PDF iconDownload This Paper
Open PDF in Browser
Add Paper to My Library
Permalink
Using these links will ensure access to this page indefinitely
Copy URL
Copy DOI

IT Control Weaknesses, IT Governance and Firm Performance

(CAAA) 2008 Annual Conference Paper

39 Pages Posted: 12 Jan 2008 Last revised: 6 Jan 2015

See all articles by J. Efrim Boritz

J. Efrim Boritz

University of Waterloo - School of Accounting and Finance

Jee-Hae Lim

University of Hawaii, Manoa

Date Written: January 11, 2008

Abstract

The Sarbanes-Oxley Act (SOX) was passed to improve corporate responsibility through measures that strengthen internal controls and increase accountability. We examine whether companies reporting internal control weaknesses will have weaker financial performance because of the required expenditures on audit fees, costs associated with fraud, waste and inefficiencies associated with internal control weaknesses, reduced revenues from disruptions to operations caused by internal control weaknesses and costs to remediate internal control weaknesses once they have been identified by the auditor. Next, we examine that the size of the impact on financial performance varies with the categories of internal control weaknesses. In particular, we distinguish between information technology (IT) controls and other controls.

Our results provide evidence that, after controlling for other factors, the material IT control weaknesses reported in conjunction with SOX 404 audits are associated with significantly higher audit fees and lower financial performance than other control weaknesses. Of the 20 material IT control weaknesses reported in conjunction with SOX 404 audits for 2004, 2005 and 2006, security control weaknesses are most strongly associated with increased audit fees and reduced financial performance.

We also investigate whether companies with material IT control weaknesses have weaker IT governance than companies without such weaknesses. We measure the strength of IT governance as a function of the IT knowledge of top company executives and board members, the tenure of the company's CIO and the presence of an IT strategy committee. We find that all of these indicators of IT governance effectiveness are significantly associated with a reduced likelihood of a company reporting material IT control weaknesses. By reducing IT control weaknesses and their associated costs, IT governance contributes to improved financial performance.

Keywords: SOX 404, IT control weaknesses, IT governance, financial performance

Suggested Citation

Boritz, Efrim and Lim, Jee-Hae, IT Control Weaknesses, IT Governance and Firm Performance (January 11, 2008). (CAAA) 2008 Annual Conference Paper, Available at SSRN: https://ssrn.com/abstract=1082957 or http://dx.doi.org/10.2139/ssrn.1082957

Efrim Boritz

University of Waterloo - School of Accounting and Finance ( email )

200 University Avenue West
Waterloo, Ontario N2L 3G1 N2L 3G1
Canada
519-888-4567 (Phone)
519-888-7562 (Fax)

Jee-Hae Lim (Contact Author)

University of Hawaii, Manoa ( email )

2404 Maile Way
Honolulu, HI Honolulu 96822
United States
(808) 956-8503 (Phone)
(808) 956-9888 (Fax)

HOME PAGE: http://shidler.hawaii.edu/directory/jee-hae-lim/soa

PDF iconDownload This Paper
Open PDF in Browser

Do you have negative results from your research you’d like to share?

Submit Negative Results

Paper statistics

Downloads
422
Abstract Views
2,540
Rank
128,223
9 Citations
55 References
PlumX Metrics

Related eJournals

Recommended Papers