School of Accountancy
This exploratory study examines the role of the audit committee in overseeing information technology (IT) risk. We address the degree of audit committee oversight of specific IT risks, as well as factors associated with variations in audit committee IT oversight. Based on responses from 39 audit committee members, we found (1) little audit committee emphasis on oversight of IT risks, (2) audit committees involved with IT oversight focus on more traditional risks (e.g., monitoring), while very little attention is devoted to IT acquisition and implementation, and (3) the amount of IT oversight is positively associated with the responding members auditing experience and prior familiarity with the COBIT model for assessing IT risks. Audit committee independence, diligence, and expertise, company size, and industry were not significantly associated with IT oversight.
Review of Business Information Systems
Digital Object Identifier (DOI)