The Role of Boards in Reviewing Information Technology Governance (ITG) as Part of Organizational Control Environment Assessments

IT Governance (ITG) is an important topic as US companies must now monitor ITG under the provisions of the Sarbanes-Oxley Act (2002) (Hoffmann, 2003). Trites (2003) indicates that directors are responsible for strategic planning, internal control structures and business risk. The control environment is defined in Australian Auditing Standard AUS 402 to mean "the overall attitude, awareness and actions of management regarding internal control and its importance to the entity". This paper contributes to the knowledge of ITG by forming an integrated ITG Literature (IIL) which links prior research to four key dimensions of ITG. The paper presents a review of literature on ITG performance measurement systems which assess the ability of organizations to achieve these four ITG dimensions. A revised ITG Dimensions Model offered for consideration. The final contribution of the paper is to propose critical issues Boards should consider as part of their assessment of organizational control environments

Enterprise risk management and firm performance: Role of the risk committee

In recent years, there have been increasing efforts in the corporate world to invest in risk management and governance processes. In this paper, we examine the impact of Enterprise Risk Management (ERM) on firm performance by examining whether firm performance is strengthened or weakened by the establishment of a board-level risk committee (BLRC), an important governance mechanism that oversees ERM processes. Based on 260 observations from FTSE350 listed firms in the UK during 2012–2015, we find the effectiveness of ERM significantly and positively affects firm performance. We also find strong BLRC governance complements this relationship and increases the firm performance effects of ERM. Our findings suggest the mere formation of a BLRC is not a panacea for ERM oversight; however, existence of a structurally strong BLRC is crucial for effective ERM governance

BDO not-for-profit fraud survey 2006

The information produced from this survey provides a benchmark for not-for-profit organisations revealing the perception and level of fraud in the sector, examining specific incidences of fraud and what the sector is doing to prevent fraud occurring. The sector as a whole performed extremely well both in the level of fraud currently occurring and the steps being taken to reduce the likelihood of fraud occurring in their organisation. As the first survey of its kind for the not-for-profit sector, a number of comparisons have been drawn with large organisations in the public and private sector. While this comparison has been necessary to provide the sector with a marker for their performance it is also important to recognise the inherent differences which exist between organisations in the not-for-profit sector and other sectors and the way they operate

Exploring the role of the governing body (board) in information technology governance : a study of Australian universities

In this thesis, I advance the understanding of information technology (IT) governance research and corporate governance research by considering the question “How do boards govern IT?” The importance of IT to business has increased over the last decade, but there has been little academic research which has focused on boards and their role in the governance of IT (Van Grembergen, De Haes and Guldentops, 2004). Most of the research on information technology governance (ITG) has focused on advancing the understanding and measurement of the components of the ITG model (Buckby, Best & Stewart, 2008; Wilkin & Chenhall, 2010), a model recommended by the IT Governance Institute (2003) as ‘best practice’ for boards to use in governing IT. IT governance is considered to be the responsibility of the board and is said to form an important subset of an organisation’s corporate governance processes (Borth & Bradley, 2008). Boards need to govern IT as a result of the large capital investment in IT resources and high dependency on IT by organisations. Van Grembergen, De Haes and Guldentops (2004) and De Haes & Van Grembergen (2009) indicate that corporate governance matters are not able to be effectively discharged unless IT is being governed properly, and call for further specific research on the role of the board in ITG. Researchers also indicate that the link between corporate governance and IT governance has been neglected (Borth & Bradley, 2008; Musson & Jordan, 2005; Bhattacharjya & Chang, 2008). This thesis will address this gap in the ITG literature by providing the bridge between the ITG and corporate governance literatures. My thesis uses a critical realist epistemology and a mixed method approach to gather insights into my research question. In the first phase of my research I develop a survey instrument to assess whether boards consider the components of the ITG model in governing IT. The results of this first study indicated that directors do not conceptualise their role in governing IT using the elements of the ITG model. Thus, I moved to focus on whether prominent corporate governance theories might elucidate how boards govern IT. In the second phase of the research, I used a qualitative inductive case based study to assess whether agency, stewardship and resource dependence theories explain how boards govern IT in Australian universities. As the first in-depth study of university IT governance processes, my research contributes to the ITG research field by revealing that Australian university board governance of IT is characterized by a combination of agency theory and stewardship theory behaviours and processes. The study also identified strong links between a university’s IT structure and evidence of agency and stewardship theories. This link provides insight into the structures element of the emerging enterprise governance of IT framework (Van Grembergen, De Haes & Guldentops, 2004; De Haes & Van Grembergen, 2009; Van Grembergen & De Haes, 2009b; Ko & Fink, 2010). My research makes an important contribution to governance research by identifying a key link between corporate and ITG literatures and providing insight into board IT governance processes. The research conducted in my thesis should encourage future researchers to continue to explore the links between corporate and IT governance research

Development of a board IT governance (ITG) review model

Information Technology Governance has become increasingly important as countries across the world establish legislation and guidelines on the responsibilities of Boards of Directors (Boards) for ITG within organizations. As a result of organizational dependence on Information Technology (IT), Boards are realizing they must more effectively govern their considerable investment in IT systems and resources or risk potential loss from unauthorized access to their IT systems, poor IT resource management, ineffective integration of IT and business and reduced delivery of value from their IT resources. Despite the clear theoretical motivation for Boards to focus on ITG as part of Board processes there has been a paucity of research which has focused on this issue. This paper makes a key contribution to the research on ITG by proposing a Board ITG Review Model (BIRM) as a mechanism to assist Boards to identify critical ITG issues and the supporting evidence they should review as the ultimate custodians of organizational IT systems and resources. The model is developed around four of the key ITG focus areas identified by the IT Governance Institute (ITGI). To test one of the components of the model a set of potential critical ITG issues was identified from ITG literature. The critical issues were pilot tested with a group of 100 industry professionals to gauge their importance and appropriateness for Board use. The results from this pilot testing process will be used to refine the BIRM for the future. Future research will test and refine the model further using online survey and case study methodologies

A study of Australian audit committee operations and effectiveness

Professional and regulatory bodies in Australia and overseas have promoted audit committees as a corporate governance mechanism which the board of directors can employ to oversee the financial reporting and auditing functions of their organisation. Despite the level of responsibility entrusted to audit committees, recent research has provided limited evidence of their value. The purpose of this study is to extend the understanding of Australian audit committee operations by both providing descriptive analyses of the profile, functions, effectiveness and characteristics of Australian audit committees and by developing a comprehensive measure of audit committee effectiveness against which five audit committee characteristics outlined in normative literature as important to audit committee effectiveness will be tested. The characteristics addressed are the independence of audit committee members, the provision of adequate resources to the committee, the knowledge and experience of audit committee members, the provision of training to audit committee members and the existence of an audit committee charter. Following the method adopted by Spangler & Braiotta (1990) and Kalbers & Fogarty (1993), a composite measure of effectiveness was obtained by aggregating the responses from a survey administered to the audit committee chairperson, a non-executive director and the internal audit manager of a sample of Australian publicly listed corporations. The results of the study indicate that the majority of respondent audit committees have been formed relatively recently (l-3 years), that they have an average of 3-4 members, that the majority of members are non-executive directors, and that the committee meets on average 3-4 times a year for approximately 2 hours. The audit committee function given the greatest consideration by the committee relates to its oversight of financial reporting disclosures. Surveyed audit committees were not found to be uniformly effective with resulting composite effectiveness scores ranging from 2.3 to 4. 7 in a range of 1 -very ineffective to 5 - very effective. Results of the statistical association between the five audit committee characteristics and effectiveness indicate that the proportion of nonexecutive directors and the knowledge and experience of audit committee members are significantly associated with audit committee effectiveness

"The accounting conference"

The paper’s aim is to be a satirical reflection of participant experiences at an accounting conference

Ethics education in the qualification of professional accountants: Insights from Australia and New Zealand

This paper investigates how ethics is incorporated in the qualification process for prospective professional accountants across Australia and New Zealand. It does so by examining the structure of these qualification processes and by analysing the learning objectives and summarised content for ethics courses that prospective accountants take either at university or through the post-degree programs provided by CPA Australia and Chartered Accountants Australia and New Zealand. We do this to understand how the ‘sandwich’ approach to teaching ethics (Armstrong, Journal of Accounting Education 11(1):77–92, 1993) is implemented. This approach advocates a standalone ethics course, followed by ethical cases that are integrated across accounting courses, and subsequently a capstone course that combines ethics and professionalism. We test the extent to which this approach is adopted and examine how its application relates to the components of moral behaviour (Rest, Moral development: Advances in research and theory, Praeger Publishers, New York, 1986). The results provide three significant contributions. The first is that the ‘sandwich’ approach is not in place for most prospective accountants as only a minority of programs include a mandatory course with a substantial ethics component, and this is more likely in undergraduate rather than postgraduate programs. The second contribution is that although moral sensitivity and moral judgement are widely considered, little attention is given to issues of moral motivation and moral character. We suggest that change is unlikely without explicit ethical education requirements from the professional accounting bodies. The paper also makes a final contribution by proposing a more nuanced typology characterising the degree to which ethics is incorporated in particular courses

An analysis of risk management disclosures: Australian evidence

- Purpose Communication of risk management practices are a critical component of good corporate governance. Research to date has been of little benefit in informing regulators internationally. This paper seeks to contribute to the literature by investigating how listed Australian companies in a setting where disclosures are explicitly required by the ASX corporate governance framework, disclose risk management (RM) information in the corporate governance statements within annual reports. - Design/methodology/approach To address our study’s research questions and related hypotheses, we examine the top 300 ASX-listed companies by market capitalisation at 30 June 2010. For these firms, we identify, code and categorise RM disclosures made in the annual reports according to the disclosure categories specified in Australian Stock Exchange Corporate Governance Principles and Recommendations (ASX CGPR). The derived data is then examined using a comprehensive approach comprising thematic content analysis and regression analysis. - Findings The results indicate widespread divergence in disclosure practices and low conformance with the Principle 7 of the ASX CGPR. This result suggests that companies are not disclosing all ‘material business risks’ possibly due to ignorance at the board level, or due to the intentional withholding of sensitive information from financial statement users. The findings also show mixed results across the factors expected to influence disclosure behaviour. Notably, the presence of a risk committee (RC) (in particular, a standalone RC) and technology committee (TC) are found to be associated with improved levels of disclosure. we do not find evidence that company risk measures (as proxied by equity beta and the market-to-book ratio) are significantly associated with greater levels of RM disclosure. Also, contrary to common findings in the disclosure literature, factors such as board independence and expertise, audit committee independence, and the usage of a Big-4 auditor do not seem to impact the level of RM disclosure in the Australian context. - Research limitation/implications The study is limited by the sample and study period selection as the RM disclosures of only the largest (top 300) ASX firms are examined for the fiscal year 2010. Thus, the finding may not be generalisable to smaller firms, or earlier/later years. Also, the findings may have limited applicability in other jurisdictions with different regulatory environments. - Practical implications The study’s findings suggest that insufficient attention has been applied to RM disclosures by listed companies in Australia. These results suggest that the RM disclosures practices observed in the Australian setting may not be meeting the objectives of regulators and the needs of stakeholders. - Originality/value Despite the importance of risk management communication, it is unclear whether disclosures in annual financial reports achieve this communication. The Australian setting provides an ideal environment to examine the nature and extent of risk management communication as the Australian Securities Exchange (ASX) has recommended risk management disclosures follow Principle 7 of its principle-based governance rules since 2007

Professional judgement in accounting and Aristotelian practical wisdom

Purpose: Recognising the growing importance of professional judgement within professional accounting, this paper examines how it relates to Aristotelian practical wisdom, with reference to the ethical failure at Carillion plc in 2018. This includes an examination of how these concepts are similar and how they differ and a reconceptualisation of professional judgement in Aristotelian terms. Design/methodology/approach: The conventional understanding of professional judgement is articulated with reference to accounting standards, professional accounting institutions and academic research. This is compared to Aristotelian practical wisdom, as presented in the Nicomachean Ethics. Both of these conceptualisations are analysed with reference to the failure of Carillion plc. Findings: Some similarities as well as significant differences between the conventional conceptualisation of professional judgement and Aristotelian practical wisdom are identified. Application to the accounting failure of Carillion plc shows how an Aristotelian reconceptualisation of professional judgement, as an ethical concept, provides a more adequate understanding of unethical accounting behaviour. Research limitations/implications: The analysis identifies aspects of professional judgement in accounting that have not previously been explored empirically, but which nevertheless have empirical support in other domains. Practical implications: Professional judgement is reconceptualised in ethical terms, which informs how professional bodies and firms should conceive and apply this concept. Originality/value: Although there has been research on judgement informed by psychology, there has been little research linking judgement and wisdom in an accounting context. This paper utilises a philosophically informed perspective on wisdom to reconceptualise professional judgement in a way that provides a more adequate understanding of ethical failures.</p