A Content Analysis of Auditors' Reports on it Internal Control Weaknesses: The Comparative Advantages of an Automated Approach to Control Weakness Identification

International Journal of Accounting Information Systems Volume 14, Issue 2, June 2013, Pages 138–163

Posted: 21 Nov 2014

See all articles by J. Efrim Boritz

J. Efrim Boritz

University of Waterloo - School of Accounting and Finance

B. Louise Hayes

University of Guelph - Gordon S. Lang School of Business and Economics

Jee-Hae Lim

University of Hawaii, Manoa

Date Written: 2013

Abstract

We employ an automated content analysis approach to provide a snapshot of the terminology auditors actually use to describe information technology weaknesses (ITWs). We develop and use a dictionary based on textual analysis of auditors' reports on internal control filed under Section 404 of the Sarbanes–Oxley Act from 2004 to 2009. Using the dictionary with content analysis software led to the identification of 14 categories of ITWs in order of decreasing frequency of occurrence: (1) access, (2) monitoring, (3) design issues, (4) change and development, (5) end-user computing, (6) segregation of incompatible functions, (7) policies, (8) documentation, (9) masterfiles, (10) backup, (11) staffing sufficiency and competency, (12) security (other than over access), (13) outsourcing and (14) operations. The use of automated content analysis methodology also helped us identify potential disconnects between terminology used in auditors' reports and that used in published frameworks and guidelines. We provide the dictionary and discuss the methodology used in creating and applying the dictionary to the analysis of the textual content of auditors' reports on internal control, including the advantages and limitations of automated ITW identification.

Keywords: SOX 404, Information technology control weaknesses, Internal control weaknesses, Content analysis

Suggested Citation

Boritz, Efrim and Hayes, B. Louise and Lim, Jee-Hae, A Content Analysis of Auditors' Reports on it Internal Control Weaknesses: The Comparative Advantages of an Automated Approach to Control Weakness Identification (2013). International Journal of Accounting Information Systems Volume 14, Issue 2, June 2013, Pages 138–163. Available at SSRN: https://ssrn.com/abstract=2528135

Efrim Boritz (Contact Author)

University of Waterloo - School of Accounting and Finance ( email )

200 University Avenue West
Waterloo, Ontario N2L 3G1 N2L 3G1
Canada
519-888-4567 (Phone)
519-888-7562 (Fax)

B. Louise Hayes

University of Guelph - Gordon S. Lang School of Business and Economics ( email )

50 Stone Road East
Guelph, Ontario N1G 2W1
Canada

Jee-Hae Lim

University of Hawaii, Manoa ( email )

2404 Maile Way
Honolulu, HI Honolulu 96822
United States
(808) 956-8503 (Phone)
(808) 956-9888 (Fax)

HOME PAGE: http://shidler.hawaii.edu/directory/jee-hae-lim/soa

Here is the Coronavirus
related research on SSRN

Paper statistics

Abstract Views
839
PlumX Metrics