International Journal of Accounting Information Systems最新文献

This study investigates whether audit risks that accompany data breaches of major customer firms can spillover into the supply chain and affect audit fees of their suppliers. Based on the economic bond that exists between supplier firms and their major customers, we predict that data breach incidents of customer firms will lead to higher audit fees for their respective suppliers. Consistent with customer breaches increasing the audit risk to the supplier, we observe a positive association between breach disclosures made by major customers and audit fees of the supplier firm. This association exists for both internal and external data breaches. We further find that audit fees are increasing with the number of major customers disclosing a breach in a given year. Our results are robust to both a matched sample design and a difference-in-difference approach. Interestingly, we find that while supplier auditors appear to price the risks associated with customer breaches, the breaches do not appear to affect audit quality. The findings of this study are timely and relevant to academics, practitioners, and regulators as supply chains continue to become larger and more complex.

This study explores how an organization’s controllers (management accountants) give sense to the information provided by its business intelligence (BI) system, and thus shape the construction of information trust. A qualitative case study was conducted within a Finnish food manufacturing company, building on the notion of trust related to management accounting information and sensemaking theory. The study was informed through open-ended interviews and an examination of internal accounting and management reports. The authors found that the company used an integrated BI system that enabled the production of information in a timely and perceivably standardized manner. Controllers managed this accounting information and gave sense to it, helping deliver a shared understanding of the daily business situation. The findings show that controllers play a pivotal role in building information trust by giving sense to the information provided by the BI system.

I respond to Vosselman and De Loo’s (2023) critique of my earlier paper on agential realism, representation theory, and accounting information systems (Weber, 2020). In that paper, I argued that little is learned by using an agential realism lens to study accounting-related phenomena. I claimed that insights revealed using agential realism also could have been revealed through using existing lenses such as actor-network theory and general systems theory. In particular, I defended representation theory as a way of studying accounting information systems and representationalism as a way of studying the world. Contrariwise, Vosselman and De Loo argue that representation theory and representationalism are useful only in some respects when studying accounting-related phenomena. They contend that agential realism and sociomateriality lenses are needed if the entangled nature of phenomena in accounting domains is to be understood. They point to some assumptions that they claim underpin representationalism and representation theory—assumptions that inhibit their usefulness as a way of studying entangled phenomena. In this response, I present counter-arguments to their claims and defend representationalism and representation theory as ways of understanding the world.

In an in-depth field study, we investigate cyber security governance configurations vis-à-vis the five lines of accountability (5 LoA) – that is, the Three Lines Model extended by the accountability of executive management and the board of directors (IIA, 2020). The aim is to explore the configurations adopted by organizations in governing cybersecurity, and why it would matter for cyber security whether the five lines of accountability are adopted. We define the type of the 5 LoA adoption by: (i) the segregation of the lines that spans from blended to segregated and (ii) the level of engagement of those in line roles that ranges from low to high. In this way, we identify four types of adoption of the 5 LoA: ‘no adoption, ‘ostensible’, ‘implicit’, and ‘explicit’ adoption. We theorize how the type of adoption of the 5 LoA is affected by the interplay of institutional forces and organizations’ need for efficiency and effectiveness, and develop a pathway model for organizations’ adoption of the 5 LoA. We find that organizations that adopt the 5 LoA with clear segregation between these lines (‘ostensible’ and ‘explicit’ adoption) are those subject to prudential regulation (coercive forces), whereas efficiency motives and mimetic forces drive organizations to seek fluidity and flexibility by ‘blending’ the segregated lines (‘implicit’ adoption) to ensure fast reactions to changing environment. Regardless of the segregation between lines and whether they are blended or not, we found that all organizations see scope to improve the level of engagement in the 5 LoA to improve the effectiveness of cyber security governance.

Despite the advancements in technology, auditors still spend a significant amount of time performing repetitive and rule-based tasks. Our paper examines various audit scenarios within four accounting firms and discusses the potential for robotic process automation (RPA) to improve the efficiency and accuracy of these tasks. We propose and implement RPA-enabled solutions to make various procedures more efficient and effective. These anecdotes were based on our consultancy experiences with auditors from a group of Big 4 and mid-sized accounting firms. We present four practical business process scenarios and the prototyped RPA solutions. In each scenario, we explain our automation strategies and the duration of development. We also describe the implementation benefits and challenges, as well as analyze how we have helped the accounting firms automate their real-world audit tasks by providing the as-is and to-be Business Process Model and Notation that one can extend for future RPA development. Finally, we discuss the future challenges and opportunities regarding the broader implementation of RPA in accounting and audit tasks.

The increasing prevalence of big data, large stores of data that enable businesses to generate previously inaccessible insights, has resulted in performance gains for the firms that harness its capabilities. However, the impact that big data has on a firm’s profitability and financial position is rarely captured in its financial statements due to big data’s status as an internally generated intangible asset. As per the current IFRS regulations, big data is not eligible for recognition.

We argue that the true impact of big data on a firm is not appropriately reflected in a firm’s financial statements. The IFRS as currently written does not allow firms to capitalize data assets, thus compromising the goal of financial statements: to provide relevant and reliable information.

Analysis of the current standards reveal gaps in measuring the future economic benefit and costs of big data, primarily attributable to the lack of clarity surrounding the unit of account used to measure big data. Furthermore, IAS 38′s dichotomization of research and development does not accurately represent the applicability of big data assets.

Therefore, we propose a conceptual framework for understanding the economic value of big data. These include the use of a database as a unit of account, costing methods derived from user-based metrics, and a renewed focus on the intention to apply data assets.

Cybersecurity breaches pose a significant risk to firms. To combat these risks, many firms engage in strategic cybersecurity risk management initiatives. While these efforts may reduce the likelihood of a cybersecurity breach, they do not eliminate the risk of a breach. In the event of a cybersecurity breach, firms may issue an apology to investors. This study uses an experiment to examine whether a firm indicates cybersecurity risk management is a strategic initiative and whether a post-cybersecurity breach apology by the CEO impacts nonprofessional investors’ investment interest in the firm. Results show that, in response to a cybersecurity breach, the presence of a CEO apology positively impacts investors’ investment impression and their perceptions of CEO affective and CEO cognitive trust. We find that investors’ investment interest is lowest for a firm that previously indicates cybersecurity risk management is a strategic initiative and where the CEO does not issue an apology. The CEO apology, however, does not significantly impact investment amount, a secondary measure of investor interest. Results from this study have implications for managers, investors, and regulators.

Technology advancements provide opportunities for auditors to use new tools in the audit process. This study presents a synthesis of technology-related auditing research to identify factors affecting the use of technology in auditing. We analyze 88 studies in identifying 21 factors relevant to technology acceptance in auditing based on country of origin (developed or developing), user type (external or internal), type of technology (traditional or advanced), firm size (Big 4 or non-Big 4), and publication time (before and after 2013). Our results show that the most important factors in accepting technology from an individual perspective are facilitator conditions, perceived usefulness, and understanding of ease of use. Technology acceptance factors relevant to an organizational perspective are cost-benefit technology, competitive pressure, company readiness, and matching technology-task. Results suggest that perceived usefulness and subjective norm are more important in developed countries and Big 4 audit firms, while auditors in developing countries and non-Big 4 audit firms are more influenced by perceived ease of use, facilitating conditions, and organizational factors. Adopting traditional technologies is also more influenced by understanding the ease of use, subjective norms, and top management support than advanced technologies. This study contributes to the literature by assessing technology acceptance factors in auditing and thus provides policy, practice, and research implications.

We develop an analytical model intended as the first stage in the development of expert systems to improve auditor knowledge in, and assist in the decision process of, Going Concern Opinions (“GCOs”). Our approach is consistent with a design science approach to developing information systems, resulting in an initial artifact, the mathematical model, which can, through iterative design science and behavioral research, inform a technology-based expert system. Based on Bayesian networks, our model provides insights about auditors’ revision, or inflation, of the probability to issue a GCO based on the interrelationship that forms with the incremental existence of one, two, or three publicly observable financial statement risk factors – net operating loss, negative cash flows from operations, and negative working capital. We calculate the revised probabilities using empirical data of GCOs from 2004 to 2015. Results reveal that the incremental relationship (one, two, or three factors present) effectively models expert auditors’ decisions to issue a GCO, and suggests the existence of these measurable inflation factors that represent situational and auditor-specific factors. We also find that Non-Big Four auditors inflate these factors differently than Big Four auditors to arrive at a decision to issue a GCO.

Recent advances in technology have accelerated digitalization and intelligence in modern business. Particularly, the increasing use of Artificial Intelligence (AI) in managerial accounting is expected to accurately measure corporate performance, provide intelligent analyses, and predict the future of a company. However, along with the benefits, ethical concerns of using AI also arise, such as deprofessionalization, data breach, and isolation among accountants. This paper explores the ethical impact of AI in managerial accounting at both pre- and post-adoption stages. Based on 47 interviews conducted with companies, an AI system vendor, and regulators, we found that data security, privacy, and misuse; accountability; accessibility; benefits and challenges; and transparency and trust of AI are among the most common ethical risks in the development and use of AI in managerial accounting. Unique ethical impacts on four types of stakeholders: developers, managers in charge of AI adoption, managerial accountants, and regulators, were also discovered.