How are concerns about errors and ethics related to demands for information systems audits?
What factors affect individuals' demands that information systems (IS) audits are implemented in the organizations with which they do business? Using concepts and constructs from theoretical literature on individuals' concerns about organizational information management practices, we build a theoretical model that can explain and predict individuals' demand for information systems audit in organizations. Using data from U. S. university students, we empirically test two hypotheses using a multiple regression model. It was found that students' concern about error in data and their concern about organizational ethics of information management positively affect students' demand for IS audit at U. S. universities.
Keywords: Ethics, information management, error, information systems audit, universities, students
Collection and management of data about customers are important for information-intensive organizations such as hospitals and universities. Data are required for decision making in every level of an information intensive organization's life (Drucker, 1988). Error in the data used to make decisions can lead to harmful consequences for different stakeholders such as customers. Ethical standards and responsibility maintained by organizations in the management of data about customers need to be periodically examined in order to detect and prevent lapses that can cause disasters. As organizations become more dependent on databases and networks of computers to support their increasingly information-intensive processes, customers' concern about error (X1) in collected data and their concern about lapses in the ethics (X2) of information management grow. As organizations grow in maturity with uses of information technology (Mahmood & Becker, 1985), what could organizations do to reduce customers' concerns about error and ethics of organizational information management practices?
One possible remedy for errors and lapses in the ethics of organizational information management systems is for an organization to adopt a policy of carrying out periodic information systems (IS) audit. To the extent students' education and other aspects of their lives are dependent on the levels of accuracy and ethics with which data are collected and managed by universities, students are concerned about errors and ethical lapses associated with a university's data and their management. Previous studies have found that individuals' concern about error and access to data affect students' feeling of alienation (Mollick, 2006). It seems reasonable to predict that more concerned and alienated students feel, the stronger will be their support for the policy that universities adopt a policy of carrying out periodic IS audit (Y). In the rest of this paper, we develop and test two hypotheses: one concerning the relationship between X1 and Y, and the other between X2 and Y.
To create the context for understanding the effects of concern about error and concern about ethics of data management, and to show continuity of the current study with prior studies, it is necessary to briefly review relevant prior studies.
Concern About Error in Data (X1)
Organizational responsibility to effectively respond to individuals' concerns about error in data stored in computerized databases has been mentioned by database design experts (Date, 1986), information ethics scholars (Laudon, 1986; Mason, Mason, & Culnan, 1995) and scholars who wrote about the legal responsibility of information management (Miller, 1982). Smith and Milberg (1996) define concern about error in data as "Concern that protections against deliberate and accidental errors in personal data are inadequate." X1, concern about error, measures the extent to which a student is concerned about error, and potential consequences of errors, in data collected from or about students by universities. Concern about error is a person's concern about the amount of error experienced upon the collection of data. Any group that uses the data for analysis or decision making, where the accuracy of data is necessary, such as the Office of Financial Aid, should be interested in students' concern about error because it will help them asses the measure to which the group should monitor the collection and management of data. Concern about error in data is high in other fields as well. For example, the medical field seems to concern most about error because peoples' lives are at stake. Research is continually being done to develop methods of error reduction (McFadden, Stock, & Gowen, 2006). In the context of this project, concern about error measures the extent to which a student concerns about errors, and potential consequences of errors, in data collected from or about students at universities. Data were collected for concern about error through a series of eight statements that were presented to students (see Appendix A).
Individuals' concern about error (X1) in personal data collected, stored and used by organizations has been defined and measured in this study in light of two studies: Mason et al (1995; p. 221-224) and Smith and Milberg (1996). Smith and Milberg (1996) identified concern about error as one of four dimensions of individuals' concern for information privacy and provide the following definition:
Many individuals believe that organizations are not taking enough steps to minimize problems from errors in personal data. Although some errors might be deliberate (e.g., a disgruntled employee maliciously falsifying data), most privacy-related concerns involve instead accidental errors in personal data. Early privacy studies detail some procedures for minimizing such errors (HEW [U. S. Department of Health, Education, and Welfare]), 1973; Westin & Baker, 1972; also see minor references in PPSC [Privacy Protection Study Committee], 1977). Later works (Laudon, 1986; Linowes, 1989) document continuing problems in this domain. Provisions for inspection and correction are often considered as antidotes for problems of erroneous data (HEW, 1973; PPSC, 1977; Smith, 1994). But many errors are stubborn ones, and they seem to snowball in spite of such provisions (Smith, 1994). In addition, a reluctance to delete old data--which can clearly become "erroneous" because of their static nature in a dynamic world--can exacerbate this problem (Miller, 1982). Also at issue are questions of responsibility in spotting errors: does a system rely on individuals to monitor their own files, or is there an overarching infrastructure in place (Bennett, 1992)? Although errors are sometimes assumed to be unavoidable problems in data handling, whether controls are or are not included in a system does represent a value choice on the part of the system's designers (Kling, 1978; Mowshowitz, 1976).
Concern about Ethics of Information Management (X2) in Organizations
The second independent variable in this study measures the extent to which a student is concerned about a university's conformity to the ethics or moral principles of data management activities. Organizations involved in data management should be most interested in individuals' concern about ethics of data management within their own organization because ethics affects every aspect of data management such as collection, entry, storage, retrieval, analysis, communication and sharing of data. Going outward from the organization, groups that rely on the data will have a major interest in learning about customers' concern for ethics of data management since these groups may be affected by the data collected and managed by an organization such as a university. Employers, for example, rely on the transcripts and other data provided by a university about its students and graduates. Administrators, students, parents and guardians of students, regulatory agencies and different other stakeholders of a university would be interested to learn more about individuals' concern about ethics of information management in universities. Concern about ethics of information management can be understood in light of level of responsibility exercised by an organization to its different stakeholders of information. The most important stakeholders are those about whom data are collected and whose lives can be negatively affected if data are not managed ethically according to principles of fair information management practices. Concern about ethics can also be understood in terms of fear that an organization is violating end consumers by breaching a code of conduct (Vitell & Hidalgo, 2006; Vitell, Paolillo, & Thomas, 2003) regarding information management. Students' concern about ethics of information management can also be understood in terms of fear that their university is not honoring a social psychological contract (Rousseau, 1762/1947; Rousseau & Parks, 1993) that is above and beyond any restrictions imposed by codified laws. It is expected by students that the objectives and uses of hardware, software and data will be consistent with social ethical values stated in the code of the university and values held by its employees, students and the society in which it operates. Universities are viewed as conscience careers in many societies (Mason, Mason & Culnan, 1995), and as such, concern about ethics of information management at a university can be understood as students' fear that a university is not being conscientious in how it handles information management activities. Ethical behavior remains a concern in the information industry as it can lead to detrimental effects on those affected by data-driven decisions (Payne & Landry, 2005). In this paper, concern about ethics measures the extent to which a student is concerned about a university's conformity to the ethics or morality of data management activities. Similar to the variable concern about error, respondents are presented with statements to which they give a measure of agreement. These statements, which are centered on individuals' concern for ethics of information management, are presented in Appendix A.
Demand for Information Systems Audit (Y)
The dependent variable, demand for information systems audit, measures the extent to which the respondent believes that information management activities of a university should be periodically audited. IS audit may be viewed as one way of formalizing the information management functions (Mollick, 2007) and ensuring procedural fairness that can generate impersonal trust in an organization (Culnan & Armstrong, 1999). Students may believe that auditing can be a remedy to problems related to errors and ethics of information management at universities. It indicates the extent of one's support for a policy of authorizing audit of information management functions at universities. Demand for a policy of IS audit is expressed as an individual's support that a methodical examination and review of an activity will be a remedy to the problems of error and ethics related to that activity. Administrative units such as admissions and records, along with the financial aid office of a university, should be interested in learning more about students' support for a policy of carrying out periodic IS audit. Students may view an IS audit policy as a remedy to problems and as a proactive gesture of good will because it may solve some of the information ethics problems seen in data management activities (Cox, 2005). To measure this construct, two statements about demand for IS audit were presented to respondents who provided their level of agreement with the statements (see Appendix A).
The Research Model and Hypotheses
In light of the literature review above, a research model is presented in Figure 1.
H1: Relationship between Concern about Error (X1) and Demand for IS Audit (Y).
A study of the relationship between concern about error and demand for IS audit would be beneficial to individuals, groups, and organizations that are currently experiencing problems due to errors in data management and for professionals such as members of Information System Audit and Control Association (ISACS). IS audit may be viewed as a fair procedure (Culnan & Armstrong, 1999) that can help generate and maintain trust in the organization's ability to protect the accuracy and integrity of personal data entrusted to it by individuals. Since human beings are naturally concerned about reducing error and increasing correctness (Wagner, 2006), and audits are designed to identify and reduce errors within a system or process (Burgstahler, Glover, & Jiambalvo, 2000), we arrive at the first research hypothesis as follows.
H1: There is a positive relationship between concern about error and demand for IS audit (B1>0; [r.sub.x1y]>0).
2.4.2 H2: Relationship between Concern about Ethics (X2) and Demand for IS Audit (Y). Combining the first premise that audits are designed to identify and thus reduce errors (Johnson, 2006; Schaefer & Cassidy, 2006) with the second premise that humans naturally seek from others ethical and moral behavior toward themselves (Reath, 2003) we arrive at our second research hypothesis as follows.
H2: There is a positive relationship between one's concern about ethics and one's demand for IS audit (B2>0; [r.sub.x2y]>0).
DESIGN AND METHODOLOGY
To test the hypothesized relationships, data were collected through a survey conducted among students at a university in the United States. Scatter plots, correlation coefficients and regression analyses are used to visualize the relationships between pairs of variables and test the statistical significance of the hypotheses.
The scatter plot presented in figure 2 shows that there is a positive relationship between X1 and Y. This shows visual support for research hypothesis H1. The scatter plot presented in figure 3 shows that there is a positive relationship between X2 and Y. This shows visual support for research hypothesis H2. The scatterplots show initial support that students' concern about errors in data and students' concern about ethics of information management positively correlate with students' demand for information systems audit in organizations such as universities.
The descriptive statistics shown in Table 1 indicate that the mean score on all three variables are high considering that the scale ranged from 1 to 7 where 1 represented the lowest level of agreement and 7 represented the highest level of agreement with the statements presented to the respondents.
Students' average concern about error is slightly higher than their concern about ethics of information management at their university. The average level of support for a policy of IS audit is 5.77 while the median is even higher.
The correlation coefficients shown in Table 2 indicate that there is support for H1 and H2. The p-value of the F-test for the multiple regression model is less than .01, which indicates, with at least 99 percent probability, that at least one of the two X variables is statistically significantly related to the Y variable. The p-values associated with t-tests indicate, with at least 99 percent probability, that both concern about error and concern about ethics are statistically significantly related to demand for IS audit. Analysis of the data from this sample allows us to come to the conclusion, with at least 99 percent probability, that one's concern about error as well as one's concern about ethics are positively related to one's support for a policy of adopting IS audit in an organization.
Future research can investigate what other organizational policies and practices individuals may demand and support as a result of their concerns about error and ethics of information management in organizations. It may also be useful to identify other independent variables related to information management in organizations that may be related to demand for information systems audit. Similar studies can also be conducted in organizations that are in other information intensive industries such as hospitals, banks, insurance companies and credit reporting companies
Bennett, C. J. (1992). Regulating privacy: Data protection and public policy in Europe and the United States. Ithaca, NY: Cornell University Press.
Burgstahler, D., Glover, S. M., & Jiambalvo, J. J. (2000). Error projection and uncertainty in the evaluation of aggregate error. Auditing: A Journal of Practice & Theory, 19(1), 79-99. doi: 10.2308/aud.2000.19.1.79
Cox, J. (2005, July) Schools battle personal data hacks. Network World, 22(20), p. 8. Retrieved December 1, 2006, from http://www.networkworld.com/article/2312850/lan-wan/schools-battle-personal-data-hacks.html
Culnan, M. J., & Armstrong, P. K., (1999). Information privacy concerns, procedural fairness, and impersonal trust: An empirical investigation. Organization Science, 10(1), 104, 12p. doi: 10.1287/orsc.10.1.104
Date, C. J. (1986). An introduction to database systems (4th ed.). Reading, MA: Addison-Wesley.
Drucker, P. F. (1988, January). The coming of the new organization. Harvard Business Review, 48-53.
Johnson, D. G. (2006). Corporate excellence, ethics, and the role of IT. Business and Society Review, 111, 457-470. doi: 10.1111/j.1467-8594.2006.282_1.x
Kling, R. (1978). Value conflicts and social choices in electronic funds transfer systems developments. Communications of the ACM, 21(8), 642-657. doi: 10.1145/957859.957863
Laudon, K. C. (1986). Dossier society: Value choices in the design of national information systems. New York, NY: Columbia University Press.
Linowes, D. F. (1989). Privacy in America: Is your private life in the public eye? Urbana, IL: University of Illinois Press.
Mahmood, M. A., & Becker, J. D. (1985). Effect of organizational maturity on end-users' satisfaction with information systems. Journal of Management Information Systems, 2(3), 37-64.
Mason, R. O., Mason, F. M., & Culnan, M. J. (1995). Ethics of information management. Thousand Oaks, CA: Sage Publications.
McFadden, K. L., Stock, G. N., & Gowen, C. R., III. (2006). Exploring Strategies for Reducing Hospital Errors. Journal of Healthcare Management, 51(2), 123-136.
Miller, A. (1982). Computers and privacy. In W. M. Hoffman & J. M. Moore (Eds.) Ethics and the management of computer technology: Proceedings of the Fourth National Conference on Business Ethics, Cambridge, MA: Oelgeschlager, Gunn, and Hain Publishers, Inc.
Mollick, J. S. (2006). Do concerns about error in data and access to data affect students' feeling of alienation? Journal of Information Privacy and Security, 2(1), 29-45. doi: 10.1080/15536548.2006.10855785
Mollick, J. S. (2007). Do concern about error and profiling correlate with students' demand for formal information management procedures at universities? The Journal of Academic Administration in Higher Education, 3(1 & 2), 33-42.
Mowshowitz, A. L. (1976). The conquest of will: Information processing in human affairs. Reading, MA: Addison-Wesley.
Payne, D., & Landry, B. J. L. (2005). Similarities in business and IT professional ethics: The need for and development of a comprehensive code of ethics. Journal of Business Ethics, 62(1), 73-85.
Privacy Protection Study Committee (PPSC). (1977). Personal privacy in an information society. Washington, DC: U. S. Government Printing Office.
Reath, A. (2003). Value and law in Kant's moral theory. Ethics, 114(1), 127-155.
Rousseau, D. M., & Parks, J. M. (1993). The contracts of individuals and organizations. Research in Organizational Behavior, 15(1), 1-43.
Rousseau, J-. J. (1947). The social contract (C. Frankel, Trans.). New York, NY: Hafner Publishing Company. (Original work published 1762).
Schaefer, A. G., & Cassidy, M. (2006). Internal audits and ethics education: A holy alliance to reduce theft and misreporting. Employee Relations Law Journal, 32(1), 61-84.
Smith, H. J. (1994). Managing privacy: Information technology and corporate America. Chapel Hill, NC: University of North Carolina Press.
Smith, H. J., & Milberg, S. J. (1996). Information privacy: Measuring individuals' concerns about organizational practices. MIS Quarterly, 20(2), p167-196. doi: 10.2307/249477
U. S. Department of Health, Education, and Welfare (HEW). (1973). Records, computers, and the rights of citizens: report pf the Secretary's Advisory Committee on Automated Personal Data Systems (DHEW Publication No. (OS)73-94). Washington, DC: U. S. Government Printing Office.
Vitell, S. J., & Hidalgo, E. R. (2006). The impact of corporate ethical values and enforcement of ethical codes on the perceived importance of ethics in business: A comparison of U.S. and Spanish managers. Journal of Business Ethics, 64(1), 31-43. doi: 10.1007/s10551-005-4664-5
Vitell, S. J., Paolillo, J. G. P., & Thomas, J. L. (2003). The perceived role of ethics and social responsibility: A study of marketing professionals. Business Ethics Quarterly, 13 (1), 63-86. doi: 10.5840/beq20031315
Wagner, C. G. (2006, July). Information security's biggest enemy. Futurist, 40(4), 11.
Westin, A. F., & Baker, M. A. (1972). Databanks in a free society: Computers, record keeping and privacy. New York, NY: Quadrangle Books.
Joseph S. Mollick, Ph. D.
Texas A & M University-Corpus Christi
Appendix A: Survey Questionnaire The purpose of this survey is to analyze students' attitudes and opinions about information management functions at universities. The term IS stands for information systems. Please honestly express your opinion about each statement presented to you and circle the number that best indicates your level of agreement with each statement presented to you. Your responses will be anonymous and confidential. Your student status: 1. Graduate 2. Undergraduate Your academic major or concentration: How many hours do you spend on the Internet every week? (Type the number of hours.) How many hours do you spend on the computer every week? (Type the number of hours.) Your gender: 1. Male 2. Female Your age: 1 = 2 = 3 = 4 = 5 = Strongly Disagree Slightly Uncertain Slightly Disagree Disagree Agree 1 2 3 4 5 6 7 All the personal information in SIUC's computer databases should be double-checked for accuracy against errors in data entry or updating. 1 2 3 4 5 6 7 Universities should take more steps to make sure that the personal information about students in their files is accurate and free from recording errors. 1 2 3 4 5 6 7 A university should have the best procedures to correct errors in personal information. 1 2 3 4 5 6 7 A university should devote more time and effort to verifying the accuracy of students' personal information in its databases. 1 2 3 4 5 6 7 The method for ensuring the accuracy of the data should be adequate. 1 2 3 4 5 6 7 System designers and planners should make sure that the person who can be held responsible for data accuracy problems can be clearly identified. 1 2 3 4 5 6 7 Errors in estimation and the degrees of uncertainty should be adequately reported to information takers, users and stakeholders. 1 2 3 4 5 6 7 The fidelity, accuracy, and integrity of the information should be maintained throughout its transmission. 1 2 3 4 5 6 7 A university's IS objectives and uses of its hardware, software and data should be consistent with the social ethical values of the university, its employees, students and the society in which it operates. 1 2 3 4 5 6 7 The university's IS should not harm one group such as students to please or satisfy another group such as employees, managers, citizens, and lenders. 1 2 3 4 5 6 7 The needed data should be subject to potential uses that are morally defensible. 1 2 3 4 5 6 7 The decisions and actions taken on the basis of the information provided should be consistent with the overall social-ethical value of the university, its students, employees and the society in which it operates. 1 2 3 4 5 6 7 Audits such as ethical checks of information should be conducted on a regular basis to ensure that any new ethical issues that arise across the organization or within the information handling functions are identified and dealt with. 1 2 3 4 5 6 7 Enforcement mechanisms such as information systems audit or other means should be available to ensure compliance of a university with ethical principles of information management. 6 = 7 = Agree Stro Agre Descriptive Statistics X1=Concern X2=Concern Y=Support About Error About Ethics for IS Audit Mean 5.88 5.56 5066 Standard Error 0.05 0.05 0.07 Median 6 5.5 6 Mode 6 5.5 6 Standard Deviation 0.660 0.713 0.997 Sample Variance 0.436 0.508 0.995 Kurtosis 2.100 -0.609 0.186 Skewness -0.951 0.028 -0.703 Range 3.875 3 4.5 Minimum 3.1525 4 2.5 Maximum 7 7 7 Count 187 187 187 Confidence Level (95.0%) 0.0953 0.1028 0.1439 Table 1: Descriptive Statistics. Summary Output Regression Statistics Correlation Matrix Multiple R 0.6601 X1=Concern About Error R Square 0.4357 X2=Concern About Ethics Adjusted R Square 0.4296 Y=Support For IS Audit Standard Error 0.7532 Observations 187 Estimated Regression Model y=-1.38468+0.127075 *X1+0.30202*X2 ANOVA Y=demand for IS audit df SS Regression 2 80.61 Residual 184 104.39 Total 186 185.00 Regression Statistics X1=Concern X2=Concern Y=Support AboutError AboutEthics For IS Audit Multiple R 1 R Square 0.4687 1 Adjusted R Square 0.5388 0.5894 1 Standard Error Observations ANOVA MS F Significance F Regression 40.31 71.04 0.000000 Residual 0.57 Total Coefficients Standard Error T Stat P-value Intercept -0.6923 0.5445 -1.272 0.205122 X1=Concern About Error 0.5083 0.0947 5.368 0.000000 X2=Concern About Ethics 0.6040 0.0877 6.886 0.000000 Lower 95% Upper 95% Intercept -1.766536611 0.381857337 X1=Concern About Error 0.321481883 0.695119801 X2=Concern About Ethics 0.430968426 0.77711262 Table 2: Regression and Correlation.
|Printer friendly Cite/link Email Feedback|
|Author:||Mollick, Joseph S.|
|Publication:||Communications of the IIMA|
|Date:||Jan 1, 2014|
|Previous Article:||The effects of text complexity on online review helpfulness.|
|Next Article:||Evaluation of professional quality reports for U. S. automotive market between 2001 and 2012.|