CPA firm’s cloud auditing provider for performance evaluation and improvement: an empirical case of China

    Kuang-Hua Hu Affiliation
    ; Fu-Hsiang Chen Affiliation
    ; Gwo-Hshiung Tzeng Affiliation


While CPA (Certified Public Accountant) firms utilize cloud auditing technologies to generate auditing reports and convey information to their clients in the Internet of Things (IoT) Era, they often cannot determine whether cloud auditing is a secure and effective form of communication with clients. Strategies related to cloud auditing provider evaluation and improvement planning are inherently multiple attribute decision making (MADM) issues and are very important to the auditor industry. To overcome these problems, this paper proposes an evaluation and improvement planning model to be a reference for CPA firms selecting the best cloud auditing provider, and illustrates an application of such a model through an empirical case study. The DEMATEL (decision-making trial and evaluation laboratory) approach is first used to analyze the interactive influence relationship map (IIRM) between the criteria and dimensions of cloud auditing technology. DANP (DEMATEL-based ANP) is then employed to calculate the influential weights of the dimensions and criteria. Finally, the modified VIKOR method is utilized to provide improvement priorities for performance cloud auditing provider satisfaction. Based on expert interviews, the recommendations for improvement priorities are privacy, security, processing integrity, availability, and confidentiality. This approach is expected to support the auditor industry to systematically improve their cloud auditing provider selection.

Keyword : CPA (Certified Public Accountant), Cloud computing, provider selection, MADM (multiple attribute decision making), DEMATEL technique, IIRM (interactive influence relationship map), DANP (DEMATEL-based ANP), modified VIKOR method

How to Cite
Hu, K.-H., Chen, F.-H., & Tzeng, G.-H. (2018). CPA firm’s cloud auditing provider for performance evaluation and improvement: an empirical case of China. Technological and Economic Development of Economy, 24(6), 2338-2373.
Published in Issue
Dec 20, 2018
Abstract Views
PDF Downloads
Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.


Afshari, A., Mojahed, M., & Yusuff, R. M. (2010). Simple additive weighting approach to personnel selection problem. International Journal of Innovation, Management and Technology, 1(5), 511-515.

AICPA, & CICA. (2009). Generally accepted privacy principles: CPA and CA practitioner version. American Institute of Certified Public Accountants, Canadian Institute of Chartered Accountants.

AICPA. (2013a). Service organization controls – managing risks by obtaining a service auditor’s report. Retrieved from

AICPA. (2013b). Information integrity, 1-24. Retrieved from

Axelsen, M., Green, P., & Ridley, G. (2017). Explaining the information systems auditor role in the public sector financial audit. International Journal of Accounting Information Systems, 24, 15-31.

Bergh, L. I. V., Hinna, S., Leka, S., & Zwetsloot, G. I. (2016). Developing and testing an internal audit tool of the psychosocial work environment in the oil and gas industry. Safety Science, 88, 232-241.

Buyya, R., Yeo, C. S., Venugopal, S., Broberg, J., & Brandic, I. (2009). Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation Computer Systems, 25(6), 599-616.

Cavalcante, E., Batista, T., Lopes, F., Delicato, F. C., Pires, P. F., Rodriguez, N., de Moura, A. L., & Mendes, R. (2012, November). Optimizing services selection in a cloud multiplatform scenario. In 2012 IEEE Latin America Conference on Cloud Computing and Communications (LatinCloud) (pp. 31-36). Porto Alegre.

Chahal, R. K., & Singh, S. (2016). AHP-based ranking of cloud-service providers. In Information systems design and intelligent applications (pp. 491-499). New Delhi: Springer.

Chen, C., Yan, S., Zhao, G., Lee, B. S., & Singhal, S. (2012). A systematic framework enabling automatic conflict detection and explanation in cloud service selection for enterprises. In 2012 IEEE Fifth International Conference on Cloud Computing (pp. 883-890).

Chen, F. H. (2015). Application of a hybrid dynamic MCDM to explore the key factors for the internal control of procurement circulation. International Journal of Production Research, 53(10), 2951-2969.

Chen, F. H., Tzeng, G. H., & Chang, C. C. (2015). Evaluating the enhancement of corporate social responsibility websites quality based on a new hybrid MADM model. International Journal of Information Technology & Decision Making, 14(3), 697-724.

Chen, F. H., & Tzeng, G. H. (2015). Probing organization performance using a new hybrid dynamic MCDM method based on the balanced scorecard approach. Journal of Testing and Evaluation, 43(4), 1-14.

Chen, H. K., Lin, C. Y., & Chen, J. H. (2014, April). A multi-objective evolutionary approach for cloud service provider selection problems with dynamic demands. In European Conference on the Applications of Evolutionary Computation (pp. 841–852). Berlin, Heidelberg: Springer.

Chou, D. C. (2015). Cloud computing risk and audit issues. Computer Standards & Interfaces, 42, 137-142.

Dastjerdi, A. V., Tabatabaei, S. G. H., & Buyya, R. (2010). An effective architecture for automated appliance management system applying ontology based cloud discovery. In 10th IEEE/ACM International Conference on Cluster, Cloud and Grid Computing (CCGrid), 2010. Melbourne, Australia: IEEE.

Deng, D., Wen, S., Chen, F. H., & Lin, S. L. (2018). A hybrid multiple criteria decision making model of sustainability performance evaluation for Taiwanese certified public accountant firms. Journal of Cleaner Production, 180, 603-616.

Dong, X., Yu, J., Zhu, Y., Chen, Y., Luo, Y., & Li, M. (2015). SECO: Secure and scalable data collaboration services in cloud computing. Computers & Security, 50, 91-105.

Dowling, C., & Leech, S. A. (2014). A big 4 firm’s use of information technology to control the audit process: How an audit support system is changing auditor behavior. Contemporary Accounting Research, 31(1), 230-252.

Du, H., & Li, Z. (2011). Online-backup system for cloud computing storage. Energy Procedia, 13, 8194-8202.

Gabus, A., & Fontela, E. (1972). World problems, an invitation to further thought within the framework of DEMATEL. Battelle Geneva Research Center, Geneva, Switzerland.

Ghosh, N., Ghosh, S. K., & Das, S. K. (2015). SelCSP: A framework to facilitate selection of cloud service providers. IEEE Transactions on Cloud Computing, 3(1), 66-79.

Godse, M., & Mulik, S. (2009, September 21-25). An approach for selecting software-as-a-service (SaaS) product. In IEEE International Conference on Cloud Computing (pp. 155-158). Bangalore, India.

Gray, D. (2008). Forensic accounting and auditing: Compared and contrasted to traditional accounting and auditing. American Journal of Business Education, 1(2), 115-126.

Hsu, W. C. J., Tsai, M. H., & Tzeng, G. H. (2018). Exploring the best strategy plan for improving the digital convergence by using a hybrid MADM model. Technological and Economic Development of Economy, 24(1), 164-198.

Hu, K. H., Chen, F. H., Tzeng, G. H., & Lee, J. D. (2015). Improving corporate governance effects on an enterprise crisis based on a new hybrid DEMATEL with the MADM model. Journal of Testing and Evaluation, 43(6), 1395-1412.

Hu, K.-H., Jianguo, W., & Tzeng, G.-H. (2018). Improving China’s regional financial center modernization development using a new hybrid MADM model. Technological and Economic Development of Economy, 24(2), 429-466.

Janvrin, D., Caster, P., & Elder, R. (2010). Enforcement release evidence on the audit confirmation process: Implications for standard setters. Research in Accounting Regulation, 22(1), 1-17.

Kanagasabai, R. (2012). OWL-S based semantic cloud service broker. In IEEE 19th International Conference on Web Services (ICWS) (pp. 560-567). IEEE: Honolulu, HI.

Kleijnen, J. P. C. (2005). An overview of design and analysis of simulation experiments for sensitivity analysis. European Journal of Operational Research, 164(2), 287-300.

Ko, Y. C., & Fujita, H. (2016). Evidential weights of multiple preferences for competitiveness. Information Sciences, 354, 211-221.

Krishna, B. H., Kiran, S., Murali, G., & Reddy, R. P. K. (2016). Security issues in service model of cloud computing environment. Procedia Computer Science, 87, 246-251.

Kwon, H. K., & Seo, K. K. (2014). A fuzzy AHP based multi-criteria decision-making model to select a cloud service. International Journal of Smart Home, 8(3), 175-180.

Lee, K., Park, C., & Yang, H. D. (2013). Development of service verification methodology based on cloud computing interoperability standard. International Journal of Smart Home, 7(5), 57-66.

Lee, K., Park, C., & Yang, H. D. (2015). Development of a cloud computing interoperability-based service certification. International Journal of Security and its Applications, 9(12), 11-20.

Limam, N., & Boutaba, R. (2010). Assessing software service quality and trustworthiness at selection time. IEEE Transactions on Software Engineering, 36(4), 559-574.

Liou, J. J. H., Chuang, Y. H., & Tzeng, G. H. (2014). A fuzzy integral-based model for supplier evaluation and improvement. Information Sciences, 266(10), 199-217.

Liu, J., Huang, X., & Liu, J. K. (2015). Secure sharing of personal health records in cloud computing: ciphertext-policy attribute-based signcryption. Future Generation Computer Systems, 52, 67-76.

Liu, K. M., Lin, J. C., Hsieh, J. C., & Tzeng, G. H. (2018). Improving the food waste composting facilities site selection for sustainable development using a hybrid modified MADM model. Waste Management, 75, 44-59.

Liu, Q., Wang, G., & Wu, J. (2012). Secure and privacy preserving keyword searching for cloud storage services. Journal of Network and Computer Applications, 35(3), 927-933.

Lu, M. T., Hu, S. K., Huang L. H., & Tzeng, G. H. (2015). Evaluating the implementation of business-to-business m-commerce by SMEs based on a new hybrid MADM model. Management Decision, 53(2), 290-317.

Mackay, M., Baker, T., & Al-Yasiri, A. (2012). Security-oriented cloud computing platform for critical infrastructures. Computer Law & Security Review, 28(6), 679-686.

Mansouri, N. (2016). Adaptive data replication strategy in cloud computing for performance improvement. Frontiers of Computer Science, 10(5), 925-935.

Martens, B., & Teuteberg, F. (2012). Decision-making in cloud computing environments: A cost and risk based approach. Information Systems Frontiers, 14(4), 871-893.

Martens, B., Teuteberg, F., & Gräuler, M. (2011). Design and implementation of a community platform for the evaluation and selection of cloud computing services: A market analysis. In ECIS 2011 Proceedings. 215. Retrieved from

Mazalov, V., Lukyanenko, A., & Luukkainen, S. (2015). Equilibrium in cloud computing market. Performance Evaluation, 92, 40-50.

Menzel, M., Schönherr, M., & Tai, S. (2013). (MC2) 2: criteria, requirements and a software prototype for cloud infrastructure decisions. Software: Practice and Experience, 43(11), 1283-1297.

Nicolaou, C. A., Nicolaou, A. I., & Nicolaou, G. D. (2012). Auditing in the cloud: challenges and opportunities. The CPA Journal, 82(1), 66-70.

Nie, G., She, Q., & Chen, D. (2012). Evaluation index system of cloud service and the purchase decisionmaking process based on AHP. Proceedings of the 2011 International Conference on Informatics, Cybernetics, and Computer Engineering (ICCE2011). Melbourne, Australia: Springer.

Opricovic, S. (1998). Multicriteria optimization of civil engineering systems. Faculty of Civil Engineering Belgrade, 2(1), 5-21.

Opricovic, S., & Tzeng, G. H. (2007). Extended VIKOR method in comparison with outranking methods. European Journal of Operational Research, 178(2), 514-529.

Prosch, M. (2008). Protecting personal information using Generally Accepted Privacy Principles (GAPP) and continuous control monitoring to enhance corporate governance. International Journal of Disclosure and Governance, 5(2), 153-166.

Ramachandran, M., & Chang, V. (2016). Towards performance evaluation of cloud service providers for cloud data security. International Journal of Information Management, 36(4), 618-625.

Ren, W., Yu, L., Gao, R., & Xiong, F. (2011). Lightweight and compromise resilient storage outsourcing with distributed secure accessibility in mobile cloud computing. Tsinghua Science & Technology, 16(5), 520-528.

Repschläger, J., Wind, S., Zarnekow, R., & Turowski, K. (2011, September 22–23). Developing a cloud provider selection model. In Enterprise Modelling and Information Systems Architectures (EMISA 2011) (pp. 163-176). Hamburg, Germany.

Saaty, T. L. (1990). How to make a decision: the analytic hierarchy process. European Journal of Operational Research, 48(1), 9-26.

Saaty, T. L. (1996). Decision making with dependence and feedback: Analytic network process. Pittsburgh: RWS Publications

Saaty, T. L. (2004). Decision making – the analytic hierarchy and network processes (AHP/ANP). Journal of Systems Science and Systems Engineering, 13(1), 1-35.

Sanayei, A., Mousavi, S. F., Abdi, M. R., & Mohaghar, A. (2008). An integrated group decision-making process for supplier selection and order allocation using multi-attribute utility theory and linear programming. Journal of the Franklin Institute, 345(7), 731-747.

Shen, K. Y., & Tzeng, G. H. (2016). Combining DRSA decision-rules with FCA-based DANP evaluation for financial performance improvements. Technological and Economic Development of Economy, 22(5), 685-714.

Shin, D. H. (2013). User centric cloud service model in public sectors: Policy implications of cloud services. Government Information Quarterly, 30(2), 194-203.

Shkurti, R., & Muça, E. (2014). An analysis of cloud computing and its role in accounting industry in Albania. Journal of Information Systems & Operations Management, 8(2), 1-12.

Simon, H. A. (1955). A behavioral model of rational choice. The Quarterly Journal of Economics, 66(1), 99-118.

Simon, H. A. (1956). Rational choice and the structure of the environment. Psychological Review, 63(1), 129-138.

Sood, S. K. (2012). A combined approach to ensure data security in cloud computing. Journal of Network and Computer Applications, 35(6), 1831-1838.

System and Organization Controls 3 Report. (2017, December). Retrieved from

Tarmidi, M., Rasid, S. Z. A., Alrazi, B., & Roni, R. A. (2014). Cloud computing awareness and adoption among accounting practitioners in Malaysia. Procedia-Social and Behavioral Sciences, 164, 569-574.

Toy, A., & Hay, D. C. (2015). Privacy auditing standards. Auditing: A Journal of Practice & Theory, 34(3), 181-199.

Van Akkeren, J., Buckby, S., & MacKenzie, K. (2013). A metamorphosis of the traditional accountant: An insight into forensic accounting services in Australia. Pacific Accounting Review, 25(2), 188-216.

Wang, C., Wood, L. C., Abdul-Rahman, H., & Lee, Y. T. (2016). When traditional information technology project managers encounter the cloud: Opportunities and dilemmas in the transition to cloud services. International Journal of Project Management, 34(3), 371-388.

Wang, F. Y., Zhang, H., & Liu, D. (2009). Adaptive dynamic programming: an introduction. Computational Intelligence Magazine, 4(2), 39-47.

Yang, J., Lin, W., & Dou, W. (2013). An adaptive service selection method for cross‐cloud service composition. Concurrency and Computation: Practice and Experience, 25(18), 2435-2454.

Yavuz, A. A., & Ning, P. (2009, December). Baf: An efficient publicly verifiable secure audit logging scheme for distributed systems. In Computer Security Applications Conference, 2009. ACSAC’09. Annual (pp. 219-228). IEEE.

Yigitbasioglu, O. M. (2015). External auditors’ perceptions of cloud computing adoption in Australia. International Journal of Accounting Information Systems, 18, 46-62.

Yu, J., Xiao, X., & Zhang, Y. (2016). From concept to implementation: The development of the emerging cloud computing industry in China. Telecommunications Policy, 40(2), 130-146.

Yu, P. L. (1973). A class of solutions for group decision problems. Management Science, 19(8), 936-946.

Zhang, H., Ye, L., Shi, J., Du, X., & Guizani, M. (2014). Verifying cloud service‐level agreement by a third-party auditor. Security and Communication Networks, 7(3), 492-502.

Zhao, L., Ren, Y., Li, M., & Sakurai, K. (2012). Flexible service selection with user-specific QoS support in service-oriented architecture. Journal of Network and Computer Applications, 35(3), 962-973.

Zheng, Z., Wu, X., Zhang, Y., Lyu, M. R., & Wang, J. (2013). QoS ranking prediction for cloud services. IEEE Transactions on Parallel and Distributed Systems, 24(6), 1213-1222.

Zhu, W., & Lee, C. (2016). A security protection framework for cloud computing. Journal of Information Processing Systems, 12(3), 538-547.

Zhu, Y., Hu, H., Ahn, G. J., & Yau, S. S. (2012). Efficient audit service outsourcing for data integrity in clouds. Journal of Systems and Software, 85(5), 1083-1095.

Zionts, S., & Wallenius, J. (1983). An interactive multiple objective linear programming, method for a class of underlying nonlinear utility functions. Management Science, 29(5), 519-529.