Cyber Supply Chain Risk Management: Toward an Understanding of the Antecedents to the Demand for Assurance

Hampton, C., S.G. Sutton, V. Arnold, and D. Khazanchi, Cyber Supply Chain Risk Management: Toward an Understanding of the Antecedents to the Demand for Assurance. Journal of Information Systems, Forthcoming, https://doi.org/10.2308/ISYS-19-050

Posted: 23 Oct 2020

See all articles by Clark Hampton

Clark Hampton

University of South Carolina - Department of Accounting

Steve G. Sutton

University of Central Florida; NHH Norwegian School of Economics

Vicky Arnold

NHH Norwegian School of Economics; University of Central Florida

Deepak Khazanchi

University of Nebraska at Omaha

Date Written: October 1, 2020

Abstract

Recognizing the need for effective cyber risk management processes across the supply chain, the AICPA issued a new SOC in March 2020 for assuring cyber supply chain risk management (C-SCRM) processes. This study examines supply chain relationship factors and cyber risk issues to better understand the demand for C-SCRM assurance. Resource Advantage Theory of Competition provides the conceptual foundation for assessing the dual drivers of relationship building and cyber risk management on demand for assurance. We use a field survey to collect data from 205 professionals enabling evaluation of the complex relationships in the theoretical model. Results support all hypotheses, provide satisfactory model fit, and support the underlying theory. Trust, power imbalances and cyber supply chain risk all positively influence the demand for assurance over C-SCRM processes, suggesting assurance is a desirable process for addressing the three greatest inhibitors of collaborative supply chain relationships. Two new constructs are also introduced in the research — a complex 49 item measure for assessing cyber supply chain risk across the technical, operational and strategic levels, along with a more traditional multi-item construct for assessing the a priori demand for assurance. This study expands the literature on cyber assurance by auditors and elaborates on overall supply chain processes that help drive value from auditors providing such assurance.

Keywords: Cyber Risk Management, Supply Chain Risk Management, Cyber Supply Chain Risk Management, Cyber Assurance, Voluntary Assurance, SOC Reports

JEL Classification: M41, M42

Suggested Citation

Hampton, Clark and Sutton, Steve G. and Sutton, Steve G. and Arnold, Vicky and Khazanchi, Deepak, Cyber Supply Chain Risk Management: Toward an Understanding of the Antecedents to the Demand for Assurance (October 1, 2020). Hampton, C., S.G. Sutton, V. Arnold, and D. Khazanchi, Cyber Supply Chain Risk Management: Toward an Understanding of the Antecedents to the Demand for Assurance. Journal of Information Systems, Forthcoming, https://doi.org/10.2308/ISYS-19-050, Available at SSRN: https://ssrn.com/abstract=3713423

Clark Hampton

University of South Carolina - Department of Accounting ( email )

The Francis M. Hipp Building
1705 College Street
Columbia, SC 29208
United States

Steve G. Sutton (Contact Author)

University of Central Florida ( email )

4000 Central Florida Blvd
Orlando, FL 32816
United States

NHH Norwegian School of Economics ( email )

Helleveien 30
Bergen, NO-5045
Norway

Vicky Arnold

NHH Norwegian School of Economics ( email )

Helleveien 30
Bergen, NO-5045
Norway

University of Central Florida ( email )

University of Central Florida
P.O. Box 161400
Orlando, FL 32816-1400
United States
3217455000 (Phone)
32127 (Fax)

Deepak Khazanchi

University of Nebraska at Omaha ( email )

College of Information Science & Technology
The Peter Kiewit Institute, PKI 174G
Omaha, NE 68182
United States
+1402554-2029 (Phone)

HOME PAGE: http://dkhazanchi.com

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
604
PlumX Metrics