Week 06 – IT Governance and Control
Dr. Amrit Tiwana from University of Georgia will join us as a guest speaker “in person” on March 14. His bio is available here – http://www.terry.uga.edu/directory/profile/tiwana/
Please read his paper and prepare for a question to him.
Amrit Tiwana from University of Georgia will be visiting Fox School as a visiting scholar for a week on March 12-16. The department is scheduling his visit, and I invited him to join us in our seminar for 30 minutes on March 14.
If his visit is confirmed, I will add this paper to the reading list for Week 8.
Tiwana, A. and Kim, S.K. (2015) “Discriminating IT Governance,” Information Systems Research (26:4) pp. 656-674.
Paper: Li, C., Peters, G.F., Richardson, V.J. and Watson, M.W., 2012. The consequences of information technology control weaknesses on management information systems: The case of Sarbanes-Oxley internal control reports. Mis Quarterly, pp.179-203.
Academia research holds different opinions toward the SOX (Sarbanes-Oxley Act) act and some scholars claim SOX is bad for business organizations because of the additional regulations and burdensome expense, while others consider SOX is good for business organizations since it helps firms to point out deficiencies in information system. This research builds up on the findings of Feng et al. 2009 and considers the extent that the existence and resolution of information technology control weaknesses impact the ultimate usefulness or quality of the information produced by the financial reporting system(FRS). The author hypothesizes that the stronger (weaker) IT controls over the FRS, the higher (lower) the information quality produced by the system. The authors use the firm’s SOX 404 Management Report on Internal Controls to identify the material weakness of IT controls, and categorize the control weakness across three dimensions: 1. Data processing integrity, 2. System access and security, 3. System structure and usage. The authors find that firms reporting IT material weaknesses in internal control tend to have significantly higher management forecast errors than firms reporting either effective internal controls, or non-IT material weaknesses, accounting for firm size, financial performance, and earning characteristics.
The regression analysis finds that both IT control material weakness and non-IT control material weakness are positively correlated with the forecast errors, but the magnitude of IT control material weakness is more than 3 times larger than that of non-IT control material weakness. The authors also find that the material weaknesses on processing integrity has the strongest impact on the forecast errors.
The paper talks about the effect of IT deficiencies on higher executive(CEO/CFO) turn over in firms. Most of the previous research has applied the framework that the greater the shared knowledge and mutual trust among top executives greater the success among IT firms.This body of knowledge has not shed any light on which senior executives should take care of which specific IT management activities etc.Thus the paper tries to answer for which IT management responsibilities are particular senior executives held accountable for serious IT deficiencies?.The paper takes advantage of the Sarbanes-Oxley Act of 2002 (SOX) which was established to strengthen internal controls over financial reporting by U.S. public firms helping capture IT material weakness.Te paper next goes on to develop multiple hypothesis that firms reporting higher number of IT material weaknesses will experience greater likelihood of CEO/CFO turnover.Next,the authors divide the material weakness into categories of global IT material weakness,demand and supply side IT materiel weakness and posit that firms reporting higher number of global/demand side IT material weaknesses will experience greater likelihood of CEO/CFO turnover.Using data from Audit Analytics, authors examined each firm’s reported material weaknesses and classified each as either an IT material weakness or a non-IT material weakness.Then they combined data from SEC proxy statements to identify CEO/CFO turnovers.The analysis involves probit regression with CXO turnover as dependent variable and NUmber of IT weaknesses/number of non-IT weaknesses as IVs.The results show Number of IT Weaknesses is significant in predicting CEO
turnover.Results also show that IT Architecture,IT Control Oversight–External are significant predictors as well.It also shows that IT Control Oversight–Internal to be a strong predictor.The results are robust and Heckman model controls for any endogeniety concerns due to selection bias.The the findings suggest that CEOs and CFOs were observed to be selectively affected by serious IT deficiencies. For CEOs, deficiencies traced to IT Architecture and to IT Control Oversight–External were associated with higher turnover likelihoods. For CFOs, deficiencies traced to IT Control Oversight–Internal were associated with higher turnover.Inconsistencies and limitations of the study are discussed.Contributions to IS,managements and practice are discussed.
Xue, L., Ray, G., & Gu, B. (2011). Environmental Uncertainty and IT Infrastructure Governance: A Curvilinear Relationship. Information Systems Research, 22(2), 389–399.
Extant research predicts that firms tend to decentralize IT governance in more uncertain environments. But empirical work in this area presents mixed result. To develop a deeper understanding of the relationship, this paper investigates the issue by studying the relationship between environmental uncertainty and IT infrastructure governance in a sample of business units from Fortune 1000 companies.
Centralization of IT infrastructure provides the benefits of economies of scale as the same IT platform can be leveraged across different business units, thereby reducing the unit cost of IT infrastructure for each business unit. But when uncertainty increases, the benefits of responsiveness provided by more decentralized IT infrastructure governance are likely to outweigh the benefits of centralization. However, decentralization of IT infrastructure governance raises issues of control. When uncertainty increases from the intermediate to high level, firms may switch from decentralization to recentralizing IT infrastructure governance.
The key proposition is that the relationship between environmental uncertainty and decentralization in IT infrastructure governance is best characterized as a curvilinear relationship. Moreover, the study proposes that business unrelatedness between business units and their headquarters moderates. The dataset is obtained from the CI, Compustat database, SDC Platinum Mergers and Acquisitions databases. Binary logistic regression model is applied to test the hypotheses. The result support all the hypotheses.
The key theoretical implication of this study is that the relationship between environmental uncertainty and IT infrastructure governance is likely to be more complex than that suggested by the prior literature. This paper also provides practical implications to managers when they make IT infrastructure governance decisions.
The Sarbanes-Oxley Act of 2002 had a pervasive influence on forms. Among many articles, SOX section 404 highlights the importance of controls related to the financial reporting function of management information systems, it requires a regular assessment of the quality of the financial reporting function, which provides conditions for this research.
This paper examines how weakness in IT controls impact the quality of the information and cause poor forecasts. It also investigates how this relationship varies by the type of IT material weaknesses reported.
The material weakness is defined as a control deficiency that results in a reasonable possibility that a material misstatement of financial information will occur without the being detected or corrected. The paper highlights the importance of IT in producing meaningful financial reports. Thus IT weaknesses will have a significant negative impact on data quality. So they propose for firms with SOX 404 IT material weakness will have lower management earnings forecast accuracy, comparing to firms have effective internal controls and non-IT material weakness. In order to investigate the different impacts caused by different IT material weakness, the author classifies the control weakness into three categories: 1. data processing integrity; 2. system access and security; 3. system structure and usage. It proposes that IT material weakness related to the data processing integrity category will have the greatest negative impact on information quality and forecasting accuracy. Their research model is OLS regression. The dependent variable is management forecast error, the focal independent variables are whether a firm has IT material weakness and the dimensions the weakness in. They collect data on SOX 404 report, financial report and forecast, the time span is 2004 to 2008. After a series of robustness check, the hypotheses are supported.
This paper contributes to the IS literature by providing evidence linking overall IT controls and their relative quality dimensions to the quality of management decision outcome.
Benaroch, Michael and Chernobai, Anna. 2017. “Operational IT Failures, IT Value Destruction, and Board-Level IT Governance Changes,” MIS Quarterly, (41: 3) pp.729-762.
The literature on operational IT failures is sparse and focused on their value relevance to the firm. This work is among those that touch upon an important gap in the literature: the connection between operational IT failures and board-level IT governance. The goal of this work is to address two questions: 1) whether the negative impact of operational IT failures on firms’ market value a predictor of post-failure changes in the level of board IT competency, and 2) what are the specific determinants of board IT competency associated with these changes.
With a concept-intensive but well-organized literature review and hypothesis development, the authors narrow down the research scope to empirically examine effects of the market value drop around recent operational IT failures on the change in the board IT competency level, specifically, a) increase in the ratio of independent directors with IT experience; (b) increase in the ratio of executive directors with IT experience; (c) turnover of a CIO serving on the board; and, (d) establishment of board IT committees. Utilizing data of 110 operational IT failures from U.S. public financial firms from Financial Institutions Risk Scenario Trends (FIRST), the results demonstrate that subsequent to experiencing operational IT failures, firms make improvements to the IT competency level of their boards, and the improvements are proportional to the degree of negative market reaction. However, those improvements are only on the executive side of the board, namely: an increase in the IT experience of internal (executive) directors and an increased turnover rate of CIOs serving on the board. Furthermore, the likelihood of CIO turnover is lower in IT-intensive firms where such turnover could be more disruptive.
This work not only contributes to IT government literature by exploring the critical connection between operational IT failures and board-level ITG, but also offer the industry with grounded managerial operation guidance.
Banker, R.D., Hu, N., Pavlou, P.A., & Luftman, J. (2011). CIO Reporting Structure, Strategic Positioning and Firm Performance. MIS Quarterly, 35(2), 487-504.
Since the emergence of the CIO position, academics and practitioners have struggled to identify the ideal CIO reporting structure. Banker, Hu, Pavlou, and Luftman (2011) provide insight by considering the alignment of a firm’s CIO reporting structure and its strategic position. Industry information has shown that the majority of CIOs report to the CEO or CFO and thus Banker et al. (2011) used a dichotomous operationalization of CIO reporting structure. Following Porter’s (1980, 1996) theory, Banker et al. (2011) considered two generic strategies: differentiation and cost leadership. Differentiation is pursued when firms focus on providing products/services that are superior in terms of designs, innovation, development, engineering, customer intimacy, and/or brand image. Conversely, a cost leadership strategy is perused by achieving economies of scale, cost efficiencies, and operational excellence. It is important to note that these generic strategies are not mutually exclusive; firms attempt to effectively balance both while pursing one main strategy. To operationalize, Banker et al. (2011) used an external assessment, specifically profit margin for differentiation and asset turnover for cost leadership, contrary to typical self-assessment methods. Finally, various control variables including IT intensity, IT orientation, industry technology level, industry concentration, and CIO tenure were employed.
Banker et al. (2011) used 200 firms from 1990-1993, as well as 58 firms from 2006 as a robustness check, to investigate their hypotheses considering the alignment of CIO reporting structure and strategic positioning. Results indicated that strategic positioning influences reporting structure; differentiators favour CIO-CEO, while cost leaders favour CIO-CFO. Alignment of CIO reporting structure and strategic positioning positively affects firm performance (operationalized as abnormal stock returns and future cash flows from operations). Finally, the results highlight the fact that there is not a universal CIO reporting structure, but rather, the ideal structure is dependent on the strategic positioning of the firm.
|Banker et al. (2011)||Heather|
|Xue et al. (2011)||Xi|
|Li et al. (2012)||Jack, Leting|
|Malsi et al. (2016)||Sid|
|Benaroch and Chernobai (2017)||Joe|