of Prizren “Ukshin HOTI”, Prizren, Republic of Kosovo



: IT Audit Recommendations, Management Perception, Ease of Implementation, Risk Significance, Quality of Recommendations


The purpose of this study is to analyse the impact of the risk significance of audit results, the quality of the recommendations given on how easy it is to implement them, and the added benefit to the organization in implementing the recommendations. After a comprehensive literature review, the study provides a statistical analysis through a questionnaire that has been distributed to investigate the effect of Risk Significance, Ease of Implementation, and the Added Value on the implementation of the recommendations within organizations. Regarding the results obtained from the questionnaire, all Cronbach’s Alpha values are within the acceptable level, whereas the first three variables (Implementation of Recommendations, Risk Significance and Ease of Implementation) have a strong positive correlation between each other. There is a weak positive correlation between Added Value of Recommendations with other variables. In the regression analysis was found that all independent variables have a positive effect on the depended variable.


Download data is not yet available.

Author Biographies

Armend Salihu, Faculty of Contemporary Science and Technology, South East European University (SEEU), Tetovo, Republic of North Macedonia

Armend Salihu works as IT Auditor at National Audit Office – Republic of Kosovo, also he is engaged as Teaching Assistant at the University of Prishtina, Faculty of Mathematics – Natural Sciences. Currently, he is pursuing a PhD in Computer Science at the South-East European University. His research interests are: IT Audits, Information System Audit, Theoretical Computer Science, Security, Technology and Simulations.

Hamdi Hoti, Faculty of Economic, University of Prizren “Ukshin HOTI”, Prizren, Republic of Kosovo

Hamdi Hoti received his Ph.D. at the University of Tirana. He is an Associate Professor at the Faculty of Economics, University “Ukshin HOTI” Prizren. His research interests include Corporate Governance, Change Management, Human Resource Management, Scientific Research Methods, and Project Management. He is Vice Dean in the same faculty.


J. Warren, L. Edelson, X. Parker and R. Thrun, Handbook of IT Auditing, New York: Warren, Gorham & Lamon, 1998.

B. L. Hadden, F. T. DeZoort and D. R. Hermanson, “IT Risk Oversight: The Roles of Audit Committees, Internal Auditors, and External Auditors,” Internal Auditing, vol. 18, no. 6, pp. 28–31, 2003.

D. M. Cannon and G. A. Crowe, “SOA Compliance: Will IT Sabotage Your Efforts?,” The Journal of Corporate Accounting and Finance, vol. 15, no. 5, pp. 39–53, 2004.

M. E. Porter, Competitive Advantage, New York: Free Press, 1988.

C. Matt, T. Hess and A. Benlian, “Digital Transformation Strategies,” Business Information System Engineering, vol. 57, pp. 339–343, 2015.

C. Juiz and M. Toomey, “To Govern IT, or Not To Govern IT?,” Magazine Communications of the ACM, vol. 58, pp. 58–64, 2015.

IT-Governance-Institute, Board Briefing on IT Governance, 2nd Edition, USA: IT Governance Institute, 2003.

A. Lawati and S. Ali, “Business perception to learn the art of Operating System auditing: A case of a local bank of Oman,” in Proceedings of the 8th IEEE GCC Conference and Exhibition, 2015.

D. Radonovic, T. Radonovic, L. Dubravka and M. Sarac, “IT audit in accordance with COBIT standard,” in MIPRO, 2010 Proceedings of the 33rd International Convention, IEEE, 2010.

M. Kayrak, “Information Technology Audit and the Practice of the Turkish Court of Accounts,” Turkish Court of Accounts, Turkey, 2014.

P. Lovaas and S. Wagner, “IT Audit Challenges for Small and Medium Sized Financial Institutions,” in Annual Symposium on Information Assurance and Secure Knowledge Management, 2012.

D. C. Chou, “Cloud Computing Risk and Audit Issues,” Computer Standards and Interfaces, vol. 42, pp. 137–142, 2015.

M. Spremić, “Managing IT Risks by implementing Information System Audit Function: Case of Croatian Large Companies,” in 3rd International Workshop in Wireless Security Technologies Proceedings, 2005.

T. Rosário, R. Pereira and M. M. da-Silva, “Formalization of The IT Audit Management Process,” in IEEE 16th International Enterprise Distributed Object Computing Conference, 2012.

T. Li and L. Chen, “The IT Audit Objective Research Based on The Information System Success Model under The Big Data Environment,” in International Symposium on Knowledge Acquisition and Modeling, 2015.

B. R. Aditya, R. Hartanto and L. E. Nugroho, “The Role of IT Audit in the Era of Digital Transformation,” in IOP Conf. Series: Materials Science and Engineering 407, 2018.

P. J. Suk, Y. C. Oh, J. G. Yoo and J. B. Kim, “Study on Audit Information Systems Improved Model based on Public Internal Audit Paradigm Shift,” Advanced Science and Technology Letters, vol. 107, pp. 12–15, 2015.

M. AL-Sharairi, A. Al-Hosban and H. Thnaibat, “The impact of the risks of the input of accounting information systems on managerial control, accounting control and internal control in commercial banks in Jordan,” International Journal of Business and Management, vol. 13, no. 2, pp. 96–107, 2018.

I. Solomon and K. Trotman, “Experimental judgment and decision research in auditing: The first 25 years of AOS,” Accounting, Organizations and Society, vol. 28, pp. 395–412, 2003.

Z. Rezaee and A. Reinstein, “The Impact of Emerging Information Technology on Auditing,” Managerial Auditing Journal, vol. 18, no. 2, pp. 465–471, 1998.

A. C. Dzuranin and I. Mãlãescu, “The Current State and Future Direction of IT Audit: Challenges and Opportunities,” The Journal of Information Systems, vol. 30, pp. 7–20, 2016.

I. Cooke, “The Components of the IT Audit Report,” ISACA Journal, vol. 1, no. 1, 2020.

Institute-of-Internal-Auditors, Role Of Auditing in Public Sector Governance. 2nd Edition, IIA, 2012.

J. Taylor, “What should be the role of the auditor general in the context of managerialist government and new public management?,” Australian Journal of Public Administration, vol. 55, no. 4, pp. 147–156, 1996.

M. B. Adams, “Agency Theory and the Internal Audit,” Managerial Auditing Journal, vol. 9, no. 8, pp. 8–12, 1994.

P. Wilkins, “Performing auditors?: assessing and reporting the performance of national audit offices-a three country comparison,” Australian Journal of Public Administration, vol. 54, no. 4, pp. 421–430, 1995.

K. A. Stephen, “Determinants of Auditee Adoption of Audit Recommendations: local government auditors’ perspectives,” Journal of Public Budgeting, Accounting & Financial Management, vol. 24, no. 2, pp. 195–220, 2012.

C. N. VanGansberghe, “Internal auditing in the public sector: a consultative forum in Nairobi, Kenya, shores up best practices for government audit professionals in developing nations,” 2005.

L. B. Sawyer, “An internal; audit philosophy,” Internal Auditor, pp. 45–55, 1995.

United-States-General-Accounting-Office, “How to Get Action on Audit Recommendations,” GAO, USA, 1991.

A. Cohen and G. Sayag, “The effectiveness of internal auditing,” Australian Accounting Review, vol. 20, no. 54, pp. 45–65, 2014.

F. Hoos, W. F. Messier, J. L. Smith and P. R. Tandy, “An experimental investigation of the interaction effect of management training ground and reporting lines on internal auditors’ objectivity,” International Journal of Auditing, 2018.

R. E. Ashouri, “Internal Auditors-integral to good governance,” International Journal of Auditing, vol. 1, no. 1, pp. 44–49, 2015.

A. Salihu and X. Berisha-Hoti, “The Effect Of IT Audit On Security Incidents,” International Journal of Scientific & Technology Research, vol. 8, no. 8, pp. 1342–1347, 2019.

G. D’onza, M. Georges and S. A. M. R. M., “A study on internal audit perception of the functions ability to add value,” International Journal of Auditing, vol. 19, no. 3, pp. 67–76, 2015.

H. Dellai, M. Ali and B. Omri, “Factors affecting the internal audit effectiveness in Tunisian organizations,” Research Journal of Finance and Accounting, vol. 7, no. 16, 2016.

A. A. M. Al-Twaijry, J. A. Brierley and D. R. Gwilliam, “The development of internal audit in Saudi Arabia: an institutional theory perspective,” Critical Perspectives on Accounting, vol. 14, no. 5, pp. 507–531, 2003.

D. S. B. Soh and N. Martinov-Bennie, “The internal audit function: perceptions of internal audit roles, effectiveness and evaluation,” Managerial Auditing Journal, vol. 26, no. 7, pp. 605–622, 2011.

F. Shu, Q. Li, Q. Wang and H. Zhang, “Measurement and analysis of process audit: a case study,” International Conference on Software Process, pp. 285–296, 2010.

C. Bota-Avram, I. Popa and C. Stefanescu, “Methods of measuring the performance of internal audit,” The Annals of the “Stefan Cel Mare” University of Suceava, vol. 10, pp. 137–146, 2010.

ISACA, COBIT 2019 Framework: Introduction & Methodology, USA: ISACA, 2019.

A. Rahman, A. Al-Nemrat and D. S. Preston, “Sustainability in Information Systems Auditing,” European Scientific Journal, vol. 3, pp. 458–472, 2014.

D. H. Kim, D. S. Kim, C. Koh and H. W. Kim, “An Information System Audit Model for Project Quality Improvement by The Agile Methodology,” International Journal of Information and Education Technology, vol. 3, pp. 259–299, 2016.

Institute-of-Internal-Auditors, “Global Technology Audit Guide 4 – Management of IT Auditing 2nd Edition,” The Institute of Internal Auditors, 2013.

INTOSAI, “GUID 5100 – Guidance on Audit of Information Systems,” 06 2019. [Online]. Available: [Accessed 05 2021].

INTOSAI-IDI, “WGITA – IDI Handbook on IT Audit for Supreme Audit Institutions,” INTOSAI-IDI, Beijing, China, 2014.

ISACA, “Standards, Guidelines, Tools and Techniques,” ISACA JOURNAL, vol. 1, p. 59, 2020.

ISACA, “ITAF: A Professional Practices Framework for IS Audit/ Assurance,” ISACA, 2014.

ISACA, “ISACA Updates IT Audit Framework (ITAF),” ISACA, 2020.

S. Cockcroft, “What is the NIST Framework?,” ITNOW, vol. 62, no. 4, pp. 48–49, 2020.

J. C. Nunnally and I. H. Bernstein, Psychometric theory, New York: McGraw-Hill, 1994.

S. Glen, “Variance Inflation Factor,” [Online]. Available:

E. Savin and K. J. White, “The Durbin-Watson Test for Serial Correlation with Extreme Sample Sizes or Many Regressors,” Econometrica, vol. 45, no. 8, pp. 1989–1996, 1977.