(The) relationships between IS control, control environment, and risks

Abstract

A special attention to electronic commerce(EC) on the Internet has been paid recently because it gives companies more opportunities for gaining competitive advantages. However, there are some possible obstacles that prevent companies from getting these benefits, which is called risks. These risks include competitive strategy, implementation, and security risks faced by applications of EC. Therefore, companies should minimize these risks at an acceptable level. This study addressed three research questions: (1) what risks might occur in EC applications?, (2) is the IS control effective in reducing these risks?, and what relationships exist between IS controls, risks, and control environment for EC? To answer these questions, we proposed IS control model for EC applications and its related hypotheses through the review of the literature. The result of the study was validated from data collected from a field study of 37 listed firms in Korea. Multiple regression and correlation analysis were used to test the research hypotheses. The results showed that the highest perceived risk is security risk, and that the competitive strategy and implementation risks are perceived relatively low. It was found that control environment affect IS controls. But the reduction of risks by IS control is partially supported and the moderating effect of control environment on the relationship between risks and IS control was not supported. Limitation of the study and further research issues are presented at the end.