University of Waterloo
Centre for Information Integrity & Information Systems Assurance
9th Biennial Research Symposium
October 1-3, 2015

Conference Chair J. Efrim Boritz Conference
Co-Chair Theophanis Stratopoulos
Chair of Scientific Committee Jee-Hae Lim

Renaissance Hotel, One Blue Jays Way, Toronto, Canada
Sponsored by:

CPA Canada, CaseWare IDEA Inc.

ISACA Toronto Chapter

Strategic and Emerging Technologies Section of the American Accounting Association
International Journal of Accounting Information Systems

The full conference qualifies for up to 18.5 hours of CPD.
The workshop alone will qualify for up to 7.5 hours of CPD.
The symposium alone will qualify for up to 11.0 hours of CPD
Certificates will be provided.

Click here to register.

Please note that all the papers to be presented and all relevant program information are posted on this website. Also, please note that we will not be distributing hard copies of the papers or Power Points. If you wish to have access to these papers during the symposium, please bring your laptop or tablet with you and download these materials for your use in advance of the symposium or during the symposium. There will be wireless internet in the meeting rooms.

Thursday, October 1, 2015
8:30 am - 5:30 pmData Analytics and Visualization Workshop. Location: Northern Lights Ballroom
Workshop Leaders:
Kieng IvMay LeungTheo

Kieng Iv,
Brookfield Asset Management
May Leung,
Bank of Montreal
Theo Stratopoulos,
University of Waterloo

During this workshop, participants will be introduced to numerous practical tools to learn about and leverage data analytics and visualization applications. A number of products will be shown and demonstrated. Participants are welcome to bring their own computers and follow along with a number of the demonstrations; hand-outs will be provided for those products to assist the participant in following along with the presenter; however, the presenters will not be able to help attendees directly themselves due to the limited time of the workshop.

As wireless Internet access may be slow at the hotel, everyone is encouraged to download the software and sample files in advance. While most of the applications that will be demonstrated are web-based, some are downloadable packages that you should download before the workshop.

Please click here for pre-conference preparation instructions.

If you do not wish to follow along on your laptop but only to follow the presentations and demos by the workshop instructors then you do not need to do any of the above. Simply show up at the workshop at the appointed hour and location (8:30 am Thursday October 1, Renaissance Hotel, Northern Lights Ballroom.

CPE Certificates will be issued.

IDEA Workshop:
Please click here for a video supporting this workshop.

Software Tutorials:
* Please click here for IDEA tutorial.
* Please click here for Tableau tutorial.
* Please click here for R tutorial.

History of Data:
* Please click here.
6:00 - 9:00 pmWelcome Reception and Poster Session, Renaissance Hotel

Social Technology Use in Public Accounting firmspdf icon
Diane Janvrin, Iowa State University

Proposing a Cloud Computing Capability Maturity Modelpdf icon
Pamela J. Schmidt, Washburn University and Severin V. Grabski, Michigan State University

A Framework of Risk Assessment for Personal Information Protectionpdf icon
She-I Chang, National Chung Cheng University, Zhong-Jie Su, National Chung Cheng University, and
Tawei (David) Wang, University of Hawaii at Manoa
Friday, October 2, 2015. Location: Northern Lights Ballroom
8:00 - 8:25 amBreakfast
8:25 - 8:35 amWelcome and Opening Remarks

Tom Scott, Director of School of Accounting & Finance, University of Waterloo
Bill Swirsky, Chair, UWCISA
Efrim Boritz, Director, UWCISA
8:35 - 10:00 amPanel 1: Audit Automation

Whether demand driven (the client’s IT infrastructure necessitates the auditor to automate parts of the audit) or supply driven (new audit automation tools are introduced into the marketplace), audit automation continuously evolves. In 1970s, audit automation was Dyl-260 and Dyl-280 for writing IBM mainframe batch JCL requests performed by EDP auditors. Now, any auditor could be using a variety of audit tools ranging from Excel, ACL, and IDEA to sophisticated data analytics.

The panel will discuss: the current state of audit automation; the more frequently used tools; how those tools are used; which tool skills are expected of/trained for at the staff level; which tools are reserved for specialists; which tools/apps are mandatory and which discretionary; defining audit automation drivers; defining audit automation inhibitors and how to address them; and finally, looking at the next 5 years in terms of audit automation and what academics can do in terms of instruction of and research regarding audit IT.

Please click here for a link to the video of this presentation.

Moderator:
Glen GrayGlen Gray, California State University - Northridge
Panelists:
Malik Datardina20014Malik Datardina, DeloitteThomasDMackenzieThomas Mackenzie, KPMG
Janice DeganisJanice Deganis, EYDibyendu DharDibyendu Dhar, PWC
Q & A
10:00 - 11:00 amPanel 2: Audit Data Standards

The AICPA has developed a standardized data model that management, internal auditors and external auditors could utilize for enhanced analytics that would further improve the timeliness and effectiveness of the audit process. The Audit Data Standards documents have been published to the AICPA Financial Reporting Center website: (1) Base Standard, (2) General Ledger Standard, and (3) Accounts Receivable Subledger Standard. You can access the documents by clicking here or by visiting the AICPA’s Financial Reporting Center website (under Interest Areas).

ISO member countries have voted to approve a Technical Committee proposed by China to tackle the development of international standards for how auditors obtain accounting data, including format and content requirements of accounting data elements and data interface output files. As of now there are 14 participating countries and 28 observing countries. For more information about this project visit ISO/PC 295.

Please click here for a link to the video of this presentation.

Moderator:
Bob CuthbertsonBob Cuthbertson, CaseWare IDEA Inc
Panelists:
Darren JamesDarren James, DeloitteSkip WhiteSkip White, University of Delawareppt icon
Eric Cohen 2015 (2)Eric E Cohen, PWCppt icon
Q & A
11:00 - 11:15 amRefreshment Break
11:15 am - 12:15 pmResearch Session 1 - BIG DATA
The Pros and Cons of Using Big Data In Auditing: A Synthesis of the Literature and a Research Agenda
pdf icon

With corporate investment in Big Data of $34 billion in 2013 growing to $232 billion through 2016 (Gartner 2012), the Big 4 professional service firms are aiming to be at the forefront of Big Data implementations. Notably, they see Big Data as not only an opportunity for their consulting arms, but also as an increasingly essential part of their assurance practice. We argue that while there is a place for Big Data in auditing its application to auditing is less clear cut than it is in the other fields to which it already has been applied, such as marketing and cancer research. The objectives of this paper are to: (1) provide a balanced discussion of both the pros and the cons regarding incorporating Big Data into financial statement audits; and (2) present a research agenda to identify specific aspects of Big Data that could benefit auditors.
Moderator:
TheoTheo Stratopoulos, University of Waterloo
Presenters:
Michael AllesMichael Alles*, Rutgers University and Glen Gray, California State University - Northridgeppt icon

Please click here for a link to the video of this presentation.
Discussants:
Sev GrabskiSev Grabski, Michigan State Universityppt icon

Please click here for a link to the video of this presentation.
Jerrard B GaertnerJerrard Gaertner, Managed Analytic Services Inc.pdf icon

Please click here for a link to the video of this presentation.
Q & APlease click here for a link to the video of this presentation.
12:15 - 1:15 pmLunch
Luncheon Speaker
Alan WunscheAlan Wunsche

The Blockchain Revolution - Where Can We Go From Here?

This presentation will take a quick tour through the history of the blockchain technology underlying the Bitcoin cryptocurrency. It will highlight blockchain's current applications and pose important questions about its future in Finance, Accounting and digital assets. For the information security and audit domain, the discussion will include such questions as “Is it finally possible to have immutable data?” and “What is the impact of blockchain’s triple entry accounting concept?”. An overview of leading of leading applications in the blockchain space will be presented.

Please click here for a link to the presentation PowerPoints.

Please click here for a link to the video of this presentation.
1:15 - 2:15 pmPanel 3: Continuous Auditing

In 1999 the CICA and AICPA co-published a landmark research report on Continuous Auditing. Now, more than 15 years later, the auditing community has accumulated extensive experience with this approach to auditing. An updated publication on Continuous Auditing is coming.

This session will discuss the new approach to Continuous Auditing presented by experts on this topic.

Please click here for a link to the video of this presentation.

Moderator:
placeholder (2)Brad Pomeroy, University of Waterloo
Panelists:
vasarhelyimiklos 2015Miklos Vasarhelyi, Rutgers UniversityCommercial Portrait  Photography Ringwood NJNancy Bumgarner, KPMGppt icon
Greg Shields  2014Greg Shields, CPA Canadappt icon
Q & A

2:15 - 3:15 pmPanel 4: Accounting for Cybersecurity: Reporting and Attestation Issues

As a result of the widely publicized cyber attacks on major corporations and public sector entities by hackers, criminals and foreign governments, cybersecurity is gaining increasing attention by boards of directors, customers, business partners, and regulators. Are these attacks due to a lack of standards, inadequate regulations, managements' failures to adopt adequate countermeasures, lapses in monitoring or a lack of satisfactory technical solutions? Entities are currently in the process of evaluating their cybersecurity programs, and are discussing options for communicating how they achieve their cybersecurity objectives. One key aspect of communicating the achievement of cybersecurity objectives is the ability to provide assurance by way of a report on cybersecurity controls from an independent assessor.

The AICPA’s Assurance Services Executive Committee (ASEC) formed the ASEC Cybersecurity Working Group to work in collaboration with the AICPA’s Auditing Standards Board (ASB) in develop practitioner guidance for performing examination-level attestation engagements related to cybersecurity. The working group will be responsible for identifying or developing suitable measurement criteria and for developing a cybersecurity attestation guide, as well as a supply chain/vendor management attestation guide, to provide performance and reporting guidance for practitioners engaged to report on controls over cybersecurity for an entity or portions of an entity (i.e. system(s), related systems, operating unit or division). A cybersecurity attestation report will provide useful information to users in making decisions as stakeholders in the entity.

This session will cover these developments, report on the current status of this project and suggest future directions for practice, research and education in this area.

Please click here for a link to the video of this presentation.
Moderator:
RParkerRobert Parker, UWCISAppt icon
Panelists:
Chris Halterman BWChris Halterman, EYpdf iconGraham GalGraham Gal, University of Massachusettsppt icon
Q & A
3:15 - 3:45 pmRefreshment Break
3:45 - 4:45 pmResearch Session 2 - IT INTERNAL CONTROL WEAKNESSES
Do Material Weaknesses in Information-Technology Related Internal Controls Affect Firms’ 8-K Filing Timeliness and Compliance?
pdf icon

Form 8-K reporting represents a different (and relatively unknown) information environment than annual 10-K filings. The current study takes advantage of a unique, comprehensive sample of 118,863 8-K filing event observations to investigate the association between firms’ Form 8-K reporting timeliness/compliance with required reporting deadlines and their internal control weaknesses. In addition, the study investigates the association between firms’ 8-K reporting and their information technology (IT) related internal control weaknesses. Overall, we find strong and robust evidence of a negative relation between the likelihood of the firm reporting a material internal control weakness and the timeliness and compliance of the firms’ 8-K filings. We also find distinguishing effects of weaknesses involving IT-related controls. Given recent interest in IT-related controls and far-reaching reforms with stated objectives of improving disclosure timeliness, increasing the quality of internal controls and improving the quality of accounting information, we believe that results in our study would be of interest to accounting information systems academics, regulators, accounting standard setters and other interested observers.
Moderator:
Louise HayesLouise Hayes, University of Guelph
Presenters:
Anthony HolderAnthony Holder*, University of Toledo, Khondkar Karim, University of Massachusetts Lowell, Karen (Jingrong) Lin, University of Massachusetts Lowell, and Robert Pinsker, Florida Atlantic Universityppt icon

Please click here for a link to the video of this presentation.
Discussants:
Kevin KobelskyKevin Kobelsky, University of Michigan - Dearbornppt icon

Please click here for a link to the video of this presentation.
R HenricksonRay Henrickson, former VP IT Audit, Bank of Nova Scotiappt icon

Please click here for a link to the video of this presentation.
Q & A
4:45 - 5:45 pmResearch Session 3 - GREEN IT
Comparing the Attitudes and Activities of Internal Auditors in Australia, Canada, and the United States Regarding Green IT
pdf icon

Internationally, sustainability activities and reporting, whether mandated or voluntary, are a significantly growing element of corporate governance. Although voluntary, 499 of the S&P 500 have some form of sustainability report on their website; some of those companies even link executive compensation to some type of sustainability criteria. Whether mandated or voluntary reporting, boards and CEOs do not want to be accused of greenwashing deceptive reporting). With the internal auditors considered control experts and both SOX and COSO promoting the value of internal auditing, it seems logical that organizations would call upon their internal audit functions to provide assurance that the appropriate controls have been designed and implemented and are functioning correctly to produce accurate and timely reports. Additionally, it also seems that logical starting point for sustainability activities would be green IT because of internal audit’s existing familiarity with their organization’s IT activities. However, Gray (2014) found only minimal green IT activities by U.S. and Canadian internal auditors. This study compares Australian internal auditors to Gray (2014) results. We expected more green IT involvement in Australia because Australian has more mandatory sustainability regulations than the U.S. and Canada. We also assumed, in general, that Australians would be more aware of environmental issues because the country has the highest incidence of skin cancer, which is blamed on the hole in the ozone layer over Antarctica that significantly raises the UV radiation in Australia. However, the results of this study show that, other than a couple minor differences, the green IT attitudes and activities of the internal auditors of these three countries are essentially interchangeable. Future research needs to identify whether there are cultural reasons or deeper, profound systemic reasons why internal auditors are not more proactively involved in the highly-visible, rapid-growing, value-added areas of sustainability and green IT.
Moderator:
CHamptonClark Hampton, University of Waterloo
Presenters:
Kyunghee YoonGlen Gray, California State University - Northridge, Kyunghee Yoon*, Rutgers University, Won Gyun No, Rutgers University, and Peter Roebuck, University Of New South Walesppt icon

Please click here for a link to the video of this presentation.
Discussants:
UMurthy-U-150x150Uday Murthy, University of South Floridappt icon

Please click here for a link to the video of this presentation.
Henry GrunbergHenry Grunberg, EYppt icon

Please click here for a link to the video of this presentation.
Q & APlease click here for a link to the video of this presentation.
6:30 - 9:30 pmBanquet: Le Sélect Bistro
Saturday, October 3, 2015. Location: Northern Lights Ballroom
8:00 - 8:25 amBreakfast
8:30 - 9:30 amResearch Session 4 - IT GOVERNANCE
Exploring Differences between Large and Medium Organizations’ Corporate Governance of Information Technology
pdf icon

As a subset of corporate governance, Corporate Governance of Information Technology (CGIT) is particularly targeted at maximizing IT investment, including for achieving organizational objectives and business value. Yet there is little empirical evidence concerning organizations’ attitudes to and use of CGIT, and related policies, practices, frameworks and methodologies to deliver such business value. Given our focus on governance rather than management of IT, we were guided by ISO/IEC 38500:2008’s six principles for CGIT to structure our investigation. Findings from our survey of Australian Chief Information Officers (CIOs) and executive managers of large and medium organizations inform this appraisal regarding the relevance, influential drivers, challenges and perceived benefits for organizations’ use of CGIT. Surprisingly our findings demonstrate substantially the same benefits, influences and challenges regardless of organizational size. Besides the widely-acknowledged role of IT strategic alignment, findings demonstrate the significance of risk management both in influencing the decision to adopt CGIT and as a perceived key CGIT benefit for improved organizational capability and resource-based value. This contributes new knowledge related to delivering business value through governing IT.
Moderator:
Jodie Lobana Jodie Lobana, Lobana Consulting Group Inc.
Presenters:
Carla WilkinCarla Wilkin*, Monash University, Paul K. Couchman, Deakin University, Amrik Sohal, Monash University, and Ambika Zutshi, Deakin Universitypdf icon

Please click here for a link to the video of this presentation.
Discussants:
Anne Fortin, Université du Québec à Montréalppt icon

Please click here for a link to the video of this presentation.
Christopher O'Connor(2)Christopher O'Connor, PWCppt icon

Please click here for a link to the video of this presentation.
Q & APlease click here for a link to the video of this presentation.
9:30 - 10:30 amResearch Session 5 - CRM
The Effect of Customer Relationship Management Systems on Firm Performance
pdf icon

Customer Relationship Management (CRM) systems are a popular tool implemented by managers to improve the relationships between their firms and customers. These CRM systems boast numerous benefits to firms and customers that can improve customer satisfaction (Mithas et al. 2005). However, there is little research regarding the tangible benefits firms actually experience following CRM system implementation (Hendricks et al. 2007). In this study, we examine the operational benefits of CRM system implementations to firm performance. Specifically, we follow the framework established by Dehning and Richardson (2002) and examine the direct and indirect effects of CRM system implementation. Using a sample of firms that implement CRM systems that have audited financial data, we find that CRM system implementation improves performance both directly and indirectly. Specifically, we find that firms perform better and more efficiently following CRM system implementation. Additionally, we find that firms are better at collecting accounts receivables. Finally, we find that for those CRM firms that forecast earnings, the firms that implement CRM systems issue more accurate earnings forecasts. This study contributes to the literature by showing evidence of the tangible benefits of CRM systems.
Moderator:
Jee-Hae LimJee-Hae Lim, University of Waterloo
Presenters:
Haislip 2Jacob Z. Haislip*, University of North Texas and Vernon J. Richardson, University of Arkansasppt icon

Please click here for a link to the video of this presentation.
Discussants:
Joung Kim2Joung W. Kim, Nova Southeastern Universityppt icon

Please click here for a link to the video of this presentation.
Steve SoychakSteve Soychak, Bruce Telecomppt icon

Please click here for a link to the video of this presentation.
Q & APlease click here for a link to the video of this presentation.
10:30 - 11:00 amRefreshment Break
11:00 am - 12:00 pmResearch Session 6 - AI/EXPERT SYSTEMS
The Reports Of My Death Are Greatly Exaggerated”—Expert Systems Research In Accounting
pdf icon

Gray et al. (2014) examined the productivity of expert systems/artificial intelligence research in accounting and came to the conclusion that both research on and practice use of expert systems/artificial intelligence had waned since the late 1990s. In our study, we reconsider these findings based on a broader view that is ‘artificial intelligence’ centric versus ‘expert systems’ centric. The results show that while there was a bit of a lull in the late 1990s, artificial intelligence research in accounting has continued to steadily increase over the past 30 years. Further consideration of artificial intelligence techniques as embedded modules in integrated audit support systems further suggest that use by practice continues to be robust. Based on these findings, we make a call for much more research on the usability, and use, of artificial intelligence techniques in accounting domains. Contrary to earlier perceptions, the research domain remains vibrant and holds great potential for AIS researchers to take a leadership role in advancing the field.
Moderator:
Kieng IvKieng Iv, Brookfield Asset Management
Presenters:
Steve SuttonSteve G. Sutton*, Matthew Holt, and Vicky Arnold, University of Central Floridappt icon

Please click here for a link to the video of this presentation.
Discussants:
Dan O'LearyDan O'Leary, University of Southern Californiappt icon

Please click here for a link to the video of this presentation.
Malik Datardina20014Malik Datardina, Deloitteppt icon

Please click here for a link to the video of this presentation.
Q & APlease click here for a link to the video of this presentation.
12:00 - 12:15 pmClosing Remarks

Bill Swirsky, Chair, UWCISA
Efrim Boritz, Executive Director, UWCISA
CPA Canada caseware
ISACA (1)
uw_logo ijaisCover