Date of Award


Document Type


Degree Name

Doctor of Business Administration (DBA)


Computer Information Systems

First Advisor

Thomas Stafford


The dissertation examines two separate yet significant Information Technology (IT) issues: one dealing with IT risk and the other involving the adoption of IT. The IT risks that the dissertation focuses are information security breaches and the adoption/outsourcing of big data analytics. Using competitive dynamics theory and the theory of information transfer, the dissertation examines whether there is a spillover effect from information security breaches of breached firms to those firms’ rivals. Market reaction from spillover effects is captured from market activity and information asymmetry. The results suggest that the market of rival firms react to the focal firm’s experience of a data breach. However, the overall effects of data breaches on rival firms are the opposite to those to focal firms, although in many cases rival firms also experience negative reactions in the financial markets. Specifically, the results suggest that the characteristics of data breach types and previous data breach histories of focal firms have implications for rivals. However, strong information technology governance capabilities of rivals play a shielding role in mitigating those negative effects.

The dissertation also examines the adoption of big data analytics by Internal Audit Function (IAF). Particularly, the dissertation examines the implications of data analytics challenges to the adoption of big data analytics by IAF. The results suggest that dataspecific IT knowledge rather than general IT knowledge is a significant predictor of adoption of big data analytics. Additionally, critical thinking skills and business knowledge also contributes to the adoption of big data analytics. Furthermore, if IAFs face management challenges, such as fraud risk detection, they are also more likely to adopt big data analytics. Results from interaction effects analysis suggest that Chief Audit Executives (CAEs) with CPA certifications are more likely to adopt big data analytics than the CAEs without CPA certification, when the size of the organization is small, when the size of the IAF is small, or when there is a lack of data-specific IT knowledge or business skills. Another important finding is that when two groups of IAFs have similar size and data-specific IT knowledge, IAFs with fraud detection responsibilities are more likely to adopt big data analytics. Finally, IAFs in Anglo culture countries are more likely to adopt big data analytics than IAFs in non-Anglo culture countries, even when both IAFs have the same size and data-specific IT knowledge.

Finally, the dissertation examines the motivation of outsourcing of data analytics by IAF. The results suggest, contrary to conventional wisdom, that economic factors are not a significant predictor. Rather, strategic and sociological factors are significant in predicting the outsourcing of big data analytics. Specifically, IAFs outsource big data analytics when they lack data skills and are tasked with fraud risk management. Additionally, the role Chief Audit Executives (CAEs) is also significant. There is also a cultural variation of the outsourcing decision: IAFs from developing nations are more likely to outsource than are the IAFs from the developed countries. Further analysis of the interaction effects of these significant variables suggests that as the data skills of IAFs increase, the conditional difference of the likelihood of outsourcing decreases, suggesting that IAFs recognize both the value of data analytics and their lack of competencies. The three-way interactions of the variables support the same conclusion. The findings have implications about the formation of effective internal controls designed to mitigate the risks in the outsourcing decision. Moreover, external auditors will find the results useful when they evaluate the competence and objectivity of IAFs before they rely on their work.

Included in

Accounting Commons