Academic journal article International Journal of Digital Accounting Research

Cousins Separated by a Common Language: Perceptions of Information Technology Risk

Academic journal article International Journal of Digital Accounting Research

Cousins Separated by a Common Language: Perceptions of Information Technology Risk

Article excerpt


One has only to check the news headlines to appreciate the pervasiveness of business reliance on information technology (IT) and to grasp the variety of risks associated with its strategic use in the competitive marketplace. Numerous tales of disaster and significant corporate loss have repeatedly demonstrated the potential risks an organization faces when its operations and support processes rely on its IT infrastructure without taking necessary safeguards. For instance, an audit of the Department of Taxation for the State of Hawaii placed numerous employees on administrative leave due to internal security breaches of its tax database1. In 2012, a computer glitch in a newly-installed trading system at Knight Capital Group cost the firm $440 million when it erroneously triggered rapid-fire buys and sells of over 100 stocks2. More recently, weaknesses in the point-of-sale systems at U.S-based retailer Target allowed hackers to gain access to customer credit and debit card information during the 2013 holiday shopping season3.

These failures, and countless others, illustrate the need for various organizational stakeholder groups to identify, understand and effectively manage the risks associated with IT operations. We define this risk (termed IT risk) as the risk that an organization's information systems will not adequately support the organization in achieving its business objectives, sufficiently safeguard its information resources, or deliver accurate and complete information to its users. While the need to properly identify IT risks is self-evident, this task is neither simple nor straightforward. Since IT risk impacts both technology and underlying business processes, they must be considered simultaneously. As a result of the Sarbanes Oxley Act of 2002 and associated Public Company Accounting Oversight Board (PCAOB) Auditing Standards, all publicly traded companies are required to assess their internal control structure, much of which is embedded within IT.

Furthermore, the impact of IT risk on business processes requires both business professionals (those who leverage the power of information systems to execute business processes and achieve business objectives) and IT professionals (those who develop and support IT at the operational level) to develop a shared vision of what IT risks actually threaten the organization's success and ability to support its business operations. Developing this shared vision necessitates that organizational stakeholders and decision makers agree on those IT risks that threaten achievement of business objectives and execution of business strategies. Complicating this task is both anecdotal evidence and empirical research that suggests disconnects between IT professionals and business professionals with regards to decision making, sense making and risk identification (Bassellier and Benbasat, 2004; Bassellier et al., 2001; Keil et al., 2002; Schmidt et al., 2001).

IT solutions deployed in the production environment (hereafter referred to as 'IT in operations') and supporting day-to-day business activities can represent significant risks to achieving strategic, operational, reporting and compliance objectives. Given the complex and situated nature of identifying and prioritized IT risks in operations, as well as the various stakeholders involved in this task, there have been numerous calls for research on how stakeholder perceptions influence identification and assessment of IT risks (Abu-Musa, 2006; Hermanson et al., 2000; Hunton et al., 2004; Wilkin and Chenhall, 2010). We hope our study adds to this conversation, and is motivated by the following research questions: How do each of the major stakeholder groups within organizations (representing both strategic and operational levels) conceptualize the risks associated with IT in operations? What are the factors that explain similarities and differences in their perceptions?

This manuscript will proceed as follows. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.