IT Control Weaknesses, IT Governance and Firm Performance

39 Pages Posted: 12 Jan 2008 Last revised: 6 Jan 2015

See all articles by J. Efrim Boritz

J. Efrim Boritz

University of Waterloo - School of Accounting and Finance

Jee-Hae Lim

University of Hawaii, Manoa

Date Written: January 11, 2008

Abstract

The Sarbanes-Oxley Act (SOX) was passed to improve corporate responsibility through measures that strengthen internal controls and increase accountability. We examine whether companies reporting internal control weaknesses will have weaker financial performance because of the required expenditures on audit fees, costs associated with fraud, waste and inefficiencies associated with internal control weaknesses, reduced revenues from disruptions to operations caused by internal control weaknesses and costs to remediate internal control weaknesses once they have been identified by the auditor. Next, we examine that the size of the impact on financial performance varies with the categories of internal control weaknesses. In particular, we distinguish between information technology (IT) controls and other controls.

Our results provide evidence that, after controlling for other factors, the material IT control weaknesses reported in conjunction with SOX 404 audits are associated with significantly higher audit fees and lower financial performance than other control weaknesses. Of the 20 material IT control weaknesses reported in conjunction with SOX 404 audits for 2004, 2005 and 2006, security control weaknesses are most strongly associated with increased audit fees and reduced financial performance.

We also investigate whether companies with material IT control weaknesses have weaker IT governance than companies without such weaknesses. We measure the strength of IT governance as a function of the IT knowledge of top company executives and board members, the tenure of the company's CIO and the presence of an IT strategy committee. We find that all of these indicators of IT governance effectiveness are significantly associated with a reduced likelihood of a company reporting material IT control weaknesses. By reducing IT control weaknesses and their associated costs, IT governance contributes to improved financial performance.

Keywords: SOX 404, IT control weaknesses, IT governance, financial performance

Suggested Citation

Boritz, Efrim and Lim, Jee-Hae, IT Control Weaknesses, IT Governance and Firm Performance (January 11, 2008). (CAAA) 2008 Annual Conference Paper. Available at SSRN: https://ssrn.com/abstract=1082957 or http://dx.doi.org/10.2139/ssrn.1082957

Efrim Boritz

University of Waterloo - School of Accounting and Finance ( email )

200 University Avenue West
Waterloo, Ontario N2L 3G1 N2L 3G1
Canada
519-888-4567 (Phone)
519-888-7562 (Fax)

Jee-Hae Lim (Contact Author)

University of Hawaii, Manoa ( email )

2404 Maile Way
Honolulu, HI Honolulu 96822
United States
(808) 956-8503 (Phone)
(808) 956-9888 (Fax)

HOME PAGE: http://shidler.hawaii.edu/directory/jee-hae-lim/soa

Register to save articles to
your library

Register

Paper statistics

Downloads
183
Abstract Views
987
rank
164,586
PlumX Metrics