{"title":"Implications of Cybersecurity on Accounting Information","authors":"Diane J. Janvrin, T. Wang","doi":"10.2308/isys-10715","DOIUrl":null,"url":null,"abstract":"R ecent high-profile cybersecurity incidents, such as Equifax, Sony, and Target, have increased professional and regulatory attention. For example, organizations are under pressure to demonstrate that they are managing cybersecurity threats, and that they have effective processes and controls in place to detect, respond to, mitigate, and recover from breaches and other security events. Cybersecurity risk management involves not only improving internal controls, but also includes a wide range of factors from strategy, IT management, investment decisions, human behavior, disaster recovery/business continuity, and technical solutions to actual implementation and practices. From the regulatory perspective, the PCAOB explicitly included the assessment of cybersecurity risks in its 2018–2022 strategic plan (PCAOB 2018). Further, the Securities and Exchange Commission (SEC) recently issued reporting guidelines on cybersecurity risk disclosures (SEC 2018), while the AICPA proposed an assurance framework for auditors to use to evaluate an organization’s cybersecurity risk management policies and procedures (AICPA 2017). Accounting information systems (AIS) researchers, who stand at the intersection between information systems and accounting, can contribute to understanding the impact of cybersecurity on accounting information from different theoretical or empirical perspectives. For example, our emphasis on understanding how behavior impacts action may provide insight to managers as they develop and implement cybersecurity policies and work to prevent and detect cybersecurity breaches. Further, our knowledge of how financial and nonfinancial information impacts organizational value may be helpful to investigate how investors and auditors react to disclosed data security breaches. Finally, we offer this special-theme issue to encourage cybersecurity research by the broader accounting community. To illustrate, Banker and Feng (2019) and Richardson, Smith, and Watson (2019) demonstrate how archival financial methodology can be used to examine important cybersecurity issues. Accounting behavioral researchers are encouraged to follow the lead of Cheng and Walton (2019) and Frank, Grenier, and Pyzoha (2019) in using experiments to provide insights into cybersecurity challenges. Further, managerial researchers may find Curry, Marshall, Correia, and Crossler’s (2019) work helpful in generating ideas on how applicable theories and skills can be applied to this important topic.","PeriodicalId":42112,"journal":{"name":"African Journal of Information Systems","volume":"33 1","pages":""},"PeriodicalIF":0.4000,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"African Journal of Information Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2308/isys-10715","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 5
Abstract
R ecent high-profile cybersecurity incidents, such as Equifax, Sony, and Target, have increased professional and regulatory attention. For example, organizations are under pressure to demonstrate that they are managing cybersecurity threats, and that they have effective processes and controls in place to detect, respond to, mitigate, and recover from breaches and other security events. Cybersecurity risk management involves not only improving internal controls, but also includes a wide range of factors from strategy, IT management, investment decisions, human behavior, disaster recovery/business continuity, and technical solutions to actual implementation and practices. From the regulatory perspective, the PCAOB explicitly included the assessment of cybersecurity risks in its 2018–2022 strategic plan (PCAOB 2018). Further, the Securities and Exchange Commission (SEC) recently issued reporting guidelines on cybersecurity risk disclosures (SEC 2018), while the AICPA proposed an assurance framework for auditors to use to evaluate an organization’s cybersecurity risk management policies and procedures (AICPA 2017). Accounting information systems (AIS) researchers, who stand at the intersection between information systems and accounting, can contribute to understanding the impact of cybersecurity on accounting information from different theoretical or empirical perspectives. For example, our emphasis on understanding how behavior impacts action may provide insight to managers as they develop and implement cybersecurity policies and work to prevent and detect cybersecurity breaches. Further, our knowledge of how financial and nonfinancial information impacts organizational value may be helpful to investigate how investors and auditors react to disclosed data security breaches. Finally, we offer this special-theme issue to encourage cybersecurity research by the broader accounting community. To illustrate, Banker and Feng (2019) and Richardson, Smith, and Watson (2019) demonstrate how archival financial methodology can be used to examine important cybersecurity issues. Accounting behavioral researchers are encouraged to follow the lead of Cheng and Walton (2019) and Frank, Grenier, and Pyzoha (2019) in using experiments to provide insights into cybersecurity challenges. Further, managerial researchers may find Curry, Marshall, Correia, and Crossler’s (2019) work helpful in generating ideas on how applicable theories and skills can be applied to this important topic.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
