Share:


CPA firm’s cloud auditing provider for performance evaluation and improvement: an empirical case of China

    Kuang-Hua Hu Affiliation
    ; Fu-Hsiang Chen Affiliation
    ; Gwo-Hshiung Tzeng Affiliation

Abstract

While CPA (Certified Public Accountant) firms utilize cloud auditing technologies to generate auditing reports and convey information to their clients in the Internet of Things (IoT) Era, they often cannot determine whether cloud auditing is a secure and effective form of communication with clients. Strategies related to cloud auditing provider evaluation and improvement planning are inherently multiple attribute decision making (MADM) issues and are very important to the auditor industry. To overcome these problems, this paper proposes an evaluation and improvement planning model to be a reference for CPA firms selecting the best cloud auditing provider, and illustrates an application of such a model through an empirical case study. The DEMATEL (decision-making trial and evaluation laboratory) approach is first used to analyze the interactive influence relationship map (IIRM) between the criteria and dimensions of cloud auditing technology. DANP (DEMATEL-based ANP) is then employed to calculate the influential weights of the dimensions and criteria. Finally, the modified VIKOR method is utilized to provide improvement priorities for performance cloud auditing provider satisfaction. Based on expert interviews, the recommendations for improvement priorities are privacy, security, processing integrity, availability, and confidentiality. This approach is expected to support the auditor industry to systematically improve their cloud auditing provider selection.

Keyword : CPA (Certified Public Accountant), Cloud computing, provider selection, MADM (multiple attribute decision making), DEMATEL technique, IIRM (interactive influence relationship map), DANP (DEMATEL-based ANP), modified VIKOR method

How to Cite
Hu, K.-H., Chen, F.-H., & Tzeng, G.-H. (2018). CPA firm’s cloud auditing provider for performance evaluation and improvement: an empirical case of China. Technological and Economic Development of Economy, 24(6), 2338-2373. https://doi.org/10.3846/tede.2018.6619
Published in Issue
Dec 20, 2018
Abstract Views
1635
PDF Downloads
960
Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

References

Afshari, A., Mojahed, M., & Yusuff, R. M. (2010). Simple additive weighting approach to personnel selection problem. International Journal of Innovation, Management and Technology, 1(5), 511-515.

AICPA, & CICA. (2009). Generally accepted privacy principles: CPA and CA practitioner version. American Institute of Certified Public Accountants, Canadian Institute of Chartered Accountants.

AICPA. (2013a). Service organization controls – managing risks by obtaining a service auditor’s report. Retrieved from https://www.rubinbrown.com/10957-378_soc_whitepaper.pdf

AICPA. (2013b). Information integrity, 1-24. Retrieved from https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/asec-information-integrity-white-paper.pdf

Axelsen, M., Green, P., & Ridley, G. (2017). Explaining the information systems auditor role in the public sector financial audit. International Journal of Accounting Information Systems, 24, 15-31. https://doi.org/10.1016/j.accinf.2016.12.003

Bergh, L. I. V., Hinna, S., Leka, S., & Zwetsloot, G. I. (2016). Developing and testing an internal audit tool of the psychosocial work environment in the oil and gas industry. Safety Science, 88, 232-241. https://doi.org/10.1016/j.ssci.2015.06.003

Buyya, R., Yeo, C. S., Venugopal, S., Broberg, J., & Brandic, I. (2009). Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation Computer Systems, 25(6), 599-616. https://doi.org/10.1016/j.future.2008.12.001

Cavalcante, E., Batista, T., Lopes, F., Delicato, F. C., Pires, P. F., Rodriguez, N., de Moura, A. L., & Mendes, R. (2012, November). Optimizing services selection in a cloud multiplatform scenario. In 2012 IEEE Latin America Conference on Cloud Computing and Communications (LatinCloud) (pp. 31-36). Porto Alegre. https://doi.org/10.1109/LatinCloud.2012.6508154

Chahal, R. K., & Singh, S. (2016). AHP-based ranking of cloud-service providers. In Information systems design and intelligent applications (pp. 491-499). New Delhi: Springer. https://doi.org/10.1007/978-81-322-2755-7_51

Chen, C., Yan, S., Zhao, G., Lee, B. S., & Singhal, S. (2012). A systematic framework enabling automatic conflict detection and explanation in cloud service selection for enterprises. In 2012 IEEE Fifth International Conference on Cloud Computing (pp. 883-890). https://doi.org/10.1109/CLOUD.2012.95

Chen, F. H. (2015). Application of a hybrid dynamic MCDM to explore the key factors for the internal control of procurement circulation. International Journal of Production Research, 53(10), 2951-2969. https://doi.org/10.1080/00207543.2014.961210

Chen, F. H., Tzeng, G. H., & Chang, C. C. (2015). Evaluating the enhancement of corporate social responsibility websites quality based on a new hybrid MADM model. International Journal of Information Technology & Decision Making, 14(3), 697-724. https://doi.org/10.1142/S0219622015500121

Chen, F. H., & Tzeng, G. H. (2015). Probing organization performance using a new hybrid dynamic MCDM method based on the balanced scorecard approach. Journal of Testing and Evaluation, 43(4), 1-14. https://doi.org/10.1520/JTE20130181

Chen, H. K., Lin, C. Y., & Chen, J. H. (2014, April). A multi-objective evolutionary approach for cloud service provider selection problems with dynamic demands. In European Conference on the Applications of Evolutionary Computation (pp. 841–852). Berlin, Heidelberg: Springer. https://doi.org/10.1007/978-3-662-45523-4_68

Chou, D. C. (2015). Cloud computing risk and audit issues. Computer Standards & Interfaces, 42, 137-142. https://doi.org/10.1016/j.csi.2015.06.005

Dastjerdi, A. V., Tabatabaei, S. G. H., & Buyya, R. (2010). An effective architecture for automated appliance management system applying ontology based cloud discovery. In 10th IEEE/ACM International Conference on Cluster, Cloud and Grid Computing (CCGrid), 2010. Melbourne, Australia: IEEE. https://doi.org/10.1109/CCGRID.2010.87

Deng, D., Wen, S., Chen, F. H., & Lin, S. L. (2018). A hybrid multiple criteria decision making model of sustainability performance evaluation for Taiwanese certified public accountant firms. Journal of Cleaner Production, 180, 603-616. https://doi.org/10.1016/j.jclepro.2018.01.107

Dong, X., Yu, J., Zhu, Y., Chen, Y., Luo, Y., & Li, M. (2015). SECO: Secure and scalable data collaboration services in cloud computing. Computers & Security, 50, 91-105. https://doi.org/10.1016/j.cose.2015.01.003

Dowling, C., & Leech, S. A. (2014). A big 4 firm’s use of information technology to control the audit process: How an audit support system is changing auditor behavior. Contemporary Accounting Research, 31(1), 230-252. https://doi.org/10.1111/1911-3846.12010

Du, H., & Li, Z. (2011). Online-backup system for cloud computing storage. Energy Procedia, 13, 8194-8202.

Gabus, A., & Fontela, E. (1972). World problems, an invitation to further thought within the framework of DEMATEL. Battelle Geneva Research Center, Geneva, Switzerland.

Ghosh, N., Ghosh, S. K., & Das, S. K. (2015). SelCSP: A framework to facilitate selection of cloud service providers. IEEE Transactions on Cloud Computing, 3(1), 66-79. https://doi.org/10.1109/TCC.2014.2328578

Godse, M., & Mulik, S. (2009, September 21-25). An approach for selecting software-as-a-service (SaaS) product. In IEEE International Conference on Cloud Computing (pp. 155-158). Bangalore, India. https://doi.org/10.1109/CLOUD.2009.74

Gray, D. (2008). Forensic accounting and auditing: Compared and contrasted to traditional accounting and auditing. American Journal of Business Education, 1(2), 115-126. https://doi.org/10.19030/ajbe.v1i2.4630

Hsu, W. C. J., Tsai, M. H., & Tzeng, G. H. (2018). Exploring the best strategy plan for improving the digital convergence by using a hybrid MADM model. Technological and Economic Development of Economy, 24(1), 164-198. https://doi.org/10.3846/20294913.2016.1205531

Hu, K. H., Chen, F. H., Tzeng, G. H., & Lee, J. D. (2015). Improving corporate governance effects on an enterprise crisis based on a new hybrid DEMATEL with the MADM model. Journal of Testing and Evaluation, 43(6), 1395-1412. https://doi.org/10.1520/JTE20140094

Hu, K.-H., Jianguo, W., & Tzeng, G.-H. (2018). Improving China’s regional financial center modernization development using a new hybrid MADM model. Technological and Economic Development of Economy, 24(2), 429-466. https://doi.org/10.3846/20294913.2016.1213195

Janvrin, D., Caster, P., & Elder, R. (2010). Enforcement release evidence on the audit confirmation process: Implications for standard setters. Research in Accounting Regulation, 22(1), 1-17. https://doi.org/10.1016/j.racreg.2010.02.002

Kanagasabai, R. (2012). OWL-S based semantic cloud service broker. In IEEE 19th International Conference on Web Services (ICWS) (pp. 560-567). IEEE: Honolulu, HI.

Kleijnen, J. P. C. (2005). An overview of design and analysis of simulation experiments for sensitivity analysis. European Journal of Operational Research, 164(2), 287-300. https://doi.org/10.1016/j.ejor.2004.02.005

Ko, Y. C., & Fujita, H. (2016). Evidential weights of multiple preferences for competitiveness. Information Sciences, 354, 211-221. https://doi.org/10.1016/j.ins.2016.03.024

Krishna, B. H., Kiran, S., Murali, G., & Reddy, R. P. K. (2016). Security issues in service model of cloud computing environment. Procedia Computer Science, 87, 246-251. https://doi.org/10.1016/j.procs.2016.05.156

Kwon, H. K., & Seo, K. K. (2014). A fuzzy AHP based multi-criteria decision-making model to select a cloud service. International Journal of Smart Home, 8(3), 175-180. https://doi.org/10.14257/ijsh.2014.8.3.16

Lee, K., Park, C., & Yang, H. D. (2013). Development of service verification methodology based on cloud computing interoperability standard. International Journal of Smart Home, 7(5), 57-66. https://doi.org/10.14257/ijsh.2013.7.5.06

Lee, K., Park, C., & Yang, H. D. (2015). Development of a cloud computing interoperability-based service certification. International Journal of Security and its Applications, 9(12), 11-20. https://doi.org/10.14257/ijsia.2015.9.12.02

Limam, N., & Boutaba, R. (2010). Assessing software service quality and trustworthiness at selection time. IEEE Transactions on Software Engineering, 36(4), 559-574. https://doi.org/10.1109/TSE.2010.2

Liou, J. J. H., Chuang, Y. H., & Tzeng, G. H. (2014). A fuzzy integral-based model for supplier evaluation and improvement. Information Sciences, 266(10), 199-217. https://doi.org/10.1016/j.ins.2013.09.025

Liu, J., Huang, X., & Liu, J. K. (2015). Secure sharing of personal health records in cloud computing: ciphertext-policy attribute-based signcryption. Future Generation Computer Systems, 52, 67-76. https://doi.org/10.1016/j.future.2014.10.014

Liu, K. M., Lin, J. C., Hsieh, J. C., & Tzeng, G. H. (2018). Improving the food waste composting facilities site selection for sustainable development using a hybrid modified MADM model. Waste Management, 75, 44-59. https://doi.org/10.1016/j.wasman.2018.02.017

Liu, Q., Wang, G., & Wu, J. (2012). Secure and privacy preserving keyword searching for cloud storage services. Journal of Network and Computer Applications, 35(3), 927-933. https://doi.org/10.1016/j.jnca.2011.03.010

Lu, M. T., Hu, S. K., Huang L. H., & Tzeng, G. H. (2015). Evaluating the implementation of business-to-business m-commerce by SMEs based on a new hybrid MADM model. Management Decision, 53(2), 290-317. https://doi.org/10.1108/MD-01-2014-0012

Mackay, M., Baker, T., & Al-Yasiri, A. (2012). Security-oriented cloud computing platform for critical infrastructures. Computer Law & Security Review, 28(6), 679-686. https://doi.org/10.1016/j.clsr.2012.07.007

Mansouri, N. (2016). Adaptive data replication strategy in cloud computing for performance improvement. Frontiers of Computer Science, 10(5), 925-935. https://doi.org/10.1007/s11704-016-5182-6

Martens, B., & Teuteberg, F. (2012). Decision-making in cloud computing environments: A cost and risk based approach. Information Systems Frontiers, 14(4), 871-893. https://doi.org/10.1007/s10796-011-9317-x

Martens, B., Teuteberg, F., & Gräuler, M. (2011). Design and implementation of a community platform for the evaluation and selection of cloud computing services: A market analysis. In ECIS 2011 Proceedings. 215. Retrieved from https://aisel.aisnet.org/ecis2011/215

Mazalov, V., Lukyanenko, A., & Luukkainen, S. (2015). Equilibrium in cloud computing market. Performance Evaluation, 92, 40-50. https://doi.org/10.1016/j.peva.2015.07.002

Menzel, M., Schönherr, M., & Tai, S. (2013). (MC2) 2: criteria, requirements and a software prototype for cloud infrastructure decisions. Software: Practice and Experience, 43(11), 1283-1297. https://doi.org/10.1002/spe.1110

Nicolaou, C. A., Nicolaou, A. I., & Nicolaou, G. D. (2012). Auditing in the cloud: challenges and opportunities. The CPA Journal, 82(1), 66-70.

Nie, G., She, Q., & Chen, D. (2012). Evaluation index system of cloud service and the purchase decisionmaking process based on AHP. Proceedings of the 2011 International Conference on Informatics, Cybernetics, and Computer Engineering (ICCE2011). Melbourne, Australia: Springer.

Opricovic, S. (1998). Multicriteria optimization of civil engineering systems. Faculty of Civil Engineering Belgrade, 2(1), 5-21.

Opricovic, S., & Tzeng, G. H. (2007). Extended VIKOR method in comparison with outranking methods. European Journal of Operational Research, 178(2), 514-529. https://doi.org/10.1016/j.ejor.2006.01.020

Prosch, M. (2008). Protecting personal information using Generally Accepted Privacy Principles (GAPP) and continuous control monitoring to enhance corporate governance. International Journal of Disclosure and Governance, 5(2), 153-166. https://doi.org/10.1057/jdg.2008.7

Ramachandran, M., & Chang, V. (2016). Towards performance evaluation of cloud service providers for cloud data security. International Journal of Information Management, 36(4), 618-625. https://doi.org/10.1016/j.ijinfomgt.2016.03.005

Ren, W., Yu, L., Gao, R., & Xiong, F. (2011). Lightweight and compromise resilient storage outsourcing with distributed secure accessibility in mobile cloud computing. Tsinghua Science & Technology, 16(5), 520-528. https://doi.org/10.1016/S1007-0214(11)70070-0

Repschläger, J., Wind, S., Zarnekow, R., & Turowski, K. (2011, September 22–23). Developing a cloud provider selection model. In Enterprise Modelling and Information Systems Architectures (EMISA 2011) (pp. 163-176). Hamburg, Germany.

Saaty, T. L. (1990). How to make a decision: the analytic hierarchy process. European Journal of Operational Research, 48(1), 9-26. https://doi.org/10.1016/0377-2217(90)90057-I

Saaty, T. L. (1996). Decision making with dependence and feedback: Analytic network process. Pittsburgh: RWS Publications

Saaty, T. L. (2004). Decision making – the analytic hierarchy and network processes (AHP/ANP). Journal of Systems Science and Systems Engineering, 13(1), 1-35. https://doi.org/10.1007/s11518-006-0151-5

Sanayei, A., Mousavi, S. F., Abdi, M. R., & Mohaghar, A. (2008). An integrated group decision-making process for supplier selection and order allocation using multi-attribute utility theory and linear programming. Journal of the Franklin Institute, 345(7), 731-747. https://doi.org/10.1016/j.jfranklin.2008.03.005

Shen, K. Y., & Tzeng, G. H. (2016). Combining DRSA decision-rules with FCA-based DANP evaluation for financial performance improvements. Technological and Economic Development of Economy, 22(5), 685-714. https://doi.org/10.3846/20294913.2015.1071295

Shin, D. H. (2013). User centric cloud service model in public sectors: Policy implications of cloud services. Government Information Quarterly, 30(2), 194-203. https://doi.org/10.1016/j.giq.2012.06.012

Shkurti, R., & Muça, E. (2014). An analysis of cloud computing and its role in accounting industry in Albania. Journal of Information Systems & Operations Management, 8(2), 1-12.

Simon, H. A. (1955). A behavioral model of rational choice. The Quarterly Journal of Economics, 66(1), 99-118. https://doi.org/10.2307/1884852

Simon, H. A. (1956). Rational choice and the structure of the environment. Psychological Review, 63(1), 129-138. https://doi.org/10.1037/h0042769

Sood, S. K. (2012). A combined approach to ensure data security in cloud computing. Journal of Network and Computer Applications, 35(6), 1831-1838. https://doi.org/10.1016/j.jnca.2012.07.007

System and Organization Controls 3 Report. (2017, December). Retrieved from https://d1.awsstatic.com/whitepapers/compliance/AWS_SOC3.pdf

Tarmidi, M., Rasid, S. Z. A., Alrazi, B., & Roni, R. A. (2014). Cloud computing awareness and adoption among accounting practitioners in Malaysia. Procedia-Social and Behavioral Sciences, 164, 569-574. https://doi.org/10.1016/j.sbspro.2014.11.147

Toy, A., & Hay, D. C. (2015). Privacy auditing standards. Auditing: A Journal of Practice & Theory, 34(3), 181-199. https://doi.org/10.2308/ajpt-50932

Van Akkeren, J., Buckby, S., & MacKenzie, K. (2013). A metamorphosis of the traditional accountant: An insight into forensic accounting services in Australia. Pacific Accounting Review, 25(2), 188-216. https://doi.org/10.1108/PAR-06-2012-0023

Wang, C., Wood, L. C., Abdul-Rahman, H., & Lee, Y. T. (2016). When traditional information technology project managers encounter the cloud: Opportunities and dilemmas in the transition to cloud services. International Journal of Project Management, 34(3), 371-388. https://doi.org/10.1016/j.ijproman.2015.11.006

Wang, F. Y., Zhang, H., & Liu, D. (2009). Adaptive dynamic programming: an introduction. Computational Intelligence Magazine, 4(2), 39-47. https://doi.org/10.1109/MCI.2009.932261

Yang, J., Lin, W., & Dou, W. (2013). An adaptive service selection method for cross‐cloud service composition. Concurrency and Computation: Practice and Experience, 25(18), 2435-2454. https://doi.org/10.1002/cpe.3080

Yavuz, A. A., & Ning, P. (2009, December). Baf: An efficient publicly verifiable secure audit logging scheme for distributed systems. In Computer Security Applications Conference, 2009. ACSAC’09. Annual (pp. 219-228). IEEE.

Yigitbasioglu, O. M. (2015). External auditors’ perceptions of cloud computing adoption in Australia. International Journal of Accounting Information Systems, 18, 46-62. https://doi.org/10.1016/j.accinf.2015.09.001

Yu, J., Xiao, X., & Zhang, Y. (2016). From concept to implementation: The development of the emerging cloud computing industry in China. Telecommunications Policy, 40(2), 130-146. https://doi.org/10.1016/j.telpol.2015.09.009

Yu, P. L. (1973). A class of solutions for group decision problems. Management Science, 19(8), 936-946. https://doi.org/10.1287/mnsc.19.8.936

Zhang, H., Ye, L., Shi, J., Du, X., & Guizani, M. (2014). Verifying cloud service‐level agreement by a third-party auditor. Security and Communication Networks, 7(3), 492-502. https://doi.org/10.1002/sec.740

Zhao, L., Ren, Y., Li, M., & Sakurai, K. (2012). Flexible service selection with user-specific QoS support in service-oriented architecture. Journal of Network and Computer Applications, 35(3), 962-973. https://doi.org/10.1016/j.jnca.2011.03.013

Zheng, Z., Wu, X., Zhang, Y., Lyu, M. R., & Wang, J. (2013). QoS ranking prediction for cloud services. IEEE Transactions on Parallel and Distributed Systems, 24(6), 1213-1222. https://doi.org/10.1109/TPDS.2012.285

Zhu, W., & Lee, C. (2016). A security protection framework for cloud computing. Journal of Information Processing Systems, 12(3), 538-547.

Zhu, Y., Hu, H., Ahn, G. J., & Yau, S. S. (2012). Efficient audit service outsourcing for data integrity in clouds. Journal of Systems and Software, 85(5), 1083-1095. https://doi.org/10.1016/j.jss.2011.12.024

Zionts, S., & Wallenius, J. (1983). An interactive multiple objective linear programming, method for a class of underlying nonlinear utility functions. Management Science, 29(5), 519-529. https://doi.org/10.1287/mnsc.29.5.519