Pub Date : 2022-03-01DOI: 10.1016/j.accinf.2021.100547
Arif Perdana , Hwee Hoon Lee , SzeKee Koh , Desi Arisandi
A critical question arises as to whether data analytics (DA) can bring value and improve organizational performance. The benefit offered by DA can be achieved only when organizations are able to direct their attention on the conditioning factors that amplify business value. At the same time, organizations should cautiously resolve the issues that dampen DA business value. This study applied resource-based view (RBV) and the dual factor concept to understand such factors within the Small and Mid-size Enterprises (SMEs) context. The results revealed that information and systems qualities were the catalysts for data analytics business value, whereas lack of understanding and concerns over data security and privacy were the most salient predictors that could prevent SMEs from realizing DA business value. Our study highlights the importance of understanding both enablers and inhibitors in IT business value research. We also offer strategies to stakeholders to help SMEs realize DA business value.
{"title":"Data analytics in small and mid-size enterprises: Enablers and inhibitors for business value and firm performance","authors":"Arif Perdana , Hwee Hoon Lee , SzeKee Koh , Desi Arisandi","doi":"10.1016/j.accinf.2021.100547","DOIUrl":"10.1016/j.accinf.2021.100547","url":null,"abstract":"<div><p>A critical question arises as to whether data analytics (DA) can bring value and improve organizational performance. The benefit offered by DA can be achieved only when organizations are able to direct their attention on the conditioning factors that amplify business value. At the same time, organizations should cautiously resolve the issues that dampen DA business value. This study applied resource-based view (RBV) and the dual factor concept to understand such factors within the Small and Mid-size Enterprises (SMEs) context. The results revealed that information and systems qualities were the catalysts for data analytics business value, whereas lack of understanding and concerns over data security and privacy were the most salient predictors that could prevent SMEs from realizing DA business value. Our study highlights the importance of understanding both enablers and inhibitors in IT business value research. We also offer strategies to stakeholders to help SMEs realize DA business value.</p></div>","PeriodicalId":47170,"journal":{"name":"International Journal of Accounting Information Systems","volume":"44 ","pages":"Article 100547"},"PeriodicalIF":4.6,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126259973","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-03-01DOI: 10.1016/j.accinf.2021.100546
Lars Hemling , Jacob Christian Plesner Rossing , Andreas Hoffjan
This paper studies the degree to which multinational enterprises (MNEs) use information technology for managing international transfer pricing (ITP). Based on 21 interviews conducted with in-house accounting and tax professionals in MNEs, we observed limited use of information technology for ITP management. However, some degree of ITP automation was observed in workflow management to produce transfer pricing documentation. The limited degree of automation observed was driven by both system- and individual-level barriers. Overall, we found that management accountants and information technology experts dominate the enterprise resource planning system design agenda, and the tax departments’ ITP tax compliance objective plays a relatively limited role. This reduces the ability for ITP automation partly because the data segmentation that is prioritized for management reporting does not support the tax departments’ needs for legal-entity data segmentation to document tax compliance.
{"title":"The use of information technology for international transfer pricing in multinational enterprises","authors":"Lars Hemling , Jacob Christian Plesner Rossing , Andreas Hoffjan","doi":"10.1016/j.accinf.2021.100546","DOIUrl":"10.1016/j.accinf.2021.100546","url":null,"abstract":"<div><p>This paper studies the degree to which multinational enterprises (MNEs) use information technology for managing international transfer pricing (ITP). Based on 21 interviews conducted with in-house accounting and tax professionals in MNEs, we observed limited use of information technology for ITP management. However, some degree of ITP automation was observed in workflow management to produce transfer pricing documentation. The limited degree of automation observed was driven by both system- and individual-level barriers. Overall, we found that management accountants and information technology experts dominate the enterprise resource planning system design agenda, and the tax departments’ ITP tax compliance objective plays a relatively limited role. This reduces the ability for ITP automation partly because the data segmentation that is prioritized for management reporting does not support the tax departments’ needs for legal-entity data segmentation to document tax compliance.</p></div>","PeriodicalId":47170,"journal":{"name":"International Journal of Accounting Information Systems","volume":"44 ","pages":"Article 100546"},"PeriodicalIF":4.6,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122620374","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-03-01DOI: 10.1016/j.accinf.2021.100545
Wanyun Li
This paper investigates how analyst forecast optimism is associated with disclosures of internal control material weaknesses (ICMWs) and their remediation under Section 404 of the Sarbanes–Oxley Act (SOX). Drawing on agency theory, I hypothesize that analysts are likely to issue earnings forecasts that are more optimistic for firms with ICMW disclosures than for those without ICMW disclosures. Using a sample of 20,875 firm-year observations with 10-K (10-Q) reports from 2004 to 2018, I find a positive association between ICMW disclosures and analyst forecast optimism. This positive association is partially driven by investors’ inability to unravel analyst forecast bias and analysts’ intentions to curry favor with management for private information. In addition, analysts are found to issue less optimistic forecasts for firms with ICMW remediation disclosures compared with those without ICMW remediation disclosures. A series of propensity score matching and regression analyses are conducted to test the robustness of my inferences. Overall, the paper suggests that analysts have incentives to take the opportunity of firms disclosing ICMWs to bias their forecasts upward for self-interest. The findings have the potential to assist regulators in guiding analyst behavior and educating investors to unravel positive bias in analyst forecasts.
{"title":"Disclosure of internal control material weaknesses and optimism in analyst earnings forecasts","authors":"Wanyun Li","doi":"10.1016/j.accinf.2021.100545","DOIUrl":"10.1016/j.accinf.2021.100545","url":null,"abstract":"<div><p>This paper investigates how analyst forecast optimism is associated with disclosures of internal control material weaknesses (ICMWs) and their remediation under Section 404 of the <em>Sarbanes–Oxley Act</em> (SOX). Drawing on agency theory, I hypothesize that analysts are likely to issue earnings forecasts that are more optimistic for firms with ICMW disclosures than for those without ICMW disclosures. Using a sample of 20,875 firm-year observations with 10-K (10-Q) reports from 2004 to 2018, I find a positive association between ICMW disclosures and analyst forecast optimism. This positive association is partially driven by investors’ inability to unravel analyst forecast bias and analysts’ intentions to curry favor with management for private information. In addition, analysts are found to issue less optimistic forecasts for firms with ICMW remediation disclosures compared with those without ICMW remediation disclosures. A series of propensity score matching and regression analyses are conducted to test the robustness of my inferences. Overall, the paper suggests that analysts have incentives to take the opportunity of firms disclosing ICMWs to bias their forecasts upward for self-interest. The findings have the potential to assist regulators in guiding analyst behavior and educating investors to unravel positive bias in analyst forecasts.</p></div>","PeriodicalId":47170,"journal":{"name":"International Journal of Accounting Information Systems","volume":"44 ","pages":"Article 100545"},"PeriodicalIF":4.6,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129936351","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-03-01DOI: 10.1016/j.accinf.2021.100548
Sergeja Slapničar , Tina Vuko , Marko Čular , Matej Drašček
The aim of this paper is to analyze the effectiveness of internal audit of cybersecurity. We developed a Cybersecurity Audit Index composed of three dimensions – planning, performing and reporting – to address this question. We hypothesize that cybersecurity audit effectiveness is positively related to cyber risk management maturity and negatively to the probability of a successful cyber attack. We tested our hypotheses in a survey with auditors and Chief Audit Executives from various countries and industries. We found that Cybersecurity Audit Index scores significantly vary, with a mean of 58 on a scale from 0 to 100. While the planning and performing phases are strongly and positively correlated, they are less strongly related to reporting about cyber risk management effectiveness to the Board of Directors. As predicted, the Cybersecurity Audit Index is positively associated with maturity, but contrary to expectations, it is not related to the probability of a successful cyber attack. This is the first paper that comprehensively measures the effectiveness of cybersecurity audit and its effects on cyber risk management.
{"title":"Effectiveness of cybersecurity audit","authors":"Sergeja Slapničar , Tina Vuko , Marko Čular , Matej Drašček","doi":"10.1016/j.accinf.2021.100548","DOIUrl":"https://doi.org/10.1016/j.accinf.2021.100548","url":null,"abstract":"<div><p>The aim of this paper is to analyze the effectiveness of internal audit of cybersecurity. We developed a Cybersecurity Audit Index composed of three dimensions – planning, performing and reporting – to address this question. We hypothesize that cybersecurity audit effectiveness is positively related to cyber risk management maturity and negatively to the probability of a successful cyber attack. We tested our hypotheses in a survey with auditors and Chief Audit Executives from various countries and industries. We found that Cybersecurity Audit Index scores significantly vary, with a mean of 58 on a scale from 0 to 100. While the planning and performing phases are strongly and positively correlated, they are less strongly related to reporting about cyber risk management effectiveness to the Board of Directors. As predicted, the Cybersecurity Audit Index is positively associated with maturity, but contrary to expectations, it is not related to the probability of a successful cyber attack. This is the first paper that comprehensively measures the effectiveness of cybersecurity audit and its effects on cyber risk management.</p></div>","PeriodicalId":47170,"journal":{"name":"International Journal of Accounting Information Systems","volume":"44 ","pages":"Article 100548"},"PeriodicalIF":4.6,"publicationDate":"2022-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1467089521000506/pdfft?md5=b050c70f3813a42adea55305d2842ca4&pid=1-s2.0-S1467089521000506-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"137362322","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-12-01DOI: 10.1016/j.accinf.2021.100534
Dongjoon Choi , Hansol Lee , Ho-Young Lee , Hyun-Young Park
This study investigates the association between human resource investment in information technology (IT) controls over financial reporting and its investment efficiency. To conduct the analysis, it uses novel hand-collected data on the number of IT control personnel. In particular, it uses the ratio of (1) the number of IT control personnel, (2) the number of IT control personnel who are certified public accountants to the total number of employees in a firm, and (3) the natural logarithm of average working experience of IT control personnel in months as a proxy for human resource investment in IT controls. This study finds that such investment is negatively associated with the firm's abnormal investment, suggesting that investing in IT control personnel enhances a firm's investment efficiency. Furthermore, not only quantitative but also qualitative investment in IT control personnel improves investment efficiency. We also find that the association between human resource investment in IT controls and a firm's investment efficiency is more pronounced for firms with lower financial reporting quality and information environment. The results of this study provide useful implications for management, regulators, and market participants, as they demonstrate the positive role of investment in IT control personnel on the firm's internal decision.
{"title":"The association between human resource investment in IT controls over financial reporting and investment efficiency","authors":"Dongjoon Choi , Hansol Lee , Ho-Young Lee , Hyun-Young Park","doi":"10.1016/j.accinf.2021.100534","DOIUrl":"10.1016/j.accinf.2021.100534","url":null,"abstract":"<div><p>This study investigates the association between human resource investment in information technology (IT) controls over financial reporting and its investment efficiency. To conduct the analysis, it uses novel hand-collected data on the number of IT control personnel. In particular, it uses the ratio of <span>(1)</span> the number of IT control personnel, <span>(2)</span> the number of IT control personnel who are certified public accountants to the total number of employees in a firm, and <span>(3)</span> the natural logarithm of average working experience of IT control personnel in months as a proxy for human resource investment in IT controls. This study finds that such investment is negatively associated with the firm's abnormal investment, suggesting that investing in IT control personnel enhances a firm's investment efficiency. Furthermore, not only quantitative but also qualitative investment in IT control personnel improves investment efficiency. We also find that the association between human resource investment in IT controls and a firm's investment efficiency is more pronounced for firms with lower financial reporting quality and information environment. The results of this study provide useful implications for management, regulators, and market participants, as they demonstrate the positive role of investment in IT control personnel on the firm's internal decision.</p></div>","PeriodicalId":47170,"journal":{"name":"International Journal of Accounting Information Systems","volume":"43 ","pages":"Article 100534"},"PeriodicalIF":4.6,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132362481","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This study explores the information regarding Artificial Intelligence (AI) included by European listed companies in their annual and/or sustainability reports. The study mainly focuses on (1) the development and use of AI systems/projects reported by companies, (2) the extent to which companies disclose ethical principles or guidelines regarding AI and (3) the factors explaining these practices.
The study analyses the reports of 200 companies listed in the major indexes of Germany, Sweden, Finland, France, Spain, and Italy, both from qualitative and quantitative perspectives. All reports are analysed, using content analysis methodology, to identify expressions such as ‘artificial intelligence’, ‘machine learning’, ‘deep learning’, and ‘big data’, and then classified accordingly. The study’s findings suggest a growing interest in the above-mentioned technologies, although 41.5% of companies do not report any activity in the field of AI. The adoption of ethical approaches to AI is at a very preliminary stage, and<5% of companies report on that issue. The quantitative analysis shows that larger companies, companies in the Technology and Telecommunications industries, and companies based in Southern countries are more likely to disclose information on AI activity. The majority of companies that develop ethical principles are listed in the Northern region and belong to the Technology and Telecommunications industries.
The study provides evidence of AI disclosure, a type of non-financial disclosure that has not been explored yet in the literature. Unlike existing studies, we propose a first definition of the topic and a taxonomy that can be used in further research on AI disclosure and can contribute to the development of KPIs in the field. Furthermore, this study provides a theoretical framework integrating some traditional theories, such as Voluntary disclosure theory, Signalling theory, and Legitimacy theory, specifically drawn to interpret AI disclosure practices, which can help with a further in-depth exploration of AI disclosure combining concurrent perspectives. The study’s results may serve as a starting point for researchers and companies interested in the topic.
{"title":"Artificial intelligence activities and ethical approaches in leading listed companies in the European Union","authors":"Enrique Bonsón , Domenica Lavorato , Rita Lamboglia , Daniela Mancini","doi":"10.1016/j.accinf.2021.100535","DOIUrl":"https://doi.org/10.1016/j.accinf.2021.100535","url":null,"abstract":"<div><p>This study explores the information regarding Artificial Intelligence (AI) included by European listed companies in their annual and/or sustainability reports. The study mainly focuses on (1) the development and use of AI systems/projects reported by companies, (2) the extent to which companies disclose ethical principles or guidelines regarding AI and (3) the factors explaining these practices.</p><p>The study analyses the reports of 200 companies listed in the major indexes of Germany, Sweden, Finland, France, Spain, and Italy, both from qualitative and quantitative perspectives. All reports are analysed, using content analysis methodology, to identify expressions such as ‘artificial intelligence’, ‘machine learning’, ‘deep learning’, and ‘big data’, and then classified accordingly. The study’s findings suggest a growing interest in the above-mentioned technologies, although 41.5% of companies do not report any activity in the field of AI. The adoption of ethical approaches to AI is at a very preliminary stage, and<5% of companies report on that issue. The quantitative analysis shows that larger companies, companies in the Technology and Telecommunications industries, and companies based in Southern countries are more likely to disclose information on AI activity. The majority of companies that develop ethical principles are listed in the Northern region and belong to the Technology and Telecommunications industries.</p><p>The study provides evidence of AI disclosure, a type of non-financial disclosure that has not been explored yet in the literature. Unlike existing studies, we propose a first definition of the topic and a taxonomy that can be used in further research on AI disclosure and can contribute to the development of KPIs in the field. Furthermore, this study provides a theoretical framework integrating some traditional theories, such as Voluntary disclosure theory, Signalling theory, and Legitimacy theory, specifically drawn to interpret AI disclosure practices, which can help with a further in-depth exploration of AI disclosure combining concurrent perspectives. The study’s results may serve as a starting point for researchers and companies interested in the topic.</p></div>","PeriodicalId":47170,"journal":{"name":"International Journal of Accounting Information Systems","volume":"43 ","pages":"Article 100535"},"PeriodicalIF":4.6,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"137315328","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-12-01DOI: 10.1016/j.accinf.2021.100536
Steve G. Sutton , Vicky Arnold , Phil Collier , Stewart A. Leech
For over two decades, information systems researchers have grappled with defining what constitutes good design science research. With too many older papers simply documenting the development of systems without a clear message of the contribution to science, design science fell out of favor with the information systems discipline. With the emergence of intelligent systems and the re-shaping of knowledge work, substantial effort has recently focused on articulating what constitutes a design science research contribution. In recent years, however, the discussion on the role of behavioral theory and behavioral research in complementing design science research has faded away. In this paper, we argue for a broader view on the synergies of behavioral and design science research with an emphasis on the greater role that behavioral science can take in shaping and validating design science research and motivating future research. We use the INSOLVE program of research as a proof of concept for how this synergistic relationship can be leveraged.
{"title":"Leveraging the synergies between design science and behavioral science research methods","authors":"Steve G. Sutton , Vicky Arnold , Phil Collier , Stewart A. Leech","doi":"10.1016/j.accinf.2021.100536","DOIUrl":"10.1016/j.accinf.2021.100536","url":null,"abstract":"<div><p>For over two decades, information systems researchers have grappled with defining what constitutes good design science research. With too many older papers simply documenting the development of systems without a clear message of the contribution to science, design science fell out of favor with the information systems discipline. With the emergence of intelligent systems and the re-shaping of knowledge work, substantial effort has recently focused on articulating what constitutes a design science research contribution. In recent years, however, the discussion on the role of behavioral theory and behavioral research in complementing design science research has faded away. In this paper, we argue for a broader view on the synergies of behavioral and design science research with an emphasis on the greater role that behavioral science can take in shaping and validating design science research and motivating future research. We use the INSOLVE program of research as a proof of concept for how this synergistic relationship can be leveraged.</p></div>","PeriodicalId":47170,"journal":{"name":"International Journal of Accounting Information Systems","volume":"43 ","pages":"Article 100536"},"PeriodicalIF":4.6,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123359832","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-12-01DOI: 10.1016/j.accinf.2021.100533
Bong Gu Huh , Sunhwa Lee , Wonsin Kim
In response to the increasingly sophisticated corporate information system environment in producing accounting data, audit firms are undertaking information system (IS) audit in addition to conventional auditing. This study focuses on examining the impact of input level of IS audit on audit quality. We collected data on IS audit hours, a unique reporting requirement for Korean listed-firms as disclosed in the External Audit Implementation Details beginning in 2014. Simultaneously, we used the amount of discretionary accruals and measure of conservatism, C_Score as the proxies of the audit quality. By empirically examining a sample set that includes 2,370 corporate-year observations from the Korea Composite Stock Price Index (2014–2018), we found that IS audit hours and IS audit personnel had a statistically significant negative correlation when estimating with amount of discretionary accruals using the model of Kothari et al. (2005) and positive correlation with C_Score. Even when the group was divided into Big 4 and non-BIG 4, these results were apparent in firm samples that were audited by Big 4 audit firms, whereas those audited by non-Big 4 firms did not show these results. Taken together, the following conclusion can be derived. Audit quality has improved through conducting IS audit in response to new types of audit risks that have emerged because of the use of information technology in corporations. Significantly, this study analyzes empirically the effect that the effort of IS auditing has on improving audit quality by using a unique reporting requirement for Korean-listed firms. The study confirms that an appropriate level of IS audit input can improve audit quality. In addition, it is meaningful that IS audit practice is following the risk-based approach of the Clarified International Standards on Auditing (ISA).
{"title":"The impact of the input level of information system audit on the audit quality: Korean evidence","authors":"Bong Gu Huh , Sunhwa Lee , Wonsin Kim","doi":"10.1016/j.accinf.2021.100533","DOIUrl":"10.1016/j.accinf.2021.100533","url":null,"abstract":"<div><p>In response to the increasingly sophisticated corporate information system environment in producing accounting data, audit firms are undertaking information system (IS) audit in addition to conventional auditing. This study focuses on examining the impact of input level of IS audit on audit quality. We collected data on IS audit hours, a unique reporting requirement for Korean listed-firms as disclosed in the External Audit Implementation Details beginning in 2014. Simultaneously, we used the amount of discretionary accruals and measure of conservatism, C_Score as the proxies of the audit quality. By empirically examining a sample set that includes 2,370 corporate-year observations from the Korea Composite Stock Price Index (2014–2018), we found that IS audit hours and IS audit personnel had a statistically significant negative correlation when estimating with amount of discretionary accruals using the model of Kothari et al. (2005) and positive correlation with C_Score. Even when the group was divided into Big 4 and non-BIG 4, these results were apparent in firm samples that were audited by Big 4 audit firms, whereas those audited by non-Big 4 firms did not show these results. Taken together, the following conclusion can be derived. Audit quality has improved through conducting IS audit in response to new types of audit risks that have emerged because of the use of information technology in corporations. Significantly, this study analyzes empirically the effect that the effort of IS auditing has on improving audit quality by using a unique reporting requirement for Korean-listed firms. The study confirms that an appropriate level of IS audit input can improve audit quality. In addition, it is meaningful that IS audit practice is following the risk-based approach of the Clarified International Standards on Auditing (ISA).</p></div>","PeriodicalId":47170,"journal":{"name":"International Journal of Accounting Information Systems","volume":"43 ","pages":"Article 100533"},"PeriodicalIF":4.6,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124071902","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-12-01DOI: 10.1016/j.accinf.2021.100532
Thomas Smith , Amanuel F. Tadesse , Nishani Edirisinghe Vincent
The exponential rate of increase in IT security breach incidents has led governments, regulators, and practitioners to respond by introducing standards and frameworks for the disclosure and management of organizational cybersecurity risk exposure. Cybersecurity, which is a part of IT risk management, is affected by the capability and the ability of senior leadership responsible for IT-related decisions. This paper uses hand-collected data related to the Chief Information Officer (CIO) for S&P 500 firms and explores whether the presence of a CIO role, human capital characteristics of the CIO, and structural capital characteristics of the firm and the CIO are related to a firm’s cybersecurity risk exposure. This study finds that firms disclosing the presence of a CIO are more likely to be breached, even after matching on the likelihood of a breach and controlling for the likelihood that a firm would choose to disclose a CIO. This study also finds predictable variations in the likelihood of a breach among CIOs based on various human capital dimensions (including past technology experience, external board memberships, firm tenure, and CIO tenure) and structural capital dimensions (including a recognized commitment to IT and charging the CIO with multiple responsibilities). Finally, this study finds evidence that the observed associations depend on both the source of the breach (external vs. internal) as well as the type of data compromised by the breach (e.g. financial, personal, etc.). The results of this study contribute to the growing body of academic breach literature, while also informing practitioners as they evaluate the costs and benefits of various methods for combating breaches.
{"title":"The impact of CIO characteristics on data breaches","authors":"Thomas Smith , Amanuel F. Tadesse , Nishani Edirisinghe Vincent","doi":"10.1016/j.accinf.2021.100532","DOIUrl":"https://doi.org/10.1016/j.accinf.2021.100532","url":null,"abstract":"<div><p>The exponential rate of increase in IT security breach incidents has led governments, regulators, and practitioners to respond by introducing standards and frameworks for the disclosure and management of organizational cybersecurity risk exposure. Cybersecurity, which is a part of IT risk management, is affected by the capability and the ability of senior leadership responsible for IT-related decisions. This paper uses hand-collected data related to the Chief Information Officer (CIO) for S&P 500 firms and explores whether the presence of a CIO role, human capital characteristics of the CIO, and structural capital characteristics of the firm and the CIO are related to a firm’s cybersecurity risk exposure. This study finds that firms disclosing the presence of a CIO are more likely to be breached, even after matching on the likelihood of a breach and controlling for the likelihood that a firm would choose to disclose a CIO. This study also finds predictable variations in the likelihood of a breach among CIOs based on various human capital dimensions (including past technology experience, external board memberships, firm tenure, and CIO tenure) and structural capital dimensions (including a recognized commitment to IT and charging the CIO with multiple responsibilities). Finally, this study finds evidence that the observed associations depend on both the source of the breach (external vs. internal) as well as the type of data compromised by the breach (e.g. financial, personal, etc.). The results of this study contribute to the growing body of academic breach literature, while also informing practitioners as they evaluate the costs and benefits of various methods for combating breaches.</p></div>","PeriodicalId":47170,"journal":{"name":"International Journal of Accounting Information Systems","volume":"43 ","pages":"Article 100532"},"PeriodicalIF":4.6,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"137315327","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-09-01DOI: 10.1016/j.accinf.2021.100524
Kyunghee Yoon , Yue Liu , Tiffany Chiu , Miklos A. Vasarhelyi
Audit efficiency and effectiveness can be significantly affected by data aggregation during audit procedures. Previous studies highlight that an appropriate level of data aggregation is needed because a continuous auditing (CA) system often generates numerous alarms. To respond to this issue, this study proposes a CA system with a three-layer structure. In the first layer of the proposed system, all journal entry level transactions are classified and aggregated using defined rules; any transactions that deviate from these rules are identified as unusual transactions. The second layer detects the observations that violate controls. Analytical monitoring models are developed in the final layer to identify observations that statistically deviate from an organization’s typical business behaviors. To examine whether the proposed three-layer CA system enhances the effectiveness of a CA system in identifying financial irregularities, this study empirically tests the proposed models using real-world journal entry data from a construction company. The results indicate that the proposed framework enhances audit effectiveness and efficiency.
{"title":"Design and evaluation of an advanced continuous data level auditing system: A three-layer structure","authors":"Kyunghee Yoon , Yue Liu , Tiffany Chiu , Miklos A. Vasarhelyi","doi":"10.1016/j.accinf.2021.100524","DOIUrl":"10.1016/j.accinf.2021.100524","url":null,"abstract":"<div><p>Audit efficiency and effectiveness can be significantly affected by data aggregation during audit procedures. Previous studies highlight that an appropriate level of data aggregation is needed because a continuous auditing (CA) system often generates numerous alarms. To respond to this issue, this study proposes a CA system with a three-layer structure. In the first layer of the proposed system, all journal entry level transactions are classified and aggregated using defined rules; any transactions that deviate from these rules are identified as unusual transactions. The second layer detects the observations that violate controls. Analytical monitoring models are developed in the final layer to identify observations that statistically deviate from an organization’s typical business behaviors. To examine whether the proposed three-layer CA system enhances the effectiveness of a CA system<!--> <!-->in identifying<!--> <!-->financial irregularities,<!--> <!-->this study<!--> <!-->empirically tests the proposed models using real-world journal entry data from a construction company. The results indicate that the proposed framework enhances audit effectiveness and efficiency.</p></div>","PeriodicalId":47170,"journal":{"name":"International Journal of Accounting Information Systems","volume":"42 ","pages":"Article 100524"},"PeriodicalIF":4.6,"publicationDate":"2021-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.accinf.2021.100524","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132099454","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号