The Impact of Firm Characteristics and IT Governance on IT Material Weaknesses

The Impact of Firm Characteristics and IT Governance on IT Material Weaknesses

Peiqin Zhang (McCoy College of Business Administration, Texas State University, San Marcos, TX, USA), Kexin Zhao (Belk College of Business, University of North Carolina at Charlotte, Charlotte, NC, USA) and Ram L. Kumar (Belk College of Business, University of North Carolina at Charlotte, Charlotte, NC, USA)
Copyright: © 2018 |Pages: 24
DOI: 10.4018/JOEUC.2018040105


Accurate and timely reporting of organizational performance is becoming increasingly important and highly regulated. However, organizations face a variety of challenges in seeking to provide accurate and reliable information due to the existence of IT control problems. Hence it is important for end users including auditors and managers to understand how to manage IT material weaknesses (ITMWs). While there is extensive accounting research on general material weaknesses (MWs), ITMWs are under researched. This article identifies key firm characteristics that appear to be related to ITMWs. In addition, the authors suggest that IT governance may help firms mitigate such problems. To gain a deeper understanding of IT governance effects, this article proposes a model which includes an innovative construct, ITGOV, operationalized using secondary data. The authors empirically validate the proposed model based on a data set of 1,112 firms. Their study illustrates the differences between ITMWs and general MWs. These results can also help end users computing by offering insights into better management of ITMWs.
Article Preview

1. Introduction

High quality and effective internal controls are necessary to ensure the reliability and integrity of companies’ financial reporting. In response to high-profile corporate fraud cases such as Enron and WorldCom, the Sarbanes-Oxley (SOX) Act was enacted by the US congress in order to set more rigorous auditing standards, and has had a significant impact on firms’ internal control practices. Under section 404 of the SOX Act, all publicly traded companies are mandated to disclose deficiencies in internal controls over financial reporting (ICOFR)1. The most severe type of internal control deficiencies (ICDs) is referred to as material weakness (MW). It is defined by Auditing Standard (AS) No. 52 as “a significant deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the financial statements would not be prevented or detected on timely basis by the company” (PCAOB, 2007, A. 1-11). The most commonly used guidance for internal control is the Committee of Sponsoring Organization’s Internal Control-Integrated framework (COSO), which is important for SOX assessment of internal control (Klamm & Watson 2009). Public firms in the U.S. rely on COSO framework in compliance with MWs under SOX act.

Given the current prevalence of computerized business transactions, firms’ financial reporting processes are highly dependent on information systems (Carter et al., 2012; Stoel & Muhanna, 2011). These systems are deeply embedded in initiating, authorizing, modifying, recording, processing, retrieving, and reporting a wide range of financial data and transactions. Traditional paper-based files, such as source documents, ledgers and journals, have been, and continue to be digitized and stored in large electronic databases (Hall, 2011, p. 10). “Information systems are inextricably linked to the overall financial reporting processes and need to be assessed, along with other important processes for compliance with the SOX” (ITGI 2004, p. 19; ITGI 2006). Hence, some MWs relevant to SOX compliance are likely to be IT-related. Effective internal controls over information systems, such as enterprise resourcing planning (ERP) systems and various databases, are thus seen as important. Information system research has begun to examine issues of IT-related MWs, or ITMWs (Grant et al., 2008; Klamm & Watson, 2009; Li et al., 2007; Li et al., 2012; Stoel & Muhanna, 2011). If companies disclose at least one ITMW, their IT controls are considered ineffective and of low quality (Li et al., 2007). Common types of ITMWs in SOX 404 reports include deficiencies in the IT environment, computer operations, accounting software, security and access control, data backup and disaster recovery.

Previous research has examined antecedents of MWs in general, and ITMWs in particular, from two different perspectives (Grant et al., 2008; Klamm & Watson, 2009; Li et al., 2007; Li et al., 2012; Stoel & Muhanna, 2011). One stream of research examines characteristics of firms that are associated with MWs disclosure (Ashbaugh-Skaife et al., 2007; Doyle et al., 2007; Ge & McVay, 2005). A second stream of research examines whether effective governance implemented by companies can help firm mitigate ITMWs. However, prior research has not integrated both perspectives in an effort to examine the antecedents of ITMWs. To fill this gap, we intend to answer the following research question in the current study: How are firm characteristics and IT governance related to ITMWs? To answer this question, we draw upon multiple streams of research including general internal control MWs, ITMWs, corporate governance, and IT governance to develop an effective research model. Our model highlights the important role of IT governance, which ensures the quality of a firm’s IT internal controls. Effective IT governance over planning and the system development life cycle should result in more accurate and timely financial reporting (Masli et al. 2009). Further, we propose and operationalize a new IT governance construct called ITGOV based on publicly available secondary data. Such a construct helps to objectively measure the overall effectiveness of IT governance in organizations.

Complete Article List

Search this Journal:
Open Access Articles
Volume 32: 4 Issues (2020): 1 Released, 3 Forthcoming
Volume 31: 4 Issues (2019): 1 Released, 3 Forthcoming
Volume 30: 4 Issues (2018)
Volume 29: 4 Issues (2017)
Volume 28: 4 Issues (2016)
Volume 27: 4 Issues (2015)
Volume 26: 4 Issues (2014)
Volume 25: 4 Issues (2013)
Volume 24: 4 Issues (2012)
Volume 23: 4 Issues (2011)
Volume 22: 4 Issues (2010)
Volume 21: 4 Issues (2009)
Volume 20: 4 Issues (2008)
Volume 19: 4 Issues (2007)
Volume 18: 4 Issues (2006)
Volume 17: 4 Issues (2005)
Volume 16: 4 Issues (2004)
Volume 15: 4 Issues (2003)
Volume 14: 4 Issues (2002)
Volume 13: 4 Issues (2001)
Volume 12: 4 Issues (2000)
Volume 11: 4 Issues (1999)
Volume 10: 4 Issues (1998)
Volume 9: 4 Issues (1997)
Volume 8: 4 Issues (1996)
Volume 7: 4 Issues (1995)
Volume 6: 4 Issues (1994)
Volume 5: 4 Issues (1993)
Volume 4: 4 Issues (1992)
Volume 3: 4 Issues (1991)
Volume 2: 4 Issues (1990)
Volume 1: 3 Issues (1989)
View Complete Journal Contents Listing