Description
Operational IT failures have significant negative effects on firms but little is known about their origins. Building on accounting research linking adverse operational events to SOX-disclosed control weaknesses (CWs) over financial reporting, we study the origins of IT failures in relation to IT-CWs. We use a sample of 212 operational IT failures where the confidentiality, integrity or availability of data assets and functional IT assets (hardware, networks, etc.) has been compromised. We find that IT failures are linked to a relatively small set of IT-CWs, where each IT failure type is linked to distinctly different IT-CWs. Moreover, IT failures more harmful to the firm are found to be associated with IT-CWs that are more sever and difficult to remediate.
Recommended Citation
Benaroch, Michel and Chernobai, Anna, "Linking Operational IT Failures to IT Control Weaknesses" (2015). AMCIS 2015 Proceedings. 3.
https://aisel.aisnet.org/amcis2015/AccountingIS/GeneralPresentations/3
Linking Operational IT Failures to IT Control Weaknesses
Operational IT failures have significant negative effects on firms but little is known about their origins. Building on accounting research linking adverse operational events to SOX-disclosed control weaknesses (CWs) over financial reporting, we study the origins of IT failures in relation to IT-CWs. We use a sample of 212 operational IT failures where the confidentiality, integrity or availability of data assets and functional IT assets (hardware, networks, etc.) has been compromised. We find that IT failures are linked to a relatively small set of IT-CWs, where each IT failure type is linked to distinctly different IT-CWs. Moreover, IT failures more harmful to the firm are found to be associated with IT-CWs that are more sever and difficult to remediate.