Sage Journals: Discover world-class research

Abstract

Fraud constitutes a significant and pervasive risk within the broader landscape of cybercrime, driven by the rapid evolution of digital technologies. The work of an external auditor in evaluating fraud risks is frequently being judged. This is especially true when many legal actions are taken against auditors who fail to discover financial account manipulations, misstatements, misconducts, and standard non-conformance. Failure to discover these issues led to massive financial losses to corporations, as happened to Satyam Computers Limited. Numerous studies have investigated the factors influencing auditors’ efficiency in their work, but studies on the digital technology capability of auditors focusing on Malaysian auditors have been very much neglected. With the function of technology as the enabler of business operations nowadays, the ability to use technology is crucial regardless of profession. Hence, there is a need to assess whether digital technology capability could strengthen the relationship between external auditors’ efficiency and competence in assessing fraud risks. To prove this relationship, 455 questionnaires were distributed to members registered under the Malaysian Institute of Accountants working as external auditors. Based on the analysis of 150 responses through PLS-SEM, this study confirmed that external auditors’ effectiveness is enhanced if they are skillful in using audit software to plan and manage audit processes, organize and distribute audit information, analyze audit data, and run audit quality programs. With proficiency in utilizing digital technology, an external auditor tends to outperform others who are not in terms of fraud risk assessment. Therefore, it can be deduced that digital technology skills are vital to auditors. The skills should be acquired at higher learning institutions and further developed at audit firms to ensure the relevance and sustainability of the audit profession in the era of digitalization.

Keywords

digital technology competency fraud risk assessment social cognitive theory

Introduction

Cybercrime is the top two technological concerns for businesses (Islam et al., 2018; European Confederation of Institutes of Internal Auditing [ECIIA], 2023) It is expected to be one of the top three risks for the businesses in 2024 and could become the biggest risk in 2034 (Protiviti, 2023). Specifically, in Sweden, eight out of 10 businesses reported at least one hack in 2020 (PricewaterhouseCoopers [PwC], 2020). Throughout 2021, ransomware gangs launched aggressive attacks on critical infrastructure, healthcare facilities, educational institutions, and supply lines (Newman, 2021). In Malaysia, cybercrime (16%) ranks as one of the top four disruptive or significant fraud incidents faced by Malaysian organizations in the previous 2 years (PwC, 2020). In particular, Bank Negara Governor Tan Sri Nor Shamsiah Mohd Yunus highlighted in her keynote address at the International Conference on Financial Crime and Terrorism Financing (IFCTF) 2022 that over 20,000 cybercrimes were reported in 2021 alone, resulting in losses of RM560 million (Business Today, 2022).

The growing concern revolves around how effective auditors are at uncovering financial statement fraud. Cybercrimes enable financial statement fraud by allowing unauthorized access to financial systems, leading to data manipulation, concealed losses, or inflated revenues. Companies may also misuse digital tools to falsify financial data (Kasztelnik & Jermakowicz, 2024). Auditors often struggle to detect these frauds due to inadequate cybersecurity measures and sophisticated concealment tactics. Therefore, the proficiency of external auditors in digital technology is a crucial factor in determining their capability to effectively perform their role as impartial evaluators and overseers of an organization’s financial information security and integrity (Steinbart et al., 2013).

According to the 2020 PwC Global Economic Crime and Fraud Survey, there has been a notable rise in corporate fraud cases among respondents, increasing from 28% in 2016 to 43% in 2020. In their review, Awalluddin et al. (2022) reported that the impact of corporate fraud was unfavorable to corporations, including negative return, decline in reputation, high employee turnover, disengagement in corporate social responsibility, increased cost of capital and investment, and low market valuation. Malaysia also reported cases of corporate fraud. Nia et al. (2022) found that financially distressed firms in Malaysia are involved in sales manipulation and real activities manipulation. According to Cybersecurity Malaysia, the rate of cyber-related fraud incidents since 2019 has consistently been above 50%.

The rate of corporate fraud in Malaysia has persistently soared to alarming heights, triggering a spectrum of repercussions for businesses. According to the Association of Certified Fraud Examination, there were 25 fraud cases in Malaysia—the third highest in the Asia-Pacific region—with a USD 12,100 median loss in 2022. In addition, firms involved with accounting fraud would compromise future cash flow position (Nia et al., 2022).

However, the Association of Certified Fraud Examination (2022) further reported that compared to tips (58%), occupational fraud detection by internal audit was only 11%, and external audit by 2%. These findings lead to a strong skepticism towards external audits’ ability to effectively carry out their function given the significant number of fraudulent activities and scandals that escape detection (Graham, 2019). Failure to detect red flags is indicated as a major reason for undetected frauds before they became big, published scandals.

Auditors need additional skills or capabilities to complement their auditing competency to improve their auditing assessment. One of the additional skills relevant nowadays is digital technology. With massive amounts of data available, auditors require data analytics skills to analyze those data in addition to the traditional auditing process (De Santis & D’Onza, 2021). PwC (2022) discusses how automation makes auditing tasks and processes more efficient and transparent; auditors need relevant skills to perform the automation system. A big gap exists in studies related to information technology capabilities among external auditors, especially in handling big databases and fraud detection. Occasionally, individuals engaged in fraudulent activities conceal their misdeeds within the extensive data records of a company especially when the control system is weak (Gonzalez & Hoffman, 2018). This concealment creates significant challenges for auditors in identifying the fraud in its early stages, potentially leading to a major crisis that tarnishes the company’s reputation. As an illustration, a notable fraud incident was reported at Punjab National Bank (Dey, 2018). The auditors’ digital technology capability enabled them to detect that 30% of Go-jek orders and 5% of Grab orders were fraudulent (Ellis, 2019). This is because the recent fast digital technology transformation has reached the audit profession, mainly due to the rapid increase in the volume of data, changes in business models and the shift towards digital technology. Thus, signaling a demand for auditors to be more proactive and adopt a forward-looking approach to auditing in handling big databases.

High-profile auditing scandals in Malaysia include the Transmile Group (2005 audited financial statement was subjected to reissue), NasionCom Holdings (missed the deadline for the submission of audited financial statements in 2005 and 2006), and Megan Media Holdings and Ho Hup Construction (special audit needs to be conducted due to auditors’ inability to ascertain the “true and fair view” (Paino, 2012). These corporate frauds have severely damaged the reputation of auditors. In more recent instances, Port Klang Free Zone (PKFZ) and 1MDB (failed to submit the audited financial statement for two consecutive years and failed to issue an “emphasize of matters” and qualified audited financial statement) have continued to lose the public trust (Abd Razak et al., 2015; Jones, 2020). Numerous comprehensive studies have been undertaken to scrutinize elements influencing the proficiency of external auditors when evaluating the risk of fraud (Knapp & Knapp, 2001; Mansour et al., 2020; Payne & Ramsay, 2005; Popoola et al., 2014). Nonetheless, research is scarce in the Malaysian context despite the high incidence of reported fraud cases.

External auditors are characterized as independent auditing experts with no affiliations to any corporate entity, whose principal responsibility entails verifying business accounts’ accuracy and assessing the financial status of the organizations (Lee et al., 2008). Historically, particularly during the 19th century, the primary focus of external audits was identifying instances of fraud, as documented by Alleyne and Howard (2005). Over time, the emphasis has shifted towards providing adequate assurance that financial statements contain an insignificant number of misstatements.

The International Auditing and Assurance Standards Board (IAASB, 2013) in ISA 240 stipulated that “An auditor conducting an audit in accordance with ISA is responsible for obtaining reasonable assurance that the financial statements are free from material misstatement, whether caused by fraud or error.” Financial statement fraud, although less prevalent, yields the most substantial losses in comparison to other forms of fraud, such as asset misappropriation and corruption, as reported by the Association of Certified Fraud Examination (2020). Within the purview of external auditors, as outlined in this definition, lies the responsibility for discerning and evaluating the potential for significant inaccuracies in financial statements due to fraudulent activities (DeZoort & Harrison, 2018). This entails the meticulous documentation and expert presentation of pertinent audit evidence linked to the assessed fraud risk, along with the imperative need to respond adequately and comprehensively to any identified instances of fraud throughout the audit process (IAASB, 2013)

Prior research has asserted the pivotal significance of auditors’ competencies in detecting fraud (Knapp & Knapp, 2001; Mui, 2018). The effectiveness and expertise of auditors are shaped by an array of factors, extending from individual personality traits to a wide spectrum of core competencies and accumulated experience (Gullkvist & Jokipii, 2015). Emerson and Yang (2012), in their study, posited that auditors’ personality traits should be regarded as paramount qualities underpinning their effectiveness in assessing the risk of fraud. Clements (2020) corroborated the hypothesis by asserting that personality traits are the foundation upon which the advancement of a fraud inquiry relies and frequently dictates the results of such cases. The statement’s signification is substantiated by the observation that auditors exhibiting specific personality traits typically exhibit greater effectiveness compared to their counterparts lacking these particular traits. Clements (2020) stated that amongst auditors, it had been determined that low neuroticism, greater openness, and higher levels of conscientiousness were deemed personality traits of fraud investigators with more experience. Information about the traits’ dimensionality and their relationship to auditing outcomes are essential for the assessment of the personality traits’ structural impact, such as the conscientiousness and auditors’ early fraud detection abilities.

IAASB (2013) stated that throughout the auditing process, auditors must evaluate the possibility of risks of material misstatements due to fraud in financial statements. In addition, external auditors are expected to have skills and knowledge of information systems similar to internal auditors. Businesses in the digital era are primarily maintained by information technologies that accommodate databases of different sizes according to their respective industry (Vona, 2017). A study by Al-Ateeq et al. (2022) found that big data analytics moderate the relationship between audit quality and perceived usefulness. Consequently, auditors need to become knowledgeable about advanced digital technologies. Conducting conventional audits is no longer possible for external auditors due to the widespread adoption of digital technology across all lines of business (Al-Ansi et al., 2013).

Literature Review and Development of Hypotheses

Competency and Effectiveness of Fraud Risk Assessment

Auditor competence is demonstrated by personal attributes, skills and knowledge application ability, experience, continued development, and assessment. Gibbin and Larocque, as cited in Sulanjana and Puspitasari (2018), demonstrated that trust, communication, and the ability to work together are important elements of audit competence. The assessment of auditors may include reviewing records, gathering feedback, or observing audits. Although previous research has shown that auditor competency was positively correlated with performance, a few research studies have studied its impact on the effectiveness of fraud risk assessment. In order to keep up with the increasing sophistication and complexity of global business, auditors must possess strong analytical skills, experience, and knowledge to perform auditing tasks proficiently and effectively (Bonner & Lewi, 1990). A study by Mui (2018) indicated that auditors must have the necessary knowledge and expertise to assess fraud risk effectively. Auditors with higher competency levels are more likely to adhere to professional standards and conduct thorough audits, which help to prevent material misstatements in financial reporting.

Auditors with high levels of competency and personality traits tend to give accurate assessments of fraud risk based on the evidence collected, leading to increased detection and prevention of fraud. Another study by Knapp and Knapp (2001) found that auditors with more knowledge of audit assignments were better at selecting and weighing analytical procedures. They also found that experienced auditors were also more likely to identify unusual items in financial statements. Suraida (2005) found that auditor experience, competence, and professional ethics were the fundamental aspects of effective auditing. Meanwhile, auditor capability was measured by these three factors in another study (Kusumawati & Syamsuddin, 2018). In conclusion, previous studies suggest that auditor competency is positively correlated with their effectiveness in fraud risk assessment. Thus, the first hypothesis is proposed:

H1: Auditor competency is positively associated with the effectiveness of fraud risk assessment.

Digital Technology Capability and Effectiveness of Fraud Risk Assessment

Some researchers defined digital technology capability as the set of IT skills and other supporting soft skills (Bahador & Haider, 2013) or as the set of IT knowledge someone possesses to exhibit IT leadership in a business (Bassellier et al., 2001). It could also refer to the employee’s perceived degree of familiarity with using an operating system, office software and hardware (Peng, 2015) or a combination of three important components, namely IT knowledge, IT operation, and IT objects (Tippins & Sohi, 2003), or competency to support the effective use and management of IT (Croteau & Raymond, 2004) or demonstration of using tax planning software, a spreadsheet, or a database for a specific task (Carnaghan, 2004). This study adapts Carnaghan’s definition; it defines digital capability as what would be demonstrated by auditors in their activities to support their jobs. The definition conforms with the competency definition by Hannon et al. (2000). It is defined as someone’s ability to exploit or use skills and knowledge in a work activity that can be assessed through performance (Hannon et al., 2000).

In everyday professional practice, the inability to uncover fraud could be attributed to a deficiency in handling massive data. Fraudsters occasionally conceal their illicit actions within a massive database of a company; hence, auditors need help detecting them before the actions escalate into major scandals that tarnish the company’s reputation; a case in point is Satyam Computer Limited (Lal Bhasin, 2013).

Thus, the capability of digital technology is critical to auditors to find and evaluate evidence to manage fraud activities. With the widespread adoption of information technology across various industries and traditional records being digitized (Al-Ansi et al., 2013; Héroux & Fortin, 2013), auditors need to adapt and refine their skills accordingly (Mui, 2018).

There has been scarce research investigating how external auditors’ competency and information technology capability affect their fraud risk assessment ability. In 2015, Mohammadyari and Singh found evidence of digital literacy’s significant impact on accountants’ performance in New Zealand. Similarly, other studies outside of accounting professions also revealed a significant impact of digital capability on performance. For example, Duan et al. (2023) found that digital technology usage enhanced the job performance of employees across industries in Australia. Allam and Alharbi (2022) discovered that employees with knowledge of using electronic systems increased their job functions, while Oyovwe-Tinuoye et al. (2021) noted that librarians with ICT capabilities such as system management and web application and tools delivered better services, library efficiency, and job performance. Mohd Khalid et al. (2019) revealed that workers with high digital literacy in technology, organizational, and environmental contexts also had a high individual performance. Hence, the proposed second hypothesis is as follows:

H2: Digital technology capability is positively associated with the effectiveness of fraud risk assessment.

Moderating Effect of Digital Technology Capability on the Relationship Between Competency and Effectiveness of Fraud Risk Assessment

Auditors’ competency alone may not guarantee optimum effectiveness in fraud assessment without deep integration of skills in digital technology. Fraudulent activities in the digital era are becoming more sophisticated and harder to detect. The ubiquitous use of automated financial reporting systems and the massive volume of transactions are significantly affecting the accounting landscape. Thus, auditors are facing difficulties in constructing and executing effective fraud detection tests, particularly in regard to establishing the nature, timing, and scope of such tests. Fraudsters can hide their activity in databases, which can be difficult to uncover without strong skills in digital technology (Vona, 2017). According to the Malaysian Institute of Accountants (MIA) Competency Framework, auditors with advanced digital technology proficiency and other competencies such as professional expertise, interpersonal skills, communication skills, and organizational skills are more effective at identifying and evaluating fraud risk.

Even outside the accounting profession field, studies have shown that interaction with digital skills could enhance employees’ performance. For example, Demir et al. (2022) discovered that having digital skills can enhance job crafting, proactive behavior, and task performance in relation to education and training. In an experimental study conducted by Valera-Quispe (2021), the group trained with digital competencies performed better than the group without the said training. Santoso et al. (2019) also noted that among managers of telecommunication companies in Indonesia, digital literacy significantly moderated the relationship between innovative behavior and work performance.

On the other hand, Cañada and Osorno (2022) asserted that ICT skills do not moderate the relationship between competency and performance, which contradicts previous findings. Nevertheless, the general direction indicates that digital technology capability could moderate the influence of competency and job performance. Following the preceding findings, the third proposed hypothesis is as follows:

H3: The positive relationship between competency and the effectiveness of fraud risk assessment will be stronger when digital technology capability is high.

Figure 1 show the proposed framework for this study based on the described literature review and hypothesis development.

Figure 1.

Theoretical framework.

Methodology

A total of 455 questionnaires were administered online to registered Members of the Malaysian Institute of Accountants (MIA) who are auditors working at audit firms, primarily in the state of Selangor, and designated as the target respondents. The basis for the selection of MIA members as target populations is that auditors are deemed the main line of defense to provide a level of confidence in financial statements that are devoid of significant errors or fraudulent activities (IAASB, 2013). According to information available on the MIA’s official website, the institute has 33,315 registered members, with 13,714 of them located in the state of Selangor

Measurement of Variables

The assessment of fraud detection effectiveness involves auditors being tasked with aligning six specific events or transactions with six corresponding potential risk types that may arise for each event or transaction. This assessment tool was modified and adapted from Mohd Razali (2019); it is considered highly suitable for gauging the effectiveness of fraud risk assessment. Respondents were able to pinpoint potential risks of fraud during the process of auditing. Table 1 presents six probable risks along with the corresponding associated events.

Table 1.

Items for Fraud Risk Assessment.

Risk	Risk
A	Expenses and accounts payable are deliberately misrepresented at lower values.
B	Vendor payments are duplicated or made to vendors not authorized for payment.
C	Absence of a clear payment trail.
D	Invented suppliers or fictitious invoices included in the trade creditor’s master records.
E	Delaying in identifying fraudulent accounting entry manipulations.
F	Conflict of interest.

Respondents were tasked with identifying the potential specific risk that could arise for every event or transaction listed in Table 1 and then matching it with the corresponding risk labelled by a specific alphabet in Table 2.

Table 2.

Fraud Risk-Related Transactions/Events.

Transaction/event	Risk
Lack of duties segregation within the payment process. One individual is responsible for adding new vendors to the accounts payable system, issuing checks or making electronic payments, and reconciling the accounts payable bank account.	D
Delaying payables and related expenses’ records to the period following the year-end when they should be recorded when they are incurred.	A
Lack of thorough investigation into the persistent issue of transaction discrepancies.	E
No invoices were issued for payments made to authorized vendors.	C
No invoices were issued for payment made to authorized vendors.	F
Failure to inspect cancelled checks to ensure payees are correct when reconciling bank accounts. Despite the bank statement amount reconciliation with the general ledger, verification of whether the name of the payee on the cleared check matches the name of the vendor in the general ledger was not carried out.	B

Competency (Knowledge and Experience)

Auditors need to have the requisite expertise and knowledge to identify fraudulent activities. Siriwardane et al. (2014) emphasized the significance of auditor competency, emphasizing the auditors’ capacity to consistently apply their knowledge and experience to all tasks of auditing to achieve the overarching auditing objectives. The assessment of competence can be reflected in multiple dimensions, encompassing professional experience, educational background, qualifications, organizational hierarchy, and the frequency of deploying fraud detection techniques in the context of fraud investigations.

Respondents expressed their disagreement and agreement levels with the statements using a seven-point Likert scale; “1 = strongly disagree” to “7 = strongly agree.” This rating is intended to gauge the extent to which these statements align with their own perceived competencies in the field of auditing. The questionnaire items for each dimension draw inspiration from “Personality Traits Common to Fraud Investigators” as outlined by Clements (2020). These questions assist in the holistic assessment of individuals’ competence, consistent with their unique personality traits. IT competency refers to what would be demonstrated by external auditors in their daily activities, such as the ability to use various software and IT to perform the duties of their jobs effectively (Carnaghan, 2004).

In this study, IT competency is measured by the self-assessed of the external auditors’ competencies (skills, knowledge, and behavior) in using information technology to support their daily activities. The prerequisite knowledge of software has to be acquired to be skillful at operating the software. The decision to modify the measurement scale was reached following deliberations with five experts, each possessing over 15 years of seasoned experience in professional internal auditing. The discussions were carried out by elaborating in detail the indicators used by Cangemi (2015). The objectives of the expert discussions are to gain insight from internal audit practitioners on the most critical software in internal auditing practices and to assess the relevance of the indicators used by Cangemi (2015).

Digital Technology Capability

Digital technology capability encompasses the competence to assess an organization’s comprehensive IT controls and environment, proficiency in devising plans for the evaluation of accounting and reporting systems, adeptness in scrutinizing systems of reporting and accounting, and the skill to effectively communicate assessment findings and ensuring follow-up actions (IAESB, 2007).

This questionnaire section aligns the dimensions with the specific working context of external auditors and the definitions employed in this study. Consequently, these dimensions encapsulate the ability to assess overall IT control and the operational environment proficiently, the competence to strategize audits integrating IT, the capability to execute audits leveraging IT, and the skills to communicate results and engage in follow-up activities using IT effectively. Respondents were requested to express their level of capability by selecting a number on a seven-point Likert scale, ranging from “1 = not capable at all” to “7 = strongly capable.” Contents for this part of the questionnaire were adapted from Cangemi’s (2015)“Global Internal Audit Common Body of Knowledge.”

Using flowchart or process mapping software to understand business processes.

Using risk assessment software to determine the focus of the audit.

Using software to streamline internal audit planning or scheduling.

Using software to automate organizing information collected during the audit process.

Using software for data mining.

Using software for data analytics.

Using a CAAT (Computer-Assisted Audit Techniques).

Using Continuous/real-time auditing software.

Executing the audit plan using electronic working paper.

Using software to monitor/trace follow-up on audit recommendations.

Using software to run internal audit quality program.

Findings

Out of 455 questionnaires distributed via email, WhatsApp, and Telegram, 150 responses (32.96%) were received on SurveyMonkey. The majority of respondents were female (66.7%), and the highest percentage (70.7%) fell into the 21 to 30 age group. The educational background indicated that 76% held a bachelor’s degree, 14% possessed various qualifications, such as A Level or professional certificates, while diploma holders constituted 10% of the respondents. The respondents were mostly in the positions of senior or audit associate (44% each), while manager and audit junior roles were less common (3.3% each). A few were partners (2.7%), and a small group had other roles (2.6%). In terms of experience, 34.7% had less than 10 years, 5.3% had 11 to 20 years, and 2% had over 21 years. Certification-wise, 58.7% had certificates other than ACCA and CPA, 20.7% had ACCA, 12.7% had no certification, and 8% held a CPA certificate. For the monthly income, 34% earned less than RM5,000, 18% earned RM5,000 to RM10,000, and 1.3% earned RM10,000 to RM15,000.

In terms of how often they employ fraud detection techniques, the data analysis shows that 15.3% of respondents (23) rarely use these techniques, 16.7% (25) use them occasionally, 16% (24) use them frequently, and 10.7% (16) use them in the majority of their tasks.

The SmartPLS 3.3.9 version was employed (Ringle et al., 2015) for partial least squares (PLS) modelling to assess both the measurement and structural models. PLS modelling was chosen because it is not dependent on the assumption of normality, which is particularly suitable for survey research data that are typically not normally distributed (Chin et al., 2003). Following Anderson and Gerbing’s (1988) two-step approach, we initially examined the model of measurement to evaluate the instruments’ reliability and validity, adhering to the guidelines outlined by Hair et al. (2019) and Veerankutty et al. (2018). Subsequently, we proceeded to analyze the structural model to assess each hypothesis proposed.

Measurement Model

The model of measurement comprises the evaluation of the composite reliability (CR), the loadings, and the average variance extracted (AVE). It is recommended that loadings be ≥0.5, AVE ≥ 0.5, and CR ≥ 0.7. Table 3 depicts that all values of AVE exceed 0.5, and all values of CR surpass 0.7. The loadings, while generally acceptable, included a few that were slightly below 0.708 and deemed adequate, according to Hair et al. (2019). In conclusion, the constructs fulfil the criteria for convergent validity and reliability.

Table 3.

Measurement Model.

Variable	Items	Loadings	AVE	CR
Competency	C1	0.812	0.561	0.933
	C10	0.700
	C11	0.849
	C2	0.784
	C3	0.767
	C4	0.678
	C5	0.796
	C6	0.681
	C7	0.732
	C8	0.561
	C9	0.830
Digital skill	IT1	0.682	0.500	0.900
	IT10	0.730
	IT11	0.564
	IT2	0.797
	IT3	0.512
	IT4	0.550
	IT5	0.697
	IT6	0.696
	IT7	0.804
	IT8	0.771
	IT9	0.543
Effective fraud risk assessment	EFRA	SIM	NA	NA

Note. SIM = single item measure; NA = not applicable.

In the second step, following the suggestion by Henseler et al. (2015) and later updated by Franke and Sarstedt (2019), the HTMT criterion was used to evaluate the discriminant validity. Under a stricter criterion, values of HTMT should not exceed 0.85 or 0.90 under the more lenient criterion.

As indicated in Table 4, all values of HTMT are below the stricter threshold of 0.85. This suggests that respondents recognized the distinctiveness of the three constructs. In summary, the results of both validity tests demonstrate the measurement items’ reliability and validity.

Table 4.

Heterotrait-Monotrait (HTMT) Discriminant Validity Assessment

Structural Model

Based on Hair et al. (2019), we presented the structural model’s standard errors, path coefficients, p-values, and t-values through a resampling bootstrapping procedure consisting of 5,000 samples (Veerankutty et al., 2018). Furthermore, addressing the critique by Hahn and Ang (2017) regarding the limitations of relying solely on p-values for hypothesis significance testing, we adopted a comprehensive approach involving multiple criteria, including p-values, effect sizes, and confidence intervals, to evaluate all hypotheses. A summary of these criteria is presented in Table 5.

Table 5.

Hypothesis Testing Direct Effects.

Hypothesis	Relationship	Std beta	SE	t-Values	p-Values	BCI LL	BCI UL	f ²	VIF
H1	Competency → EFRA	.181	0.095	1.898	<.05	0.023	0.336	.020	1.955
H2	Digital technology skill → EFRA	.250	0.081	3.103	<.01	0.095	0.362	.038	1.955

Note. A 95% confidence interval with a bootstrapping of 5,000 is applied.

To begin, we appraised the two predictors’ impact on EFRA. The R² value of .147 indicates that both predictors collectively explain 14.7% of the variance in EFRA. Notably, Competency (β = .181, p < .05) and Digital Technology Skill (β = .250, p < .01) exhibited positive associations with EFRA, thereby H1 and H2 are supported.

To test the moderation of H3, the interaction between Competency and Digital Technology Capability (see Figure 2) was tested using a bootstrapping procedure. As depicted in Table 6, the interaction between Competency and Digital Technology Capability is significant (t-value = −0.154), which confirms H3.

Figure 2.

Structural model (moderation).

Table 6.

Hypothesis Testing Indirect Effects.

Hypothesis	Relationship	Std beta	SE	t-Value	p-Value	BCI LL	BCI UL
H3	Competency × Digital technology skill → EFRA	−.154	0.075	2.057*	<.05	−0.273	−0.031

Note. The asterisk (*) indicates statistically significant interaction at the 0.05 level between competency and digital technology skill in predicting the effectiveness of fraud risk assessment (EFRA).

Following Dawson’s (2014) recommendation, we created an interaction plot displayed in Figure 3 to investigate the notable interaction further.

Figure 3.

Competency and digital technology interaction plot.

In Figure 3, it is evident that the line labelled “Low Digital Technology Skill” has a steeper slope compared to the “High Digital Technology Skill” line, signifying that the positive association between Competency and the Effectiveness of Fraud Risk Assessment is notably stronger when

Digital Technology skill is high. Hence, our hypothesis finds support through the significant t-value. This empirical finding underscores the significance of possessing advanced digital technology skills in augmenting auditor competency for conducting more effective fraud risk assessments.

Discussion and Conclusion

Criticism toward external auditors for their inability to detect fraud is rising. The trend suggests flaws in their ability to assess the risks of fraudulent acts. As an independent entity that greatly relies on various stakeholders, such as shareholders, creditors, and the public, external auditors must have a strong ability to evaluate the presence of fraud risk. This ability helps to deliver independent assurance of financial statements that are clean from significant misstatements.

According to the social cognitive theory (Bandura, 1991), human judgment is influenced by both individual and environmental factors. This means that the ability of external auditors to evaluate the risks of fraudulent acts may be affected by their knowledge, skills, experience, and the environment in which they work. This paper examines how two individual factors, namely competency and digital technology skills, affect the fraud risk assessment performance of external auditors. Given the rapid transformation of digital technology, auditors must take a proactive and forward-looking approach to auditing large databases. Traditional approaches are no longer effective in red flag detection due to the sheer volume of data involved in modern business transactions. This paper presents evidence of the significance of competencies in enhancing external auditors’ ability to assess fraud risk. Experienced auditors demonstrated a greater ability to detect unusual items in financial reports, thereby improving their overall ability to assess fraud risk. The results corroborated earlier studies by Knapp and Knapp (2001), Suraida (2005), and Kusumawati and Syamsuddin (2018). The competencies would help auditors to evaluate the risk of fraud better and adhere to relevant standards. They would also be able to associate the material misstatement risks with certain audit procedures.

In addition, research has shown that external auditors who possess digital technology skills are better at assessing fraud risk. These skills include the ability to evaluate overall IT control and environment, prepare audit plans using IT, execute audits using IT and communicate and follow up on audit results using IT. This is consistent with previous studies by Bahador and Haider (2013), Bassellier et al. (2001), Peng (2015), and Croteau and Raymond (2004), which have found that the use of digital technology, such as tax planning software, a spreadsheet or databases can improve individual performance in specific tasks. In the context of external auditors, the ability to use AI and auditing software increases the likelihood of red flag detection that triggers further investigation.

Furthermore, this study’s findings also suggest a stronger positive relationship between auditor competency and fraud risk assessment when the auditor also has digital technology skills. Auditors who are skilled in digital technology are more likely to make accurate fraud risk assessments as these skills enhance their competency. Practically, this empirical evidence implies that there is an urgent call for the profession to start an initiative for external auditors to upskill and reskill to enable them to have better skills in fraud risk assessment. Digital technology skills are vital skill sets that an auditor must acquire to increase their competency level. Fostering the importance of digital technology skills should be initiated at higher learning institutions to get future auditors ready to meet the needs of the industry. This finding was confirmed by Demir et al. (2022), Valera-Quispe (2021), and Santoso et al. (2019), who found that digital competencies strengthen the effect of qualification on job crafting, proactive behavior, and task performance.

Practically, this study findings highlight crucial needs for MIA, as the body governing the external audit profession, to provide support in terms of training related to digital technology skills to ensure that the audit profession remains relevant and sustained in the era of digitalization.

Footnotes

Declaration of Conflicting Interests

The author(s) declared no potential conflicts of interest with respect to the research,authorship,and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research,authorship,and/or publication of this article: The authors extend sincere gratitude to Universiti Poly-Tech Malaysia,for the grant 100-TNCPI/PRI 16/6/2 (043/2022) and Accounting Research Institute,Universiti Teknologi MARA for funding and facilitating this research.

ORCID iDs

Fazlida Mohd Razali

Dewi Izzwi Abdul Manan

Jamaliah Said

Data Availability Statement

The data that support the findings of this study are available from the corresponding author upon reasonable request.

References

Abd Razak

S. N. A.

Wan Mohamad Noor

W. N. B.

Zakaria

. (2015). Breaking the silence: The efficacy of whistleblowing in improving transparency. Scientific Research Journal (SCIRJ), 3(4), 35–39.

Al-Ansi

A. A.

Ismail

N. A. B.

Al-Swidi

A. K.

(2013). The effect of IT knowledge and IT training on the IT utilization among external auditors: Evidence from Yemen. Asian Social Science, 9(10), 307. https://doi.org/10.5539/ass.v9n10p307

Al-Ateeq

Sawan

Al-Hajaya

Altarawneh

Al-Makhadmeh

(2022). Big data analytics in auditing and the consequences for audit quality: A study using the technology acceptance model (TAM). Corporate Governance and Organizational Behavior Review, 6(1), 64–78.

Allam

M. S.

Alharbi

A. I.

(2022). Roles of digital transformation skills in enhancing the efficiency of job performance. International Transaction Journal of Engineering, Management, & Applied Sciences & Technologies, 13(10), 13A10U, 1–12. http://TUENGR.COM/V13/13A10U.pdf. https://doi.org/10.14456/ITJEMAST.2022.210

Alleyne

Howard

(2005). An exploratory study of auditors’ responsibility for fraud detection in Barbados. Managerial Auditing Journal, 20(3), 284–303.

Anderson

J. C.

Gerbing

D. W.

(1988). Structural equation modeling in practice: A review and recommended two-step approach. Psychological Bulletin, 103(3), 411–423. http://doi.org/10.1037/0033-2909.103.3.411

Association of Certified Fraud Examination. (2020). Report to the nations: 2020 global study on occupational fraud and abuse.

Association of Certified Fraud Examination. (2022). Occupational fraud 2022. A report to the nations. Association of Certified Fraud Examiners, Inc. https://acfepublic.s3.us-west-2.amazonaws.com/2022+Report+to+the+Nations.pdf

Awalluddin

M. A.

Maznorbalia

M. S.

Yiam

M. S.

(2022). A review study on corporate fraud’s negative effects on corporations. Journal of Contemporary Social Science Research, 7(1), 1–10. https://jcssr.com.my/index.php/jcssr/article/view/89/54

10.

Bahador

K. M. K.

Haider

(2013). The maturity of information technology competencies: A professional accountants’ perspective [Conference session]. 2013 Proceedings of PICMET ‘13: Technology Management for Emerging Technologies (pp. 2488–2497).

11.

Bandura

(1991). Social cognitive theory of self-regulation. Organizational Behavior and Human Decision Processes, 50(2), 248–287.

12.

Bassellier

Reich

B. H.

Benbasat

(2001). Information technology competence of business managers: A definition and research model. Journal of Management Information Systems, 17(4), 159–182.

13.

Bonner

Lewi

B. L.

(1990). Determinants of auditor expertise. Journal of Accounting Research, 28, 1–20.

14.

Business Today . (2022). Malaysia loses RM2.23 billion to cybercrime. https://www.businesstoday.com.my/2022/07/26/malaysia-loses-rm2-23-billion-to-cybercrime/

15.

Cañada

E. L. M.

Osorno

R. I. I. M

. (2022). Teaching competency and music performance as moderated by teachers’ ICT skills. European Journal of Physical Education and Sport Science, 9(2), 33–57.

16.

Cangemi

M. P.

(2015). An internal audit common body of knowledge. In Moeller

R .R.

(Ed.), Brink’s modern internal auditing (pp. 11–26). Wiley. https://doi:10.1002/9781119180012.ch2

17.

Carnaghan

(2004). The use of information technology by auditors: A research framework and agenda. Journal of Information Systems, 18(1), 1–20. http://doi.org/10.2308/jis.2004.18.1.1

18.

Chin

W. W.

Marcolin

B. L.

Newsted

P. R.

(2003). A partial least square latent variable modeling approach for measuring interaction effects: Results from a Monte Carlo simulation study and an electronic-mail emotion/adoption study. Information Systems Research, 14(2), 189–217. http://doi.org/10.1287/isre.14.2.189.16018

19.

Clements

L. H.

(2020). Personality traits common to fraud investigators. Journal of Financial Crime, 27(1), 119–129. https://doi.org/10.1108/jfc-03-2019-0036

20.

Croteau

A. M.

Raymond

(2004). Influence of information technology on the audit profession. Journal of Information Systems, 18(2), 51–65. http://doi.org/10.2308/jis.2004.18.2.51

21.

Dawson

(2014). The roles of IT competency in modern auditing: A new perspective. Pearson Education.

22.

Demir

Dalgıç

Yaşar

(2022). How perceived over qualification affects task performance and proactive behavior: The role of digital competencies and job crafting. International Journal of Hospitality & Tourism Administration, 25(3), 552–574. https://doi.org/10.1080/15256480.2022.2135665

23.

De Santis

D’Onza

. (2021). Big data and data analytics in auditing: In search of legitimacy. Meditari Accountancy Research, 29(5), 1088–1112. https://doi.org/10.1108/MEDAR-03-2020-0838

24.

Dey

(2018, February 18). PNB fraud: Who’s liable and why multiple audits failed to raise an alarm. Business Standard. https://www.business-standard.com/article/opinion/pnb-fraud-who-s-liable-and-why-multiple-audits-failed-to-raise-an-alarm-118021800662_1.html

25.

DeZoort

F. T.

Harrison

P. D.

(2018). Understanding auditors’ sense of responsibility for detecting fraud within organizations. Journal of Business Ethics, 149(4), 857–874. https://doi.org/10.1007/s10551-016-3064-3

26.

Duan

S. X.

Deng

Wibowo

(2023). Technology affordances for enhancing job performance in digital work. Journal of Computer Information Systems, 64(2), 232–244. https://doi.org/10.1080/08874417.2023.2188497

27.

Ellis

(2019, January 31). 30% of Gojek, 5% of Grab e-hails in Indonesia are fraudulent, study claims. Tech in Asia. https://www.techinasia.com/30-gojek-5-grab-ehails-indonesia-fraudulent-study-claims

28.

Emerson

D. J.

Yang

(2012). Perceptions of auditor conscientiousness and fraud detection. Journal of Forensic & Investigative Accounting, 4(2), 110–141.

29.

European Confederation of Institutes of Internal Auditing (ECIIA). (2023). Risk in focus 2024: Hot topics for internal auditors. ECIIA. https://www.eciia.eu/wp-content/uploads/2023/09/CIIA-Risk-in-Focus-2024_final-web.pdf

30.

Franke

Sarstedt

(2019). A critical review of the SmartPLS approach. Research in Organizational Behavior, 9(4), 102–114. http://doi.org/10.1016/j.ribaf.2019.07.001

31.

Gonzalez

G. C.

Hoffman

V. B.

(2018). Continuous auditing’s effectiveness as a fraud deterrent. Auditing: A Journal of Practice & Theory, 37(2), 225–247. https://doi.org/10.2308/ajpt-51828

32.

Graham

(2019). Auditor personal characteristics and fraud detection skills: The mediating role of professional scepticism [Doctoral dissertation, University of Ghana].

33.

Gullkvist

Jokipii

(2015). Factors influencing auditors’ self-perceived ability to assess fraud risk. NJB, 64(1), 40–63.

34.

Hahn

Ang

(2017). Improving hypothesis testing in PLS-SEM: The case of measuring external auditors’ competence. Journal of Business Research, 6(3), 55–68. http://doi.org/10.1016/j.jbr.2017.03.014

35.

Hair

J. F.

Hult

G. T. M.

Ringle

C. M.

Sarstedt

(2019). A primer on partial least squares structural equation modeling (PLS-SEM). Sage.

36.

Hannon

Reeve

Smith

(2000). The use of information technology by external auditors: A case study approach. Managerial Auditing Journal, 15(5), 267–274. http://doi.org/10.1108/02686900010339692

37.

Henseler

Ringle

C. M.

Sarstedt

(2015). A new criterion for assessing discriminant validity in variance-based structural equation modeling. Journal of the Academy of Marketing Science, 43(1), 115–135. http://doi.org/10.1007/s11747-014-0403-8

38.

Héroux

Fortin

(2013). Digital competence in the accounting profession: A framework for the future. International Journal of Accounting Information Systems, 14(3), 259–278. http://doi.org/10.1016/j.accinf.2013.03.002

39.

International Accounting Education Standards Board (IAESB). (2007). International education standards: Education and training of professional accountants. International Federation of Accountants.

40.

International Auditing and Assurance Standards Board (IAASB). (2013). Handbook of international quality control, auditing, review, other assurance, and related services pronouncements. International Federation of Accountants (IFAC).

41.

Islam

M. S.

Farah

Stafford

T. F.

(2018). Factors associated with security/cybersecurity audit by internal audit function: An international study. Managerial Auditing Journal, 33(4), 377–409.

42.

Jones

D. S.

(2020). 1MDB corruption scandal in Malaysia: A study of failings in control and accountability. Public Administration and Policy, 23(1), 59–72.

43.

Kasztelnik

Jermakowicz

E. K

. (2024). Financial statement fraud detection in the digital age: Artificial intelligence versus traditional methodologies. The CPA Journal. https://www.cpajournal.com

44.

Knapp

C. A.

Knapp

M. C.

(2001). The effects of experience and explicit fraud risk assessment in detecting fraud with analytical procedures. Accounting, Organizations and Society, 26(1), 25–37. https://doi.org/10.1016/s0361-3682(00)00005-2

45.

Kusumawati

Syamsuddin

(2018). The effect of auditor quality on professional scepticism and its relationship to audit quality. International Journal of Law and Management, 60(4), 998–1008. https://doi.org/10.1108/ijlma-03-2017-0062

46.

Lal Bhasin

. (2013). Corporate accounting fraud: A case study of Satyam Computers Limited. Open Journal of Accounting, 2(2), 26–38. https://doi.org/10.4236/ojacct.2013.22006

47.

Lee

T. H.

Ali

A. M.

Gloeck

J. D.

(2008). A study of auditors’ responsibility for fraud detection in Malaysia. Southern African Journal of Accountability and Auditing Research, 8, 27–34.

48.

Mansour

A. Z.

Ahmi

Popoola

O. M. J.

(2020). The personality factor of conscientiousness on skills requirement and fraud risk assessment performance. International Journal of Financial Research, 11(2), 405. https://doi.org/10.5430/ijfr.v11n2p405

49.

Mohd Khalid

M. A.

Ros Aizan

Fee Din

M. S

. (2019). Digital literacy and its relationship with employee performance in the 4IR. Journal of International Business, Economics and Entrepreneurship, 4(2), 29–37.

50.

Mohd Razali

. (2019). The effect of individual and environmental factors on internal auditor’s risk judgment performance. Universiti Teknologi MARA.

51.

Mui

G. Y.

(2018). Defining auditor expertise in fraud detection. Journal of Forensic and Investigative Accounting, 10(2), 168–186. http://web.nacva.com/JFIA/Issues/JFIA-2018-No2-2.pdf

52.

Newman

L. H.

(2021). The worst hacks of 2021. Wired. https://www.wired.com/story/worst-hacks-2021/

53.

Nia

M. S.

Ghazali

A. W.

Shafie

N. A.

Sanusi

Z. M.

Rahman

R. A.

(2022). Accounting manipulation of financially distressed firms: Malaysian evidence. Malaysian Journal of Social Sciences and Humanities, 7(10), e001799. https://doi.org/10.47405/mjssh.v7i10.1799

54.

Oyovwe-Tinuoye

G. O.

Omeluzor

S. U.

Patrick

I. O.

(2021). Influence of ICT skills on job performance of librarians in university libraries of South-South, Nigeria. Information Development, 37(3), 345–358. https://doi.org/10.1177/0266666920983393

55.

Paino

(2012). Financial reporting risk assessment and audit pricing. Global Journal of Management and Business Research, 12(15), 85–89.

56.

Payne

E. A.

Ramsay

R. J.

(2005). Fraud risk assessments and auditors’ professional skepticism. Managerial Auditing Journal, 20(3), 321–330. https://doi.org/10.1108/02686900510585636

57.

Peng

(2015). Research on the system of e-commerce talent ability based on the enterprise’s demand. Logistics Engineering and Management, 37, 250–252.

58.

Popoola

O. M. J.

Che-Ahmad

Samsudin

R. S.

(2014). Task performance fraud risk assessment on forensic accountant and auditor knowledge and mindset in Nigerian public sector. Risk Governance and Control: Financial Markets and Institutions, 4(3), 83–89. https://doi.org/10.22495/rgcv4i3c1art2

59.

PricewaterhouseCoopers (PWC). (2020). PwC’s global economic crime and fraud survey 2020 – Malaysia report. https://www.pwc.com/my/en/publications/2020/economic-crime-survey.html

60.

PricewaterhouseCoopers (PWC). (2022). How auditors combine tech know-how and finance skills to drive innovation. https://www.pwc.com/us/en/tech-effect/automation/audit-technology-and-digital-skills.html

61.

Protiviti. (2023). Executive perspectives on top risks for 2024 and 2034. https://www.protiviti.com/sites/default/files/2024-03/nc-state-protiviti-survey-top-risks_2024-2034_global.pdf

62.

Ringle

C. M.

Wende

Becker

J. M.

(2015). SmartPLS 3.3.9 [Computer Software]. SmartPLS GmbH. http://www.smartpls.com

63.

Santoso

Abdinagoro

S. B.

Aried

(2019). The role of digital literacy in supporting performance through innovative work behavior: The case of Indonesia’s telecommunications industry. International Journal of Technology, 10(8), 1558–1566.

64.

Siriwardane

Kin Hoi Hu

Low

(2014). Skills, knowledge, and attitudes important for present-day auditors. International Journal of Auditing, 18(3), 193–205.

65.

Steinbart

P. J.

Raschke

R. L.

Gal

Dilla

W. N.

(2013). Information security professionals’ perceptions about the relationship between the information security and internal audit functions. Journal of Information Systems, 27(2), 65–86.

66.

Sulanjana

R. A.

Puspitasari

(2018). The effect of competence and independence of internal auditors toward internal audit performance quality at Head Office of BJB Syariah Bank. South East Asia Journal of Contemporary Business, Economics and Law, 16(2), 11–22.

67.

Suraida

(2005). Pengaruh etika, kompetensi, pengalaman audit dan risiko audit terhadap skeptisisme profesional auditor dan ketepatan pemberian opini akuntan publik. Sosiohumaniora, Journal of Social Sciences and Humanities, 7(3), 186–202.

68.

Tippins

M. J.

Sohi

R. S.

(2003) IT competency and firm performance: Is organizational learning a missing link? Strategic Management Journal, 24, 745–761.

69.

Valera-Quispe

P. L.

(2021). Effects of the training program for managers in digital competencies in the framework of good performance in the improvement of the performance of managers of networks 13, 14 and 15 of UGEL 02, 2019. Turkish Journal of Computer and Mathematics Education, 12(14), 3742–3764.

70.

Veerankutty

Ramayah

Ali

N. A.

(2018). Information technology governance on audit technology performance among Malaysian public sector auditors. Social Sciences, 7(8), 124.

71.

Vona

L. W.

(2017). Fraud data analytics methodology: The fraud scenario approach to uncovering fraud in core business systems. Wiley.

Sustainability of Audit Profession in Digital Technology Era: The Role of Competencies and Digital Technology Capabilities to Detect Fraud Risk

Abstract

Keywords

Introduction

Literature Review and Development of Hypotheses

Competency and Effectiveness of Fraud Risk Assessment

Digital Technology Capability and Effectiveness of Fraud Risk Assessment

Moderating Effect of Digital Technology Capability on the Relationship Between Competency and Effectiveness of Fraud Risk Assessment

Methodology

Measurement of Variables

Competency (Knowledge and Experience)

Digital Technology Capability

Findings

Measurement Model

Structural Model

Discussion and Conclusion

Footnotes

Declaration of Conflicting Interests

Funding

ORCID iDs

Data Availability Statement

References