Auditors' Risk Perception of Process Control Deficiencies: A Discrete Choice Experiment

Manal Laghmouch*, Sebastien Lizin, Jan Mendling, Benoit Depaire, Mieke Jans

*Corresponding author for this work

Research output: Contribution to journalArticleAcademicpeer-review

Abstract

In risk-based auditing, data-driven analyses are often used to automatically detect process deficiencies. This introduces a challenge: the number of deficiencies is too large to inspect manually. Current approaches addressing this challenge neglect integrating the risk dimension or rely on auditors to manually integrate it. This study aims to increase the effectiveness of such data-driven analysis approaches by including the risk dimension when presenting process deficiencies for further inspection. We investigate how the deficiency type and the affected control activity are associated with perceived risk. We run a discrete choice experiment with 58 auditors interpreting deficiencies that occur in a procure-to-pay or an order-to-cash process and find that (1) deficiencies of type "missing" or deficiencies related to asset-decrementing activities are perceived as the riskiest, (2) the control activity contributes 75 percent of the risk perception, and (3) external and internal auditors share a similar risk perception.
Original languageEnglish
Pages (from-to)79-97
Number of pages19
JournalJournal of Information Systems
Volume38
Issue number2
DOIs
Publication statusPublished - 1 Jun 2024

Keywords

  • auditing
  • control deficiency
  • discrete choice analysis
  • discrete choice experiment
  • process deficiency
  • process deviation
  • risk assessment
  • risk perception
  • INFORMATION
  • FRAMEWORK
  • QUALITY
  • SYSTEMS
  • LOAD

Fingerprint

Dive into the research topics of 'Auditors' Risk Perception of Process Control Deficiencies: A Discrete Choice Experiment'. Together they form a unique fingerprint.

Cite this