Are Financial Auditors Overconfident in Their Ability to Assess Risks Associated with Enterprise Resource Planning Systems?

41 Pages Posted: 14 Apr 2005

See all articles by James E. Hunton

James E. Hunton

Bentley University - Department of Accountancy; Erasmus University

Arnold Wright

Northeastern University - Accounting Group

Sally Wright

University of Massachusetts at Boston

Abstract

The first objective of the current study is to examine the extent to which financial auditors recognize heightened risks associated with an enterprise resource planning (ERP) system, as compared to non-ERP (legacy) system, in the presence of a control weakness over access privileges. The second objective is to assess the propensity of financial auditors to consult with information technology (IT) audit specialists within their firm when assessing ERP and non-ERP system risks in the planning stage of an audit. One hundred sixty five (165) auditors participate in an experiment in which we manipulate system type (ERP versus non-ERP) and measure auditor type (IT audit specialists versus financial auditors). Both auditor types indicate significantly higher business interruption, process interdependency and overall control risks with the ERP, as compared to the non-ERP, system. Additionally, while IT audit specialists assess significantly higher network, database and application security risks with the ERP system, financial audits do not recognize higher security risks in these areas. Perceived risk differentials from the non-ERP to the ERP system across all risk categories are significantly greater for IT audit specialists than financial auditors. Finally, financial auditors do not indicate a greater need to consult with IT audit specialists when auditing an ERP versus a non-ERP system, and, they are equally highly confident in the ability of financial audit teams to assess risks in both computing environments. Overall, evidence from this study suggests that financial auditors may be overconfident in their ability to assess ERP system risks.

Keywords: enterprise resource planning, ERP, audit risks, business risks, audit specialists

JEL Classification: M40, M41, M49

Suggested Citation

Hunton, James E. and Wright, Arnold and Wright, Sally, Are Financial Auditors Overconfident in Their Ability to Assess Risks Associated with Enterprise Resource Planning Systems?. Journal of Information Systems, Forthcoming, Available at SSRN: https://ssrn.com/abstract=691683

James E. Hunton (Contact Author)

Bentley University - Department of Accountancy ( email )

175 Forest Street
Waltham, MA 02452
United States

Erasmus University

Rotterdam
Netherlands

Arnold Wright

Northeastern University - Accounting Group ( email )

406 Hayden Hall
United States

Sally Wright

University of Massachusetts at Boston ( email )

Boston, MA 02125
United States
617-287-7682 (Phone)
617-265-7173 (Fax)

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
1,089
Abstract Views
4,919
Rank
37,204
PlumX Metrics