Internal Auditors’ Perceptions of IT-related Risks: A Comparison Between General Auditors and IT Auditors

A.L.P. Nuijten; Mark Keil; Bert Zwiers

doi:10.2308/ISYS-2020-040

Internal Auditors’ Perceptions of IT-related Risks: A Comparison Between General Auditors and IT Auditors

A.L.P. Nuijten^*, Mark Keil, Bert Zwiers

^*Corresponding author for this work

Research output: Contribution to journal › Article › Academic › peer-review

Abstract

With the growing role of Information Technology (IT), many organizations have incorporated IT governance practices that include keeping executives apprised of IT risks. To perform this function, organizations rely upon their internal audit staff to obtain an independent evaluation of IT risks. While both general auditors and IT auditors are involved in assessing IT risks, they may not be equally adept at identifying such risks. We draw on the expert vs non-expert perspective to understand how general auditors and IT auditors perceive IT risks differently. Through a quasi-experiment with 70 internal auditors of a financial institution, we found that general auditors perceived IT risks to be lower than their IT audit colleagues. We also found that personal risk preferences influenced the level of IT risks that general auditors perceived. Personal risk preferences did not affect the risk perceptions of IT auditors. Implications for both research and practice are discussed.

Original language	English
Pages (from-to)	67-83
Number of pages	17
Journal	Journal of Information Systems
Volume	37
Issue number	1
Early online date	22 Nov 2022
DOIs	https://doi.org/10.2308/ISYS-2020-040
Publication status	Published - Apr 2023

Keywords

Risk Perception
Expertise
Risk Propensity
IT Governance
IT Audit
Internal Audit

Access to Document

10.2308/ISYS-2020-040

Cite this

@article{7dac3eabafb04325a4bdf0ebcd35a9ca,

title = "Internal Auditors{\textquoteright} Perceptions of IT-related Risks: A Comparison Between General Auditors and IT Auditors",

abstract = "With the growing role of Information Technology (IT), many organizations have incorporated IT governance practices that include keeping executives apprised of IT risks. To perform this function, organizations rely upon their internal audit staff to obtain an independent evaluation of IT risks. While both general auditors and IT auditors are involved in assessing IT risks, they may not be equally adept at identifying such risks. We draw on the expert vs non-expert perspective to understand how general auditors and IT auditors perceive IT risks differently. Through a quasi-experiment with 70 internal auditors of a financial institution, we found that general auditors perceived IT risks to be lower than their IT audit colleagues. We also found that personal risk preferences influenced the level of IT risks that general auditors perceived. Personal risk preferences did not affect the risk perceptions of IT auditors. Implications for both research and practice are discussed.",

keywords = "Risk Perception, Expertise, Risk Propensity, IT Governance, IT Audit, Internal Audit",

author = "A.L.P. Nuijten and Mark Keil and Bert Zwiers",

year = "2023",

month = apr,

doi = "10.2308/ISYS-2020-040",

language = "English",

volume = "37",

pages = "67--83",

journal = "Journal of Information Systems",

issn = "0959-2954",

publisher = "American Accounting Association",

number = "1",

}

TY - JOUR

T1 - Internal Auditors’ Perceptions of IT-related Risks

T2 - A Comparison Between General Auditors and IT Auditors

AU - Nuijten, A.L.P.

AU - Keil, Mark

AU - Zwiers, Bert

PY - 2023/4

Y1 - 2023/4

N2 - With the growing role of Information Technology (IT), many organizations have incorporated IT governance practices that include keeping executives apprised of IT risks. To perform this function, organizations rely upon their internal audit staff to obtain an independent evaluation of IT risks. While both general auditors and IT auditors are involved in assessing IT risks, they may not be equally adept at identifying such risks. We draw on the expert vs non-expert perspective to understand how general auditors and IT auditors perceive IT risks differently. Through a quasi-experiment with 70 internal auditors of a financial institution, we found that general auditors perceived IT risks to be lower than their IT audit colleagues. We also found that personal risk preferences influenced the level of IT risks that general auditors perceived. Personal risk preferences did not affect the risk perceptions of IT auditors. Implications for both research and practice are discussed.

AB - With the growing role of Information Technology (IT), many organizations have incorporated IT governance practices that include keeping executives apprised of IT risks. To perform this function, organizations rely upon their internal audit staff to obtain an independent evaluation of IT risks. While both general auditors and IT auditors are involved in assessing IT risks, they may not be equally adept at identifying such risks. We draw on the expert vs non-expert perspective to understand how general auditors and IT auditors perceive IT risks differently. Through a quasi-experiment with 70 internal auditors of a financial institution, we found that general auditors perceived IT risks to be lower than their IT audit colleagues. We also found that personal risk preferences influenced the level of IT risks that general auditors perceived. Personal risk preferences did not affect the risk perceptions of IT auditors. Implications for both research and practice are discussed.

KW - Risk Perception

KW - Expertise

KW - Risk Propensity

KW - IT Governance

KW - IT Audit

KW - Internal Audit

U2 - 10.2308/ISYS-2020-040

DO - 10.2308/ISYS-2020-040

M3 - Article

SN - 0959-2954

VL - 37

SP - 67

EP - 83

JO - Journal of Information Systems

JF - Journal of Information Systems

IS - 1

ER -

Internal Auditors’ Perceptions of IT-related Risks: A Comparison Between General Auditors and IT Auditors

Abstract

Keywords

Access to Document

Fingerprint

Cite this