Digital Governance and Data Security: The Impact of IT Governance Maturity on Compliance, Fraud Prevention, and Investor Confidence

##plugins.themes.bootstrap3.article.sidebar##

Download
Published: Sep 30, 2024
DOI: https://doi.org/10.54209/simangunsong.v2i2.103
Keywords:
IT governance, digital governance, data security, compliance, fraud prevention, IT governance maturity (ITGM), critical data intensity (CDI), investor trust, cost of equity (COE), bid–ask spread, valuation, valuation (Tobin's Q/PBV)
Issue
Vol. 2 No. 2 (2024): Simangunsong : Journal of Business Administraion, Management, Economic And Accounting
Section
Articles
Statistics Article
Article View : 31 Times

##plugins.themes.bootstrap3.article.main##

Rian Sucipto
Universitas Budi Darma

Abstract

This study assesses the influence of IT governance maturity
(ITGM) on compliance (COMPLY), fraud prevention (FRAUDP),
and investor trust in data-intensive public companies across
sectors. Using a firm-year panel design (±2019–2025), we construct
an ITGM index based on auditable documentary evidence
(structure & roles, policies & controls, risk management,
compliance & audit, incident resilience, culture & training) and two
mediator constructs—COMPLY and FRAUDP. Investor trust is
proxied using cost of equity (COE), bid–ask spread, Tobin's Q/PBV,
and analyst coverage. The relationships are tested through fixedeffects
panel regression (firm & year), mediation tests
(bootstrap/SEM), and moderation by critical data intensity (CDI),
with robustness tests (alternative proxies, index redefinition,
winsorizing). The results show that ITGM has a positive effect on
COMPLY and FRAUDP, and both reduce COE and increase
valuation (Q/PBV)—confirming the dual mediation mechanism from
IT governance to investor confidence. Furthermore, the effect of
ITGM is stronger in firms with high CDI, underscoring the
importance of data materiality. The findings remain consistent
across robust specifications. The study's contributions include the
integration of comprehensive and auditable maturity measures, the
exploration of dual mediation paths that explain value channels,
and the examination of materiality moderation to enhance the
relevance of policies and practices. Practical implications
recommend strengthening IT governance structures, implementing
measurable controls, and transparent, metrics-based disclosures
to build sustainable market confidence.

##plugins.themes.bootstrap3.article.details##

References
ISACA. (2019). COBIT 2019 Framework: Governance and Management Objectives.
ISACA. ISACA+1
ISO. (2022). ISO/IEC 27001:2022 — Information security management systems —
Requirements. International Organization for Standardization. ISO+1
ISO. (2019). ISO/IEC 27701:2019 — Security techniques — Extension to ISO/IEC 27001
and ISO/IEC 27002 for privacy information management. International
Organization for Standardization. ISO+1
NIST. (2024, Feb 26). The NIST Cybersecurity Framework (CSF) 2.0. National Institute
of Standards and Technology. https://doi.org/10.6028/NIST.CSWP.29 NIST
Digital Governance and Data Security: The Impact of IT Governance Maturity on Compliance,
Fraud Prevention, and Investor Confidence – Rian Sucipto
Page 70 of 9
Publications+1
Weill, P., & Ross, J. W. (2004). IT Governance: How Top Performers Manage IT Decision
Rights for Superior Results. Harvard Business School Press. Amazon+1
De Haes, S., & Van Grembergen, W. (2013). IT governance and process maturity: A
multinational field study. Journal of Information Systems, 27(1), 157–188. AAA
Publications
Tuttle, B., & Vandervelde, S. D. (2007). An empirical examination of CobiT as an internal
control framework for information technology. International Journal of Accounting
Information Systems, 8(4), 240–263. ScienceDirect
Oh, W., & Pinsonneault, A. (2017). IT governance and the maturity of IT risk
management. Journal of Information Systems, 31(1), 59–81. AAA Publications
Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). The effect of Internet security
breach announcements on market value. International Journal of Electronic
Commerce, 9(1), 69–104. UT Dallas Personal Website+2Taylor & Francis
Online+2
Kannan, K., Rees, J., & Sridhar, S. (2007). Market reactions to information security
breach announcements. Information Systems Frontiers, 9(1), 129–139. JSTOR
Havakhor, T., et al. (2020). Cybersecurity Investments and the Cost of Capital (WEIS
2020). weis2020.econinfosec.org
Havakhor, T., & co-authors. (2021). Disclosure of Cybersecurity Investments and the
Cost of Capital (working paper). SSRN. SSRN+1
U.S. SEC. (2023/2024). Cybersecurity Risk Management, Strategy, Governance, and
Incident Disclosure (Final Rule & guidance). Federal Register / SEC statements.
Federal Register+2SEC+2
COSO. (2013). Internal Control—Integrated Framework. Committee of Sponsoring
Organizations of the Treadway Commission. COSO+1
ACFE. (2024). Occupational Fraud 2024: A Report to the Nations. Association of
Certified Fraud Examiners. ACFE+2ACFE+2
Deloitte. (2023, Apr 21). Using the COSO Framework to establish internal controls over
sustainability reporting. DART/Heads Up. (Relevan untuk pengendalian &
kepatuhan). DART
EY. (2024, Oct 15). 2024 cyber disclosure trends. (Ringkasan tren pengungkapan tata
kelola & risiko siber pasca-aturan SEC). EY
NIST. (2024, Feb 26). The NIST CSF 2.0 is here! (CSRC news). NIST Computer Security
Resource Center
ISACA. (2020, Jul 27). Effective Capability and Maturity Assessment Using COBIT 2019.
ISACA Industry News. ISACA
SEC. (2022). Cybersecurity Risk Management for Investment Advisers, Registered
Investment Companies, and Business Development Companies (Proposed Rule)