On information systems complexity and vulnerability

Journal of Information Systems

Volumn 27, Issue 2, 2013, Pages 51-64

  Cong, Yu ^a   Romero, Jorge ^b  

^a MORGAN STATE UNIVERSITY   (United States)

^b TOWSON UNIVERSITY   (United States)

Author keywords

Information systems complexity; Information systems vulnerability; Internal controls; Section 302; Section 40; SOX

Indexed keywords

EID: 84889770022     PISSN: 08887985     EISSN: 15587959     Source Type: Journal    
DOI: 10.2308/isys-50562     Document Type: Article

References (39)

1. Abdolmohammadi, M., and S. Ross. 2009. Factor associated with IT audits by the internal audit function. International Journal of Accounting Information Systems 11 (3): 140-151.
2. Alhazmi, O., and Y. K. Malaiya. 2008. Application of vulnerability discovery models to major operating systems. IEEE Transactions on Reliability 57 (1): 14-22.
3. Al-Kasswnal, R. 2012. The impact of information technology on external audit fees: A field study in the Hashemite Kingdom of Jordan. European Journal of Business and Management 4 (14): 92-102.
4. Altamuro, J., and A. Beatty. 2010. How does internal control regulation affect financial reporting? Journal of Accounting & Economics 49 (1): 58-74.
5. Audit Analytics. 2010. Taxonomy List for Disclosure Controls (SOX 302) and Internal Controls (SOX 404). Available at: http://wrds-web.wharton.upenn.edu/wrds/
6. Baccarini, D. 1996. The concept of project complexity: A review. International Journal of Project Management 14 (4): 201-204.
7. Balakrishnan, R., T. J. Linsmeier, and M. Venkatachalam. 1996. Financial benefits from JIT adoption: Effects of customer concentration and cost structure. The Accounting Review 71 (2): 183-205.
8. Banker, R., G. Davis, and S. Slaughter. 1998. Software development practices, software complexity, and software maintenance performance: A field study. Management Science 44 (4): 433-450.
9. Bedard, J., and L. Graham. 2011. Detection and severity classifications of Sarbanes-Oxley section 404 internal control deficiencies. The Accounting Review 86 (3): 825-855.
10. Bharadwaj, A. S. 2000. A resource-based perspective on information technology capability and firm performance: An empirical investigation. MIS Quarterly 24 (1): 169-196.
11. Brinn, T., M. Peel, and R. Roberts. 1994. Audit fee determinants of independent and subsidiary unquoted companies in the U.K.: An exploratory study. The British Accounting Review 26 (2): 101-121.
12. Canada, J., J. R. Kuhn, and S. Sutton. 2009. The pervasive nature of IT controls: An examination of material weaknesses in IT controls and audit fees. International Journal of Accounting and Information Management 17 (1): 106-119.
13. Carlson, J., and J. Doyle. 2000. Highly optimized tolerance: Robustness and design in complex systems. Physical Review Letters 84 (11): 2529-2532.
14. Chan, P., M. Ezzamel, and D. Gwilliam. 1993. Determinants of audit fees for quoted U.K. companies. Journal of Business Finance & Accounting 20 (6): 765-786.
15. Craswell, A., and J. Francis. 1999. Pricing initial audit engagements: A test of competing theories. The Accounting Review 74 (2): 201-216.
16. Doyle, J., W. Ge, and S. McVay. 2007. Determinants of weakness in internal control over financial reporting. Journal of Accounting & Economics 44 (1): 193-223.
17. Ethiraj, S., N. Ramasubbu, and M. S. Krishnan. 2012. Does complexity deter customer-focus? Strategic Management Journal 33 (2): 137-161.
18. Ettredge, M., and V. Richardson. 2003. Information transfer among internet firms: The case of hacker attacks. Journal of Information Systems 17 (2): 71-82.
19. Ge, W., and S. McVay. 2005. The disclosure of material weaknesses in internal control after the Sarbanes-Oxley act. Accounting Horizons 19 (3): 137-158.
20. Gist, W. 1992. Explaining variability in external audit fees. Accounting and Business Research 23 (89): 79-84.
21. Gong, G., B. Ken, and Y. Yu. 2009. SOX-mandated internal control deficiency disclosure under section 302 and earnings quality: Evidence from cross-listed firms. Available at: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1028620
22. Hay, D., R. Knechel, and N. Wong. 2006. Audit fees: A meta-analysis of the effect of supply and demand attributes. Contemporary Accounting Research 23 (1): 141-191.
23. Ho, Y., Q. Zhao, and D. Pepyne. 2002. The no free lunch theorems: Complexity and security. IEEE Transactions on Automatic Control 48 (5): 783-793.
24. Hogan, C., and M. S. Wilkins. 2008. Evidence on the audit risk model: Do auditors increase audit fees in the presence of internal control deficiencies? Contemporary Accounting Research 25 (1): 219-242.
25. Hunton, J. E., A. M. Wright, and S. Wright. 2004. Are financial auditors overconfident in their ability to assess risks associated with enterprise resource planning systems? Journal of Information Systems 18 (2): 7-28.
26. Jain, B., and O. Kini. 1995. Venture capitalist participation and the post-issue operating performance of IPO firms. Managerial and Decision Economics 16 (6): 593-606.
27. Kalwani, M., and N. Narayandas. 1995. Long-term manufacturer-supplier relationship relationships: Do they pay off for supplier firms? Journal of Marketing 59 (1): 1-16.
28. Krishnan, J., D. Rama, and Y. Zhang. 2008. Cost to comply with SOX section 404. Auditing: A Journal of Practice & Theory 27 (1): 169-186.
29. McKeen, J., T. Guimaraes, and J. Wetherbe. 1994. The relationship between user participation and user satisfaction: An investigation of four contingency factors. MIS Quarterly 18 (4): 427-451.
30. Menon, K., and D. Williams. 2001. Long-term trends in audit fees. Auditing: A Journal of Practice & Theory 20 (1): 115-136.
31. Messier, W., A. Eilifsen, and L. Austen. 2004. Auditor detected misstatements and the effect of information technology. International Journal of Auditing 8 (3): 223-235.
32. Meyer, M., and K. Curley. 1991. An applied framework for classifying the complexity of knowledge-based systems. MIS Quarterly 15 (4): 455-472.
33. Munsif, V., K. Raghunandan, D. V. Rama, and M. Sighvi. 2011. Audit fees after remediation of internal control weaknesses. Accounting Horizons 25 (1): 87-105.
34. O'Keefe, T., D. Simunic, and M. Stein. 1994. The production of audit services: Evidence from a major public accounting firm. Journal of Accounting Research 32 (2): 241-261.
35. Securities and Exchange Commission (SEC). 2008. Final Rule: Management's Report on Internal Control over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports. Available at: http://www.sec.gov/rules/final/33-8238.htm
36. Shin, Y., A. Meneely, L. Williams, and J. Osborne. 2011. Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities. IEEE Transactions on Software Engineering 37 (6): 772-787.
37. Simon, D., and J. R. Francis. 1988. The effects of auditor change on audit fees: Tests of price cutting and price recovery. The Accounting Review 63 (2): 255-269.
38. Simunic, D. 1980. The pricing of audit services: Theory and evidence. Journal of Accounting Research 22 (3): 161-190.
39. Whisenant, S., S. Sankaraguruswamy, and R. Raghunandan. 2003. Evidence on the joint determination of audit and non-audit fees. Journal of Accounting Research 41 (4): 721-744.