The impact of audit findings on the IT environment of companies in the Czech Republic

Due to ubiquitous digitalization and increasing reliance on IT systems in all-size organizations, the topic of IT auditing is becoming more and more important. The aim of the thesis is to provide an overview of General IT Controls (GITC), The aim of the thesis is to provide an overview of General IT Controls (GITC), which are, on the one hand, generally tested during an IT audit, preceding other processes of a financial audit, while on the other hand, are used to gain an overall understanding of the company's IT process management. The main goal of the thesis is to analyze the reactions of companies operating in the Czech Republic to IT audit findings in the scope of GITC. The author works with a database of IT findings identified in 26 Czech companies from 2019 to 2021. The analysis examines which types of findings are most frequently resolved within different timeframes (one, two, three, or more years). Moreover, it is also explored how organizations address the identified findings on a yearly basis. Finally, the most common reasons for long-term open findings are presented according to statements and responses of the audited companies' representatives. The study aims to confirm or reject four hypotheses. Three hypotheses were confirmed, and one was rejected. The first hypothesis confirms that the company eliminates the most critical findings first. The second confirms that if a finding is not closed within one year, the company is unable or reluctant to address the issue, therefore the finding remains among the unresolved findings (i.e., 3 or more years). The third confirmed hypothesis states that for long-term open findings, companies most often do not consider the finding to be a risk. Lastly, the hypothesis that companies in the financial sector have a better-managed IT environment from the GITC perspective than other sectors is rejected.