Printer Friendly

How are concerns about errors and ethics related to demands for information systems audits?


What factors affect individuals' demands that information systems (IS) audits are implemented in the organizations with which they do business? Using concepts and constructs from theoretical literature on individuals' concerns about organizational information management practices, we build a theoretical model that can explain and predict individuals' demand for information systems audit in organizations. Using data from U. S. university students, we empirically test two hypotheses using a multiple regression model. It was found that students' concern about error in data and their concern about organizational ethics of information management positively affect students' demand for IS audit at U. S. universities.

Keywords: Ethics, information management, error, information systems audit, universities, students


Collection and management of data about customers are important for information-intensive organizations such as hospitals and universities. Data are required for decision making in every level of an information intensive organization's life (Drucker, 1988). Error in the data used to make decisions can lead to harmful consequences for different stakeholders such as customers. Ethical standards and responsibility maintained by organizations in the management of data about customers need to be periodically examined in order to detect and prevent lapses that can cause disasters. As organizations become more dependent on databases and networks of computers to support their increasingly information-intensive processes, customers' concern about error (X1) in collected data and their concern about lapses in the ethics (X2) of information management grow. As organizations grow in maturity with uses of information technology (Mahmood & Becker, 1985), what could organizations do to reduce customers' concerns about error and ethics of organizational information management practices?

One possible remedy for errors and lapses in the ethics of organizational information management systems is for an organization to adopt a policy of carrying out periodic information systems (IS) audit. To the extent students' education and other aspects of their lives are dependent on the levels of accuracy and ethics with which data are collected and managed by universities, students are concerned about errors and ethical lapses associated with a university's data and their management. Previous studies have found that individuals' concern about error and access to data affect students' feeling of alienation (Mollick, 2006). It seems reasonable to predict that more concerned and alienated students feel, the stronger will be their support for the policy that universities adopt a policy of carrying out periodic IS audit (Y). In the rest of this paper, we develop and test two hypotheses: one concerning the relationship between X1 and Y, and the other between X2 and Y.


To create the context for understanding the effects of concern about error and concern about ethics of data management, and to show continuity of the current study with prior studies, it is necessary to briefly review relevant prior studies.

Concern About Error in Data (X1)

Organizational responsibility to effectively respond to individuals' concerns about error in data stored in computerized databases has been mentioned by database design experts (Date, 1986), information ethics scholars (Laudon, 1986; Mason, Mason, & Culnan, 1995) and scholars who wrote about the legal responsibility of information management (Miller, 1982). Smith and Milberg (1996) define concern about error in data as "Concern that protections against deliberate and accidental errors in personal data are inadequate." X1, concern about error, measures the extent to which a student is concerned about error, and potential consequences of errors, in data collected from or about students by universities. Concern about error is a person's concern about the amount of error experienced upon the collection of data. Any group that uses the data for analysis or decision making, where the accuracy of data is necessary, such as the Office of Financial Aid, should be interested in students' concern about error because it will help them asses the measure to which the group should monitor the collection and management of data. Concern about error in data is high in other fields as well. For example, the medical field seems to concern most about error because peoples' lives are at stake. Research is continually being done to develop methods of error reduction (McFadden, Stock, & Gowen, 2006). In the context of this project, concern about error measures the extent to which a student concerns about errors, and potential consequences of errors, in data collected from or about students at universities. Data were collected for concern about error through a series of eight statements that were presented to students (see Appendix A).

Individuals' concern about error (X1) in personal data collected, stored and used by organizations has been defined and measured in this study in light of two studies: Mason et al (1995; p. 221-224) and Smith and Milberg (1996). Smith and Milberg (1996) identified concern about error as one of four dimensions of individuals' concern for information privacy and provide the following definition:

Many individuals believe that organizations are not taking enough
steps to minimize problems from errors in personal data. Although some
errors might be deliberate (e.g., a disgruntled employee maliciously
falsifying data), most privacy-related concerns involve instead
accidental errors in personal data. Early privacy studies detail some
procedures for minimizing such errors (HEW [U. S. Department of
Health, Education, and Welfare]), 1973; Westin & Baker, 1972; also see
minor references in PPSC [Privacy Protection Study Committee], 1977).
Later works (Laudon, 1986; Linowes, 1989) document continuing problems
in this domain.

Provisions for inspection and correction are often considered as
antidotes for problems of erroneous data (HEW, 1973; PPSC, 1977;
Smith, 1994). But many errors are stubborn ones, and they seem to
snowball in spite of such provisions (Smith, 1994). In addition, a
reluctance to delete old data--which can clearly become "erroneous"
because of their static nature in a dynamic world--can exacerbate this
problem (Miller, 1982). Also at issue are questions of responsibility
in spotting errors: does a system rely on individuals to monitor their
own files, or is there an overarching infrastructure in place
(Bennett, 1992)? Although errors are sometimes assumed to be
unavoidable problems in data handling, whether controls are or are not
included in a system does represent a value choice on the part of the
system's designers (Kling, 1978; Mowshowitz, 1976).

Concern about Ethics of Information Management (X2) in Organizations

The second independent variable in this study measures the extent to which a student is concerned about a university's conformity to the ethics or moral principles of data management activities. Organizations involved in data management should be most interested in individuals' concern about ethics of data management within their own organization because ethics affects every aspect of data management such as collection, entry, storage, retrieval, analysis, communication and sharing of data. Going outward from the organization, groups that rely on the data will have a major interest in learning about customers' concern for ethics of data management since these groups may be affected by the data collected and managed by an organization such as a university. Employers, for example, rely on the transcripts and other data provided by a university about its students and graduates. Administrators, students, parents and guardians of students, regulatory agencies and different other stakeholders of a university would be interested to learn more about individuals' concern about ethics of information management in universities. Concern about ethics of information management can be understood in light of level of responsibility exercised by an organization to its different stakeholders of information. The most important stakeholders are those about whom data are collected and whose lives can be negatively affected if data are not managed ethically according to principles of fair information management practices. Concern about ethics can also be understood in terms of fear that an organization is violating end consumers by breaching a code of conduct (Vitell & Hidalgo, 2006; Vitell, Paolillo, & Thomas, 2003) regarding information management. Students' concern about ethics of information management can also be understood in terms of fear that their university is not honoring a social psychological contract (Rousseau, 1762/1947; Rousseau & Parks, 1993) that is above and beyond any restrictions imposed by codified laws. It is expected by students that the objectives and uses of hardware, software and data will be consistent with social ethical values stated in the code of the university and values held by its employees, students and the society in which it operates. Universities are viewed as conscience careers in many societies (Mason, Mason & Culnan, 1995), and as such, concern about ethics of information management at a university can be understood as students' fear that a university is not being conscientious in how it handles information management activities. Ethical behavior remains a concern in the information industry as it can lead to detrimental effects on those affected by data-driven decisions (Payne & Landry, 2005). In this paper, concern about ethics measures the extent to which a student is concerned about a university's conformity to the ethics or morality of data management activities. Similar to the variable concern about error, respondents are presented with statements to which they give a measure of agreement. These statements, which are centered on individuals' concern for ethics of information management, are presented in Appendix A.

Demand for Information Systems Audit (Y)

The dependent variable, demand for information systems audit, measures the extent to which the respondent believes that information management activities of a university should be periodically audited. IS audit may be viewed as one way of formalizing the information management functions (Mollick, 2007) and ensuring procedural fairness that can generate impersonal trust in an organization (Culnan & Armstrong, 1999). Students may believe that auditing can be a remedy to problems related to errors and ethics of information management at universities. It indicates the extent of one's support for a policy of authorizing audit of information management functions at universities. Demand for a policy of IS audit is expressed as an individual's support that a methodical examination and review of an activity will be a remedy to the problems of error and ethics related to that activity. Administrative units such as admissions and records, along with the financial aid office of a university, should be interested in learning more about students' support for a policy of carrying out periodic IS audit. Students may view an IS audit policy as a remedy to problems and as a proactive gesture of good will because it may solve some of the information ethics problems seen in data management activities (Cox, 2005). To measure this construct, two statements about demand for IS audit were presented to respondents who provided their level of agreement with the statements (see Appendix A).

The Research Model and Hypotheses

In light of the literature review above, a research model is presented in Figure 1.

H1: Relationship between Concern about Error (X1) and Demand for IS Audit (Y).

A study of the relationship between concern about error and demand for IS audit would be beneficial to individuals, groups, and organizations that are currently experiencing problems due to errors in data management and for professionals such as members of Information System Audit and Control Association (ISACS). IS audit may be viewed as a fair procedure (Culnan & Armstrong, 1999) that can help generate and maintain trust in the organization's ability to protect the accuracy and integrity of personal data entrusted to it by individuals. Since human beings are naturally concerned about reducing error and increasing correctness (Wagner, 2006), and audits are designed to identify and reduce errors within a system or process (Burgstahler, Glover, & Jiambalvo, 2000), we arrive at the first research hypothesis as follows.

H1: There is a positive relationship between concern about error and demand for IS audit (B1>0; [r.sub.x1y]>0).

2.4.2 H2: Relationship between Concern about Ethics (X2) and Demand for IS Audit (Y). Combining the first premise that audits are designed to identify and thus reduce errors (Johnson, 2006; Schaefer & Cassidy, 2006) with the second premise that humans naturally seek from others ethical and moral behavior toward themselves (Reath, 2003) we arrive at our second research hypothesis as follows.

H2: There is a positive relationship between one's concern about ethics and one's demand for IS audit (B2>0; [r.sub.x2y]>0).


To test the hypothesized relationships, data were collected through a survey conducted among students at a university in the United States. Scatter plots, correlation coefficients and regression analyses are used to visualize the relationships between pairs of variables and test the statistical significance of the hypotheses.


The scatter plot presented in figure 2 shows that there is a positive relationship between X1 and Y. This shows visual support for research hypothesis H1. The scatter plot presented in figure 3 shows that there is a positive relationship between X2 and Y. This shows visual support for research hypothesis H2. The scatterplots show initial support that students' concern about errors in data and students' concern about ethics of information management positively correlate with students' demand for information systems audit in organizations such as universities.

The descriptive statistics shown in Table 1 indicate that the mean score on all three variables are high considering that the scale ranged from 1 to 7 where 1 represented the lowest level of agreement and 7 represented the highest level of agreement with the statements presented to the respondents.

Students' average concern about error is slightly higher than their concern about ethics of information management at their university. The average level of support for a policy of IS audit is 5.77 while the median is even higher.

The correlation coefficients shown in Table 2 indicate that there is support for H1 and H2. The p-value of the F-test for the multiple regression model is less than .01, which indicates, with at least 99 percent probability, that at least one of the two X variables is statistically significantly related to the Y variable. The p-values associated with t-tests indicate, with at least 99 percent probability, that both concern about error and concern about ethics are statistically significantly related to demand for IS audit. Analysis of the data from this sample allows us to come to the conclusion, with at least 99 percent probability, that one's concern about error as well as one's concern about ethics are positively related to one's support for a policy of adopting IS audit in an organization.


Future research can investigate what other organizational policies and practices individuals may demand and support as a result of their concerns about error and ethics of information management in organizations. It may also be useful to identify other independent variables related to information management in organizations that may be related to demand for information systems audit. Similar studies can also be conducted in organizations that are in other information intensive industries such as hospitals, banks, insurance companies and credit reporting companies


Bennett, C. J. (1992). Regulating privacy: Data protection and public policy in Europe and the United States. Ithaca, NY: Cornell University Press.

Burgstahler, D., Glover, S. M., & Jiambalvo, J. J. (2000). Error projection and uncertainty in the evaluation of aggregate error. Auditing: A Journal of Practice & Theory, 19(1), 79-99. doi: 10.2308/aud.2000.19.1.79

Cox, J. (2005, July) Schools battle personal data hacks. Network World, 22(20), p. 8. Retrieved December 1, 2006, from

Culnan, M. J., & Armstrong, P. K., (1999). Information privacy concerns, procedural fairness, and impersonal trust: An empirical investigation. Organization Science, 10(1), 104, 12p. doi: 10.1287/orsc.10.1.104

Date, C. J. (1986). An introduction to database systems (4th ed.). Reading, MA: Addison-Wesley.

Drucker, P. F. (1988, January). The coming of the new organization. Harvard Business Review, 48-53.

Johnson, D. G. (2006). Corporate excellence, ethics, and the role of IT. Business and Society Review, 111, 457-470. doi: 10.1111/j.1467-8594.2006.282_1.x

Kling, R. (1978). Value conflicts and social choices in electronic funds transfer systems developments. Communications of the ACM, 21(8), 642-657. doi: 10.1145/957859.957863

Laudon, K. C. (1986). Dossier society: Value choices in the design of national information systems. New York, NY: Columbia University Press.

Linowes, D. F. (1989). Privacy in America: Is your private life in the public eye? Urbana, IL: University of Illinois Press.

Mahmood, M. A., & Becker, J. D. (1985). Effect of organizational maturity on end-users' satisfaction with information systems. Journal of Management Information Systems, 2(3), 37-64.

Mason, R. O., Mason, F. M., & Culnan, M. J. (1995). Ethics of information management. Thousand Oaks, CA: Sage Publications.

McFadden, K. L., Stock, G. N., & Gowen, C. R., III. (2006). Exploring Strategies for Reducing Hospital Errors. Journal of Healthcare Management, 51(2), 123-136.

Miller, A. (1982). Computers and privacy. In W. M. Hoffman & J. M. Moore (Eds.) Ethics and the management of computer technology: Proceedings of the Fourth National Conference on Business Ethics, Cambridge, MA: Oelgeschlager, Gunn, and Hain Publishers, Inc.

Mollick, J. S. (2006). Do concerns about error in data and access to data affect students' feeling of alienation? Journal of Information Privacy and Security, 2(1), 29-45. doi: 10.1080/15536548.2006.10855785

Mollick, J. S. (2007). Do concern about error and profiling correlate with students' demand for formal information management procedures at universities? The Journal of Academic Administration in Higher Education, 3(1 & 2), 33-42.

Mowshowitz, A. L. (1976). The conquest of will: Information processing in human affairs. Reading, MA: Addison-Wesley.

Payne, D., & Landry, B. J. L. (2005). Similarities in business and IT professional ethics: The need for and development of a comprehensive code of ethics. Journal of Business Ethics, 62(1), 73-85.

Privacy Protection Study Committee (PPSC). (1977). Personal privacy in an information society. Washington, DC: U. S. Government Printing Office.

Reath, A. (2003). Value and law in Kant's moral theory. Ethics, 114(1), 127-155.

Rousseau, D. M., & Parks, J. M. (1993). The contracts of individuals and organizations. Research in Organizational Behavior, 15(1), 1-43.

Rousseau, J-. J. (1947). The social contract (C. Frankel, Trans.). New York, NY: Hafner Publishing Company. (Original work published 1762).

Schaefer, A. G., & Cassidy, M. (2006). Internal audits and ethics education: A holy alliance to reduce theft and misreporting. Employee Relations Law Journal, 32(1), 61-84.

Smith, H. J. (1994). Managing privacy: Information technology and corporate America. Chapel Hill, NC: University of North Carolina Press.

Smith, H. J., & Milberg, S. J. (1996). Information privacy: Measuring individuals' concerns about organizational practices. MIS Quarterly, 20(2), p167-196. doi: 10.2307/249477

U. S. Department of Health, Education, and Welfare (HEW). (1973). Records, computers, and the rights of citizens: report pf the Secretary's Advisory Committee on Automated Personal Data Systems (DHEW Publication No. (OS)73-94). Washington, DC: U. S. Government Printing Office.

Vitell, S. J., & Hidalgo, E. R. (2006). The impact of corporate ethical values and enforcement of ethical codes on the perceived importance of ethics in business: A comparison of U.S. and Spanish managers. Journal of Business Ethics, 64(1), 31-43. doi: 10.1007/s10551-005-4664-5

Vitell, S. J., Paolillo, J. G. P., & Thomas, J. L. (2003). The perceived role of ethics and social responsibility: A study of marketing professionals. Business Ethics Quarterly, 13 (1), 63-86. doi: 10.5840/beq20031315

Wagner, C. G. (2006, July). Information security's biggest enemy. Futurist, 40(4), 11.

Westin, A. F., & Baker, M. A. (1972). Databanks in a free society: Computers, record keeping and privacy. New York, NY: Quadrangle Books.

Joseph S. Mollick, Ph. D.

Texas A & M University-Corpus Christi

Appendix A: Survey Questionnaire

                     The purpose of this survey is to analyze students'
                     attitudes and opinions about information
                     functions at universities. The term IS stands for
                     information systems. Please honestly express your
                     about each statement presented to you and circle
                     the number that best indicates your level of
                     with each statement presented to you. Your
                     responses will be anonymous and confidential.
                     Your student status: 1. Graduate 2. Undergraduate
                     Your academic major or concentration:
                     How many hours do you spend on the Internet every
                     week? (Type the number of hours.)
                     How many hours do you spend on the computer every
                     week? (Type the number of hours.)
                     Your gender: 1. Male 2. Female
                     Your age:
                     1 =       2 =       3 =       4 =        5 =
                     Strongly  Disagree  Slightly  Uncertain  Slightly
                     Disagree            Disagree             Agree
1  2  3  4  5  6  7  All the personal information in SIUC's computer
                     databases should be double-checked for accuracy
                     against errors in data entry or updating.
1  2  3  4  5  6  7  Universities should take more steps to make sure
                     that the personal information about students in
                     files is accurate and free from recording errors.
1  2  3  4  5  6  7  A university should have the best procedures to
                     correct errors in personal information.
1  2  3  4  5  6  7  A university should devote more time and effort to
                     verifying the accuracy of students' personal
                     information in its databases.
1  2  3  4  5  6  7  The method for ensuring the accuracy of the data
                     should be adequate.
1  2  3  4  5  6  7  System designers and planners should make sure
                     that the person who can be held responsible for
                     accuracy problems can be clearly identified.
1  2  3  4  5  6  7  Errors in estimation and the degrees of
                     uncertainty should be adequately reported to
                     information takers,
                     users and stakeholders.
1  2  3  4  5  6  7  The fidelity, accuracy, and integrity of the
                     information should be maintained throughout its
1  2  3  4  5  6  7  A university's IS objectives and uses of its
                     hardware, software and data should be consistent
                     with the
                     social ethical values of the university, its
                     employees, students and the society in which it
1  2  3  4  5  6  7  The university's IS should not harm one group
                     such as students to please or satisfy another
                     group such as
                     employees, managers, citizens, and lenders.
1  2  3  4  5  6  7  The needed data should be subject to potential
                     uses that are morally defensible.
1  2  3  4  5  6  7  The decisions and actions taken on the basis of
                     the information provided should be consistent with
                     overall social-ethical value of the university,
                     its students, employees and the society in which
                     it operates.
1  2  3  4  5  6  7  Audits such as ethical checks of information
                     should be conducted on a regular basis to ensure
                     that any
                     new ethical issues that arise across the
                     organization or within the information handling
                     functions are
                     identified and dealt with.
1  2  3  4  5  6  7  Enforcement mechanisms such as information systems
                     audit or other means should be available to
                     ensure compliance of a university with ethical
                     principles of information management.

6 =    7 =
Agree  Stro

Descriptive Statistics    X1=Concern   X2=Concern    Y=Support
                          About Error  About Ethics  for IS Audit

Mean                        5.88         5.56        5066
Standard Error              0.05         0.05           0.07
Median                      6            5.5            6
Mode                        6            5.5            6
Standard Deviation          0.660        0.713          0.997
Sample Variance             0.436        0.508          0.995
Kurtosis                    2.100       -0.609          0.186
Skewness                   -0.951        0.028         -0.703
Range                       3.875        3              4.5
Minimum                     3.1525       4              2.5
Maximum                     7            7              7
Count                     187          187            187
Confidence Level (95.0%)    0.0953       0.1028         0.1439

Table 1: Descriptive Statistics.

Summary Output

Regression Statistics          Correlation Matrix

Multiple R             0.6601  X1=Concern About Error
R Square               0.4357  X2=Concern About Ethics
Adjusted R Square      0.4296  Y=Support For IS Audit
Standard Error         0.7532
Observations           187     Estimated Regression Model
                               y=-1.38468+0.127075 *X1+0.30202*X2
ANOVA                          Y=demand for IS audit
                         df                    SS
Regression               2                   80.61
Residual                184                  104.39
Total                   186                  185.00

Regression Statistics  X1=Concern  X2=Concern   Y=Support
                       AboutError  AboutEthics  For IS Audit

Multiple R                  1
R Square               0.4687           1
Adjusted R Square      0.5388      0.5894       1
Standard Error

                          MS        F           Significance F
Regression              40.31      71.04           0.000000
Residual                 0.57

                         Coefficients  Standard Error  T Stat  P-value

Intercept                  -0.6923        0.5445       -1.272  0.205122
X1=Concern About Error      0.5083        0.0947        5.368  0.000000
X2=Concern About Ethics     0.6040        0.0877        6.886  0.000000

                          Lower 95%    Upper 95%

Intercept                -1.766536611  0.381857337
X1=Concern About Error    0.321481883  0.695119801
X2=Concern About Ethics   0.430968426  0.77711262

Table 2: Regression and Correlation.
COPYRIGHT 2014 International Information Management Association
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2014 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Mollick, Joseph S.
Publication:Communications of the IIMA
Date:Jan 1, 2014
Previous Article:The effects of text complexity on online review helpfulness.
Next Article:Evaluation of professional quality reports for U. S. automotive market between 2001 and 2012.

Terms of use | Privacy policy | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters