Internal Auditors’ Perceptions of Information Technology-Related Risks: A Comparison Between General Auditors and Information Technology Auditors

With the growing role of information technology (IT), many organizations have incorporated IT governance practices that include keeping executives apprised of IT risks. To perform this function, organizations rely upon their internal audit staff to obtain an independent evaluation of IT risks. Altho...

Full description

Saved in:
Bibliographic Details
Published in:The Journal of information systems 2023-04, Vol.37 (1), p.67-83
Main Authors: Nuijten, Arno L. P., Keil, Mark, Zwiers, Bert
Format: Article
Language:English
Subjects:
Auditors
Information technology
Internal auditing
Internal auditors
Risk exposure
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With the growing role of information technology (IT), many organizations have incorporated IT governance practices that include keeping executives apprised of IT risks. To perform this function, organizations rely upon their internal audit staff to obtain an independent evaluation of IT risks. Although both general and IT auditors are involved in assessing IT risks, they may not be equally adept at identifying such risks. We draw on the expert versus nonexpert perspective to understand how general and IT auditors perceive IT risks differently. Through a quasi experiment with 70 internal auditors of a financial institution, we found that general auditors perceived IT risks to be lower than their IT audit colleagues. We also found that personal IT risk preferences influenced the level of IT risks that general auditors perceived. Personal IT risk preferences did not affect the risk perceptions of IT auditors. Implications for both research and practice are discussed.
ISSN:0888-7985
1558-7959
DOI:10.2308/ISYS-2020-040