Risks, controls and governance associated with internet of things technologies on accounting information

Adopting Internet of Things (IoT) as part of a business's operations could generate value for a business through data generation and integration, as well as enhanced information quality, by gathering information in real-time through sensor technologies embedded in uniquely identifiable physical or virtual objects. In order for a business to enhance its information capabilities, they may be quick to adopt IoT, without fully understanding its enabling technologies and associated risks. The objective of this paper is to identify the risks financial information faces when implementing IoT technologies in accounting and auditing environments in a business. It is imperative that financial information retain its characteristics of validity, accuracy, completeness and timeliness when IoT is deployed in a business. The study also recommends appropriate controls which can be implemented to mitigate the risks. A systematic literature review was conducted to define IoT and to acquire an understanding of the enabling technologies of IoT. In order to identify the risks underlying the technologies enabling IoT comprehensively, it was necessary to select a governance framework which could be utilised as a benchmark for a complete list of risks and controls. The understanding gained of IoT technologies was mapped against the COBIT 5 processes relating to accounting information risks to identify the relevant threats and to recommend possible controls. A risk-matrix was developed to identify key risks and mitigate controls. The identified risks for financial information centred on data integrity, confidentiality, authenticity, network availability and semantic technology vulnerabilities. A multi-layered approach of technical and non-technical internal controls, including a policy component, was formulated to mitigate the identified risks to an acceptable level.