EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

An internal control perspective on the market value consequences of IT operational risk events

Michel Benaroch, Anna Chernobai and James Goldstein

International Journal of Accounting Information Systems, 2012, vol. 13, issue 4, 357-381

Abstract: IT internal controls are an important component of an organization's arsenal of internal controls. Upon conceptualizing failures of operational IT systems, or what we call IT operational risk events, as signals of IT internal control weaknesses, we theorize about these events' impact on internal control objectives in general and about how this impact is influenced by the regulatory environment in particular. We then perform an event study to examine the economic impact of a diversified sample of IT operational risk events from the U.S. financial services industry during 1985–2009. We specifically test the impact of contextual factors on the degree of this effect, including the events' target (confidentiality, integrity, or availability of IT assets), the source of disclosure (regulatory or voluntary), the enactment of the Sarbanes–Oxley Act, and firm-specific attributes. We find that investors penalize firms most strongly for experiencing events that compromise the availability of IT systems, consistent with our prediction that these events more negatively impact the reliability of financial reporting and the efficiency and effectiveness of operations. This result contrasts extant empirical studies that are predominantly concerned with information and security breaches. We find also that investors' penalty is the strongest for firms experiencing IT operational risk events that occurred after the passing of the Sarbanes–Oxley Act or were disclosed by a regulatory body. Finally, the market reaction is shown to be stronger for firms with high growth potential, firms that are larger, riskier, and are in the banking sector. Implications for research and practice are discussed along with directions for future research.

Keywords: IT control weaknesses; IT operational risk events; Internal control objectives; Regulatory environment; Confidentiality, integrity and availability of IT assets; Financial services; Event study (search for similar items in EconPapers)
Date: 2012
References: View references in EconPapers View complete reference list from CitEc
Citations: View citations in EconPapers (13)

Downloads: (external link)
http://www.sciencedirect.com/science/article/pii/S1467089512000164
Full text for ScienceDirect subscribers only

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:eee:ijoais:v:13:y:2012:i:4:p:357-381

DOI: 10.1016/j.accinf.2012.03.001

Access Statistics for this article

International Journal of Accounting Information Systems is currently edited by S.V. Grabski

More articles in International Journal of Accounting Information Systems from Elsevier
Bibliographic data for series maintained by Catherine Liu ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:eee:ijoais:v:13:y:2012:i:4:p:357-381