Audit Committees Oversight of Information Technology Risk

Authors

Linda M. Hadden, Keene State College
Dana Hermanson, Kennesaw State UniversityFollow
F. Todd DeZoort, The University of AlabamaFollow

Department

School of Accountancy

Document Type

Article

Publication Date

6-2011

Embargo Period

7-3-2018

Abstract

This exploratory study examines the role of the audit committee in overseeing information technology (IT) risk. We address the degree of audit committee oversight of specific IT risks, as well as factors associated with variations in audit committee IT oversight. Based on responses from 39 audit committee members, we found (1) little audit committee emphasis on oversight of IT risks, (2) audit committees involved with IT oversight focus on more traditional risks (e.g., monitoring), while very little attention is devoted to IT acquisition and implementation, and (3) the amount of IT oversight is positively associated with the responding members auditing experience and prior familiarity with the COBIT model for assessing IT risks. Audit committee independence, diligence, and expertise, company size, and industry were not significantly associated with IT oversight.

Journal Title

Review of Business Information Systems

Journal ISSN

1534-665X

Volume

7

Issue

4

Digital Object Identifier (DOI)

10.19030/rbis.v7i4.4509