This study has two objectives.First,to provide an estimate o

This study has two objectives.First,to provide an estimate of the proportion of time that the internal audit functions (IAFs) spend on information technology audits of their organizations.The second objective of the study is to identify key variables that are associated with information technology (IT) audits by the IAF.The study is important because the use of complex IT in various organizations has become necessary to maintain a competitive advantage (Ranganathan and Brown,2006) and to realize the economic benefits to the organization (Lim et al.,2008).As Curtis et al.(2009) observe,the Public Company Accounting Oversight Board (PCAOB) has placed auditors on notice for the need to develop and maintain significant skills relating to the audit of internal controls and IT systems.Further,the U.S.Sarbanes-Oxley Act (SOX,2002) has made it difficult for organizations to rely wholly on their external auditors to provide guidance to the firms relating to IT audits.Given the relatively central nature of information systems within the organization,the burden has increasingly fallen on the IAF to be the primary IT auditors of the organization,where SOX (2002) has put an enormous strain on the resources of the IAF within the organization (SmartPros,2009).
Prior to SOX (2002) it was common for organizations to utilize their external auditors to facilitate the design,implementation and audits of control systems,including IT audits.However,SOX (2002) has changed this situation in twoimportantways.First,incumbent auditors are no longer allowed to provide certain services such as financial information systems design and implementation,or internal audit outsourcing services (SOX,2002,Section 201).Second,SOX (2002,Section 404) specifically places the burden of documenting and evaluating internal control systems on the management who,in turn,have delegated much of the burden to the IAF at a significant cost.1 Thus the primary responsibility for SOX compliance has fallen to the IAF (Aguilar,2006).
需要人工翻译

仅供参考：
这项研究有两个目的.第一个是评估IAF用在组织内部的IT审计上的时间.第二个是找出跟IAF从事IT审计工作相关的关键变量.这项研究的重要性体现在,为了保持其竞争优势(Ranganathan和Brown,2006),并实现经济效益（Lim et al.,2008）,很多组织内部都实施了复杂的信息技术系统.正如Curtis et al.(2009)的研究中注意到的,美国公众公司会计监督委员会(PCAOB) 已经提醒过审计师们要提高并保持跟内部控制和IT系统审计相关的技术.同时,美国的萨班斯-奥克斯利法案 (SOX,2002) 的通过使得组织很难做到完全依赖外部审计来指导其组织内的IT审计.组织内部的信息系统都具有核心性,因此组织内部IT审计的重任越来越多的由IAF来承担,而SOX(2002)法案的通过更加重了IAF的责任(SmartPros,2009).
在SOX(2002)法案之前,组织通常利用外部审计来推进内部控制的涉及,实施和审计,包括IT审计.但是SOX(2002)法案在两个重要方面改变了这种状况.首先,在职的审计师不再被允许提供诸如财务信息系统的涉及和实施,或者内部审计的外包等服务.(SOX法案 2002,第201条) 第二,SOX法案(2002,第404条) 专门规定内部控制系统的文档和评估工作必须是组织管理层的责任.而管理层却不惜重金将这项任务的差不多全部交给IAF来完成.这样一来,遵守SOX法案规定的主要责任落在IAF的身上(Aguilar,2006).