internal and external audits, security reviews of cloud
infrastructure, and compliance checks, to ensure that
its IT systems can withstand external threats.
Furthermore, the introduction of third-party audit
firms enhances audit independence, ensuring that the
founders' control does not compromise the objectivity
of audit results.
5 CONCLUSIONS
Although the dual-class share structure provides a
stable long-term governance framework for
companies, it also poses unique challenges for IT
audit. Companies like Alphabet Inc., with dual-class
structures, have demonstrated how to maintain audit
independence and transparency in an environment
with significant managerial control through
comprehensive IT audit practices. Drawing from the
case of Alphabet Inc., the following best practice
recommendations for IT audit in dual-class
companies are proposed:
(1) Ensuring IT Audit Independence: Under a
dual-class structure, management's control may pose
a potential threat to audit independence. Therefore,
companies should ensure that IT audits are conducted
by independent third parties and further strengthen the
role of the audit committee to prevent excessive
management interference in the audit process.
(2) Enhancing Audit Transparency: Companies
should establish mechanisms to regularly disclose IT
audit results to shareholders. It is recommended that
key findings and countermeasures from IT audits be
reported to shareholders at least quarterly. Specific
steps include identifying key risks during the audit,
categorizing them, detailing the potential impact of
each risk and management measures in the quarterly
report, and setting a disclosure schedule to ensure
timely communication. Companies should also hold
an annual IT governance transparency meeting to
communicate audit results and governance
improvement plans directly with shareholders,
thereby enhancing trust and engagement.
(3) Strengthening Risk Management and
Emergency Response: Dual-class companies should
place special emphasis on risk management for
information systems and conduct regular
cybersecurity tests and emergency response drills. IT
audits should cover these areas to ensure that
companies can respond swiftly and effectively to
information security threats, thereby minimizing
losses and compliance risks.
(4) Continuous Monitoring and Improvement: IT
audit should not be limited to annual audits but should
be a process of continuous improvement. Companies
should regularly review and optimize their IT audit
processes to ensure that audit practices can keep pace
with rapidly evolving technological changes and
constantly emerging security challenges.
By adopting these best practice recommendations,
dual-class companies can more effectively address
the unique challenges of IT audit, enhancing audit
independence and transparency. In the future, as
technology and regulations continue to change,
companies will need to continuously monitor and
improve their IT audit practices to ensure that their
governance structures do not negatively impact the
independence of the audit process.
In conclusion, while the dual-class share structure
provides a guarantee of long-term control, it raises
new issues regarding audit independence and
transparency. By drawing on the IT audit practices of
Alphabet Inc. and adopting the above best practice
recommendations, companies can maintain stable
governance structures while optimizing their IT audit
processes. Future research could further explore how
different types of dual-class companies implement IT
audit in complex governance environments to provide
more targeted audit strategies.
REFERENCES
Alphabet Inc., 2023. Form 10-K Annual Report for the
Fiscal Year Ended December 31, 2023. United States
Securities and Exchange Commission.
Forst, A., Hettler, B. R., 2019. Disproportionate Insider
Control and the Demand for Audit Quality. AUDITING:
A Journal of Practice and Theory, 38(1):171-191.
Gu, Y., 2023. Research on Enterprise Information System
Audit Based on COBIT Framework. Market Weekly,
(10): 158-161.
Harvard Law School Forum on Corporate Governance.
2022. Re-Thinking The Hostility Towards Dual-Class
Share Structures. Harvard Law School Forum on
Corporate Governance.
International Business Machines Corporation., 2023. Form
10-K Annual Report for the Fiscal Year Ended
December 31, 2023. United States Securities and
Exchange Commission.
Liu, S., 2020. Research on the correlation between dual
ownership structure characteristics and audit quality:
based on empirical evidence of US dual ownership
structure listed companies. National Circulation
Economy, (24): 128-132
Mambu, J. Y., Wulyatiningsih, T., Adam, S., 2024.
Applying COBIT 2019 to Design a Tailored IT
Governance System for PT. Telekomunikasi Seluler
Manado Branch. Jurnal Informasi dan Teknologi, 6(2):
229-237.