Combining Decision Making Trial and Evaluation Laboratory with Analytic Network Process to Perform an Investigation of Information Technology Auditing and Risk Control in an Enterprise Resource Planning Environment

Wen Hsien Tsai, Yu Wei Chou, Kuen Chang Lee, Wan Rung Lin, Elliott T.Y. Hwang

Research output: Contribution to journalArticlepeer-review

18 Scopus citations

Abstract

The research examined different types of risk through interviews with experts. The risks studied include business interruption risk, process interdependency risk and system security risk. The decision making trial and evaluation laboratory is used to find the relationship among risks and combined with the analytic network process to select the optimal measures for reducing risks. The results indicate that information technology (IT) consultants prefer the Disaster Recovery Plan (DRP). They usually use the remote replication or High Availability (HA) to protect data. IT personnel believe that all of the IT risk controls are important. Auditors indicate that data access control is very important because users have to execute data access every day. Users of IT express a preference towards data input/output control as the most important control. The results achieved from all experts indicate that the most important controls overall are data input/output control, data access control and so on. Managers need to consider these risks to avoid any potential problems.

Original languageEnglish
Pages (from-to)176-193
Number of pages18
JournalSystems Research and Behavioral Science
Volume30
Issue number2
DOIs
StatePublished - Mar 2013

Keywords

  • Analytic network process (ANP)
  • Decision making trial and evaluation laboratory (DEMATEL)
  • Enterprise resource planning (ERP)
  • Information technology auditing
  • Internal control
  • Risk control

Fingerprint

Dive into the research topics of 'Combining Decision Making Trial and Evaluation Laboratory with Analytic Network Process to Perform an Investigation of Information Technology Auditing and Risk Control in an Enterprise Resource Planning Environment'. Together they form a unique fingerprint.

Cite this