{"title":"Internal Auditors' Perceptions of Information Technology-Related Risks: A Comparison Between General Auditors and Information Technology Auditors","authors":"A. Nuijten, M. Keil, Bert Zwiers","doi":"10.2308/isys-2020-040","DOIUrl":null,"url":null,"abstract":"With the growing role of Information Technology (IT), many organizations have incorporated IT governance practices that include keeping executives apprised of IT risks. To perform this function, organizations rely upon their internal audit staff to obtain an independent evaluation of IT risks. While both general auditors and IT auditors are involved in assessing IT risks, they may not be equally adept at identifying such risks. We draw on the expert vs non-expert perspective to understand how general auditors and IT auditors perceive IT risks differently. Through a quasi-experiment with 70 internal auditors of a financial institution, we found that general auditors perceived IT risks to be lower than their IT audit colleagues. We also found that personal risk preferences influenced the level of IT risks that general auditors perceived. Personal risk preferences did not affect the risk perceptions of IT auditors. Implications for both research and practice are discussed.","PeriodicalId":50486,"journal":{"name":"European Journal of Information Systems","volume":null,"pages":null},"PeriodicalIF":7.3000,"publicationDate":"2022-11-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"European Journal of Information Systems","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.2308/isys-2020-040","RegionNum":2,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
With the growing role of Information Technology (IT), many organizations have incorporated IT governance practices that include keeping executives apprised of IT risks. To perform this function, organizations rely upon their internal audit staff to obtain an independent evaluation of IT risks. While both general auditors and IT auditors are involved in assessing IT risks, they may not be equally adept at identifying such risks. We draw on the expert vs non-expert perspective to understand how general auditors and IT auditors perceive IT risks differently. Through a quasi-experiment with 70 internal auditors of a financial institution, we found that general auditors perceived IT risks to be lower than their IT audit colleagues. We also found that personal risk preferences influenced the level of IT risks that general auditors perceived. Personal risk preferences did not affect the risk perceptions of IT auditors. Implications for both research and practice are discussed.
期刊介绍:
The European Journal of Information Systems offers a unique European perspective on the theory and practice of information systems for a global readership. We actively seek first-rate articles that offer a critical examination of information technology, covering its effects, development, implementation, strategy, management, and policy.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
