خلاصه
1. معرفی
2. پس زمینه
3. روش تحقیق
4. نتایج تجربی
5. نتیجه گیری و پیشنهادات
در دسترس بودن داده ها
ضمیمه الف. موارد اصلاح شده توسط گروهی از کارشناسان توصیه شده است
منابع
Abstract
1. Introduction
2. Background
3. Research methodology
4. Empirical results
5. Conclusion and suggestions
Data availability
Appendix A. Modified items recommended by a panel of experts
References
چکیده
مدیریت ناکافی فناوری اطلاعات (IT) می تواند منجر به ناکارآمدی سیستم و رکود عملیاتی در شرکت ها شود. در حالی که استفاده از حاکمیت فناوری اطلاعات ابزاری را برای شرکتها فراهم میکند تا عملکرد فناوری اطلاعات را تأیید کنند، بر عملیات فناوری اطلاعات نظارت کنند و خطرات مرتبط با فناوری اطلاعات را کاهش دهند، تحقیقات کمی وجود دارد که پیامدهای حاکمیت فناوری اطلاعات بر کنترلهای فناوری اطلاعات را بررسی میکند، به ویژه در چارچوب حسابرسی داخلی یک شرکت. تابع (IAF). با پرداختن به این شکاف در ادبیات، این تحقیق به رابطه بین ویژگیهای IAF و حاکمیت فناوری اطلاعات در IAF میپردازد. همچنین ارتباط بین حاکمیت فناوری اطلاعات مرتبط با IAF و فعالیت های کنترل فناوری اطلاعات را بررسی می کند. ما داده های نظرسنجی از 414 حسابرس داخلی در شرکت های مختلف تایوانی را با استفاده از رگرسیون حداقل مربعات جزئی تجزیه و تحلیل می کنیم. یافتهها نشان میدهد که دانش فناوری اطلاعات و نقشهای حسابرسی داخلی رابطه مثبت معناداری با کیفیت رابطه IAF-IT و فرآیندهای حاکمیت فناوری اطلاعات دارند. به طور مشابه، شایستگی های حسابرسی فناوری اطلاعات رابطه مثبت قابل توجهی با فرآیندهای حاکمیت فناوری اطلاعات نشان می دهد. علاوه بر این، فرآیندهای مدیریت فناوری اطلاعات با ساختار مناسب و یک رابطه IAF-IT با کیفیت بالا، ارتباط مثبتی را با اثربخشی کنترلهای عمومی نشان میدهد. این تحقیق تحقیقات قبلی در مورد حاکمیت فناوری اطلاعات و حسابرسی داخلی را ادغام و گسترش میدهد و بر نقش حیاتی آنها در اجرای موفقیتآمیز کنترلهای برتر فناوری اطلاعات تأکید میکند.
Abstract
Inadequate information technology (IT) management can lead to system ineffectiveness and operational stagnation within enterprises. While the application of IT governance provides a means for companies to validate IT functionality, oversee IT operations, and mitigate IT-associated risks, there is a paucity of research examining its implications of IT governance on IT controls, particularly within the context of a firm’s Internal Audit Function (IAF). Addressing this gap in the literature, this research delves into the relationship between the characteristics of the IAF and IT governance within the IAF. It further probes the linkage between IT governance associated with the IAF and IT control activities. We analyze survey data from 414 internal auditors across various Taiwanese companies using partial least squares regression. The findings suggest that IT knowledge and internal auditing roles have a significantly positive relationship with the quality of the IAF-IT relationship and IT governance processes. Similarly, IT audit competencies exhibit a significantly positive relationship with IT governance processes. Furthermore, properly structured IT governance processes and a high-quality IAF-IT relationship demonstrate a positive association with the effectiveness of general controls. This research amalgamates and extends prior investigations into IT governance and internal auditing, underlining their critical role in successfully implementing superior IT controls.
Introduction
Post the Enron scandal in 2000, the enactment of the Sarbanes-Oxley Act in the U.S. necessitated companies to take measures that ensure the efficacy of their internal controls over financial reporting (section 404). As information technology (IT) plays a pivotal role in ensuring the precision of a company’s financial reports, IT controls have thus become an integral component of Sarbanes-Oxley compliance initiatives. To facilitate IT governance, which pertains to formalizing strategic IT decisions and essential IT oversight processes, the Information Systems Audit and Control Association (ISACA) introduced the Control Objectives for Information and Related Technology (COBIT) in 2019. However, despite these measures, public companies still report material weaknesses in IT controls. A 2021 analysis of business processes and material weaknesses among public companies registered with the U.S. Securities and Exchange Commission by the accounting firm KPMG found that IT control material weaknesses accounted for 35 % of all material weaknesses in 2020 (KPMG, 2021a).
Given their critical role in corporate and financial security, material weaknesses in IT controls pose a significant threat to the legitimacy of companies (Haislip et al., 2016). Furthermore, such weaknesses can negatively impact the quality of the information in systems, potentially misleading management and resulting in improper decisions (Li et al., 2012). Stoel and Muhanna (2011) observe that companies with material weaknesses in IT internal controls underperformed those without such issues. In an era characterized by big data and sophisticated digital technologies, material weaknesses in IT internal controls can lead to substantial losses, thus emphasizing the need for effective IT controls.
Conclusion and suggestions
5.1. Analyses and discussion
The potential for significant financial losses due to inadequate IT controls necessitates substantial attention to IT controls by businesses (Association of Certified Fraud Examiners, 2016; Stoel & Muhanna, 2011). The findings of this research illustrate a positive correlation between the involvement of Internal Audit Functions (IAFs) in IT governance and improvements in IT controls, thus offering contributions to scholarly discourse on IT governance. Our study broadens the conversation regarding the relationships among IAF quality, information security, and information security controls by integrating the dimension of IAF-IT relationship quality (Steinbart et al., 2013, 2018). Additionally, the results augment the research landscape on the interplay between IAF characteristics, their involvement in IT governance, and IT controls (Merhout and Havelka, 2008).
The IAF-IT relationship quality is significantly influenced by IT knowledge and internal audit roles. This aligns with the findings of Steinbart et al. (2013), who assert that a comprehensive understanding of information security can bolster the relationship quality between IAFs and information security. However, Steinbart et al. (2013) find no significant impact of the internal audit role on the relationship quality between IAFs and information security, which is a discrepancy with our findings. Our study further illustrates that IT knowledge, internal audit roles, and IT audit competencies significantly affect the IAF-IT governance process. This finding is in accordance with Merhout and Havelka (2008), who establish that the involvement of IAFs in IT governance is significantly associated with IT personnel and IT training or certification.