Competence and Professional Care of External Auditor on Information Technology Audit

The purpose of this study is to determine the influence of competence and professional care of external auditor on information technology audit in the public accounting firm in Bandung. The method used in this research was survey method with descriptive and verification approach, as well as by using primary data. According to the research, competence partially had no effect on information technology audit, while professional care partially affected the information technology audit. On the other words, competence and due professional care simultaneously influenced information technology audit significantly by 54.7%, while 45.3% was influenced by other variables not studied e.g independence, software usage auditing, performance auditing.


INTRODUCTION
The use of information technology by companies in recent years has increased significantly.Companies or organizations tend to take advantage of technological advances to improve the efficiency of the company in order to boost revenue and improve company performance.The use of computer-based information system in the field of accounting has become important in improving the reliability and accuracy of data (output) generated.Compared with manual data processing, computer-based information system has the advantage of being able to process data more quickly and easily so it does not take long for the company to produce information, as stated by Rainer and Ceigielski (2012:5); Turban and Volonino (2012:8); Bodnar and Hopwood (2014:15).
The use of information technology provides the impact like a two sided coin for the company; on one hand the company get a positive impact of the use of information technology in business activity but on the other hand the use of technology has a negative impact due to the increasing vulnerability resulting from the development of information system for corporate security.
Risks that may occur due to the vulnerability of information technology/information system for the company are data loss, decision making errors, data leakage risk, computer misuse, loss due to miscalculation, high value of computer hardware and software investment (Agoes and Hoesada, 2012: 231-232).Meanwhile, according to Hall, James and Singleton (2007: 313-315), the risk of information technology vulnerability is divided into 2 namely: internal risk, there are a number of risks associated with the network, especially the Internet.However, what is surprising is that most destructive activity does not come from outside, but comes from insiders and common system failures.Disappointed employees, recently dismissed employees, perpetrators of fraud, former contractors or consultants, and others sometimes want revenge and are motivated to carry out destructive attacks on old companies and external risks from hackers, white hat hackers, crackers, scripts kiddies, viruses, cyber terrorism.
The risk of using information technology is necessary to audit the information system which basically is assurance on the readiness of the system based on certain criteria.Then, based on the auditor's testing will provide recommendations of necessary improvements (Agoes and Hoesada, 2012: 233).
The use of information technology also has an impact on auditing.This is due to changes in the corporate environment using computerized data processing so that auditors need an understanding of client (auditee) information technology, as stated by Arens, et.al. (2014: 380); Agoes (2013: 238)  Information Technology (IT) will continue to dramatically impact virtually every phase of the audit, from audit-generated audit programs to auditing software capable of testing all client data, technology is essential for accountants to understand the client's business processes and to be associated with a paperless audit environment (Nugroho, 2011).
The evidence produced in a computerized accounting system has different characteristics from traditional or manual accounting.Electronic evidence can contain four basic forms of information: text, data, video, and sound.As with traditional evidence, electronic evidence can increase the problems associated with the reliability, completeness, and integrity of evidence and also demand the need of more control than traditional evidence.However, the electronic evidence in the EDP system is not necessarily required to replace traditional evidence in every system.
According to Akmal and Hadi (2010: 17), there are 4 types of audits conducted on information technology systems, namely: (1) Audit around the Computer, (2) Audit with the Computer, (3) Audit through the Computer, and (4) Computer Assisted Audit Techniques (CAATs).The stages done in the information technology audit according to Hall (2011: 10-11) are Audit planning, Test of Control, and Substantive Testing..
Another impact of the use of information technology in the field of auditing is the shift of traditional auditing into continuous auditing (Antonio, 2014).Many business processes are dominated by IT/IS applications: therefore continuous auditing is able to provide timely, reliable information, capable to reduce audit cycle thus results in costs savings and promotes positive social impacts (Rahman, Alifah et al, 2014).
The changing of corporate environment that involves information technology in all company activities, the information technology audit required different competencies compared with traditional or manual audits.According to Tuanakotta (2011: 64), auditor competence is an auditor's expertise gained from knowledge, experience, and training.In conducting the audit, an auditor must have a good personal quality, has formal education in the field of auditing and accounting, adequate knowledge, adequate practice experience and special expertise in their field.In carrying out information technology audit the auditors expected to have the knowledge, understanding, experience and expertise on information technology, although the knowledge is beyond the discipline.Halim (2015:299) states that auditors should study the audit by using a computer to compensate for the progress of data processing technology and the progress of financial information applied by its clients.Arens, et al (2014:380) states that because auditors are responsible for obtaining an understanding of internal control, they must be knowledgeable about general and application controls, whether the client's use of IT is simple or complex.Knowledge of general controls increases the auditor's ability to assess and rely on effective application controls to reduce controls to reduce control risk for related audit objectives.For public company auditor who must issue an opinion on internal control over financial reporting, knowledge of both general and application IT controls is essential.
Meanwhile, according to Agoes and Hoesada (2012: 48-49), the minimum competencies that must be possessed by auditor in information technology are: (1) Basic knowledge of computer and computer functions in general, (2) Basic knowledge of operating system and software (4) Ability to work with audit tools, (5) Ability to review documentation system, (6) Basic knowledge of internal control on information computer system (ICT), ( 7) Adequate knowledge in the development of audit plan and supervision of audit implementation in ICT environment (IAI 2001: 335.3), ( 8) Understanding the dynamics of development of system and program changes within an entity.
In addition to sufficient competence required, in terms of information technology, audit also requires professional care due to changes in the procedures and techniques used in performing audit tasks because the use of information technology by the company will lead to changes in data collection and processing of computerized data, making auditors perform increasingly complex analyzes (Putra and Noviari, 2013).The use of information technology, it will also make written evidence reduced so that an auditor must understand the routine access into the system, authorization and organization system and understand how the system works to calculate.
Frederick Gallagos and Anna Carlin (2004) research on best practice in due professional care: an IT audit perspective provides the result that due professional care serves as a foundation to ensure that the client a high quality review, in the post Sarbanes-Oxley Act era, their practice of due professional care is critical in establishing public confidence in business.
Another study on due professional care in information technology audits is conducted by Devale and Kulkarni (2015) on a role of knowledge based system in information system audit which gave results that computer aided audit techniques may produce a large proportion of the audit evidence developed on IS audits and, as a result, the IS auditor should carefully plan for and exhibit due professional care in the use of computer aided audit techniques.
According to the ISACA IS 1005 standard, it explains that IS audit and assurance professionals shall exercise due professional care, including observance of applicable professional audit standards, in planning, performing and reporting on the results of engagements.
Competence and Professional Care of External Auditor on Information Technology Audit Meanwhile, according to Devale and Kulkarni (2015), the IS auditor should carefully plan for and exhibit due to professional care in the use of Computer Aided Audit Techniques.
According to Senft and Gallagos (2009: 58), the importance of competence and due professional care for information technology auditors is when IT auditors attain their certificate information system auditor (CISA), they also subscribe to a Code Of Professional Ethics is code applies to not only the professional conduct but also the personal conduct of IT auditors.It requires that the ISACA standards are adhered to, confidentiality is maintained, any illegal or improper activities are reported, the auditors competence is maintained, due care is used in the course of the audit, the results of audit work is communicated, and high standards of conduct and character are maintained.
The statement of Senft and Gallagos it can be understood that when an information technology auditor who has a certificate from CISA, the auditor must comply with the professional code as an information technology auditor.In the professional code, an information technology auditor needs to maintain competence, the use of due professional care in the implementation of information technology audit, the use of good communication regarding the audit results and the use of high standards that must be maintained by information technology auditors in carrying out information technology audit tasks.
The purpose of this study is to find out how much influence partially and simultaneously competence and due professional care variables on information technology audit variable by conducting a survey at public accounting firms in Bandung, with the research paradigm shown in Figure 1.

METHODS
The approach used was descriptive and verificative, which in this study sought to describe and also interpret the influence between the relationship of the variables to be examined and its purpose to present the picture in a structured, factual, and accurate about the facts of the relationship between the variables studied.
Objects in this study were competence, due professional care of external auditor and information technology audit at public accounting firms in Bandung.Operationalization variables described in Table 1.
The sample used in this study was taken from the population of external auditors from Public Accounting Firms in Bandung, with the number of samples considered to be representative of the existing population.
Samples for this study was as many as 52 respondents and the number of data that had been managed to return to the author was 40 respondents.

RESULTS
The result of descriptive analysis for auditor competency obtained is score of 96.If the value was compared to author's criteria, then the value went into "Very Competent" criteria.This was reflected by the fulfillment of aspects related to the competence of auditors that included education, continuing professional education, and experience.Although there were still disadvantages of the competence, namely the difference in the understanding of auditors about the importance of formal education in achieving audit expertise, difference in the understanding of the importance of conducting all audit training, difference in the understanding of the importance of audit engineering experience to improve auditor expertise.These differences should not occur if all auditors were aware of the importance of improving their audit competencies.
Based on the results of descriptive analysis, professional care scored 108.If the value is compared to author's criteria, then the value went into the criteria of truly have due professional care.This was reflected by the fulfillment of aspects related to due professional care that included professional skepticism and adequate certainty.Nevertheless, the weakness of due professional care was that there was a difference in the auditor's understanding of the importance of auditor to be credible in auditing clients, maintaining credible attitude during the audit, the importance of prioritizing work experience to improve audit expertise, the importance of prioritizing ongoing professional education to improve audit skills.The difference of understanding should not occur if all auditors realized that the audit work is a job of maintaining the trust of various parties.Therefore it is very important for an auditor to always maintain the attitude of due professional care in conducting the audit.

Muhamad Sandi Akbar
Ida Suraida From the results of calculation scores and questionnaires assessment, information technology audit obtained score of 104.If the value was compared to author's criteria, then the value went into good criteria.It can be concluded that the provision of information technology audit services provided by Public Accounting Firms in Bandung City is categorized good.It was reflected by the fulfillment of aspects related to information technology audit that included general controls and application controls.However, there were still disadvantages namely there were still difference in auditor's understanding of the use of one of the information technology audit technique that was the use of embedded audit module approach techniques to identify the type of transactions, the use of CAATs to assist auditors in auditing information technology, on the importance of understanding the client's contingency plan in understanding the control of general controls, on the importance of observing the separation of client IT work to understand the control of general controls.It should not occur if all auditors understand the information technology audit because in the concept of information technology audit is the control of general controls and application controls including the use of audit techniques that can assist auditors in conducting information technology audit.
Based on Table 2, equation is obtained from IBM SPSS Statistics Version 23, as followed: The result of regression coefficient showed the value of constant coefficient was 23,887.It meant that if competence (X 1 ) and due professional care (X 2 ) are considered constant, then the value of information technology audit (Y) will be constant 23,887.Competence (X 1 ) had a regression coefficient of -0.059 which meant that the higher level of competence owned by the auditor or if there is improvement of auditor's competence up by 1 unit/level, it will tend to decrease information technology audit (Y) by -0.059, while due professional care (X 2 ) had a regression coefficient of 0.660 which meant that the higher due professional care owned by the auditor or if there is improvement of auditor's due professional care by 1 unit level, there will be an increase in the value of information technology audit by 0.660.
Based on Table 3, we get information that R is 0.740.The value indicated that competence and due professional care simultaneously gave contribution or influence to information technology audit by R-Square (0.547) known as coefficient of determination, calculated from squaring correlation coefficient: KD = (0,740) 2 (0,740) 2 x 100% = 54.7% While the rest of 100% -54.7% = 45.3%, it was influenced by other variables that were not examined such as independence, performance auditing.
To see the influence of each independent variable on dependent variable, the calculation was done using Beta x Zero Order formula.Beta is a standardized regression coefficient, whereas Zero Order is a partial correlation of every independent variable to the dependent variable.By using IBM SPSS Statistics Version 23, beta and zero order values were obtained (Table 4).
Based on Table 4, it can be calculated to obtain the partial influence of each independent variable, as followed: X 1 : -0,066 x 0,592 = -0,039 or -3,9% X 2 : 0,793 x 0,739 = 0,586 or 58,6% Based on the above calculation with the beta x zero order formula, it can be seen the effect of competence on information technology audit amounted to -3.9%, and the influence of due professional care on information technology audit was 58.6%.
Based on Table 2 it can be seen that the value of tcount obtained by competence was -0.332 with a significance value of 0.742.That meant that partially competence of external auditor had no significant effect on information technology audit.
The results of this study indicated that this study was consistent with previous research by Sasongko (2002) that stated that the ability of information system audit techniques has no significant effect on information system audit, and Ayuni (2008) stated that education, training, assignment experience and length of work experience (included in the competency dimension) had no significant effect on audit quality of computerbased information system.
Based on Table 2 it can be seen that t count obtained by due professional care (X 2 ) was 4.102 with a significance value of 0.000.That meant partially due professional care had a significant effect on information technology audit.
The results of this study indicated that this study was consistent with previous research by Frederick Gallegos (2004) who stated that due professional care serves as a foundation to ensure that the client receives a high-quality review and research by Devale and Kulkarni (2015) who stated that computer aided audit techniques may produce a large proportion of the audit evidence developed on IS audits and, as a result, the IS auditor should carefully plan for and exhibit due professional care in the use of computer aided audit techniques.The main difficulty and modeling and formalizing knowledge in the audit field is the complexity of information system audit, which requires performing of some expertise that use knowledge from separate or interrelated field of knowledge.
Based on Table 5 with a significance value of 0.000, it means that simultaneously competence and due professional care had a significant effect on information technology audit.
Competence and Professional Care of External Auditor on Information Technology Audit

CONCLUSION
Competence of auditors at public accounting firms in Bandung City was in the category of very competent, but there were still weakness namely the difference of understanding from auditors on the importance of formal education in order to achieve audit expertise, difference of understanding on the importance of carrying out the entire audit field training, on the importance of audit engineering experience to improve auditor expertise.
Due professional care at public accounting firms in Bandung City was in the category of truly have due professional care, but there were still weakness namely the difference of understanding from auditors about the importance of auditors to be trusted in auditing clients, maintaining credible attitude when conducting audits, the importance of prioritizing work experience to improve audit expertise, the importance of prioritizing ongoing professional education to improve audit expertise.
Information technology audit on public accounting firms in Bandung City was in the category of good, but there were still weaknesses namely the difference of understanding from the auditors regarding the use of one of the information technology techniques audit that was the use embedded audit module approach techniques to identify the type of transactions, the use of CAATs to assist auditors in information technology audit, on the importance of understanding the client's contingency plan in understanding the control of general controls, on the importance of observing the separation of client IT work to understand the control of general controls .
Partially, competence had no significant effect on information technology audit, indicating that information technology audit will not work well if the auditor relies only on their competence, and partially due professional care had a significant effect on information technology audit with influence contribution of 58.6%.This indicated that due professional care can lead to better results in company technology audit, while simultaneously competence and due professional care had a significant effect on information technology audit with influence contributing of 54.7%.This indicated that in an information technology audit an auditor not only rely on competence but must be coupled with due professional care so information technology audit can provide good, accurate and precise results.
Figure 1.Research Paradigm Based on the formulation of problem and framework, the research hypotheses are formulated as follow: (a) competence influences information technology audit, (b) due professional care influences information technology audit, (c) competence and due professional care simultaneously influence information technology audit.