Pub Date : 2022-09-01DOI: 10.1016/j.accinf.2022.100571
Heejae Lee , Lu Zhang , Qi Liu , Miklos Vasarhelyi
Business transaction data includes numeric values of the transactions and the date/time when the transactions are recorded, and textual data such as descriptions. Understanding the textual information of business transactions is also important since this information captures the nature of transactions in a qualitative manner. This study proposes a text visual analysis approach for auditing. We argue that combining text analysis and data visualization can improve the efficiency of audit data analytics for textual data in the organization's accounting information system. We provide a demonstration of the proposed method using a year-around general ledger data set. We use data visualization software Orange and Tableau for the demonstration. The proposed method can be used to understand a client's business and identify abnormal or unusual transactions from not only quantitative information but also qualitative information.
{"title":"Text Visual Analysis in Auditing: Data Analytics for Journal Entries Testing","authors":"Heejae Lee , Lu Zhang , Qi Liu , Miklos Vasarhelyi","doi":"10.1016/j.accinf.2022.100571","DOIUrl":"10.1016/j.accinf.2022.100571","url":null,"abstract":"<div><p>Business transaction data includes numeric values of the transactions and the date/time when the transactions are recorded, and textual data such as descriptions. Understanding the textual information of business transactions is also important since this information captures the nature of transactions in a qualitative manner. This study proposes a text visual analysis approach for auditing. We argue that combining text analysis and data visualization can improve the efficiency of audit data analytics for textual data in the organization's accounting information system. We provide a demonstration of the proposed method using a year-around general ledger data set. We use data visualization software Orange and Tableau for the demonstration. The proposed method can be used to understand a client's business and identify abnormal or unusual transactions from not only quantitative information but also qualitative information.</p></div>","PeriodicalId":47170,"journal":{"name":"International Journal of Accounting Information Systems","volume":"46 ","pages":"Article 100571"},"PeriodicalIF":4.6,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132924399","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-01DOI: 10.1016/j.accinf.2022.100569
Sheng-Feng Hsieh , Gerard Brennan
Many entities are progressively engaged in crypto asset transactions. The distinct nature of crypto assets from typical financial instruments makes it more challenging for external auditors to provide reasonable assurance on financial statements encompassing material crypto asset activities and transactions. To provide more specific guidance in crypto asset-related audits, this paper aims to (1) identify various participants in the crypto asset ecosystem and illustrate their relationship with the audited entity, (2) identify and elaborate the new challenges and risks for financial statement audits related to the crypto asset ecosystem, and (3) summarize issues to be considered in crypto asset-related audits in an audit framework. The dynamically evolving crypto asset ecosystem not only brings challenges and risks but also new assurance opportunities to the auditing profession after identifying and addressing those critical issues.
{"title":"Issues, risks, and challenges for auditing crypto asset transactions","authors":"Sheng-Feng Hsieh , Gerard Brennan","doi":"10.1016/j.accinf.2022.100569","DOIUrl":"10.1016/j.accinf.2022.100569","url":null,"abstract":"<div><p>Many entities are progressively engaged in crypto asset transactions. The distinct nature of crypto assets from typical financial instruments makes it more challenging for external auditors to provide reasonable assurance on financial statements encompassing material crypto asset activities and transactions. To provide more specific guidance in crypto asset-related audits, this paper aims to (1) identify various participants in the crypto asset ecosystem and illustrate their relationship with the audited entity, (2) identify and elaborate the new challenges and risks for financial statement audits related to the crypto asset ecosystem, and (3) summarize issues to be considered in crypto asset-related audits in an audit framework. The dynamically evolving crypto asset ecosystem not only brings challenges and risks but also new assurance opportunities to the auditing profession after identifying and addressing those critical issues.</p></div>","PeriodicalId":47170,"journal":{"name":"International Journal of Accounting Information Systems","volume":"46 ","pages":"Article 100569"},"PeriodicalIF":4.6,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122916351","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-01DOI: 10.1016/j.accinf.2022.100570
Guangyue Zhang, Hilal Atasoy, Miklos A. Vasarhelyi
This paper presents a framework for proactive and intelligent continuous control monitoring (CCM) that helps management gain higher assurance over business processes and alleviate information overload. We adopt a design science approach towards systematically developing CCM artifacts, including operation and internal control violation display and multidimensional anomaly detection. We illustrate the design with an implementation project whereby a CPA firm, the firm's healthcare sector client, and the research team work together to improve the assurance provided by payroll reviews. This study contributes to the CCM literature by envisioning that interactive data visualization and machine learning technologies can alleviate information overload for management in CCM. Second, we provide real-world evidence on the improvement brought to economic and behavioral aspects of the control monitoring process compared to the traditional approach. We show that emerging technologies substantially improve the efficiency and effectiveness of risk assessment, anomaly detection, and loss prevention. We also contribute to control monitoring practice by providing guidance on artifact development and application for practitioners to follow.
{"title":"Continuous monitoring with machine learning and interactive data visualization: An application to a healthcare payroll process","authors":"Guangyue Zhang, Hilal Atasoy, Miklos A. Vasarhelyi","doi":"10.1016/j.accinf.2022.100570","DOIUrl":"10.1016/j.accinf.2022.100570","url":null,"abstract":"<div><p>This paper presents a framework for proactive and intelligent continuous control monitoring (CCM) that helps management gain higher assurance over business processes and alleviate information overload. We adopt a design science approach towards systematically developing CCM artifacts, including operation and internal control violation display and multidimensional anomaly detection. We illustrate the design with an implementation project whereby a CPA firm, the firm's healthcare sector client, and the research team work together to improve the assurance provided by payroll reviews. This study contributes to the CCM literature by envisioning that interactive data visualization and machine learning technologies can alleviate information overload for management in CCM. Second, we provide real-world evidence on the improvement brought to economic and behavioral aspects of the control monitoring process compared to the traditional approach. We show that emerging technologies substantially improve the efficiency and effectiveness of risk assessment, anomaly detection, and loss prevention. We also contribute to control monitoring practice by providing guidance on artifact development and application for practitioners to follow.</p></div>","PeriodicalId":47170,"journal":{"name":"International Journal of Accounting Information Systems","volume":"46 ","pages":"Article 100570"},"PeriodicalIF":4.6,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133447879","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-01DOI: 10.1016/j.accinf.2022.100568
Benjamin Blakely , Jim Kurtenbach , Lovila Nowak
A number of institutions make reports available regarding the types, impacts, or origins of cybersecurity breaches. The information content of cyber breach reports is examined in light of Principle 15 of the 2017 Committee on Sponsoring Organizations Enterprise Risk Management (COSO ERM) information security control framework to understand the degree to which cyber breach reports reflect the established COSO internal control framework. This study utilizes the COSO ERM internal control framework to examine whether current cyber breach reports contain information that may influence a firm’s ability to assess substantial change within its industry due to external forces (COSO ERM Principle 15). As such, this study focuses on data breaches, a special type of cyber incident, which may result in the loss of confidential information. Cyber decision makers rely on this type of information to calibrate information security programs to ensure coverage of relevant threats and the efficient use of available funds. These reports may be used for the purposes of cybersecurity risk assessment and strategic planning. We compare, contrast, and analyzie the reports to identify their utility in such contexts. We also provide an overview of the current cybersecurity reporting environment and suggest revisions to US national cyber policy with the intent of increasing the benefit to reporters and consumers of the data.
This study is focused on education as to the current structure of breach reporting based upon our review and synthesis of publicly-available breach reports.
In this study, we review nine (9) reports that meet four (4) criteria. We relate these criteria to the framework provided by COSO ERM Principle 15 by analyzing and placing the criteria into a taxonomy developed for this purpose. We analyze the degree to which the reports are complementary, reflect potential improvements of internal controls, and provide recommendations for ways in which these types of reports might be used by practitioners, while highlighting potential limitations. Our findings indicate that the sample reports contain little information that may be incorporated to improve the risk profile of an entity. We provide recommendations to improve the information content and timeliness of breach reports.
{"title":"Exploring the information content of cyber breach reports and the relationship to internal controls","authors":"Benjamin Blakely , Jim Kurtenbach , Lovila Nowak","doi":"10.1016/j.accinf.2022.100568","DOIUrl":"10.1016/j.accinf.2022.100568","url":null,"abstract":"<div><p>A number of institutions make reports available regarding the types, impacts, or origins of cybersecurity breaches. The information content of cyber breach reports is examined in light of Principle 15 of the 2017 Committee on Sponsoring Organizations Enterprise Risk Management (COSO ERM) information security control framework to understand the degree to which cyber breach reports reflect the established COSO internal control framework. This study utilizes the COSO ERM internal control framework to examine whether current cyber breach reports contain information that may influence a firm’s ability to assess substantial change within its industry due to external forces (COSO ERM Principle 15). As such, this study focuses on data breaches, a special type of cyber incident, which may result in the loss of confidential information. Cyber decision makers rely on this type of information to calibrate information security programs to ensure coverage of relevant threats and the efficient use of available funds. These reports may be used for the purposes of cybersecurity risk assessment and strategic planning. We compare, contrast, and analyzie the reports to identify their utility in such contexts. We also provide an overview of the current cybersecurity reporting environment and suggest revisions to US national cyber policy with the intent of increasing the benefit to reporters and consumers of the data.</p><p>This study is focused on education as to the current structure of breach reporting based upon our review and synthesis of publicly-available breach reports.</p><p>In this study, we review nine (9) reports that meet four (4) criteria. We relate these criteria to the framework provided by COSO ERM Principle 15 by analyzing and placing the criteria into a taxonomy developed for this purpose. We analyze the degree to which the reports are complementary, reflect potential improvements of internal controls, and provide recommendations for ways in which these types of reports might be used by practitioners, while highlighting potential limitations. Our findings indicate that the sample reports contain little information that may be incorporated to improve the risk profile of an entity. We provide recommendations to improve the information content and timeliness of breach reports.</p></div>","PeriodicalId":47170,"journal":{"name":"International Journal of Accounting Information Systems","volume":"46 ","pages":"Article 100568"},"PeriodicalIF":4.6,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124890723","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-01DOI: 10.1016/j.accinf.2022.100567
Tawei Wang , Ju-Chun Yen , Kyunghee Yoon
Cybersecurity comment letters issued by the Securities and Exchange Commission (SEC) may ask companies to disclose additional or clarifying information about their cybersecurity incidents, risks, and corresponding controls, where appropriate. Although responding to the comment letter in the form of disclosing more information about cybersecurity can better signal a company’s security posture to investors and comply with regulations, it may also expose a company to higher levels of cybersecurity risks because of disclosing proprietary cybersecurity information. Using a sample consisting of 52 cybersecurity comment letters issued between 2011 and 2019 and their no-letter-matched companies, our findings suggest that comment letter companies change their disclosures regarding cybersecurity, as required by the SEC. However, as shown in the short-term cumulative abnormal returns around response letter days, the stock market reacts negatively to the responses. Our results provide policy implications by showing that market participants may not react positively to transparency.
{"title":"Responses to SEC comment letters on cybersecurity disclosures: An exploratory study","authors":"Tawei Wang , Ju-Chun Yen , Kyunghee Yoon","doi":"10.1016/j.accinf.2022.100567","DOIUrl":"10.1016/j.accinf.2022.100567","url":null,"abstract":"<div><p>Cybersecurity comment letters issued by the Securities and Exchange Commission (SEC) may ask companies to disclose additional or clarifying information about their cybersecurity incidents, risks, and corresponding controls, where appropriate. Although responding to the comment letter in the form of disclosing more information about cybersecurity can better signal a company’s security posture to investors and comply with regulations, it may also expose a company to higher levels of cybersecurity risks because of disclosing proprietary cybersecurity information. Using a sample consisting of 52 cybersecurity comment letters issued between 2011 and 2019 and their no-letter-matched companies, our findings suggest that comment letter companies change their disclosures regarding cybersecurity, as required by the SEC. However, as shown in the short-term cumulative abnormal returns around response letter days, the stock market reacts negatively to the responses. Our results provide policy implications by showing that market participants may not react positively to transparency.</p></div>","PeriodicalId":47170,"journal":{"name":"International Journal of Accounting Information Systems","volume":"46 ","pages":"Article 100567"},"PeriodicalIF":4.6,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125606633","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-01DOI: 10.1016/j.accinf.2022.100573
Jamie W. Freiman , Yongbum Kim , Miklos A. Vasarhelyi
Changes to the General Ledger (GL) represent a link between transactional business events from Journal Entries and prepared financial statements. Errors in these very large datasets can result in material misstatements or account misbalance. Unfortunately, a plethora of conditions renders traditional statistical and non-statistical sampling less effective. As a full-population examination procedure, Multidimensional Audit Data Sampling (MADS) mitigates these issues. In conjunction with top practitioners, we utilize a design science approach in applying the full-population MADS methodology to a real dataset of GL account balance changes. Issues such as the effectiveness of internal controls, detection of low-frequency high-risk errors, and earnings management concerns are addressed. This paper demonstrates how vital insights can be gained using MADS. More importantly, this approach also highlights the exact portion of the population that is error-free with respect to the auditors' tests.
{"title":"Full population testing: Applying multidimensional audit data sampling (MADS) to general ledger data auditing","authors":"Jamie W. Freiman , Yongbum Kim , Miklos A. Vasarhelyi","doi":"10.1016/j.accinf.2022.100573","DOIUrl":"10.1016/j.accinf.2022.100573","url":null,"abstract":"<div><p>Changes to the General Ledger (GL) represent a link between transactional business events from Journal Entries and prepared financial statements. Errors in these very large datasets can result in material misstatements or account misbalance. Unfortunately, a plethora of conditions renders traditional statistical and non-statistical sampling less effective. As a full-population examination procedure, Multidimensional Audit Data Sampling (MADS) mitigates these issues. In conjunction with top practitioners, we utilize a design science approach in applying the full-population MADS methodology to a real dataset of GL account balance changes. Issues such as the effectiveness of internal controls, detection of low-frequency high-risk errors, and earnings management concerns are addressed. This paper demonstrates how vital insights can be gained using MADS. More importantly, this approach also highlights the exact portion of the population that is error-free with respect to the auditors' tests.</p></div>","PeriodicalId":47170,"journal":{"name":"International Journal of Accounting Information Systems","volume":"46 ","pages":"Article 100573"},"PeriodicalIF":4.6,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123184234","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-01DOI: 10.1016/j.accinf.2022.100558
Pingping Huang , Yuehua Jiao , Sihai Li
To date, the impact of internal control on text information social responsibility reports has been rarely explored. This study investigates the correlation between internal control and information content of social responsibility reports based on the similarity of text information of reports by listed enterprises in 2006–2017. Overall, high-quality internal control results in low text similarity of social responsibility and high information content of social responsibility reports. The internal control quality could enhance the information content of social responsibility reports by decreasing the enterprise’s agency costs. For large-scale corporations, non-state enterprises and those with intensive public attention, effective internal control can enhance the information content of social responsibility reports. The agency cost can exert a partial mediating effect for large-scale corporations and enterprises with intensive public attention and complete mediating effect for non-state enterprises. Moreover, this study extends the scope of internal control to the quantitative dimension of text information and has crucial implications for listed enterprises, investors, and governments regarding internal control and disclosure of social responsibility information.
{"title":"Impact of internal control quality on the information content of social responsibility reports: A study based on text similarity—Evidence from China","authors":"Pingping Huang , Yuehua Jiao , Sihai Li","doi":"10.1016/j.accinf.2022.100558","DOIUrl":"10.1016/j.accinf.2022.100558","url":null,"abstract":"<div><p>To date, the impact of internal control on text information social responsibility reports has been rarely explored. This study investigates the correlation between internal control and information content of social responsibility reports based on the similarity of text information of reports by listed enterprises in 2006–2017. Overall, high-quality internal control results in low text similarity of social responsibility and high information content of social responsibility reports. The internal control quality could enhance the information content of social responsibility reports by decreasing the enterprise’s agency costs. For large-scale corporations, non-state enterprises and those with intensive public attention, effective internal control can enhance the information content of social responsibility reports. The agency cost can exert a partial mediating effect for large-scale corporations and enterprises with intensive public attention and complete mediating effect for non-state enterprises. Moreover, this study extends the scope of internal control to the quantitative dimension of text information and has crucial implications for listed enterprises, investors, and governments regarding internal control and disclosure of social responsibility information.</p></div>","PeriodicalId":47170,"journal":{"name":"International Journal of Accounting Information Systems","volume":"45 ","pages":"Article 100558"},"PeriodicalIF":4.6,"publicationDate":"2022-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133683897","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-01DOI: 10.1016/j.accinf.2022.100559
Mário Papík , Lenka Papíková
The accounting fraud detection models developed on financial data prepared under US Generally Accepted Accounting Principles (GAAP) in the current literature achieve significantly weaker performance than models based on financial data prepared under different accounting standards. This study contributes to the US GAAP accounting fraud data mining literature through the attainment of higher model performance than that reported in the prior literature. Financial data from the 10-K forms of 320 fraudulent financial statements (80 fraudulent companies) and 1,200 nonfraudulent financial statements (240 nonfraudulent companies) were collected from the US Security and Exchange Commission. The eight most commonly used data mining techniques were applied to develop prediction models. The results were cross-validated on a testing dataset and then compared according to parameters of accuracy, F-measure, and type I and II errors with existing studies from the US, China, Greece, and Taiwan. As a result, the developed predictive models for accounting fraud achieved performance comparable to those achieved by models built on data from other accounting standards. Moreover, the developed models also significantly outperformed (accuracy 10.5%, F-measure 16.1%, type I error 12.2% and type II error 15.2%) existing studies based on US GAAP financial data. Furthermore, this study provides an extensive literature review encompassing recent accounting fraud theory. It enhances the existing US fraud data mining literature with a performance comparison of studies based on other accounting standards.
{"title":"Detecting accounting fraud in companies reporting under US GAAP through data mining","authors":"Mário Papík , Lenka Papíková","doi":"10.1016/j.accinf.2022.100559","DOIUrl":"10.1016/j.accinf.2022.100559","url":null,"abstract":"<div><p>The accounting fraud detection models developed on financial data prepared under US Generally Accepted Accounting Principles (GAAP) in the current literature achieve significantly weaker performance than models based on financial data prepared under different accounting standards. This study contributes to the US GAAP accounting fraud data mining literature through the attainment of higher model performance than that reported in the prior literature. Financial data from the 10-K forms of 320 fraudulent financial statements (80 fraudulent companies) and 1,200 nonfraudulent financial statements (240 nonfraudulent companies) were collected from the US Security and Exchange Commission. The eight most commonly used data mining techniques were applied to develop prediction models. The results were cross-validated on a testing dataset and then compared according to parameters of accuracy, F-measure, and type I and II errors with existing studies from the US, China, Greece, and Taiwan. As a result, the developed predictive models for accounting fraud achieved performance comparable to those achieved by models built on data from other accounting standards. Moreover, the developed models also significantly outperformed (accuracy 10.5%, F-measure 16.1%, type I error 12.2% and type II error 15.2%) existing studies based on US GAAP financial data. Furthermore, this study provides an extensive literature review encompassing recent accounting fraud theory. It enhances the existing US fraud data mining literature with a performance comparison of studies based on other accounting standards.</p></div>","PeriodicalId":47170,"journal":{"name":"International Journal of Accounting Information Systems","volume":"45 ","pages":"Article 100559"},"PeriodicalIF":4.6,"publicationDate":"2022-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134221958","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-01DOI: 10.1016/j.accinf.2022.100557
Albertina Paula Monteiro , Joana Vale , Eduardo Leite , Marcin Lis , Joanna Kurowska-Pysz
This study aims to develop and evaluate a model that seeks to measure the impact of Accounting Information System Quality, Internal Control System Quality and Non-Financial Information Quality on company success (Decision-Making Success and Non-Financial Performance). This model is empirically tested with data obtained from the managers of 381 Portuguese companies. We use structural equation modelling in the analysis of causal relationships between different constructs. The results show that information and control systems quality (accounting and internal control) have a direct impact on Non-Financial Information Quality and an indirect impact on Decision-Making Success. The results also indicate that Quality Non-Financial Information does not contribute directly to Non-Financial Performance but contributes indirectly via Decision-Making Success. The exploratory variables prove to be crucial for the companies’ Non-Financial Performance, accounting for its 62% variance. Previous research focuses primarily on financial information quality and financial performance. This study is the first to empirically prove that information and control systems contribute favourably to the transparency and value-relevance of non-financial information and, consequently, to business success.
{"title":"The impact of information systems and non-financial information on company success","authors":"Albertina Paula Monteiro , Joana Vale , Eduardo Leite , Marcin Lis , Joanna Kurowska-Pysz","doi":"10.1016/j.accinf.2022.100557","DOIUrl":"10.1016/j.accinf.2022.100557","url":null,"abstract":"<div><p>This study aims to develop and evaluate a model that seeks to measure the impact of Accounting Information System Quality, Internal Control System Quality and Non-Financial Information Quality on company success (Decision-Making Success and Non-Financial Performance). This model is empirically tested with data obtained from the managers of 381 Portuguese companies. We use structural equation modelling in the analysis of causal relationships between different constructs. The results show that information and control systems quality (accounting and internal control) have a direct impact on Non-Financial Information Quality and an indirect impact on Decision-Making Success. The results also indicate that Quality Non-Financial Information does not contribute directly to Non-Financial Performance but contributes indirectly via Decision-Making Success. The exploratory variables prove to be crucial for the companies’ Non-Financial Performance, accounting for its 62% variance. Previous research focuses primarily on financial information quality and financial performance. This study is the first to empirically prove that information and control systems contribute favourably to the transparency and value-relevance of non-financial information and, consequently, to business success.</p></div>","PeriodicalId":47170,"journal":{"name":"International Journal of Accounting Information Systems","volume":"45 ","pages":"Article 100557"},"PeriodicalIF":4.6,"publicationDate":"2022-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1467089522000094/pdfft?md5=6265c186e83b0cf5312de56d91375328&pid=1-s2.0-S1467089522000094-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133707782","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-01DOI: 10.1016/j.accinf.2022.100560
Olivia H. Plant , Jos van Hillegersberg , Adina Aldea
An increasing amount of companies is transforming their IT departments towards cross-functional teams which are responsible for both development and operation of software and use automation to speed up their delivery process. This novel approach, which is commonly known as “DevOps”, promises many benefits such as increased speed and frequency of deployment. However, companies using DevOps are often struggling with demonstrating control of their software delivery processes to IT auditing parties, due to the decentralized decision-making structures and high degree of automation in DevOps teams. The research at hand presents a framework which aims to provide guidance to organizations in mitigating and governing risks in IT teams and departments that make use of the DevOps paradigm. We have adopted a design science research approach, building on a literature review and semi-structured interviews with seventeen employees from nine Dutch companies that are in different stages of their DevOps transition. The results suggest that two main factors which influence how departments design their DevOps environment are risk appetite and the DevOps maturity. We furthermore find that companies in practice often use a mixture of traditional, manual IT controls and the automated controls suggested in literature. Based on these insights, a situational control framework is designed which suggests suitable risk mitigation practices.
{"title":"Rethinking IT governance: Designing a framework for mitigating risk and fostering internal control in a DevOps environment","authors":"Olivia H. Plant , Jos van Hillegersberg , Adina Aldea","doi":"10.1016/j.accinf.2022.100560","DOIUrl":"10.1016/j.accinf.2022.100560","url":null,"abstract":"<div><p>An increasing amount of companies is transforming their IT departments towards cross-functional teams which are responsible for both development and operation of software and use automation to speed up their delivery process. This novel approach, which is commonly known as <em>“DevOps”</em>, promises many benefits such as increased speed and frequency of deployment. However, companies using DevOps are often struggling with demonstrating control of their software delivery processes to IT auditing parties, due to the decentralized decision-making structures and high degree of automation in DevOps teams. The research at hand presents a framework which aims to provide guidance to organizations in mitigating and governing risks in IT teams and departments that make use of the DevOps paradigm. We have adopted a design science research approach, building on a literature review and semi-structured interviews with seventeen employees from nine Dutch companies that are in different stages of their DevOps transition. The results suggest that two main factors which influence how departments design their DevOps environment are <em>risk appetite</em> and the <em>DevOps maturity</em>. We furthermore find that companies in practice often use a mixture of traditional, manual IT controls and the automated controls suggested in literature. Based on these insights, a situational control framework is designed which suggests suitable risk mitigation practices.</p></div>","PeriodicalId":47170,"journal":{"name":"International Journal of Accounting Information Systems","volume":"45 ","pages":"Article 100560"},"PeriodicalIF":4.6,"publicationDate":"2022-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1467089522000124/pdfft?md5=08e01e5f20b9be8adb3d7c28a727f988&pid=1-s2.0-S1467089522000124-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130660673","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号