Internal Auditors’ Perceptions of IT-related Risks: A Comparison Between General Auditors and IT Auditors

A.L.P. Nuijten*, Mark Keil, Bert Zwiers

*Corresponding author for this work

Research output: Contribution to journalArticleAcademicpeer-review

Abstract

With the growing role of Information Technology (IT), many organizations have incorporated IT governance practices that include keeping executives apprised of IT risks. To perform this function, organizations rely upon their internal audit staff to obtain an independent evaluation of IT risks. While both general auditors and IT auditors are involved in assessing IT risks, they may not be equally adept at identifying such risks. We draw on the expert vs non-expert perspective to understand how general auditors and IT auditors perceive IT risks differently. Through a quasi-experiment with 70 internal auditors of a financial institution, we found that general auditors perceived IT risks to be lower than their IT audit colleagues. We also found that personal risk preferences influenced the level of IT risks that general auditors perceived. Personal risk preferences did not affect the risk perceptions of IT auditors. Implications for both research and practice are discussed.
Original languageEnglish
Article numberISYS-2020-040
JournalJournal of Information Systems
DOIs
Publication statusE-pub ahead of print - 22 Nov 2022

Keywords

  • Risk Perception
  • Expertise
  • Risk Propensity
  • IT Governance
  • IT Audit
  • Internal Audit

Fingerprint

Dive into the research topics of 'Internal Auditors’ Perceptions of IT-related Risks: A Comparison Between General Auditors and IT Auditors'. Together they form a unique fingerprint.

Cite this