IDEAS home Printed from https://ideas.repec.org/a/eee/ijoais/v13y2012i4p357-381.html
   My bibliography  Save this article

An internal control perspective on the market value consequences of IT operational risk events

Author

Listed:
  • Benaroch, Michel
  • Chernobai, Anna
  • Goldstein, James

Abstract

IT internal controls are an important component of an organization's arsenal of internal controls. Upon conceptualizing failures of operational IT systems, or what we call IT operational risk events, as signals of IT internal control weaknesses, we theorize about these events' impact on internal control objectives in general and about how this impact is influenced by the regulatory environment in particular. We then perform an event study to examine the economic impact of a diversified sample of IT operational risk events from the U.S. financial services industry during 1985–2009. We specifically test the impact of contextual factors on the degree of this effect, including the events' target (confidentiality, integrity, or availability of IT assets), the source of disclosure (regulatory or voluntary), the enactment of the Sarbanes–Oxley Act, and firm-specific attributes. We find that investors penalize firms most strongly for experiencing events that compromise the availability of IT systems, consistent with our prediction that these events more negatively impact the reliability of financial reporting and the efficiency and effectiveness of operations. This result contrasts extant empirical studies that are predominantly concerned with information and security breaches. We find also that investors' penalty is the strongest for firms experiencing IT operational risk events that occurred after the passing of the Sarbanes–Oxley Act or were disclosed by a regulatory body. Finally, the market reaction is shown to be stronger for firms with high growth potential, firms that are larger, riskier, and are in the banking sector. Implications for research and practice are discussed along with directions for future research.

Suggested Citation

  • Benaroch, Michel & Chernobai, Anna & Goldstein, James, 2012. "An internal control perspective on the market value consequences of IT operational risk events," International Journal of Accounting Information Systems, Elsevier, vol. 13(4), pages 357-381.
    • Handle: RePEc:eee:ijoais:v:13:y:2012:i:4:p:357-381
    DOI: 10.1016/j.accinf.2012.03.001
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1467089512000164
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.accinf.2012.03.001?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Bolster Paul & Pantalone Coleen H & Trahan Emery A, 2010. "Security Breaches and Firm Value," Journal of Business Valuation and Economic Loss Analysis, De Gruyter, vol. 5(1), pages 1-13, April.
    2. Anat Hovav & John D'Arcy, 2003. "The Impact of Denial‐of‐Service Attack Announcements on the Market Value of Firms," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 6(2), pages 97-121, September.
    3. Hollis Ashbaugh‐Skaife & Daniel W. Collins & William R. Kinney Jr & Ryan Lafond, 2009. "The Effect of SOX Internal Control Deficiencies on Firm Risk and Cost of Equity," Journal of Accounting Research, Wiley Blackwell, vol. 47(1), pages 1-43, March.
    4. Patell, Jm, 1976. "Corporate Forecasts Of Earnings Per Share And Stock-Price Behavior - Empirical Tests," Journal of Accounting Research, Wiley Blackwell, vol. 14(2), pages 246-276.
    5. Gillet, Roland & Hübner, Georges & Plunus, Séverine, 2010. "Operational risk and reputation in the financial industry," Journal of Banking & Finance, Elsevier, vol. 34(1), pages 224-235, January.
    6. Roll, Richard, 1981. "A Possible Explanation of the Small Firm Effect," Journal of Finance, American Finance Association, vol. 36(4), pages 879-888, September.
    7. Cabral, Luis, 1995. "Sunk Costs, Firm Size and Firm Growth," Journal of Industrial Economics, Wiley Blackwell, vol. 43(2), pages 161-172, June.
    8. Berger, Allen N, 2003. "The Economic Effects of Technological Progress: Evidence from the Banking Industry," Journal of Money, Credit and Banking, Blackwell Publishing, vol. 35(2), pages 141-176, April.
    9. Austen, Lizabeth A. & Eilifsen, Aasmund & Messier Jr., William F., 2004. "Auditor Detected Misstatements and the Effect of Information Technology," Discussion Papers 2004/1, Norwegian School of Economics, Department of Business and Management Science.
    10. Kim, Yongtae & Park, Myung Seok, 2009. "Market uncertainty and disclosure of internal control deficiencies under the Sarbanes-Oxley Act," Journal of Accounting and Public Policy, Elsevier, vol. 28(5), pages 419-445, September.
    11. repec:cup:jfinqa:v:46:y:2011:i:06:p:1683-1725_00 is not listed on IDEAS
    12. Brown, Stephen J. & Warner, Jerold B., 1985. "Using daily stock returns : The case of event studies," Journal of Financial Economics, Elsevier, vol. 14(1), pages 3-31, March.
    13. Stoel, M. Dale & Muhanna, Waleed A., 2011. "IT internal control weaknesses and firm performance: An organizational liability lens," International Journal of Accounting Information Systems, Elsevier, vol. 12(4), pages 280-304.
    14. Willison, Robert & Siponen, Mikko, 2007. "A Critical assesment of IS Security Research Between 1990-2004," Working Papers 2007-1, Copenhagen Business School, Department of Informatics.
    15. Gerry H. Grant & Karen C. Miller & Fatima Alali, 2008. "The effect of IT controls on financial reporting," Managerial Auditing Journal, Emerald Group Publishing, vol. 23(8), pages 803-823, September.
    16. Cummins, J. David & Lewis, Christopher M. & Wei, Ran, 2006. "The market value impact of operational loss events for US banks and insurers," Journal of Banking & Finance, Elsevier, vol. 30(10), pages 2605-2634, October.
    17. Hall, Bronwyn H, 1987. "The Relationship between Firm Size and Firm Growth in the U.S. Manufacturing Sector," Journal of Industrial Economics, Wiley Blackwell, vol. 35(4), pages 583-606, June.
    18. Vicky Arnold & Steve G. Sutton, 2007. "The Impact of Enterprise Systems on Business and Audit Practice and the Implications for University Accounting education," International Journal of Enterprise Information Systems (IJEIS), IGI Global, vol. 3(4), pages 1-21, October.
    19. Sanjeev Dewan & Fei Ren, 2007. "Risk and Return of Information Technology Initiatives: Evidence from Electronic Commerce Announcements," Information Systems Research, INFORMS, vol. 18(4), pages 370-394, December.
    20. Chan, K C & Chen, Nai-Fu, 1991. "Structural and Return Characteristics of Small and Large Firms," Journal of Finance, American Finance Association, vol. 46(4), pages 1467-1484, September.
    21. David Easley & Maureen O'hara, 2004. "Information and the Cost of Capital," Journal of Finance, American Finance Association, vol. 59(4), pages 1553-1583, August.
    22. Kevin M. Gatzlaff & Kathleen A. McCullough, 2010. "The Effect of Data Breaches on Shareholder Wealth," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 13(1), pages 61-83, March.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Du Jianguo & Rauf Ibrahim & Peter Lartey Yao & Rupa Jaladi Santosh & Amponsah Clinton Kwabena, 2019. "The Effectiveness of Internal Controls in Rural Community Banks: Evidence from Ghana," Business Management and Strategy, Macrothink Institute, vol. 10(1), pages 202-218, December.
    2. Li, He & No, Won Gyun & Wang, Tawei, 2018. "SEC's cybersecurity disclosure guidance and disclosed cybersecurity risk factors," International Journal of Accounting Information Systems, Elsevier, vol. 30(C), pages 40-55.
    3. Lu Wei & Jianping Li & Xiaoqian Zhu, 2018. "Operational Loss Data Collection: A Literature Review," Annals of Data Science, Springer, vol. 5(3), pages 313-337, September.
    4. Plant, Olivia H. & van Hillegersberg, Jos & Aldea, Adina, 2022. "Rethinking IT governance: Designing a framework for mitigating risk and fostering internal control in a DevOps environment," International Journal of Accounting Information Systems, Elsevier, vol. 45(C).
    5. Yinhong Yao & Jianping Li, 2022. "Operational risk assessment of third-party payment platforms: a case study of China," Financial Innovation, Springer;Southwestern University of Finance and Economics, vol. 8(1), pages 1-20, December.
    6. Md. Hamid Uddin & Md. Hakim Ali & Mohammad Kabir Hassan, 2020. "Cybersecurity hazards and financial system vulnerability: a synthesis of literature," Risk Management, Palgrave Macmillan, vol. 22(4), pages 239-309, December.
    7. Sovan Mitra & Andreas Karathanasopoulos, 2019. "Firm Value and the Impact of Operational Management," Asia-Pacific Financial Markets, Springer;Japanese Association of Financial Economics and Engineering, vol. 26(1), pages 61-85, March.
    8. Masoud, Najeb & Al-Utaibi, Ghassan, 2022. "The determinants of cybersecurity risk disclosure in firms’ financial reporting: Empirical evidence," Research in Economics, Elsevier, vol. 76(2), pages 131-140.
    9. Jin, Justin & Li, Na & Liu, Suyi & Khalid Nainar, S.M., 2023. "Cyber attacks, discretionary loan loss provisions, and banks’ earnings management," Finance Research Letters, Elsevier, vol. 54(C).
    10. Oliver Henk, 2020. "Internal control through the lens of institutional work: a systematic literature review," Journal of Management Control: Zeitschrift für Planung und Unternehmenssteuerung, Springer, vol. 31(3), pages 239-273, September.
    11. Anum Khan & Muhammad Shujaat Mubarik & Navaz Naghavi, 2023. "What matters for financial inclusions? Evidence from emerging economy," International Journal of Finance & Economics, John Wiley & Sons, Ltd., vol. 28(1), pages 821-838, January.
    12. Sangjae Lee & Seongil Jeon & ByungWon Lee, 2019. "Security Controls for Employees’ Satisfaction: Perspective of Controls Framework," SAGE Open, , vol. 9(2), pages 21582440198, May.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Narcyz Roztocki & Heinz Roland Weistroffer, 2015. "Investments in enterprise integration technology: An event study," Information Systems Frontiers, Springer, vol. 17(3), pages 659-672, June.
    2. Attiya Yasmeen Javid, 2000. "Alternative Capital Asset Pricing Models: A Review of Theory and Evidence," PIDE Research Report 2000:3, Pakistan Institute of Development Economics.
    3. Shinichi Kamiya & Jun-Koo Kang & Jungmin Kim & Andreas Milidonis & René M. Stulz, 2018. "What is the Impact of Successful Cyberattacks on Target Firms?," NBER Working Papers 24409, National Bureau of Economic Research, Inc.
    4. Sturm, Philipp, 2013. "Operational and reputational risk in the European banking industry: The market reaction to operational risk events," Journal of Economic Behavior & Organization, Elsevier, vol. 85(C), pages 191-206.
    5. Mounia Boulhaga & Abdelfettah Bouri & Ahmed A. Elamer & Bassam A. Ibrahim, 2023. "Environmental, social and governance ratings and firm performance: The moderating role of internal control quality," Corporate Social Responsibility and Environmental Management, John Wiley & Sons, vol. 30(1), pages 134-145, January.
    6. Kamiya, Shinichi & Kang, Jun-Koo & Kim, Jungmin & Milidonis, Andreas & Stulz, René M., 2021. "Risk management, firm reputation, and the impact of successful cyberattacks on target firms," Journal of Financial Economics, Elsevier, vol. 139(3), pages 719-749.
    7. Yang Lei & Qiang Zhou & Waiman Cheung & Xiling Cui & Ling Peng, 2023. "Market reaction to the announcement of online sales channel investment in enterprises: Evidence from a relatively stable market environment," Electronic Commerce Research, Springer, vol. 23(2), pages 973-1005, June.
    8. Ferguson, Colin & Finn, Frank & Hall, Jason & Pinnuck, Matt, 2010. "Speculation and e-commerce: The long and the short of IT," International Journal of Accounting Information Systems, Elsevier, vol. 11(2), pages 79-104.
    9. Attiya Y. Javed, 2000. "Alternative Capital Asset Pricing Models: A Review of Theory and Evidence," PIDE-Working Papers 2000:179, Pakistan Institute of Development Economics.
    10. Li, Yingqi & Yu, Junli & Zhang, Zhou & Zheng, Steven Xiaofan, 2016. "The effect of internal control weakness on firm valuation: Evidence from SOX Section 404 disclosures," Finance Research Letters, Elsevier, vol. 17(C), pages 17-24.
    11. Foecking, Nico & Wang, Mei & Huynh, Toan Luu Duc, 2021. "How do investors react to the data breaches news? Empirical evidence from Facebook Inc. during the years 2016–2019," Technology in Society, Elsevier, vol. 67(C).
    12. Kuo-Chung Chang & Yu-Kai Gao & Shih-Cheng Lee, 2020. "The Effect of Data Theft on a Firm’s Short-Term and Long-Term Market Value," Mathematics, MDPI, vol. 8(5), pages 1-21, May.
    13. Elshahat, A. & Parhizgari, Ali & Hong, Liang, 2012. "The information content of the Banking Regulatory Agencies and the Depository Credit Intermediation Institutions," Journal of Economics and Business, Elsevier, vol. 64(1), pages 90-104.
    14. Syed Emad Azhar Ali & Fong-Woon Lai & Rohail Hassan & Muhammad Kashif Shad, 2021. "The Long-Run Impact of Information Security Breach Announcements on Investors’ Confidence: The Context of Efficient Market Hypothesis," Sustainability, MDPI, vol. 13(3), pages 1-27, January.
    15. Xingnan Jiang, 2018. "Operational risk and its impact on North American and British banks," Applied Economics, Taylor & Francis Journals, vol. 50(8), pages 920-933, February.
    16. Jose Manuel Feria-Dominguez & Enrique Jimenez-Rodriguez & Ines Merino Fernandez-Galiano, 2013. "Isolating the corporate reputational risk in environmental oil spill disasters," Working Papers 13.02, Universidad Pablo de Olavide, Department of Financial Economics and Accounting (former Department of Business Administration).
    17. José M. Feria-Domínguez & Enrique Jiménez-Rodríguez & Inés Merino Fdez-Galiano, 2016. "Financial Perceptions on Oil Spill Disasters: Isolating Corporate Reputational Risk," Sustainability, MDPI, vol. 8(11), pages 1-15, November.
    18. J. David Cummins & Christopher M. Lewis, 2002. "Catastrophic Events, Parameter Uncertainty and the Breakdown of Implicit Long-term Contracting in the Insurance Market: The Case of Terrorism Insurance," Center for Financial Institutions Working Papers 02-40, Wharton School Center for Financial Institutions, University of Pennsylvania.
    19. Al-Amri, Khalid & Davydov, Yevgeniy, 2016. "Testing the effectiveness of ERM: Evidence from operational losses," Journal of Economics and Business, Elsevier, vol. 87(C), pages 70-82.
    20. K. Chau & S. Wong & C. Yiu & Maurice Tse & Frederik Pretorius, 2010. "Do Unexpected Land Auction Outcomes Bring New Information to the Real Estate Market?," The Journal of Real Estate Finance and Economics, Springer, vol. 40(4), pages 480-496, May.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ijoais:v:13:y:2012:i:4:p:357-381. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-accounting-information-systems/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.