International Journal of Accounting Information Systems最新文献

Cybersecurity comment letters issued by the Securities and Exchange Commission (SEC) may ask companies to disclose additional or clarifying information about their cybersecurity incidents, risks, and corresponding controls, where appropriate. Although responding to the comment letter in the form of disclosing more information about cybersecurity can better signal a company’s security posture to investors and comply with regulations, it may also expose a company to higher levels of cybersecurity risks because of disclosing proprietary cybersecurity information. Using a sample consisting of 52 cybersecurity comment letters issued between 2011 and 2019 and their no-letter-matched companies, our findings suggest that comment letter companies change their disclosures regarding cybersecurity, as required by the SEC. However, as shown in the short-term cumulative abnormal returns around response letter days, the stock market reacts negatively to the responses. Our results provide policy implications by showing that market participants may not react positively to transparency.

Changes to the General Ledger (GL) represent a link between transactional business events from Journal Entries and prepared financial statements. Errors in these very large datasets can result in material misstatements or account misbalance. Unfortunately, a plethora of conditions renders traditional statistical and non-statistical sampling less effective. As a full-population examination procedure, Multidimensional Audit Data Sampling (MADS) mitigates these issues. In conjunction with top practitioners, we utilize a design science approach in applying the full-population MADS methodology to a real dataset of GL account balance changes. Issues such as the effectiveness of internal controls, detection of low-frequency high-risk errors, and earnings management concerns are addressed. This paper demonstrates how vital insights can be gained using MADS. More importantly, this approach also highlights the exact portion of the population that is error-free with respect to the auditors' tests.

To date, the impact of internal control on text information social responsibility reports has been rarely explored. This study investigates the correlation between internal control and information content of social responsibility reports based on the similarity of text information of reports by listed enterprises in 2006–2017. Overall, high-quality internal control results in low text similarity of social responsibility and high information content of social responsibility reports. The internal control quality could enhance the information content of social responsibility reports by decreasing the enterprise’s agency costs. For large-scale corporations, non-state enterprises and those with intensive public attention, effective internal control can enhance the information content of social responsibility reports. The agency cost can exert a partial mediating effect for large-scale corporations and enterprises with intensive public attention and complete mediating effect for non-state enterprises. Moreover, this study extends the scope of internal control to the quantitative dimension of text information and has crucial implications for listed enterprises, investors, and governments regarding internal control and disclosure of social responsibility information.

The accounting fraud detection models developed on financial data prepared under US Generally Accepted Accounting Principles (GAAP) in the current literature achieve significantly weaker performance than models based on financial data prepared under different accounting standards. This study contributes to the US GAAP accounting fraud data mining literature through the attainment of higher model performance than that reported in the prior literature. Financial data from the 10-K forms of 320 fraudulent financial statements (80 fraudulent companies) and 1,200 nonfraudulent financial statements (240 nonfraudulent companies) were collected from the US Security and Exchange Commission. The eight most commonly used data mining techniques were applied to develop prediction models. The results were cross-validated on a testing dataset and then compared according to parameters of accuracy, F-measure, and type I and II errors with existing studies from the US, China, Greece, and Taiwan. As a result, the developed predictive models for accounting fraud achieved performance comparable to those achieved by models built on data from other accounting standards. Moreover, the developed models also significantly outperformed (accuracy 10.5%, F-measure 16.1%, type I error 12.2% and type II error 15.2%) existing studies based on US GAAP financial data. Furthermore, this study provides an extensive literature review encompassing recent accounting fraud theory. It enhances the existing US fraud data mining literature with a performance comparison of studies based on other accounting standards.

This study aims to develop and evaluate a model that seeks to measure the impact of Accounting Information System Quality, Internal Control System Quality and Non-Financial Information Quality on company success (Decision-Making Success and Non-Financial Performance). This model is empirically tested with data obtained from the managers of 381 Portuguese companies. We use structural equation modelling in the analysis of causal relationships between different constructs. The results show that information and control systems quality (accounting and internal control) have a direct impact on Non-Financial Information Quality and an indirect impact on Decision-Making Success. The results also indicate that Quality Non-Financial Information does not contribute directly to Non-Financial Performance but contributes indirectly via Decision-Making Success. The exploratory variables prove to be crucial for the companies’ Non-Financial Performance, accounting for its 62% variance. Previous research focuses primarily on financial information quality and financial performance. This study is the first to empirically prove that information and control systems contribute favourably to the transparency and value-relevance of non-financial information and, consequently, to business success.

An increasing amount of companies is transforming their IT departments towards cross-functional teams which are responsible for both development and operation of software and use automation to speed up their delivery process. This novel approach, which is commonly known as “DevOps”, promises many benefits such as increased speed and frequency of deployment. However, companies using DevOps are often struggling with demonstrating control of their software delivery processes to IT auditing parties, due to the decentralized decision-making structures and high degree of automation in DevOps teams. The research at hand presents a framework which aims to provide guidance to organizations in mitigating and governing risks in IT teams and departments that make use of the DevOps paradigm. We have adopted a design science research approach, building on a literature review and semi-structured interviews with seventeen employees from nine Dutch companies that are in different stages of their DevOps transition. The results suggest that two main factors which influence how departments design their DevOps environment are risk appetite and the DevOps maturity. We furthermore find that companies in practice often use a mixture of traditional, manual IT controls and the automated controls suggested in literature. Based on these insights, a situational control framework is designed which suggests suitable risk mitigation practices.

A critical question arises as to whether data analytics (DA) can bring value and improve organizational performance. The benefit offered by DA can be achieved only when organizations are able to direct their attention on the conditioning factors that amplify business value. At the same time, organizations should cautiously resolve the issues that dampen DA business value. This study applied resource-based view (RBV) and the dual factor concept to understand such factors within the Small and Mid-size Enterprises (SMEs) context. The results revealed that information and systems qualities were the catalysts for data analytics business value, whereas lack of understanding and concerns over data security and privacy were the most salient predictors that could prevent SMEs from realizing DA business value. Our study highlights the importance of understanding both enablers and inhibitors in IT business value research. We also offer strategies to stakeholders to help SMEs realize DA business value.

This paper studies the degree to which multinational enterprises (MNEs) use information technology for managing international transfer pricing (ITP). Based on 21 interviews conducted with in-house accounting and tax professionals in MNEs, we observed limited use of information technology for ITP management. However, some degree of ITP automation was observed in workflow management to produce transfer pricing documentation. The limited degree of automation observed was driven by both system- and individual-level barriers. Overall, we found that management accountants and information technology experts dominate the enterprise resource planning system design agenda, and the tax departments’ ITP tax compliance objective plays a relatively limited role. This reduces the ability for ITP automation partly because the data segmentation that is prioritized for management reporting does not support the tax departments’ needs for legal-entity data segmentation to document tax compliance.

This paper investigates how analyst forecast optimism is associated with disclosures of internal control material weaknesses (ICMWs) and their remediation under Section 404 of the Sarbanes–Oxley Act (SOX). Drawing on agency theory, I hypothesize that analysts are likely to issue earnings forecasts that are more optimistic for firms with ICMW disclosures than for those without ICMW disclosures. Using a sample of 20,875 firm-year observations with 10-K (10-Q) reports from 2004 to 2018, I find a positive association between ICMW disclosures and analyst forecast optimism. This positive association is partially driven by investors’ inability to unravel analyst forecast bias and analysts’ intentions to curry favor with management for private information. In addition, analysts are found to issue less optimistic forecasts for firms with ICMW remediation disclosures compared with those without ICMW remediation disclosures. A series of propensity score matching and regression analyses are conducted to test the robustness of my inferences. Overall, the paper suggests that analysts have incentives to take the opportunity of firms disclosing ICMWs to bias their forecasts upward for self-interest. The findings have the potential to assist regulators in guiding analyst behavior and educating investors to unravel positive bias in analyst forecasts.

The aim of this paper is to analyze the effectiveness of internal audit of cybersecurity. We developed a Cybersecurity Audit Index composed of three dimensions – planning, performing and reporting – to address this question. We hypothesize that cybersecurity audit effectiveness is positively related to cyber risk management maturity and negatively to the probability of a successful cyber attack. We tested our hypotheses in a survey with auditors and Chief Audit Executives from various countries and industries. We found that Cybersecurity Audit Index scores significantly vary, with a mean of 58 on a scale from 0 to 100. While the planning and performing phases are strongly and positively correlated, they are less strongly related to reporting about cyber risk management effectiveness to the Board of Directors. As predicted, the Cybersecurity Audit Index is positively associated with maturity, but contrary to expectations, it is not related to the probability of a successful cyber attack. This is the first paper that comprehensively measures the effectiveness of cybersecurity audit and its effects on cyber risk management.