Defense Date


Document Type


Degree Name

Doctor of Philosophy



First Advisor

Allen Lee

Second Advisor

Carolyn Norman


The current research is concerned with exploring the quality of information technology (IT) control over financial reporting systems as reported under Section 404 of the Sarbanes-Oxley Act of 2002. More specifically, this dissertation examines the association between organizational governance mechanisms and the occurrence and subsequent disclosure of IT control weaknesses. Despite the adverse impact of IT control weaknesses on internal control quality and financial reporting reliability, research on IT controls in general and IT control weaknesses in particular remains largely anecdotal with limited reliance on theory. The current work proposes and tests an integrated theoretical model of the antecedents of IT control weaknesses. The proposed model draws upon agency theory to provide a theoretical perspective of the occurrence of IT control weaknesses and upon corporate governance literature to solicit potential factors that influence the achievement of effective IT control over financial reporting. Drawing upon agency theory, this research views the existence of IT control weaknesses as a manifestation of an agency problem caused by information asymmetry and lack of alignment between the overall organization represented by its board of directors as a principal and its information systems (IS) organization represented by the top IS team as an agent. Drawing on corporate governance literature, this dissertation proposes two categories of governance and contracting mechanisms that the board of directors can employ to reduce information asymmetry and align the interests of the top IS team with those of the firm thereby reducing the agency problem. These categories are: IT governance mechanisms and IT executive incentive alignment mechanisms. The IT governance mechanisms involve two elements: first, the IT background element which includes (a) the IT background of the board of directors as reflected by two of its main committees, namely the corporate governance committee and the audit committee and (b) the IT background of the top management team; second, the IT executive element as reflected in terms of the structural and the expert power of the Chief Information Officer (CIO). The IT executive incentive alignment mechanisms include two elements: (a) the CIO’s absolute compensation level and (b) the pay disparity between the CIO and other members of the top management team. A research model integrating these elements is developed and tested with empirical data. For testing the proposed model, this dissertation uses a sample of firms with IT control weaknesses and a control group of similar firms with no IT control weaknesses for the years 2005-2009. Empirical results provide support for five of the seven hypotheses put forth in this research. Regarding the IT governance mechanisms, study findings indicate that a lower likelihood of disclosing IT-related control weaknesses is associated with having audit committee and corporate governance committee members with IT expertise. Furthermore, the study findings provide support for the contention that the goal congruence is contingent on the CIO’s power. To this end, the study finds that a lower likelihood of disclosing IT-related control weaknesses is associated with having CIOs with higher levels of structural and expert power. As for the incentive alignment mechanisms, empirical results provide support for the assertion that goal congruence is contingent on perceived pay equality between the CIO and other members of the top management team. The results indicate that the lower the pay disparity between IT executives and business executives in the top management team, the lower the likelihood of disclosing IT control weaknesses. The present study contributes to the current body of knowledge of literature in several ways. It is the first study to propose and test an integrated model of the antecedents of IT control weaknesses. The proposed model adds to the current literature by introducing agency theory as a theoretical basis of the antecedents of IT control weaknesses. Furthermore, this study adds to the current literature by introducing and providing empirical evidence linking the IT background of the corporate governance committee, the structural power and expert power of the CIO, and the CIO relative pay to the disclosure of IT control weaknesses over financial reporting. Lastly, this research contributes to practice by offering a much needed understanding for managers, directors, auditors, and regulators in their effort to improve the quality of IT control and the reliability of financial reporting.


© The Author

Is Part Of

VCU University Archives

Is Part Of

VCU Theses and Dissertations

Date of Submission


Included in

Business Commons