| Increased reliance on information technology (IT) has exposed companies within the U.S. and abroad to a host of new risks. Management of these risks requires the efforts of various parties within the organization. At the board of directors' level, the audit committee generally takes the lead in overseeing many key business risks, and expectations placed on audit committees have risen dramatically in recent years. In fulfillment of its oversight function, the AC must ensure that management has fully assessed all of its risks, including IT risks, which represent significant organizational exposure.; The purpose of this study is to examine the audit committee's role in monitoring IT risk. Using a self-administered survey, mailed to 1,000 audit committee members (providing a usable sample size of 52), the audit committee's role in overseeing IT risks was assessed. The instrument was developed from 34 high-level control objectives identified within the COBIT model. Each of the 34 high-level control objectives is grouped into one of the following four business processes: (1) planning and organization, (2) acquisition and implementation, (3) delivery and support, and (4) monitoring.; The results indicate that audit committee IT expertise, company size, and financial service industry classification are positively associated with perceived AC oversight of IT risks. However, AC oversight assessments are partially affected by prior COBIT experience. In particular, the effects of company size and financial service industry classification on perceived AC oversight of IT risks should be interpreted cautiously. In addition, although previous studies support a positive relationship between audit committee independence and/or diligence and increased audit committee effectiveness, no such relationship can be drawn in this research. Findings also suggest that audit committee members may support additional audit committee oversight of IT risks. Implications for future research are provided. |
PDF Full Text Request