References (47)


Citations (8)



Are Financial Auditors Overconfident in Their Ability to Assess Risks Associated with Enterprise Resource Planning Systems?

James E. Hunton

Bentley University - Department of Accountancy; Erasmus University

Arnold Wright

Northeastern University - Accounting Group

Sally Wright

University of Massachusetts at Boston

Journal of Information Systems, Forthcoming

The first objective of the current study is to examine the extent to which financial auditors recognize heightened risks associated with an enterprise resource planning (ERP) system, as compared to non-ERP (legacy) system, in the presence of a control weakness over access privileges. The second objective is to assess the propensity of financial auditors to consult with information technology (IT) audit specialists within their firm when assessing ERP and non-ERP system risks in the planning stage of an audit. One hundred sixty five (165) auditors participate in an experiment in which we manipulate system type (ERP versus non-ERP) and measure auditor type (IT audit specialists versus financial auditors). Both auditor types indicate significantly higher business interruption, process interdependency and overall control risks with the ERP, as compared to the non-ERP, system. Additionally, while IT audit specialists assess significantly higher network, database and application security risks with the ERP system, financial audits do not recognize higher security risks in these areas. Perceived risk differentials from the non-ERP to the ERP system across all risk categories are significantly greater for IT audit specialists than financial auditors. Finally, financial auditors do not indicate a greater need to consult with IT audit specialists when auditing an ERP versus a non-ERP system, and, they are equally highly confident in the ability of financial audit teams to assess risks in both computing environments. Overall, evidence from this study suggests that financial auditors may be overconfident in their ability to assess ERP system risks.

Number of Pages in PDF File: 41

Keywords: enterprise resource planning, ERP, audit risks, business risks, audit specialists

JEL Classification: M40, M41, M49

Open PDF in Browser Download This Paper

Date posted: April 14, 2005  

Suggested Citation

Hunton, James E. and Wright, Arnold and Wright, Sally, Are Financial Auditors Overconfident in Their Ability to Assess Risks Associated with Enterprise Resource Planning Systems?. Journal of Information Systems, Forthcoming. Available at SSRN: http://ssrn.com/abstract=691683

Contact Information

James E. Hunton (Contact Author)
Bentley University - Department of Accountancy ( email )
175 Forest Street
Waltham, MA 02452
United States
Erasmus University
Arnold Wright
Northeastern University - Accounting Group ( email )
406 Hayden Hall
United States

Sally Wright
University of Massachusetts at Boston ( email )
Boston, MA 02125
United States
617-287-7682 (Phone)
617-265-7173 (Fax)
Feedback to SSRN

Paper statistics
Abstract Views: 3,664
Downloads: 969
Download Rank: 16,087
References:  47
Citations:  8

© 2016 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollobot1 in 0.250 seconds