EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Information intensity, control deficiency risk, and materiality

Akhilesh Chandra and Thomas G. Calderon

Managerial Auditing Journal, 2009, vol. 24, issue 3, 220-232

Abstract: Purpose - This paper leverages the concept of business information intensity (BII) with the aim of developing a model to assess control deficiency risk (CDR) in organizations. BII measures the extent of use of IT by an organization in its products and value chain. Design/methodology/approach - The paper develops a conceptual model that uses BII and CDR to examine alternative approaches to risk management. This model contains four quadrants that provide insight into varying risk management strategies for business processes. CFOs and internal auditors fromFortune100 companies are surveyed to illustrate how the model may be used to guide management in assessing IT security expenditure. Findings - The model suggests that spending on IT and information security is higher for companies with high BII‐CDR than those with low BII‐CDR. Research limitations/implications - Analysis focused on only two quadrants in a four‐quadrant model. Future research may seek to refine the measurement of BII and CDR, and offer greater insight into the types of business processes that fall into each of the four quadrants as well as those that do not fit neatly into those quadrants. Practical implications - Organizations may use the BII‐CDR model to assess risk and to evaluate investments in IT security and other control activities. The model also highlights the need to redefine the concept of materiality and to consider its link to BII and CDR. Auditors should consider the interaction of BII and CDR in planning the audit, conducting field work, and managing overall audit risk. Originality/value - The paper provides original insights into the relationship between BII and CDR and its implications for treatment of materiality. It was observed that activities which support critical business processes are themselves critical. This is an important departure from traditional approaches to evaluating materiality.

Keywords: Information control; Data security; Risk management; Internal auditing (search for similar items in EconPapers)
Date: 2009
References: Add references at CitEc
Citations:

Downloads: (external link)
https://www.emerald.com/insight/content/doi/10.110 ... d&utm_campaign=repec (text/html)
https://www.emerald.com/insight/content/doi/10.110 ... d&utm_campaign=repec (application/pdf)
Access to full text is restricted to subscribers

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:eme:majpps:02686900910941113

DOI: 10.1108/02686900910941113

Access Statistics for this article

Managerial Auditing Journal is currently edited by Professor Jie Zhou

More articles in Managerial Auditing Journal from Emerald Group Publishing Limited
Bibliographic data for series maintained by Emerald Support ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:eme:majpps:02686900910941113