Leveraging computer-assisted audit tools for corporate sustainability: Evidence from Ethiopia

: The existing ample literature studied the factors for adopting computer-assisted audit techniques (CAATs) by internal and external auditors, frequently ignoring their impact on the quality of audits and companies’ efficiency. This study delivers new evidence on the kinds of CAATs utilized by internal auditors, examines their adoption impact on corporate sustainability, and studies the moderating impact of company characteristics. This study used data from internal auditors in Ethiopia gathered using a survey, and the study hypotheses were tested using the partial least squares-structural equation modeling (PLS-SEM) technique. The study found a moderate utilization of CAATs by internal auditors in executing their activities. The result also revealed a highly positive impact of internal auditors’ CAAT utilization on fraud discovery in the acquisition process. The study found that the intensity of this relationship is impacted by the companies’ characteristics of management commitment. However, the size and type of the company are not impacting it. This study finding complements prior studies and helps practitioners make decisions that can improve CAAT utilization in internal audit functions for a high level of companies’ sustainability.


Introduction
As time changes, firms' objectives have transformed substantially, which leads to theories being introduced (Zumente and Bistrova, 2021).The shareholder theory and the stakeholder theory that demonstrates the fundamental corporate objective were introduced by Friedman (1970) and Freeman (1984), respectively.The shareholder theory is a theory that emphasizes financial goals as the means for shareholder worth maximization.On the other hand, a theory that elaborates more associated responsibility is a way to maximize company value, creating value for stakeholders.The main motives for a company's commitments to its stakeholders are sustainability and long-lasting value formation, as demonstrated by Zumente and Bistrova (2021).Thus, companies should play a role in the community's welfare and the environment.
The companies' ability or commitment to preserving resources, targeting to fulfill current demands and those of the upcoming generation, is considered sustainable (Issa et al., 2017).According to Elkington (1999), sustainability ensures that our current activities do not hinder the scope of social, environmental, and economic opportunities available to the upcoming generations.The author used a triple bottom line that constitutes three elements (economic, environmental, and social) to assess firms' performance.Hence, firms are being directed to harmonize these elements by concentrating on profit, the planet, and people (3Ps).
The business going concern faced significant threats from fraud, which was often found to be the reason for the failure of firms and economic, social, and environmental disasters (J.Margret and Hoque, 2016).Hence, fraudulent actions weaken the capability of firms to become more sustainable.According to Ramos Montesdeoca et al. (2019), a decline in responsibility arises from the absence of ethics in business, which opens the road to fraud to occur, which has a dangerous outcome for organizations, like loss of image, reputation, and value.The study of Martí nez-Ferrero et al. (2013) confirmed that fraud and sustainability practices have a negative relationship.Based on the findings of Jan (2018), financial reports fraud harms the sustainable growth of businesses and financial markets.Thus, forming a practical framework to identify companies' financial report fraud is crucial.
Firms need to realize their objectives and fulfill all stakeholders' interests in corporate governance.The study of Elkington (1999) revealed that ensuring the effective attainment of the triple bottom line sound corporate governance system will allow the firm to play a role in a real, sustainable business.Some scholars (Leung et al., 2004) confirm the significance of internal auditing and its optimistic consequence for firm governance and management.Internal auditing is vital in enterprise risk management (Westhausen, 2017;Shapiro, 2014;Demirović et al., 2021) as a component of the internal control system, mainly in solid control of fraud risk.Human capital is a fundamental driver of company performance, also revealed in auditing (Samagaio and Rodrigues, 2016).According to Shapiro (2014), mutual human capital and computer-based systems can advance the internal control system of companies.Hence, the internal auditor must be skillful to some extent and assisted by tools such as technology.In numerous pieces of literature (Meredith et al., 2020), technology has been seen as a means of decision support.Specifically, technology in this study denotes a handy tool called computer-assisted audit techniques (CAATs).
This study examines the relationship between corporate sustainability and adopting CAATs by internal auditors in government-owned and private companies in Ethiopia.The research has three specific objectives: identify the usage of CAATs by internal auditors, examine the impact of CAATs on corporate sustainability, and investigate the moderating impact of firm characteristics in the association between the adoption of CAATs and corporate sustainability.
The feature standards for the professional activities of internal auditing by the Institute of Internal Auditors (IIA, 2017) indicate that internal auditors shall have adequate understanding to examine fraud risk (standard 1210, A2) and that in practicing due professional care, they should ponder the implementation of technology-oriented audit and other data analysis methods (standard 1220, A2).Accordingly, adopting technology-oriented auditing techniques and skills might be necessary to perform effective work, explicitly in avoiding and discovering fraudulent activities.However, the existing pieces of literature (Henderson et al., 2016) focus on the determinants for the adoption of CAATs by internal auditors or the influence of CAAT usage on fraud discovery by external auditors.Conversely, few authors (Coderre, 2000) promote the positive impact of CAATs adoption on fraud risk examination by internal auditors, deprived of justifying this suggestion with empirical investigations.Hence, this study's key motive is to enlarge the knowledge about the impact of CAATs on fraud detection, which has a role in developing the sustainability of companies.With this context, the study hypothesized that CAAT adoption positively impacts internal auditors' fraudulent schemes detection scope.On this proposed relationship, three other hypotheses were developed to see the moderation effect of company characteristics attributes such as company ownership, company size, and management commitment.
In the survey, the data were obtained from 83 internal auditors working in government-owned and private companies in Ethiopia, and the study hypotheses were tested by employing the partial least squares-structural equation modeling (PLS-SEM).The outcomes of the study recommend that utilizing CAATs improves the capability of internal auditors to manage fraud risk in the companies' acquisition process.The study also found that the intensity of this association is impacted by the company characteristics, which is the top management commitment, but not by the company size or type.The following part of this study contains five sections: the literature review, research method, results, discussion, and conclusions section.

Value creation for shareholders
With the rise of numerous theories like shareholder theory and stakeholder theory to assist businesses' mission statements, Zumente and Bistrova (2021) recommend that shareholder value creation be assisted by focusing more on a long-term orientation rather than a short-term one.Therefore, in the long run, the firm shall be concerned with its activities to guarantee its existence in the economy (Bistrova and Lace, 2012) by acting more responsibly and sustainably.At this point, two concepts are raised: sustainability and corporate social responsibility.Elkington (2006) demonstrated that developing and employing a solid corporate governance system is essential to guarantee shareholder value creation by acting more sustainably and responsibly.Weak corporate governance will encourage corporate fraud, deviation of resources, and, later, financial scandals (Atu et al., 2014).Unluckily, citizens have been seen harm through many cases of fraud all over the world.Ignoring the presence of corporate fraud and its impact has an advantage for cheaters, jeopardizing the stakeholders' needs and, sometimes, the community where firms are operating (Coderre, 2000).Even before these recent scandals, demand for non-financial information has increased, particularly in ethical, social, and environmental matters.Demand for non-financial reports has risen (Ramos Montesdeoca et al., 2019), mainly in ethical, environmental, and social issues.The scholars (Rossouw, 2005) demonstrate the significance of coordinating these areas because of their linking to corporate social responsibility, which is a potential main drive.
Furthermore, the European Commission 2021 presented its outline for a Corporate Sustainability Reporting Directive, which aims to review and fortify the non-financial reporting directive and to get sustainability reporting in time, equally with financial reporting.Firms will have to report how sustainability matters impact their operations and the effect of their actions on the environment and society.Initiating well-organized corporate management is essential to ensure companies' growth and continuity.However, because of fraud, numerous companies fail, resulting in economic, social, and environmental disasters (Margret and Hoque, 2016).Due to the dangerous impact of fraud, firms' investors have been harmed by it (Ramos Montesdeoca et al., 2019), resulting in prospective investors losing their confidence.Besides, Jackson (2013) stated that fraud involves the loss of reputation, image, and value for private businesses.While in the public sector, it involves a decline in the quality of public services, loss of occupations, and value of money destruction.
According to Yu and Rha (2021), accounting fraud is a highly unethical management action that substantially impacts stakeholders negatively and can harm the prospects of companies' long-term sustainability.Accounting transparency is critical for most companies, and accounting ethics is related to corporate sustainability.According to J. E. Margret and Peck (2014), corporate social responsibility matters are gradually vital to firms and sustainable business operations (Lulaj et al., 2023) because of the consequences of fraud.Bernards et al. (2022) demonstrate that the current demands for advanced technologies spread the link between organizational operations (corporate governance) and audit culture.Hence, the application of technology like CAATs has to address the company's sustainability issues.

Corporate governance with internal auditing as a main component
According to Ramamoorti (2003), the benefit of companies having internal control systems (internal audit department) is highlighted in being aware of the impact of fraud, particularly internal fraud cases.Businesses need to generate internal auditing, which is becoming an essential part of contemporary business (Flesher, 1996).Massive businesses cannot escape from it; if they have not it presently, they will have it sooner or later.
In reinstating investors' confidence, corporate governance is needed to advance the consideration provided to internal audits and their role (Vadasi et al., 2019).Indeed, internal auditing has progressed into playing the role of supervision and advancing corporate governance and risk management procedures (Lin et al., 2011).Numerous studies (Vadasi et al., 2021;Lin et al., 2011) revealed the significance of internal audits as a corporate governance tool.Based on J. Cohen et al. (2004), the interaction of corporate governance mixtures such as internal auditing and an audit committee, management, and external auditing is essential to enhancing the role played by internal audits in corporate governance.Usually, corporate governance procedures are associated with huge companies.However, they are vital to small and medium enterprises too.Effective corporate governance will assist small and medium enterprises in getting diverse resources in the decision process (Sarens et al., 2012).

Research hypothesis development
Internal auditors are optimistic about their purpose in corporate governance.However, they need more confidence while practicing their role (Leung et al., 2004).They are conscious of their role and have gotten advantages from improving information technology and its use in numerous organizations.A study by Ramamoorti and Weidenmier (2004) demonstrated the advantages of information technology since it assists several companies in attaining improved performance in their operations.Advanced technologies also improve the traceability and transparency of companies' sustainability (Zhang and Song, 2022).Internal auditors can perform better by using CAATs, which lets them continue playing their prominent roles in the corporate governance system of the companies.As stated by Singleton et al. (2006), the techniques offered by information technology to assist auditors in managing a company's information system to discover fraud are considered CAATs.
Because of their effectiveness, CAATs have gained importance in audit approaches (Coderre, 2000).Hence, it contributes to a robust corporate governance system and creates shareholder value.The previous literature revealed that, although internal auditors recognize the relevance of CAATs, the usage of CAATs in an internal audit function is less than anticipated (Li et al. 2018).Scholars such as Bierstaker et al. (2014) and Mansour (2016) demonstrated the same concern from the perspective of external auditing.CAATs are recommended by the IIA standards (IIA, 2017) for effectively practicing professional tasks.For audit tasks associated with forensic investigations, risk assessment in the planning phase, and testing internal controls, internal auditors can use CAATs (Coderre, 2000).
According to Singleton et al. (2006), CAATs have several benefits in the internal audit function.For instance, it could be employed to audit the entire data, letting a skilled auditor discover red flags.It also simplifies the process of creating reports by auditors, is flexible, and can transfer data in numerous formats.In the scope of auditing, the traditional method of auditing has been changed by big data technologies (like CAATs); however, they are introduced with new challenges in forming mega data audit platforms (Ma, 2023).In some CAATs, editing the data is impossible, maintaining its integrity and permitting auditors to run automated tests.Therefore, CAATs increase the effectiveness of internal audit functions (Coderre, 2000) and are necessary for companies' competitiveness and going concern.According to Power (2013), to discover fraud and recognize fraud risks, CAATs could be utilized.Fraud risk is manageable, while fraud is a disrupting incident.CAATs could be utilized by internal auditors to assess business transactions with features probably linked to red flags or fraudulent acts (Coderre, 2000;Smidt et al., 2018).Similarly, it could let the internal auditor detect fraud issues and their bases with better evidence, making it possible to have better audit quality (Cahyono et al., 2020;Christensen and Byington, 2003).However, an improved audit work environment is necessary to perform audits for detecting fraud using technology (CAAT), increasing the quality of audit findings to the maximum (Cahyono et al., 2020).
Usually, CAAT usage increases internal audit functions' effectiveness and efficiency (Singleton et al., 2006).Specifically, it increases the audit results' trustworthiness; internal auditors can frequently highlight the main risk areas and make more reliable, in-time, and material information (Li et al., 2018).Alex et al. (2022) indicated that the adoption of technology (CAAT) in auditing practice has many possible opportunities to optimize time and resources and increase investors' trust by improving the reliability and accuracy of financial information.Similarly, CAAT usage increases internal auditors' probability of discovering irregularities, like fraudulent actions.Hence, the quality of their performance is improving (Li et al., 2018).In utilizing CAATs, the contribution of internal auditing in fraud detection procedure is reflected in both the assessment of fraud risk and performing engagements (Demirović et al., 2021).Previous empirical investigations revealed that CAATs had improved the capacity of external auditors to discover fraudulent actions Henderson et al. (2016) and Olasanmi (2013).As internal and external auditors undertake oversight tasks, it is anticipated that CAAT's usage will upsurge the internal auditors' probability of recognizing fraudulent acts.Hence, CAAT usage will result in minor losses and subsequently play a corporate sustainability role.Amoako et al. (2023) demonstrated that the sustainability of companies could be maintained through effective internal audit functions and risk management practices.
Moreover, internal auditing could impact the improvement of sustainability reports, and CAATs are the suitable information technology innovations for improving sustainability indicators disclosure (Ganesan et al., 2017).Considering the literature review, there is a positive link between corporate sustainability and the adoption of CAATs.Hence, the hypothesis is formulated as follows:  H1.The CAAT adoption positively impacts the fraudulent schemes detection scope.
In the internal audit function, the prospective advantages of implementing CAATs might be influenced by organizational perspectives, such as company ownership, size, and management commitment.Considering the ownership, government-owned and private companies have different objectives to realize.According to A. Cohen and Sayag (2010), the former is highly concentrated on effectively delivering public goods and services at reduced prices, while the latter focuses on creating shareholder value (via maximizing profit).Legal entities that perform commercial activities owned and controlled by the government are considered government-owned companies.The companies have a bureaucratic and highly rigid system in which tasks are enclosed by regulation.However, they consider unexaggerated profit in their objective, with the core objective of effectively delivering public goods and services at a reduced price to the people (Goodwin, 2004).
In addition, according to Lartey et al. (2019), private and government-owned companies have dissimilarities in financial reporting.In this study's scope, internal auditing is more accepted and recognized by government-owned companies than private businesses (Spraakman, 1985;Goodwin, 2004).Conversely, private companies give more value to management control systems because of their flexible and rugged atmospheres (Ahmi et al., 2014); hence, they expose themselves to risks in their business activities.Based on the findings of Goodwin (2004), compared to government-owned companies, the participation of internal auditors in financial risk management actions is higher in private companies.According to the report made by the Common Body of Knowledge in 2005 (Araj, 2015), internal auditors in private companies prioritize fraud risk more than in government-owned companies.
Furthermore, the report made by the Association of Certified Fraud Examiners (ACFE, 2020) revealed that profit-oriented companies had more occurrences of fraud than government-owned companies.Several governments manage their provision of goods and services using e-government systems (Ahmi et al., 2014), and the data are kept digitally, too.Moreover, using appropriate automated detection techniques like CAATs, the subset of the data should be audited.
The growing utilization of information technologies in commercial activities provides companies in the public or private sector with a large amount of data that must be examined and processed.Thus, the internal audit function is expected to utilize data analysis software and techniques to avert fraud acts and provide more well-being to the company's stakeholders (Bănărescu, 2015).Nevertheless, the successful employment of CAATs has been sluggish to be improved in the public sector.According to the Common Body of Knowledge report in 2015 (Araj, 2015), internal auditors in government-owned companies are less responsive in utilizing data analysis and mining systems in fraud recognition and risk monitoring activities.
Government-owned companies vary from their private complements via environmental needs and organizational features, which are the components that may impact the CAAT's adoption decisions of internal auditors in fraud detection actions (Lee and Xia, 2006).The internal auditing functions in government-owned companies have high challenges in getting and retaining staff with information technology abilities (Araj, 2015), mainly in data quarrying and cybersecurity.Besides, government-owned companies need to devote their efforts to improving the competencies and skills of internal auditors for a successful reaction to fraud.Accordingly, investing in CAATs in private companies results in more efficiency, as they have highly skilled auditors capable of discovering fraudulent acts effectively (Lee and Xia, 2006).
According to Araj (2015), the practice of IIA standards by internal auditors in government-owned companies shows lower compliance.The utilization of CAATs is endorsed by these standards for successful and efficient professional performance.The lesser requirement for compliance might make internal auditors in government-owned companies less interested in using CAATs to discover fraudulent activities.The internal audit functions in government-owned companies have a small extent of independence from the management.Auditors' independence impacts auditing phases, particularly the planning of the audit procedures, the decisions based on the audit evidence, and the final audit report (Araj, 2015).Internal auditors might be forced to utilize CAATs to a reduced level in government-owned companies due to their capability to expose irregularities.
According to the Common Body of Knowledge reports in 2015 (Seago, 2015), internal audit functions in government-owned companies are less dominant in some effectiveness assessment criteria, like in-time disclosure of audit matters.The lesser intent for performance assessment might result in less requirement for more advanced methods to increase audit efficiency in government-owned companies.Conversely, according to Telino et al. (2020), several private companies recognized information technology as fundamental to improving competitive advantages and efficiency.The ownership type of companies shall be taken as a moderator factor in information technology usage studies.A more substantial moderating impact can be expected in private companies, as suggested by Lee and Xia (2006).Thus, private and government-owned companies' diverse aims and functional perspectives can affect the association between CAAT usage and fraud discovery actions.Hence, the hypothesis is developed as follows:  H2.Company ownership moderates the impact of CAAT adoption on fraudulent schemes detection scope, such that in private companies, the impact is higher.Company size is another vital factor mentioned by various literature (Li et al., 2018;Meredith et al., 2020;Bierstaker et al., 2014) that influences the adoption of CAATs.For instance, according to Daoud et al. (2021), the overall positive link between company size and the adoption of CAATs is commonly accepted.In addition, company size is expected to positively influence the adoption of CAATs since huge companies have the greatest likelihood of affording CAATs and have several transactions and processes compared to the smaller ones (Li et al., 2018).Based on the study findings of Pedrosa et al. (2020), Meredith et al. (2020), andRosli et al. (2013), there has been a positive relationship between the usage of CAATs and company size since small companies investing in advanced technologies like CAATs is not assumed economically worthy.
According to Singleton et al. (2006), company size is an essential attribute to be considered in fraud control.Fraudulent financial statements are more likely to be produced in huge companies, while asset misappropriations happen widely in small companies.Huge companies have more capacities to advance their internal control system.They can invest in fraud aversion, discovery programs, and internal audit functions.In small companies, there is a lack of separation of duties, and control action is vital to avert fraud.The findings of Barnes and Webb (2007) revealed that company size impacts the vulnerability to fraud and the subsequent harms.
Company size could have a conditional impact on the unique association between CAAT usage and the scope of tasks internal auditors execute in fraud discovery.Investing in CAATs is a company decision (Widuri et al., 2016), not an individual's, since it requires a substantial cost.However, internal auditors can select the more suitable technique for their tasks.The usage of CAAT by internal auditors is not imposed on the IIA standards (Henderson et al., 2016); instead, they explain that they should consider using it.On the scope of tasks executed in discovering fraudulent actions, the relation of the delivery of CAATs to internal auditors and the understanding of their advantages in executing particular tasks might have an impact.In studies on information technology usage, scholars like Lee and Xia (2006) recommend that company size has a moderating effect.In the particular scope of fraud, the report by the Common Body of Knowledge in 2015 (Araj, 2015) shows that internal auditors in big companies utilize advanced data analysis and mining tools to discover fraudulent actions.The finding by Kummer et al. (2015) confirmed that huge companies use improved fraud discovery mechanisms, which leads to detecting more frauds.Thus, in internal audit function, the usage of CAATs to attain particular outcomes, like fraud detection, could be influenced by the size of the company; hence, the following hypothesis is developed:  H3.Company size moderates the impact of CAAT adoption on fraudulent schemes detection scope, such that in large companies, the impact is higher.Management commitment is the other essential attribute from the organizational perspective.It is the extent of involvement of top management through providing assistance and direction to the adoption of auditing technology in the company's internal audit.In deciding a company's technology adoption, management commitment has been studied for its importance in previous literature (Mahzan and Lymer, 2009) and found significant.In addition, the study by Rosli et al. (2013) highlighted that top management has the authority to organize and communicate with staff to design and adopt innovative technology.According to Curtis and Payne (2008), when top management inspires such adoption and utilization, internal auditors will intend to utilize the audit technology.This level of commitment from the top management inspires new technology utilization while assisting the adoption of information technology.According to Rosli et al. (2013), top management's support also includes the willingness to provide financial resources for advanced technology adoptions.Besides, Chandra and Kumar (2018) revealed that top management commitment supports the delivery of hardware and software amenities with technical expertise improvement.Also, Salleh et al. (2007) demonstrated that, in the company's information technology development, the participation of top management enhanced the decision-making related to the acquisition and implementation of technology.Thus, this study suggested that management's commitment to supporting CAAT adoption in the company's internal audit function is essential.Hence, the proposed hypothesis is:  H4.Management commitment moderates the impact of CAATs adoption on fraudulent schemes detection scope, such that in committed management, the impact is higher.
The relationship between fraud detection and CAAT utilization is displayed in Figure 1.Also, the moderating role of company size, company ownership, and management commitment are shown.

Study sample and data collection
This study's target population encompasses internal auditors (a homogenous population) working in government-owned and private companies in Ethiopia.An individual unit of measurement was considered, and G*Power (version 3.1) software was used to determine the minimum sample size required for PLS-SEM analysis (Al-Okaily et al., 2022).The software results in a minimum sample size of 74, applying the following settings.The conventional effect size values of 0.1, 0.3, and 0.5 for small, medium, and large effect sizes are provided in the G*Power software, respectively (Verma and Verma, 2020).The medium effect is deemed appropriate in social science study, and the researcher in this study calculates the sample size using a medium effect size (0.15) as applied by prior studies (Al-Okaily et al., 2022;Verma and Verma, 2020;Siew et al., 2020).Thus, the settings are as follows: F 2 = 0.15 (medium), significance level α = 0.05, the power = 0.95, and the number of predictors = 4 (including the moderating variables).The absence of a database regarding internal auditors' identification leads to contacting the target population by e-mail, through the Internal Auditing Institute of Ethiopia with its members, and using the LinkedIn social network.
Therefore, getting a sample frame was challenging in this case, and this study applied a non-probability sampling technique, particularly the convenience sampling method.In the survey, 110 questionnaires were distributed considering the minimum required sample size (74), and 102 questionnaire responses were collected.However, 19 replies were removed because of too much missing data and straight-line responses.Design features influence non-response items in online surveys since they are rejected and rashly filled.The study's forced replies to the query strategy may also motivate some respondents to stop replying to the survey (Hair, Hult et al., 2017).Consequently, a total of 19 invalid responses were collected.Finally, it gives a valid response of 83, which is appropriate for the analysis since it is above the minimum required sample size.
The internet-based survey was used with questionnaires developed from the literature review to gather the data.Based on Hair, Hult et al. (2017), the survey approach is appropriate for gathering data when the attributes studied are related to companies and professional experience.
The data collected through a survey must be ensured for validity and reliability to confirm that the studied phenomenon accurately reflects the results (Kothari, 2004).Thus, the present study undertakes the following steps to improve the validity and reliability of survey data.First, the study utilized validated survey instruments tested for reliability and validity in previous similar studies (Pedrosa et al., 2020;Samagaio and Diogo, 2022;Baader and Kremar, 2018).In addition, the study implemented a strategy to minimize non-response bias through follow-up reminders, producing a more representative sample.Furthermore, the translation methods of the scales and the pre-test with five auditors were undertaken in addition to the questionnaire's accessibility on the Qualtrics platform (helps to recognize any ambiguities or biases in the questions).Besides, the Mann-Whitney test was used to compare the prompt and delay replies for all items applied to measure the predicting and predicted factors.The result shows no significant differences in the assessments, revealing no potential non-response bias in the data (Armstrong and Overton, 1977).Moreover, the study used the Cronbach's alpha test to assess the internal consistency and reliability of the survey instrument.The test statistics resulted in a 0.939 scale reliability coefficient (greater than 0.7) (Kothari, 2004), indicating that reliable instruments were used for the study.
In addition, the study has implemented the following techniques (Fuller et al., 2016) to decrease the common method variance.First, the questionnaire enclosed an opening note clarifying the aim of the investigation, guaranteeing the confidentiality of replies, notifying respondents that involvement was voluntary, offering accessible contacts for any queries, and motivating them to reply with integrity based on their experience.Secondly, no logic was not followed in the enclosure of the attributes in the questionnaire, and the measurement items were mixed with averting illusive associations.Thirdly, the points of the scale were labeled to minimize agreement bias.Lastly, the study used five-point Likert scales and nominal measures to decrease the anchoring impact.Then, Harman's test for single-factor was used to test the total variance accounted by the factor below 50% (Fuller et al., 2016).With an unrotated factor solution, the exploratory factor analysis results in two factors having greater than one eigenvalue.Together, they explain 94.2% of the total variance, with 85.3% of the variance contributed by the first.From the outcome, we can understand that there is no common method variance.
Most of the participants are men (59%), and the age interval of most of the respondents is greater than 35 (47%).Also, the qualification of the majority of participants is auditing (42%), followed by accounting (34%), and most of them are bachelor's degree holders (36%).The work experience of the majority of participants falls in the interval between 5 to 10 years (40%).

Measurement
Two exploratory questions were used in the survey questionnaire to examine the general use of CAATs in the internal audit units.Initially, sampled internal auditors were requested to specify the degree of CAAT usage in their internal audit function.Then, they provided their point of view on the use frequency of 10 CAATs in the internal audit tasks.Following numerous studies (Mahzan and Lymer, 2009;Singleton et al., 2006;Mansour, 2016;Serpeninova et al., 2020), the CAATs list was developed.A five-point Likert scale was used to measure items in both questions, where 1 represents "never", 3 represents "sometimes", and 5 denotes "always".
The predicted variable of this study, corporate sustainability, is proxied by the performance of the fraudulent schemes detection scope of internal auditors in the acquisition cycle of the businesses (FRDT).According to J. E. Margret and Peck (2014), economic, environmental, and social disasters could result from fraudulent acts, which can collapse businesses.Thus, fraud impacts the capability of companies to generate shareholders' value and other stakeholders, bringing danger to the company's sustainability.Araj (2015) stated that internal auditors recognized that fraud is one of the main five company risks affecting internal audit function.In the company's acquisition process, a list of seven general fraud patterns was formulated by Baader and Kremar (2018), such as double payment, bid rigging, pass-through, private purchases, kickback fraud, non-accomplice vendor, and shell company.This study used all seven items to denote the scope of tasks executed by internal auditors to discover fraud in the acquisition cycle.The significance of these items was assessed by internal auditors for their audit activities through a five-point Likert scale (1 represents "strongly disagree" to 5 represents "strongly agree").
In this study, CAAT utilization (CATU) is the predicting variable.Information technology usage is vague and can be explained and measured in various techniques.Accordingly, internal auditors used multi-item measures to measure the CAAT usage, letting the researcher assess the variety of use (Henderson et al., 2016).Thus, internal auditing tasks respondents were queried whether they apply CAATs.Based on previous literature (Ahmi et al., 2014;Li et al., 2018;Pedrosa et al., 2020), the study scale developed and includes 10 items and adjusted some to fit the requirements of this study.A five-point scale was used to measure these items, with 1 representing "strongly disagree" to 5 "strongly agree".
The company characteristics' moderating impact was measured distinctly using the two dichotomous attributes.Company ownership (COSP) was represented by 1 private and 0 government-owned.Company size (CSIZ) was represented as 1 big and 0 small companies.The categorization of companies follows the World Bank's (WB) grouping criteria for small and medium-sized enterprises.A company is considered small when it has less than 50 employees, total assets, and annual sales of less than $3 million.Hence, the companies that do not fulfill these criteria are categorized as big companies (World Bank Group, 2019).Finally, Management commitment (MTCT) was represented by 1 committed and 0 not committed.In this study, for the attributes of CAAT utilization and fraud detection, all the measurement items utilized are presented in Appendix with their sources.The respondents' information of demographic characteristics was also incorporated in the questionnaire, such as gender, age, professional qualification, education, and experience.

Data analysis
The summary of the characteristics of respondents and the descriptive analysis was made through IBM SPSS Statistics 27.PLS-SEM was utilized with SmartPLS 4.0 to test the developed hypotheses and validate the measurements.According to Hair, Risher et al. (2019), PLS-SEM is a second-generation regression method that permits the causal relations among one or more predicting and dependent variables to be estimated simultaneously without any assumption on the data distribution.This technique distinctly evaluates the structural and measurement models by merging ordinary least square regressions with the principal component analysis (Hair, Risher et al., 2019).PLS-SEM is preferable for understanding difficult measurement and structural models, though it is practically and theoretically similar to multiple regression analysis (Hair, Ringle et al., 2011).Based on Cachón-Rodrí guez et al.
(2021), it is an appropriate technique when the aim is to execute a causal-predictive study in exploratory research with small samples and where many items with diverse measurement scales measure factors.The PLS-SEM method was used in many social science disciplines, including studies examining the drivers for auditors' CAAT usage (Pedrosa et al., 2020;Henderson et al., 2016).Accordingly, for this study, PLS-SEM is a proper model to predict the impact of the explanatory variable on the explained variable and the moderation impact.
The PLS-SEM model involves two phases (Hair, Ringle et al., 2011); the measurement model's validity and reliability will be estimated in the first step.Then, the structural model will be evaluated, and the study hypotheses will be concluded.This study used the reflective model, as all measured items indicate particular attributes (Hair, Hult et al., 2017).Discriminant validity, individual indicator reliability, convergent validity, and internal consistency reliability examinations are encompassed in the assessment of the measurement model.This study used the direction and significance of the structural path coefficients, the effect size (F 2 ), and the coefficient of determination (R 2 ) to assess the structural model.With 5000 samples, a bootstrapping process was utilized to estimate the significance of the path coefficients (Hair, Hult et al., 2017).

Ethics statement
This article does not contain any studies with human participants performed by any of the authors.

Ethics statement
Identifying the CAATs utilized by internal auditors was the initial objective of this study.As shown in Table 1, the mean usage of CAATs was 3.01, which reveals that there is no intensive utilization of the technology by internal auditors.This outcome confirms the report of the Common Body of Knowledge in 2015 (Seago, 2015), which demonstrates that the utilization of CAATs by most internal auditors is very little or no use at all for the audit procedure.More than 20% of internal auditors rely mainly on manual procedures and systems.Participants in this study stated that generic personal productivity tools, Active Data for Excel, and online public databases are primarily utilized by CAATs.Conversely, most of the CAATs listed in the questionnaire scored a mean value of less than three, indicating that the companies' internal auditors rarely utilize these techniques.Besides, the outcome of the Mann-Whitney test of mean differences shows that the utilization of 10 CAATs by internal auditors working in government-owned and private companies was similar.Except for program analysis techniques, internal auditors working in huge and small companies have the same level of CAAT usage.Likewise, all CAATs except program analysis techniques and Active Data for Excel have similar utilization levels by internal auditors in companies with committed and not committed management.The three primarily utilized tools (CAATs) and their relation to fraud detection in the acquisition process are presented as follows.First, numerous personal productivity tools are utilized by internal auditors to improve efficiency in detecting fraud.In this study, common personal productivity tools such as Microsoft Word and PowerPoint were found to be commonly utilized by internal auditors to undertake their tasks.The result was consistent with Serpeninova et al. (2020), who concluded that generalized CAATs are the most utilized types by auditors.The tools are used to create audit reports, document the audit process, and present audit outcomes to stakeholders.
In fraud detection, these tools are vital in presenting and organizing information and evidence about potential fraud risks and mitigation approaches in the acquisition process.Organized documentation enables a comprehensive understanding of fraud risks in the acquisition process (such as vendor, invoice, and purchase order frauds) (Araj, 2015).It supports suggesting actionable recommendations to improve the control environment (Serpeninova et al., 2020).Secondly, internal auditors use Active Data for Excel tool to analyze financial data of acquisitions.The tool will assist them in detecting irregularities (anomalies) and perform trend and ratio analysis for identifying potential frauds in the acquisition process.It is also valuable for internal auditors in extracting, importing, validating, analyzing, profiling, and visualizing data within the acquisition process (Samagaio and Diogo, 2022).Thirdly, several online public databases are used by internal auditors to assist the fraud detection process in the acquisition cycle.By utilizing the databases, internal auditors can improve their fraud detection abilities throughout the acquisition process, confirming compliance, reducing risks, and upholding the integrity of the procurement function in companies.Business registries, internet search engines, social media, government, supplier, and public legal databases are found to be the common online public databases used by internal auditors to assist their audit tasks in the procurement function of companies (Samagaio and Diogo, 2022).
The essential statistics for the attributes and their measures applied to test the study's hypotheses are summarized in Table 2, and see Appendix for the items.The construct CATU has a mean score of 3.47, and its items scored between 3.34 and 3.55.Generally, it indicates that internal auditors occasionally utilize CAATs in the main tasks, while there was heterogeneity in the data reflected by the standard deviations of items.Mainly, three items have the highest agreement level, such as the utilization of CAATs to identify and assess fraud risks, to identify the risks of errors, and to sort transactions.However, CAATs are only sometimes utilized to perform analysis of relationships between variables.
With items with a mean score between 3.34 and 3.66, FRDT scored an average of 3.42.In all items, the standard deviations show there is participant response variability.From the outcomes, the most relevant item was Non-accomplice Vendorinvolvement (NAV), and the least relevant items were Shell Company (SHC), Personal Purchases (PPC), and Double Payment (DPT).Also, the data displays that 51% of respondents work in private companies, 59% in large companies, and 28% in companies have committed management.The skewness of all items was below the threshold of 1.96.
The summary in Table 3 shows the Mann-Whitney tests on the latent factors CATU and FRDT and their corresponding items, considering the company characteristics (company ownership, size, and management commitment).The outcome indicates that the distribution of the participant's assessment of the items of the latent factors CATU and FRDT was almost indifferent to the ownership and size of the companies.However, there were substantial differences for most of the items of FRDT between participants working in companies with committed and not committed management, but not for CATU.

PLS-SEM model analysis
The output in Table 4 displays the parameters applied to assess the measurement model, such as Cronbach's Alpha, composite reliability, and average variance extracted.In both attributes, the value of Cronbach's Alpha and composite reliability were above 0.7 (Hair, Ringle et al., 2011), indicating adequate internal consistency reliability.In addition, the standardized loadings of all items were above 0.7 (Hair, Hult et al., 2017) (Figures 1 and 2), which confirms the individual indicator reliability.
The validity of the attributes was assessed by testing the average variance extracted (AVE), discriminant validity, and the heterotrait-monotrait (HTMT) ratio.First, the average variance extracted values of the constructs (CATU and FRDT) were above 0.5 (Hair, Risher et al., 2019), which is the minimum required threshold value, implying that the attributes explained a significant proportion of the variance of items.Hence, the conclusion is that the attributes had convergent validity.Second, based on the results in Table 5, the study verified that the attributes had discriminant validity.The criteria of Fornell and Larcker (1981) were also confirmed since the square root of the average variance extracted values of both attributes were more than their correlation values.Furthermore, the heterotrait-monotrait (HTMT) ratio was below 0.85 (Hair, Risher et al., 2019), the minimum threshold value.Two steps were undertaken in the assessment of the structural model.First, the CATU and FRDT (Hypothesis 1) relationship was emphasized.Secondly, the entire structural model was assessed by introducing moderation (Hypotheses 2, 3 and 4).The summaries of structural models' assessment for both with and without moderation are presented in Table 6, Figures 2 and 3. Without moderation, the R 2 value of the variable FRDT was 0.491 (Table 6 and Figure 2), indicating an explanatory model has moderate power since the value is close to the threshold of 0.50 (Hair, Risher et al., 2019).The F 2 value of 0.963 is above the effect size threshold of 0.35 (J.Cohen, 1988), indicating the large effect of CATU on FRDT.The value of the estimated path coefficient (β = 700; p < 0.01) revealed a positive impact of CATU on FRDT (also see Figure 2), which confirmed the first hypothesis (H1).The outcome indicates that CAAT utilization impacts internal auditors in executing tasks that can reduce the risk of fraud in the acquisition cycle.Also, the F 2 value of 0.160 is above the medium effect size threshold of 0.15 (J.Cohen, 1988), indicating the medium effect of CATU on FRDT.The outcomes also display that the positive impact of CATU on FRDT remained significant, with a path coefficient (β = 803; p < 0.01) more than without moderation estimated model (also see Figure 3).The moderating impact of management commitment (MTCM) on the relationship between CATU and FRDT was found to be statistically significant with a positive path coefficient (β = 905; p < 0.05), confirming the fourth hypothesis (H4).However, the impacts of company size (CSIZ) and company ownership (COSP) on the relationship between CATU and FRDT were not found to be statistically significant; thus, the second (H2) and third (H3) hypotheses were not supported.When the moderating factors are introduced into the model separately and collectively, the statistical values (R 2 , F 2 , path coefficients, and p-values) are almost similar or close, which did not change the interpretations.

Discussion
This study was started by identifying the kind of CAATs utilized by internal auditors in the companies' internal audit functions.The outcome revealed that information technology is not intensively used in the internal audit processes, corresponding to other studies' findings (Pedrosa et al., 2020;Lulaj et al., 2023;Bernards et al., 2022;Alex et al., 2022).Internal auditors know they can use technology better and admit its adoption has challenges (Cachón-Rodrí guez et al., 2021).From a general audit perspective, the literature (Pedrosa et al., 2020;Zhang and Song, 2022) shows that there are factors that can boost resistance to the adoption of CAATs.For instance, some factors include the shortage of information technology training and knowledge, complexities in implementing it in actual circumstances, and the risk related to its usage.Hence, the efforts made to identify the factors for adopting information technology resulted in the rise of many theories.For example, the technology acceptance model (Venkatesh et al., 2003), the technology-organizationenvironment framework (Tornatzky and Fleischer, 1990), diffusion of innovation (Rogers, 2003), the theory of planned behavior (Ajzen, 1991), the unified theory of acceptance and use of technology (Venkatesh et al., 2003) and empirical studies in the area of CAATs in internal audits (Mahzan and Lymer, 2009;Henderson et al., 2016;Smidt et al., 2018) are some of the theoretical models.
This study proposed the positive impact of utilizing CAATs on the fraudulent schemes detection scope of internal auditors, the first hypothesis (H1).The outcome of the analysis revealed that the data support this hypothesis.This study shows empirical evidence consistent with the literature (Ma, 2023;Christensen and Byington, 2003;Coderre, 2000), revealing that CAAT adoption improves internal auditors' ability to detect fraud.Moreover, the magnitude of the effect of the predicting variable on the predicted variable is shown by the estimated path coefficients: A one-unit change of CATU changed the extent of FRDT between 0.700 and 0.803 (see Table 6, Figures 2 and 3).Companies are showing a rising process of business automation and data digitalization in which the effectiveness of the internal audit role is conditioned to information technology adoption.Thus, a study by Henderson et al. (2016) recommended that for companies to function in a fraud-free environment, CAATs should be encouraged.According to ACFE (2020), companies lose 5% of their annual revenues due to fraudulent actions.The loss signifies a confounding drain on the overall economy (ACFE, 2020), adversely impacting producing goods, providing services, and creating jobs.Hence, effectively utilizing CAATs is vital to minimizing fraud incidents, confirming information technology's role in improving corporate sustainability.
The moderating impact of company characteristics on the relationship between CATU and FRDT was proposed in Hypotheses 2, 3 and 4. The outcome shows that the second and third hypotheses were not supported.However, the fourth hypothesis was supported by the data.Previous literature (A.Cohen and Sayag, 2010) demonstrates variations in the difficulties between government-owned and private companies, which could affect the role played by internal auditing in the companies' internal control.Compared to government-owned companies, a report by the Common Body of Knowledge in 2015 (Araj, 2015) states that attention to fraud risk, prevention, and detection is higher in private companies.In addition, according to Lee and Xia (2006), the moderating impact of the type of company was more noticeable in profitoriented companies.This study delivers empirical evidence that company ownership does not impact the relationship between CATU and FRDT.This outcome indicates a homogeneity of views on the contribution of CAATs to improving corporate sustainability.Fraudulent actions often result in company failure, creating economic, environmental, and social disasters.The disasters finally harm the company's sustainability (J.Margret and Hoque, 2016).Any company faces a contemporary reality: fraud risk (Araj, 2015).Based on Ramos Montesdeoca et al. (2019), fraud involves the loss of reputation, image, and value for private businesses.While in the public sector, it involves a decline in the quality of public services, loss of occupations, and value of money destruction (Jackson, 2013).As a result, in the 21st century's corporate governance, fraud risk management has a profound position (Power, 2013).Integrating more information technology into internal audit functions to improve sustainability has become a worldwide challenge recognized by government-owned and private companies (Amoako et al., 2023).Also, the outcome revealed that internal auditors in government-owned companies have similar tools as their complements in private entities; hence, similar technological potential is utilized in detecting fraud.
The outcomes also revealed that company size is not moderating the association between CAAU and FRDT.This result confronts the study of the Common Body of Knowledge in 2015 (Araj, 2015), which concludes a higher level of information technology use in larger companies for fraud detection.The company size scope can explain the moderation effect's impact.According to the recommendation of Lee and Xia (2006), the size of the information technology department could be an alternate proxy for the company size.Considering this, the outcome of the robustness test that used the internal audit department dimension kept the previous conclusion (the number of employees in the internal audit department was a proxy for company size).With the proxy factor of the internal audit department, the moderation model results in the following structural model measurement indicators: R 2 = 0.483, F 2 = 0.447, and path coefficient = −0.086with t value = −0.709and p-value = 0.478.
Moreover, the outcomes of this study show that management commitment significantly moderates the association between CAAU and FRDT.The outcome is consistent with the findings of Mahzan and Lymer (2009) and Demirović et al. (2021), who conclude that management commitment has a significant role in a company's technology adoption.The top management commitment is not limited to supplying essential resources to resolve resistance to CAAT use (Smidt et al., 2018;Maroufkhani et al., 2020); it also includes championing the new information systems and advancing the legitimacy of CAAT adaptation.The result also corresponds with Curtis and Payne (2008), who found that top management commitment impacts the internal auditors' intent to utilize the audit technology.According to Rosli et al. (2013), top management's support includes the willingness to provide financial resources for advanced technology adoptions.Besides, Chandra and Kumar (2018) revealed that top management commitment supports the delivery of hardware and software amenities with technical expertise improvement.Also, Cahyono et al. (2020) and Salleh et al. (2007) demonstrated that, in the company's information technology development, the participation of top management enhanced the decision-making related to the acquisition and implementation of technology.Thus, the outcome of this study confirms that the management's commitment to supporting CAAT adoption in the company's internal audit function is essential.Hence, it results in the effective utilization of CAATs, which enables the discovery of numerous fraud actions and, in return, contributes to the companies' sustainability.
The findings of this study endorsed the internal audit departments' perception of the kinds of information technologies that are primarily utilized for the prevention and detection of fraud (see Table 1).The outcome revealed that the most widely used kinds of CAATs are generic personal productivity tools (GPPT) and Active Data for Excel (ADEX).These types of technologies do not need substantial financial resource allocation (Serpeninova et al., 2020).This outcome corresponds to the finding of Araj (2015) and Serpeninova et al. (2020), who states that internal auditors do not have the necessary knowledge to react to fraud risk effectively.Other literature also demonstrated that company size correlates with fraud (Lou and Wang, 2009); hence utilizing advanced CAATs may be essential for internal auditors to react appropriately.

Conclusions and future implications
Information technology provides opportunities for improved performance, assisting companies to be more sustainable.This study's outcome revealed a positive impact of CAAT utilization by internal auditors on fraud detection in the acquisition process.The intensity of this association is impacted by the company characteristics, which is the top management commitment, but not by the company size or type.In addition, participants in this study stated that generic personal productivity tools, Active Data for Excel, and Online public databases are primarily utilized tools (CAATs) by internal auditors.Conversely, most of the CAATs listed in the questionnaire scored a mean value of less than three, indicating that the companies' internal auditors rarely utilize these techniques.
The outcome of this study delivers both theoretical and practical implications.Theoretically, the first contribution of this study is to the area of research on CAAT utilization and its impact on efficiency.The outcomes correspond with studies (Pedrosa et al., 2020;Henderson et al., 2016) made on external auditors' perspective, starting by concentrating on the matter from the internal audit perspective and sustainability.Second, the study recognized the kind of CAATs utilized by internal auditors in executing their activities, using the list of CAATs assumed by Samagaio and Diogo (2022) in their study.Different from previous studies, the present study found that generic personal productivity tools, Active Data for Excel, and Online public databases are primarily utilized tools (CAATs) by internal auditors.Third, compared to the prior studies that applied regression models (Mansour, 2016), this study's usage of the multivariate methods of PLS-SEM enables a more robust analysis to be undertaken in exploratory research (which makes it differ from previous works).Fourth, compared to preceding studies (Henderson et al., 2016), the CAATs utilization in core audit tasks was differently measured by a more general scale in this study, with the CATU attribute measurement model signifying nine items with an acceptable degree of reliability.Fifth, most previous studies were made on the adoption of CAATs in organizations; however, they did not investigate the impact of their adoption on the sustainability of firms.The new finding on using CAATs in the internal audit function for sustaining the company's operation might shed light on emerging fraud risks in existing controls.The findings also validate prevailing audit methodologies (types of CAATs) and highlight areas for improvement.It contributes to refining internal audit processes by utilizing CAATs for efficiency and effectiveness.
When findings reveal the effective utilization of CAATs in internal audit tasks, the information can be used to update industry best practices, improve the general quality of audits, and ensure corporate sustainability.Finally, findings may argue or extend prevailing theoretical frameworks in internal auditing, improving theoretical developments and academic investigations.
In addition, the association between CAAT utilization and fraud detection has practical implications for internal auditors and companies.The study's finding on the companies' internal auditors' low (rare) utilization of CAATs implies the need to invest in technology and auditors training.In addition to investment in CAATs, companies must provide required training and resources for internal audit teams.The effective use and interpretation of results from CAATs can be possible if internal auditors obtain the required skills.Utilizing information technology improves the analytical capability of internal auditors, which is considered an expected gain, like discovering anomalies in accounting records, operational inefficiencies, or asset misappropriations.Accordingly, corporate governance will be positively influenced by improving the internal auditors' quality, assisting companies to attain a higher degree of sustainability.The present research helps to know the impact of utilizing CAATs to improve internal audit efficiency and its advantages in reducing fraud risk.Internal auditors can use the findings to enhance fraud risk management approaches, ensuring that companies are well organized to alleviate emerging fraud risks.The CAAT's advanced way of detecting fraud acts (using algorithms and analytics) is essential in offering assurance to the companies and their stakeholders about the integrity of financial statements.
Lastly, the finding of this study also differs from previous studies since it considers a significant (moderating) factor, top management commitment, for the adoption of CAATs and its impact on corporate sustainability.The top management's commitment to supporting the utilization of CAATs for detecting fraud has practical implications.In the company's information technology development, the participation of top management enhanced the decision-making related to the acquisition and implementation of technology.Hence, the management's commitment results in the effective adoption and utilization of CAATs, which enables the discovery of numerous fraud actions and, in return, contributes to the companies' sustainability.Ultimately, leveraging CAATs can assist the accuracy and reliability of financial statements (identify potential fraud risks) and improve corporate governance, resulting in a significant role in maintaining corporate sustainability.
There are some limitations in this study to be considered by future researchers, such as the size of the sample may impact the scale reliability procedure of the CATU attribute.According to Hair, Risher et al. (2019), the sample size influences statistical tests, though this study fulfills the minimum size for using the PLS-SEM model.Also, due to the sensitivity of the fraud matters, political precision may affect its measurement.The FRDT attribute was measured only on the fraudulent schemes in the companies' acquisition process.Future research may expand the tasks executed by internal auditors in discovering fraud in economic, environmental, and social aspects.In addition, the direct impact of company size on CAAT utilization could also be investigated.The moderating impact of company size could be analyzed by future research using other measurements, such as financial resources and output measures, including sales and net assets.The study's limited geographical focus must also be considered in future studies.Studying diverse cultural settings in common-law countries has more extension.Finally, other company characteristics, such as industry, may also be considered in future studies.

Figure 2 .
Figure 2. Structural model assessment without moderator.With moderation, the structural model was assessed by including the three moderating factors separately and collectively.As presented in Table6, the model's predictive accuracy explained by the R 2 (0.510) is above the threshold of 0.5 but near it, indicating a moderate level (Figure3).

Figure 3 .
Figure 3. Structural model assessment with moderators.

Table 3 .
Mann-Whitney tests summary based on company characteristics.
Note.The diagonal values in Panel A denote the square root of AVE.

Table 6 .
Summary of structural model assessment.