When we look back at the early 1980s, we find the auditing profession standing at a decisive crossroads. Computers were no longer confined to research laboratories or the largest corporations; they had become embedded in everyday business operations. This transformation forced auditors to rethink their tools, methods, and even their professional identity. Two key publications from that era, Using the Computer for Audit by Ben Goossens and Nico Schouten (1981) and the collected conference contributions in Information Systems Auditing (1984), capture the sense of experimentation and uncertainty that surrounded the early attempts to integrate technology into assurance work.
Goossens and Schouten’s article represents one of the first systematic efforts to map the possibilities of computer assisted audit techniques. They carefully distinguished between methods that processed live data, such as data testing and verification, parallel operation, or SCARF, and those based on test data, such as integrated test facilities or test decking. Their central argument was that techniques alone meant little unless auditors understood where they fit into the audit plan. For them, the crucial task was to embed these methods within compliance testing, substantive testing, and the broader evaluation of internal controls. Their work illustrates the ambition of early computer auditors: to move beyond technical fascination and integrate digital methods into the logic of professional assurance. At the same time, they confronted challenges that remain strikingly familiar today. They debated the independence of auditors relying on externally developed software, they questioned how to balance efficiency with reliability, and they anticipated the tension between preventive and detective controls in automated environments.
Only a few years later, the international conference reported in Information Systems Auditing showed how much the debate had broadened. Held in Milan in 1983, the meeting brought together academics, practitioners, and executives from around the world. The themes discussed reveal both optimism and anxiety. A.G. Merten and D.G. Severance noted that senior managers viewed computer systems as both indispensable tools for analysis and control, and simultaneously as major sources of risk. W.C. Mair described efforts to create structured models of control relationships, recognizing that intuition was no longer enough for evaluating complex digital systems. E.M. Wysong emphasized the participatory role of auditors in systems development, advocating that their independence need not be compromised if they contributed constructively to design processes. Other contributions pointed to turbulence and uncertainty in project contexts, to the need for quality metrics in software, and to the emergence of specialized roles such as evaluating software reliability. The conference also highlighted entirely new audit fields, such as microcomputer audits, benchmarking for technology procurement, and the governance of computer centers.
From today’s perspective, these early texts mark a formative stage in the professionalization of information systems auditing. The authors and speakers were dealing with questions that lacked ready-made answers. How should auditors test systems that operate continuously and invisibly in the background? How could they assure the reliability of processes that they themselves could not fully observe? And how should they position themselves between independence and participation, between evaluation and co-creation? The solutions they proposed were tentative, often technical in detail, but they set the direction for decades to come.
It is particularly noteworthy how much of the present-day vocabulary of audit and governance can already be traced in these debates. The concern with embedding audit routines into live systems foreshadows today’s discussions on continuous auditing and monitoring. The worries about independence when using third-party software echo in current debates on reliance on artificial intelligence tools in audit. The emphasis on auditor involvement in system development anticipates the collaborative approaches we now call “integrated assurance” or “assurance by design.” What seemed novel and contested in the 1980s has, in many respects, become the foundation of the profession.
Revisiting Using the Computer for Audit and Information Systems Auditing allows us to appreciate how the profession sought to navigate a technological revolution with both caution and creativity. These works are more than historical curiosities; they reveal the roots of many of the challenges and practices that continue to shape internal auditing and corporate governance.
This article reflects on the historical significance of these publications. The original articles can be accessed here: Using the Computer for Audit and Information Systems Auditing