Literature: Research on IT Assurance and Privacy

AIS Newsletter

IS SECTION / AMERICAN ACCOUNTING ASSOCIATION.

In the Literature : Research on IT Assurance and Privacy

CONCEDE OR DENY: DO MANAGEMENT PERSUASION TACTICS AFFECT AUDITOR EVALUATION OF INTERNAL CONTROL DEVIATIONS

Christopher J. Wolfe, Elaine G. Mauldin, Michelle Chandler Diaz. The Accounting Review American Accounting Association: Nov 2009. Vol 84, No. 6; pp. 2013-2037.

Abstract: In an internal control audit, the consequences and assessment subjectivity of control problems motivate managers to try to persuade auditors to lower the assessed severity of an observed control deviation. We report an experiment in which 106 audit seniors evaluate either information technology (IT) or manual control deviations that are potentially indicative of significant deficiencies, after exposure to persuasion tactics based in either concession or denial. For IT control deviations, we find that auditors assess the significance of deficiency lower and the perceived adequacy of management’s explanation higher for concessions than for denials. For manual control deviations, we find no differences between concessions and denials. Our results provide evidence of a systematic bias in auditor judgment and indicate a rationale for the ubiquity of management persuasion attempts around control deviations—sometimes they work.

EXAMINING THE POTENTIAL BENEFITS OF INTERNAL CONTROL MONITORING TECHNOLOGY

Masli Adi, Gary Peters, Vernon Richardson, Juan Manuel Sanchez, Forthcoming at The Accounting Review.

Abstract: We analyze the potential benefits that firms can realize from implementing technology specifically aimed at monitoring the effectiveness of their internal control systems. The Committee of Sponsoring Organizations of the Treadway Commission asserts that effective internal control monitoring should enhance the efficiency of internal control processes, and in turn, the assurance over such processes (COSO 2009a). We develop hypotheses to test the realization of these potential benefits. Specifically, we identify a sample of firms that implemented internal control monitoring technology in response to the internal control requirements of the Sarbanes-Oxley Act. Consistent with our hypotheses, we document that the implementation of internal control monitoring technology is associated with lower likelihood of material weaknesses, smaller increases in audit fees, and smaller increases in audit delays during the post-SOX time period. We discuss the potential implications of our findings for research related to continuous monitoring, client-provided assurance assistance, and information technology governance.

Return to

IS Section Homepage

Fall 2009