Background
IT (Information technology) plays an important role in Industrial Revolution 4.0 with its breakthroughs creating outstanding technology issues such as: IoT, Social Network, Big Data, Block chain, affecting the work of auditing by the possibilities of whether state auditors: (i) can quickly collect information through smart devices namely computers, phones, touch devices from Big Data; (ii) must have analytical capacity to improve data quality through the application of AI-based IT tools; (iii) have a wide grasp of core IT technologies and of the methods of transmitting and verifying data of transactions in the supply - value chains and between economic sectors; (iv) possess the ability to enhance the reliability and rationality of financial reporting information through self-control, self IT-based auditing and accounting systems.
In the era of Industrial Revolution 4.0, the authority and responsibility of the State Audit Office of Vietnam (SAV) are manifested as follows: (i) The IT system, including hardware, software and data of public agencies, is public property, formed by public financial sources, which should be audited by the SAV; (ii) Public administrative services operating on IT systems and subject to the control of related controlling systems should be audited by the SAV.
Key technical factors influencing auditing activities of the SAV Vietnamese government has currently been building national databases related to financial information including: Information systems on national credit; domestic tax and import - export tax; national budget accounting and national insurance. It is expected that by the end of 2021, Vietnam will have completed 06 major national databases with over 103 national information systems. These are digital resources that need to be exploited in auditing activities through the construction of specialized databases of the SAV. The two most valuable digital resources of data 2 available for sharing include: (i) Information among government agencies via e Government (for example: List of business status of tax authorities); (ii) Information of individuals and organizations that are willing to periodically share with state agencies (for example: financial statements of enterprises). State agencies that own these data (information gathered either on their own or received from other organizations or individuals) must be responsible for providing them to the SAV. Through activities of auditing, recordkeeping, internal research and training, the SAV has now in the possession of a huge amount of data warehouses accumulated over years that has not been organized, sorted and effectively exploited fruitfully. The aforementioned raw data warehouses need to be organized and arranged automatically by the use of AI to form Big Data for auditing works. Auditors of the SAV conducts data audit at Vietcombank (Joint Stock Commercial Bank for Foreign Trade of Vietnam) 3
Two basic perceptions of implementing auditing activities in the age of Industrial Revolution 4.0 - Public digital resources including IT systems and information and data which are either on public finance, public property or formed by public financial investments must be considered as public property under the control of the SAV. - The mastery and effective usage of each state auditor of digital resources formed by specialized database of the SAV to maximize his or her creativity and productivity through applying IT achievements in the era of Industrial Revolution 4.0.
The first perception putting its emphasis on digital resources in the era of Industry 4.0 is becoming increasingly valuable, hence must be strictly controlled. Public digital resources must be periodically audited by the SAV. The second perception emphasizes that auditors must be fully supported by information from the SAV's digital resources and must be knowledgeable in applying IT achievements in the digital era. The two perceptions are closely related, in which the former is the premise of the latter because it is associated with the authoritative function of the SAV in auditing public digital resources. On that basis, the SAV can build its own specialized database to support state auditors in fulfilling the requirements of the second perception and forming IT auditing methods.
Challenges and missions of IT audit at the SAV- The subject of an IT audit is the IT system focusing on data and IT control, which are facing challenges, as follows:
- - Does the investment in IT projects related to the management and use of public assets and public finance prove to be effective, economical and meet actual needs?
- - Are the IT systems of the audited units strictly controlled to ensure legal compliance, efficiency, effectiveness and economy?
- - Is the financial and operational information processed by the IT system of the audited entity completed and accurate when handed over to the SAV?
- - Are the establishment and exploitation of public digital resources from specialized audit databases inherited from national databases for auditing works effective?
The first two challenges are directly relevant to the task of IT audit with the audited object being public digital resources. The other two are indirectly related to IT 4 audits through the results of conducting IT audits in order to build the SAV's database and audit methods in the IT field.
Therefore, IT audit at the SAV needs to perform the following important tasks: - Establish mechanisms, policies and strategic directions as the legal foundation for the implementation of audit activities in the digital age, focusing on clarifying the concept of public digital resources.
- - Ensure the rate of accuracy in operation along with efficiency and compliance general as well as investments in specific IT systems of the audited units as the activity of auditing IT projects and systems with high risk and materiality.
- - Collect information through auditing on: (i) National financial information system; (ii) Audit focal point; (iii) Software and important data for the foundation of constructing specialized databases of SAV.
- - Access, exploit and analyze data of the national financial database in order to build up and provide data for the specialized database of SAV.
- - Establish programs of training for state auditors to become members of the IT audit team.
- - Conduct research and disseminate experiences in order to raise awareness of the ability to apply IT audit and IT application in auditing activities.
Future orientation of IT audit implementation at the SAV The SAV is in the step-by-step progress of conducting audits of IT systems and national General Department of Taxation, General Department of Customs, Social Security Administration and has achieved several promising results. However, there are still a few issues to be improved:
- - Public digital resources have not yet been accurately defined in accordance with their legal corridors and guidelines for auditing aforementioned subjects.
- - Some key IT systems were initially audited, but were not enough to create a panoramic picture of the State's entire IT system.
- - The auditing approach is not yet geared towards the IT-focused control system.
- - The number of capable IT auditors at SAV is relatively small and a new training program for IT auditors is currently taking shape.
- - The perception of several state auditors about the requirements set by the Industrial Revolution 4.0 is still unclear.
The implementation of IT audit activities of the SAV is oriented as follows:
- - Conduct audits on IT projects and systems that are assessed to have high risk and materiality to ensure the rate of accuracy in operation along with efficiency and compliance with legal regulations of investments in development of the IT sector in general as well as investments in specific IT systems of the audited units.
- - Collect information through auditing works on: (1) National financial information system; (2) Audit focal point; (3) Software and important data to create the foundation of constructing of specialized databases of the SAV.
- - Access, exploit and analyze data of the national financial database not only to establish and provide data for the specialized database of the SAV but also to form audit documents and methods in IT audit field.
- - Support other types of audit by placing the emphasis on transferring IT audit methods to other units in across the SAV through practical activities as well as practical experiences from the audited units.
The main activities of implementing IT audit are:
- - Continue to the work of completing legal framework and detailed guidance on how to conduct IT audits that have the focus on public digital resources.
- - Conduct a preliminary survey of the public digital resource system annually and establish a specialized database of public digital resources as the focus to gradually build a specialized auditing database. In particular, the focus is placed on data that are available for sharing on national databases.
- - Establish an AI-based audit database system in an expeditious manner.
- - Conduct periodic audits of national financial IT systems.
- - Attach importance to the transfer of IT audit technology to units across the SAV while conducting integration audits as IT audits can be conducted independently or Integrated with other types of audits.