CONCEPTUAL MAPPING OF INFORMATION RISK IN EXPENDITURE CYCLE AUDIT IN ENTERPRISE RESOURCE PLANNING ENVIRONMENT: A SYSTEMATIC LITERATURE REVIEW
Keywords:
enterprise resource planning, expenditure cylcle audit, information riskAbstract
ABSTRACT
The rapid pace of digital transformation has made Enterprise Resource Planning (ERP) more important than ever as a coordinating backbone for organizations, especially in managing their expenditure cycles. While most researchers and commentators on ERP implementations have emphasized the positive impact of these systems on organizational integration and operational efficiency, some of the latest studies begin to focus on the generation of new and, in some cases, contradictory information-related risks. Such information risks stem from the relationship among a firm’s technological configuration, its organizational structure and processes, and the discretion exercised by its auditors. This type of information risk demonstrates the value of taking an approach that is less exclusively focused on the technology involved. This paper is based on a qualitative Systematic Literature Review (SLR) of peer-reviewed articles sourced from the most reputable journals. From the thematic matrix of the objectives of the studies, their method, the principal findings, and the conclusions of the studies, a pattern of auditors’ experiences, and the social and cognitive difficulties, is constructed. Several recurrent patterns have been found especially in regard to the social and cognitive difficulties auditors face in ERP-based structures. From the analysis of the data, three principal themes are apparent. The first is the “illusion of integration” and the loss of visibility of audit trails, which makes tracing and interpretive processes of transactions even more difficult. Secondly, the digital ambiguity of tasks creates an an tension professionally between the need for flexibility and the need to retain control. Third, the greater dependence on automation strengthens the focus of audits from manual checks to evaluations of the system, which diminishes the likelihood of professional skepticism. The author identifies for the first time the phenomenon of the information risk of ERP audits as a socio-technical phenomenon. The findings shape the socio-technical aspect of information risk in ERP audits and the literature on digital auditing, audit pedagogy, and normative policy frameworks. There are several digital, organizational, and auditing system interrelations that remain to be researched.
Keywords: Enterprise Resource Planning (ERP), Expenditure Cycle Audit, Information Risk, Socio-Technical Systems.
References
Butarbutar, M., Sihotang, H., & Silalahi, A. (2023). Systematic literature review of critical success factors on enterprise resource planning post implementation. Cogent Business & Management, 10(3), Article 2264001. https://doi.org/10.1080/23311975.2023.2264001
Coşkun, S., Arslan, M., & Demirkan, H. (2022). ERP failure: A systematic mapping of the literature. Data & Knowledge Engineering, 142, 102090. https://doi.org/10.1016/j.datak.2022.102090
Datta, P., & Nwankpa, J. K. (2012). Perceived audit quality from ERP implementations. Information Resources Management Journal, 25(1), 61–80. https://doi.org/10.4018/IRMJ.2012010104
Elbardan, H., Ali, M., & Ghoneim, A. (2015). The dilemma of internal audit function adaptation: The impact of ERP and corporate governance pressures. Journal of Enterprise Information Management, 28(1), 93–106. https://doi.org/10.1108/JEIM-10-2013-0074
Gandasari, D., & Mukhtaruddin. (2025). Analysis of the impact of enterprise resource planning (ERP) and big data on improving company performance: A systematic literature review. JURA ITB, 3(2). https://doi.org/10.54066/jura-itb.v3i2.3216
Handayani, R., Utami, E., & Luthfi, E. T. (2023). Systematic literature review on auditing information technology risk management using the COBIT framework. Prisma Sains, 11(4). https://doi.org/10.33394/j-ps.v11i4.8871
Heuvel, E. van den. (2025). Evolution of IT auditing in a nutshell: Journey towards a dynamic landscape. MAB, 99(2), 73–83. https://doi.org/10.5117/mab.99.140994
Kristanti, O., Kuntadi, C., & Pramukty, R. (2023). Faktor-faktor yang mempengaruhi efektivitas sistem pengendalian internal: Peran audit internal, karakteristik auditor internal, dan kualitas audit internal. Sentri, 2(8). https://doi.org/10.55681/sentri.v2i8.1304
Kuntadi, C., & Pramukty, R. (2023). Literature review: Pengaruh sistem pengendalian internal, peran audit internal, dan komitmen manajemen terhadap good corporate governance. Jurnal Economina, 2(6), 1318–1330. https://doi.org/10.55681/economina.v2i6.605
Munthe, A., Mahulae, C., & Muda, I. (2025). Risk-based information system audit: A literature review and its implications in accounting. Indonesia Economic Journal, 1(2). https://doi.org/10.63822/zknzvm95
Ou, Q., & Wu, Y. (2025). The impact of digital transformation on auditor decision making. Frontiers in Business, Economics and Management, 18(2), 307–315. https://doi.org/10.54097/9pwzt443
Rajapakse, J., & Thushara, K. (2023). Critical failure factors in ERP implementation: A systematic literature review. Journal of Business Technology, 7(1). https://doi.org/10.4038/jbt.v7i1.109
Setiawan, D. E. (2022). Risk analysis in enterprise resource planning implementation: An ERP implementor’s perspective. Industry Xplore, 7(2), 185–193. https://doi.org/10.36805/teknikindustri.v7i2.2852
Widyaningdyah, A. U., & Ezra, L. (2020). Enterprise resource planning (ERP) support for internal control effectiveness. Jurnal Riset Akuntansi Kontemporer, 10(2), 234–246. https://doi.org/10.22219/JRAK.V10I2.11507
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Zahrina Qurrota A'yun
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
