An internal control perspective on the market value consequences of IT operational risk events
详细信息    查看全文
文摘
IT internal controls are an important component of an organization's arsenal of internal controls. Upon conceptualizing failures of operational IT systems, or what we call IT operational risk events, as signals of IT internal control weaknesses, we theorize about these events' impact on internal control objectives in general and about how this impact is influenced by the regulatory environment in particular. We then perform an event study to examine the economic impact of a diversified sample of IT operational risk events from the U.S. financial services industry during 1985-2009. We specifically test the impact of contextual factors on the degree of this effect, including the events' target (confidentiality, integrity, or availability of IT assets), the source of disclosure (regulatory or voluntary), the enactment of the Sarbanes-Oxley Act, and firm-specific attributes. We find that investors penalize firms most strongly for experiencing events that compromise the availability of IT systems, consistent with our prediction that these events more negatively impact the reliability of financial reporting and the efficiency and effectiveness of operations. This result contrasts extant empirical studies that are predominantly concerned with information and security breaches. We find also that investors' penalty is the strongest for firms experiencing IT operational risk events that occurred after the passing of the Sarbanes-Oxley Act or were disclosed by a regulatory body. Finally, the market reaction is shown to be stronger for firms with high growth potential, firms that are larger, riskier, and are in the banking sector. Implications for research and practice are discussed along with directions for future research.

© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号

地址:北京市海淀区学院路29号 邮编:100083

电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700