Roger Debreceny

The determinants of Internet financial reporting

Abstract Responding to the widespread adoption of the Internet and the rapidly growing demands for information from stakeholders, corporations around the world are using the Internet for business and financial disclosures. Internet reporting has the benefits of low cost, wider reach, frequency and speed. Despite these benefits Internet reporting varies across companies and across countries. We study Internet financial reporting (IFR), in particular the presentation and content of IFR, of 660 large companies in 22 countries to identify the firm, and environmental determinants of IFR. The study revealed that firm size, listing on US stock exchanges and technology were firm specific determinants of IFR. Given that IFR is not just about the content of disclosure, but also about employing new presentation methods, the environment of disclosure was included in the research. The overarching disclosure environment of a country was found to be an important environmental driver for IFR presentation and less strongly for IFR content. The presentation aspect of IFR was more associated with the identified determinants than the content of IFR, which suggests that Internet presentation technologies were more related to the determinants than the content of the reports on the company Web sites.

The production and use of semantically rich accounting reports on the Internet: XML and XBRL

Abstract Most major corporations in the U.S. (and a growing number of companies around the world) are reporting some level of financial information on their Web sites. However, it is not clear that the stakeholders are fully satisfied with this Web-based data. The time and effort allocated to the mechanics of Web retrieval are actually increasing because of the difficulty of finding pages and specific data within the enormity of the public Web (over 1 billion pages) or of many corporate intranets. One way to deal with this vast information source would be to automate the Web search mechanics by developing and using intelligent software agents. However, developing these agents in the current Web environment is very problematic. Three factors are preconditions for effective utilization of the Web. First, appropriate metadata representation of financial reporting information on the Web is required that could improve the accuracy of searches (the resource discovery problem). Second, accounting data points within Web pages should be able to be reliably parsed (the attribute recognition problem). Third, standard mechanisms are required that will encourage or require corporations to report in a consistent fashion. The reality of the Web is that it falls far short of a reliable communication medium for accounting and financial information on all three of these factors. The eXtensible Markup Language (XML) provides a method to tag financial information to greatly improve the automation of information location and retrieval, and provides technical solutions to the resource discovery and attribute recognition problems. However, if every company were free to develop its own labels for its XML tags, then the searching for financial information would be only marginally improved. The recent development by a consortium lead by the American Institute of CPAs (AICPA) of the so-called “eXtensible Business Reporting Language” (XBRL) is an initiative to develop an XML-based Web-based business reporting specification. The widespread adoption of XBRL would mean that both humans and intelligent software agents could operate on financial information disseminated on the Web with a high degree of accuracy and reliability. XBRL provides rich research opportunities, including new taxonomies, database accounting, financial statement assurance, intelligent agents, human/computer interfaces, standard development process, adoption incentives, global adoption, and formal ontologies.

COBIT 5 and Enterprise Governance of Information Technology: Building Blocks and Research Opportunities

ABSTRACT: COBIT, currently in its fifth edition, is a good-practice framework for the enterprise governance of IT. There is limited academic research that either analyzes COBIT or leverages COBIT as an instrument in executing research programs. Through linking core elements and principles of COBIT to insights from IT-related and general management literature, this paper explores the use of COBIT in future research activities. This paper positions COBIT as a framework for enterprise governance of IT. The major directions and core principles of the framework are described. Connections are made of these directions and principles to the relevant literature. Research questions for future research around enterprise governance of IT and COBIT 5 are proposed and discussed.

The Auditor and Corporate Reporting on the Internet: Challenges and Institutional Responses

The use of Internet technology for corporate reporting is now a well-established activity in countries that have developed securities markets, raising many questions for the provision of audit and assurance on such reports. This paper reviews the state of guidance provided by securities regulators and audit standards setters. We find that, notwithstanding the recognition by various audit standards bodies of the need for further guidance to auditors on the implications of Internet financial reporting; the actual pronouncements made thus far by the various bodies around the world fall considerably short as a response to the challenges that arise from current and future Internet reporting technologies. We point in particular to shortcomings related to the way in which users interact with Internet financial reporting web sites, the implications of this interaction and on what we term ‘information component’ technologies such as the XML-based eXtensible Business Reporting Language (XBRL). The paper sets out a range of institutional, standards setting and technological solutions to these issues.

Embedded audit modules in enterprise resource planning systems : implementation and functionality.

Embedded Audit Modules (EAMs) are a potentially efficient and effective compliance and substantive audit‐testing tool. Early examples of EAMs were implemented in proprietary accounting information systems and production systems. Over the last decade, there has been widespread deployment of Enterprise Resource Planning (ERP) systems that provide common business process functionality across the enterprise. These application systems are based upon a common foundation provided by large‐scale relational database‐management systems. No published research addresses the potential for exploiting the perceived benefits of EAMs in an ERP environment. This exploratory paper seeks to partially close this gap in the research literature by assessing the level and nature of support for EAMs by ERP providers. We present five model EAM‐use scenarios within a fraud‐prevention and detection environment. We provided the scenarios to six representative ERP solution providers, whose products support “small,” “medium,” and “larg...

Data mining journal entries for fraud detection: An exploratory study

Fraud detection has become a critical component of financial audits and audit standards have heightened emphasis on journal entries as part of fraud detection. This paper canvasses perspectives on applying data mining techniques to journal entries. In the past, the impediment to researching journal entry data mining is getting access to journal entry data sets, which may explain why the published research in this area is a null set. For this project, we had access to journal entry data sets for 29 different organizations. Our initial exploratory test of the data sets had interesting preliminary findings. (1) For all 29 entities, the distribution of first digits of journal dollar amounts differed from that expected by Benfords Law. (2) Regarding last digits, unlike first digits, which are expected to have a logarithmic distribution, the last digits would be expected to have a uniform distribution. Our test found that the distribution was not uniform for many of the entities. In fact, eight entities had one number whose frequency was three times more than expected. (3) We compared the number of accounts related to the top five most frequently occurring three last digit combinations. Four entities had a very high occurrences of the most frequent three digit combinations that involved only a small set of accounts, one entity had a low occurrences of the most frequent three digit combination that involved a large set of accounts and 24 had a low occurrences of the most frequent three digit combinations that involved a small set of accounts. In general, the first four entities would probably pose the highest risk of fraud because it could indicate that the fraudster is covering up or falsifying a particular class of transactions. In the future, we will apply more data mining techniques to discover other patterns and relationships in the data sets. We also want to seed the dataset with fraud indicators (e.g., pairs of accounts that would not be expected in a journal entry) and compare the sensitivity of the different data mining techniques to find these seeded indicators.

The Development of Embedded Audit Modules to Support Continuous Monitoring in the Electronic Commerce Environment

An important developing area of assurance is continuous audit. Because of the real-time, computer-to-computer characteristics of electronic commerce, the development of continuous audit techniques is even more critical. Proponents of continuous audit point to a future where auditors monitor entitys accounting information systems in real-time or in quasi real-time. A predecessor technology to continuous audit is the Embedded Audit Module (EAM). This study investigates the challenges in developing EAMs. These challenges are analyzed by the development of ten examples of EAM alerts in a fraud environment. The alerts employ stored database procedures and triggers to monitor the internal control environment. The alerts are complementary to the strengthening of a firms internal control system by monitoring and reporting the irregularities in the control environment. The study provides guidance on the construction of EAMs and points to a number of limitations in their development. These limitations raise a number of issues that must be considered before continuous audit can be widely adopted. The study sets out a number of issues for future research.

IT Governance and Process Maturity: A Multinational Field Study

ABSTRACT: This study investigates the relationship between key information technology (IT) governance characteristics and IT process maturity, as a measure of IT capability, in a multinational field study of 51 organizations. The study employs the IT processes defined within the COBIT framework as a model of the major processes that comprise IT capability. COBIT framework includes a of set maturity models based on the Capability Maturity Model (CMM) from the Software Engineering Institute (SEI). Data are collected on all aspects of IT governance at each organization as well as the level of process maturity for each process in COBIT. Maturity modeling in COBIT includes six attributes of process maturity. The state of alignment between the IT and non-IT functions at each organization and the level of national development are strongly associated with process maturity. These findings apply whether considering the overall level of process maturity or the level by domain or attribute.

Research on IT Governance, Risk, and Value: Challenges and Opportunities

This theme issue of the Journal of Information Systems sees the publication of seven papers that cover a variety of facets of research on the governance of information technology. IT governance (ITG) is the process by which organizations seek to ensure that their investment in information technology facilitates strategic and tactical goals. IT governance is a subset of broader corporate governance, focusing on the role played by information technology within the organization. There are several important dimensions of ITG. Arguably the most important element of ITG is the design of decision rights and organizational structures. What role do governing bodies, such as the Board of Directors, play in the oversight and direction of IT? What roles and responsibilities for IT does the governing body assume and what is delegated to senior and operational management? How is IT to be structured within the organization? Is the provision of IT to be centrally organized within a single, functional IT organizational unit? Or, perhaps, is provision of IT to be largely distributed to operational or administrative units within the organization? Other dimensions of ITG, as noted by Wilkin and Chenhall (2010), include strategic alignment between organizational goals and needs and IT outcomes; management of risk; value delivery; and measurement of performance. ITG has become more important within organizations as the important role that IT plays in adding organizational value has become increasingly clear (Brynjolfsson and Saunders 2010; Masli et al. 2011; Tambe and Hitt 2012). Investment in IT is a significant proportion of current and capital spending in most industries, giving additional impetus to ITG. IT is also subject to high levels of environmental instability. How are organizations to respond to the insourcing/outsourcing nexus, cloud computing, virtualization, and mobile computing among other environmental challenges? Equally, the compliance requirements arising from overall (e.g., SOX) and industry (e.g., HIPAA, Basel II, PCI) regulatory regimes have given an added impetus to ITG efforts. Given that IT both mitigates risk (e.g., by supporting internal control processes) and creates risk (e.g., by exposure of corporate IT systems to external threats), there is an increased understanding that IT is an important component of enterprise risk management (Parent and Reich 2009; Wilkin and Chenhall 2010). While these challenges are compelling for many organizations and particularly for governing bodies, they are shared by a wide variety of organizations. While there may be entity, industry, or national differences, all entities must address questions such as ‘‘how is IT to be organized?’’ or ‘‘how much of the provision of IT should we move to cloud providers?’’ There are also many aspects of IT provision (e.g., security, enterprise architecture, user management, software

A taxonomy to guide research on the application of data mining to fraud detection in financial statement audits

This paper explores the application of data mining techniques to fraud detection in the audit of financial statements and proposes a taxonomy to support and guide future research. Currently, the application of data mining to auditing is at an early stage of development and researchers take a scatter-shot approach, investigating patterns in financial statement disclosures, text in annual reports and MD&As, and the nature of journal entries without appropriate guidance being drawn from lessons in known fraud patterns. To develop structure to research in data mining, we create a taxonomy that combines research on patterns of observed fraud schemes with an appreciation of areas that benefit from productive application of data mining. We encapsulate traditional views of data mining that operates primarily on quantitative data, such as financial statement and journal entry data. In addition, we draw on other forms of data mining, notably text and email mining.