The impact of computerized internal controls adaptation on operating performance

The development and application of information technology makes it possible to automate the tasks of approving, recording, processing and reporting of transactions. To ensure operational performance, financial reporting reliability and legal compliance, internal control mechanisms should be gradually constructed into the information systems, according to the computerization of the enterprise, in order to continue to exercise the internal controls. Therefore, the main purpose of this study was to develop a model, in which internal controls adaptability affects internal controls efficacy and operating performance, and internal controls efficacy influences operating performance. Research hypotheses derived from the model were tested using regression analysis on the questionnaire data and financial data from Taiwanese listed companies. The results showed that not only internal controls adaptability had an impact on internal controls efficacy and operating performance, but also internal controls efficacy had a partial influence on operating performance. The research findings could be a theoretical foundation for further study.


INTRODUCTION
The development and application of information technology (IT) makes it possible for companies to support operations with IT systems in order to improve operating performance.The approval, recording and processing of transactions, as well as the generation of reports can be automated, to ensure operational effectiveness and efficiency, financial information reliability, and legal compliance (Bailey, 1985;Baird and Rasmussen, 2002;Cunningham, 2004;Gelinas et al., 1999;Korvin et al., 2004).Companies have to adjust the techniques and methods of internal controls in accordance with computerization, in order to exercise effective controls.The internal control techniques used in an IT environment are quite different from those used in a manual environment.Transactions are automatically triggered or executed in an IT environment, and the internal controls are supported *Corresponding author.E-mail: kootl@mail.usc.edu.tw.Tel: 886-2-29377645.
with information technology.Therefore, the internal control techniques in a manual environment cannot be migrated to an IT environment (Hardy and Reeve, 2000).
The formation of paperless trading environment means changes of the internal control techniques are required, so as to ensure consistency with the IT environment and the efficacy of internal controls.Therefore, the adaptations of internal control techniques are a critical management issue in order to ensure the efficacy of internal controls and the achievement of operational objectives.
In the IT environment, the quality of internal controls adaptation affects operations and management, and in turn, influences the efficacy of internal controls (Masli et al., 2010).Internal controls aim to ensure the reliability of financial information, the effectiveness and efficiency of operations and the compliance of laws and regulations (Zhang, 2007).Therefore, the efficacy of internal controls can be divided into the reliability of financial information, the effectiveness and efficiency of operations and the compliance with laws and regulations.The efficacy of the control over financial information reliability allows managers to gain a timely and in-depth understanding of business operations.This empowers them to make the right decisions and improve operational performance (Bianco and Casavola, 1999;Hoitash et al., 2009;Wright and Wright, 1996;Zhang, 2007).The effectiveness and efficiency of operations ensures the outcomes of resources utilization reduce unnecessary waste in operational activities and eventually boost operating performance (Hansen, 1997;Masli et al., 2010).The control efficacy of the compliance with laws and regulations can prevent illegal or fraudulent behavior and ensure operating performance (Altamuro and Beatty, 2010;Hoitash et al., 2009;Willingham and Wright, 1985).
The robustness of an internal control system affects the efficacy of internal controls.Meanwhile, the efficacy of internal controls influences operational performance via information reliability, operational effectiveness and efficiency, and legal compliance (Bianco and Casavola, 1999;Hoitash et al., 2009;Zhang, 2007).In the IT environment, adaptations on computerized internal controls have effects on the efficacy of internal controls and the performance of operations.In fact, the efficacy of internal controls also affects operating performance.
Literature suggests the importance of computerized controls on operations (Hardy and Reeve, 2000;Hansen, 1997;Hoitash et al., 2009;Zhang, 2007).However, there are no discussions regarding how the adaptability of computerized controls affects operational performance through the efficacy of internal controls.Therefore, this paper reviewed literature and examined how the adaptability of computerized controls affects operational performance through the efficacy of internal controls.Meanwhile, this paper referred to operational metrics such as ROA (return on assets), ROE (return on equity) and EPS (earnings per share) as dependent variables to perform an empirical study on how the adaptability of computerized controls affects operating performance and the efficacy of internal controls, and how the efficacy of internal controls affects operating performance.

Internal controls
Internal controls, implemented by the board of directors, management and others, aim to provide a reasonable assurance of the reliability of financial reporting, the compliance with laws and regulations and the effectiveness and efficiency of operating (Bailey, 1985;Baird and Rasmussen, 2002;Cunningham, 2004;Gelinas et al., 1999;Korvin et al., 2004).The quality of the design of internal controls, more often than not, is critical to the success of an organization.Therefore, to ensure the efficacy of internal controls, managers have topay attention to the design of internal controls.

Yang et al. 8205
The internal control-integrated framework proposed by COSO (Committee of Sponsoring Organizations of the Treadway Commission) consists of five control components, which are, the control environment, risk assessments, control activities, information and communication, and monitoring.The control environment is the foundation of the other four components (Gelinas et al., 1999).Risk assessments refer to the process of identifying and evaluating risks.Control activities are a set of policies and procedures to assist and ensure the implementation of the instructions from management.The setup and execution of these policies and procedures should target identified risks.Information is defined as the objects the IT system identifies, measures, processes and reports.Information can be generated internally or acquired externally.Information aims to assist decisionmakers in reaching decisions.Communication is the process of delivering information to others.Monitoring is the process of evaluating internal control implementations, in order to decide whether control activities are still relevant, whether risks can still be identified and whether the design and implementation of control activities remain effective.
Companies have to implement various control measures to achieve targets.On the basis of the timing of control events, internal controls can be divided into preventive controls, detective controls and corrective controls (Gelinas et al., 1999).Preventive controls are exante in nature, such as the control over accounts and passwords for the prevention of illegal uses from logging into the system.Detective controls are the control over the happening of events, for example, the inspection of product codes to confirm the existence of products.Corrective controls are ex-post nature.For example, an automated procurement system can calculate the procured quantity once the inventory falls below a control point, and then generate a purchase order to make up for the inventory shortfall.
The execution of internal controls can be divided into manual controls and computerized controls (Bodnar and Hopwood, 1998).Manual controls refer to the control mechanisms implemented by users, for example, manual reviews of the results processed by the computer.Computerized controls refer to the automated control run by computer programs, such as a check on whether debts and credits are balanced in the accounting entries made by users.
According to No. 3 of the Statements of Auditing Standards (SAS) set forth by the American Institute of Certified Public Accountants (AICPA), the structure of internal controls in the EDP environment can be divided into general controls and application controls (Klamm and Watson, 2009).General controls can be further divided into organization and operation controls, systems development and documentation controls, built-in equipment controls, access controls and other data and procedural controls.Application controls can also be further divided into input controls, processing controls and output controls.In other words, general controls are about the control of the whole IT environment, with the goal of ensuing the security and reliability of the IT system.Application controls are about the control over application software, aiming to maintain the accuracy and integrity of data from inputs when processed to outputs.Regardless of how perfect the design of an internal controls system, it is difficult to completely work out the functions of internal controls, due to practical limitations and the cost/benefit tradeoff, as well as the continued likelihood of illegal activities (Lainhart, 2001;Pathak, 2003).

The assessment of enterprise computerization
The digitalization, mobilization and ubiquity of information technology extend the virtual boundaries of organizations.As a result of the integration of workflows both inside and outside the organization, electronic transaction data has replaced paper-based data (Hong and Kar, 2006;Serenko et al., 2008).The extension of virtual boundaries of organizations and the digitalization of internal and external transaction data lead to organizational transformations and changes in corporate structures, flows and behavior (Borthick and Roth, 1993;Burton, 2000;Burnes, 2005;Gelinas et al., 1999;Mutsaers, 1998;Trites, 2004;Weerakkody and Hinton, 1999).The adoption of new information technology extends the reach of IT systems and changes the integrated processing capacity of transaction data.As a result, corporate structures, work flows and behavior also shift.The computerization process to extend the reach of the IT system and the capability to integrate and process transaction data is, in essence, the transformation process of corporate structures, work flows and behavior.Therefore, the enterprise computerization can be explained using the extensibility of information systems and integrated processing capability of transaction data as two indicators (Hong and Kar, 2006;Krishnan et al., 2005;Serenko et al., 2008).
IT systems may consist of platforms such as a single computer, LANs (local area networks) and the Internet.LAN-based IT systems have a stronger extension capability than single-computer-based systems, and Internetbased systems are even stronger than LAN-based systems in terms of extension capacity.As far as the transaction integration is concerned, manufacturing resources planning systems are better than material requirement planning systems, and enterprise resources planning systems are superior to manufacturing resources planning systems.

The adaptation of computerized internal controls
The adoption of new information technology means computerized controls should be built into the IT system.The higher the degree of computerization, the more likely transactions will be generated or implemented automatically.Hence, computerized controls will gradually replace manual controls, in order to establish an automated and timely control mechanism.Jackson (2000) indicated that despite constant advances of information technology, many internal auditors stick to the traditional approach of control applications and IT system controls.This is how many internal control defects emerge.Tuttle and Vandervelde (2007) suggested that the responsibility of computer auditors is to ensure that the control and security of the IT system is taken into consideration during its planning and development.Given the development and application of information technology, it is necessary to switch internal controls from the traditional manual approach to an automated and programmed approach in order to ensure security and reliability of the IT system (Masli et al., 2010).Bierstaker et al. (2003) indicated that changes of the IT environment affect internal control techniques and audit methods.Therefore, adaptation is required between computerization and internal control techniques.Weber (1982), and Davis and Weber (1986) proposed an adaptation model for internal control and audits based on the theory of a computerized data processing system.This system consists of nine levels, that is, environment, organization, user divisions/departments, the data processing facility, data processing systems, computer data processing subsystems, components, controls and audit procedures.Adjustments are made to the environment or technology of the lower level in response to dynamic pressure from the upper level, in order to identify the control and audit techniques required.Therefore, the IT environment affects IT system changes, the IT system influences changes of the internal control techniques, and the internal control techniques drive changes of the audit procedures and methods.
The development and application of information technology changes the extensibility of information systems that support an organization and the integrated processing capability of transaction data.The extensibility of information systems that support an organization refers to the level of openness of the extensibility of information systems networks.In other words, it is an indicator of whether transaction data can be entered in a timely manner.An open information system allows operators to immediately input transaction data no matter where the transactions take place.To ensure the security and reliability of operations, it is necessary for the internal control mechanism to acquire transaction data on a timely basis.A timely internal control mechanism should be deployed to ensure the efficacy of internal controls.The integrated processing capability of transaction data refers to the capability to integrate and process the data of related transactions via networks and databases.In such a paperless IT environment, managers should establish a programmed and automated internal control mechanism to implement automated control and ensure internal controls efficacy.
The maturity of IT applications and the development of network technologies mean there are no restrictions of time or space on the extensibility of the information systems.No matter where the transactions occur, operators can immediately enter transaction data into an information system over open network.The maturity of network and database technologies makes it possible to integrate and process transaction data across divisions over networks and databases.In a paperless and digital trading environment, internal control techniques must be timely and automated to ensure control efficacy and achieve operational goals (Bierstaker et al., 2003;Davis and Weber, 1986).Therefore, this paper referred to internal controls automation and internal controls timeliness as the two indicators to explain internal controls computerization.
According to Figure 1, enterprise computerization consists of the integrated processing capability of transaction data and the extensibility of information systems.The internal controls computerization consists of the internal controls automation and the internal controls timeliness.Any increase of computerization means the adaptations of automation and timeliness of internal controls become necessary on the basis of the integrated processing capability of transaction data and the extensibility of information systems.The establishment of computerized internal controls is essential to ensure the efficacy of internal controls.Throughout the computerization process, certain corporate characteristics make it impossible to adapt internal control techniques accordingly, and hence, internal control deficiencies occur.The quality of the adaptation towards computerized internal controls influences the efficacy of internal controls and the performance of corporate operations.

Hypotheses development
Companies are utilizing IT and network technologies to integrate functions across the value chain so as to best allocate limited resources, to exercise effective control, and to achieve operational goals.Hardy and Reeve (2000) indicated that a reliable internal control structure aims to ensure information accuracy in the integration process of the EDI (electronic data interchange) system.Davis and Weber (1986) argued that the application of control procedures and methods at the right time and in the right environment can achieve good cost efficiency.Doty et al. (1989) suggested that internal control methods

Internal control automation
Internal control timeliness

Extensibility of information systems
Integrated processing capability of transaction data Adapting should be in line with the structure of the databases from the perspective of database designs, in order to adjust internal control formats, ensure internal control efficacy and boost operational performance.Harper (1986) examined the level of computerization in the context of network developments.Networks and optical infrastructure speed up transmissions and data exchanges between computers.As a result, management is more able to exercise timely controls and achieve business objectives.Therefore, internal control techniques should change in accordance with the IT environment.The adaptability of computerized internal controls affect internal controls efficacy, and hence, operating performance.
Performance evaluations and control management are highly related.Operating performance plays a pivotal role in control management and affects the operations of the whole organization.Incentives and rewards to employees, as well as operational targets and overall goals, are all based on the evaluation of operating performance (Snell, 1992).There is extensive literature addressing operating performance, and most of it centers on the three financial metrics of ROE, ROA and ROS, as proposed by Venkatraman and Ramanujam (1986).This paper also referred to ROE and ROA but added EPS as another indicator to evaluate performance.These three dependent variables, ROE, ROA and EPS, were used to examine the influence of internal control efficacy on operating performance.
As Figure 2 illustrates, the adaptability of computerized internal controls affects internal control efficacy and operating performance.Internal control efficacy can be divided into the control efficacy of financial information reliability, the control efficacy of operating effectiveness and efficiency and the control efficacy of laws and regulations compliance.The efficacy of internal controls, in turn, affects operating performance.
The completion of the IT systems required for transacttions allows users to experience the efficiency and convenience brought about by the IT system.Users will request to integrate more functions into the IT systems in order to integrate and process transaction activities.After the replacement of the manual environment with the IT systems, it is necessary to deploy more computerized controls in order to avoid any control loopholes (Hardy and Reeve, 2000).If companies are able to adjust their computerized control mechanism according to the degree of IT applications, they will be able to ensure the reliability of financial information processing and boost the control efficacy of the financial information reliability (Hoitash et al., 2009).Hence, this study developed the following hypothesis: H 1 : The higher the adaptability of computerized internal controls, the better the control efficacy of financial information reliability.
With the deployment of the required internal control mechanisms into the IT system, the IT system can effectively and efficiently support transaction activities as well as ensure operational effectiveness and efficiency, information quality and legal compliance.This leads to the improvement of the control efficacy of operational effectiveness (Barra, 2010;Hoitash et al., 2009).Hence, this study developed the following hypothesis: H 2 : The higher the adaptability of computerized internal controls, the better the control efficacy of operating effectiveness and efficiency.Good adaptability of computerized internal controls and the deployment of the automated and timely internal control mechanisms in the IT system can prevent and detect in a timely-manner, any erroneous or illegal transactions.This improves the control efficacy of legal compliance (Hoitash et al., 2009).Thus, this study developed the following hypothesis:

Adaptability of
H 3 : The higher the adaptability of computerized internal controls, the better the control efficacy of laws and regulations compliance.
Internal controls are run to ensure the achievement of operational goals and performance (Boone et al., 2000).
The more enterprise computerization and internal controls are aligned, the more reliable the financial information, the smoother the operations and the better the legal compliance.This leads to internal control efficacy and operational performance improvements (Zhang, 2007).Return on assets (ROA) is an indicator of operating performance because it represents the efficacy and efficiency of asset utilization.There is a certain correlation between the adaptability of computerized internal controls, the efficacy of internal control and operating performance.Internal control efficacy also has a positive influence on operating performance (Bianco and Casavola, 1999;Zhang, 2007).Therefore, this study developed the following hypotheses: H 4 : The higher the adaptability of computerized internal controls, the higher the ROA.H 5 : The better the internal control efficacy, the higher the ROA.
Return on equity (ROE) is the speed of growth of shareholders' equity.It measures whether management's goals and the shareholders' goals are aligned.ROE is a valuation metric of operating performance.The adaptability of computerized internal controls and the efficacy of internal control affect operating performance (Hoitash et al., 2009).Thus, this study developed the following hypotheses: H 6 : The higher the adaptability of computerized internal controls, the higher the ROE.H 7 : The better the internal control efficacy, the higher the ROE.
Earnings per share (EPS) are the profitability of a company.The higher the EPS, the better the profitability per unit of capital is.A high EPS is the result of good marketing, technologies and management, which makes it possible to create better bottom lines with fewer resources.EPS is an important performance indicator.
The adaptability of computerized internal controls saves transaction costs and improves operational efficiency via operations and efficiency control efficacy.It Yang et al. 8209 also reduces cases of fraud and mistakes via the efficacy of control over legal compliance, and in turn, influences operating performance (Altamuro and Beatty, 2010;Barra, 2010).Hence, this study developed the following hypotheses: H 8 : The higher the adaptability of computerized internal controls, the higher the EPS.H 9 : The better the internal control efficacy, the higher the EPS.

Variables definitions
order to operate and measure the variables, Table 1 defines the related variables of this study.The adaptability of computerized internal controls refers to the capability of deploying computerized internal controls according to the levels of computerization.Enterprise computerization is defined as the integrated processing capability of transaction data plus the extensibility of information systems.The internal control computerization is defined as the internal controls automation plus the internal controls timeliness.Therefore, the adaptability of internal controls automation is defined as the internal controls automation divided by the integrated processing capability of transaction data.The adaptability of internal controls timeliness is defined as the internal controls timeliness divided by the extensibility of information systems.The adaptability of computerized internal controls is defined as the internal controls computerization divided by the enterprise computerization.The value of the adaptability of computerized internal control is between 0 and 1.A value of 0 means a complete lack of adaptability.A value 1 indicates the best adaptability.To ensure the validity of the questionnaire data, the samples with adaptability values of greater than 1 were deleted.

Measurement
The questionnaire survey consisted of four parts.Part 1 detailed the basic data of the sampled companies, and there were five items.Part 2 contained items about enterprise computerization.Part 3 contained a set of items on the computerization of internal controls.Part 4 contained items on internal control efficacy.There were ten items in Part 2 and these items were designed for IT personnel.The purpose was to acquire the assessment values of enterprise computerization.There were ten items in Part 3 and nine items in Part 4. These items were designed for auditing staff, in order to acquire the assessment values of the capability of computerizing internal controls and the efficacy of internal controls.The items in Parts 2, 3 and 4 were all based on the Likert scale.All items were positive statements.There are five answers to each question, stated as: "strongly agree" (5 points), "agree" (4 points), "uncertain" (3 points), "disagree" (2 points) and "strongly disagree" (1 point).Among the ten items in Part 2, items 1 to 5 aimed to evaluate the integrated processing capability of transaction data.Items 6 to 10 intended to assess the capability of extending the IT system.
Among the ten items in Part 3, items 1 to 5 sought to measure the capability of automating internal controls, whereas question 6 to 10 intended to gauge the timeliness of internal controls.Among the nine items in Part 4, items 1 to 3 aimed to assess the efficacy of control over financial information reliability, items 4 to 6 intended to measure the efficacy of control over the compliance of laws and regulations, and items 7 to 9 sought to evaluate the control efficacy of operational effectiveness and efficiency.

Variable Definition References
Enterprise Computerization

Integrated processing capability of transaction data
Capability of integrating and processing transaction data in the IT systems.Hong and Kar (2006), Krishnan et al. (2005) Weber (1982), Davis and Weber (1986)

Adaptability of timely internal controls
Internal controls timeliness divided by extensibility of information systems.

Control efficacy of financial information reliability
Internal control efficacy to ensure financial information reliability.Barra (2010), Boone et al. (2000) Control efficacy of operating efficacy and efficiency Internal control efficacy to ensure compliance with laws and regulations.

Control efficacy of law and regulation compliance
Internal control efficacy to ensure operational effectiveness and efficiency

Operating performance
Return on assets (ROA) Net income divided by average total assets Venkatraman and Ramanujam (1986), Snell (1992) Return on equity (ROE) After-tax profits divided by weighted average shareholders' equity Earnings per share (EPS)

Net income divided by the number of weighted average common shares outstanding
To ensure the content validity of the questionnaires, this paper developed the items by referring to relevant literature and the research model.The questionnaire was finalized with minor changes after a pre-test on the IT and auditing personnel of a large global corporation and other three companies.

Data collection
Listed companies tend to be large in scale, and are usually generous in IT investments.As heavy users of information technology, they have higher levels of computerization.This paper hence decided to randomly sample listed companies in Taiwan across different industries.A total of 601 companies were selected.The questionnaires were released to the CEOs of sampled companies by post or email in mid December 2010.The CEOs were requested to forward the questionnaires to relevant IT and audit personnel.The purpose of this survey was to gather construct data concerning the capability of computerization, the capability of computerizing internal controls and the efficacy of internal controls.Quantitative metrics, such as ROA, ROE and EPS, were sourced from the Taiwan Economic Journal.This paper referred to the mean values of the three most recent years (2007 to 2009).

ANALYSES AND RESULTS
There were 67 valid questionnaires returned, showing a response rate of 11%, which could still be accepted.Table 2 shows the descriptive statistics such as means and standard deviations of variables.According to Table 2, the mean values of IPCOTD and EOIS as two variables were both 20.27, and were close to the highest value of 25.In general, listed companies in Taiwan have high levels of computerization.The adaptability values, AOICA and AOICT, were 0.892 and 0.890, respectively.These numbers suggested a strong adaptability of computerized internal controls.In other words, most listed companies in Taiwan can adjust their internal controls in accordance with their levels of computerization.
Table 3 summarizes the descriptive statistics of ROA,

Reliability and validity
In order to evaluate the consistency of the construct factors, such as computerization capability, the capability of computerizing internal controls and the efficacy of internal controls, this paper referred to Cronbach α values to validate reliability.The Cronbach α values for integrated processing capability of transaction data, extensibility of information systems, internal controls automation, internal controls timeliness, control efficacy of financial information reliability, control efficacy of operating effectiveness and efficiency, and control efficacy of laws and regulations compliance were 0.869, 0.821,0, 841, 0.826, 0.709, 0.603 and 0.614, respectively.Five of them met the threshold of 0.7, as suggested by Ruble and Stout (1990).The other two 0.603 and 0.614 could also be accepted.These values demonstrated the reliability of the constructs was high.
Regarding the measurement of construct validity, this paper referred to seven indicators, that is, the integrated processing capability of transaction data (IPCOTD), the Extensibility of information systems (EOIS), the Internal controls automation (ICA), the internal controls timeliness (ICT), the control efficacy of financial information reliability (CEOFIR), control efficacy of operational effectiveness and efficiency (CEOOEAE) and the control efficacy of laws and regulations compliance (CEOLARC) for the confirmatory factor analysis.The results are shown in Table 4.The coefficient of each construct was larger than the coefficients with other constructs.In every domain, the factor loadings of items for each construct were greater than 0.5, and the factor loadings for other constructs were less than 0.5.This suggested that convergent validity and discriminant validity were good and that further analysis was possible (Mao et al., 2008).

Regression models
The proposed hypotheses were tested using regression analyses.The results are summarized in Table 5.The F values of the nine regression models all reached the significance level of 0.001, and the coefficients of the independent variables were all greater than 0. This suggested that there was a significant correlation between the independent variables and dependent variables.The modified coefficients were Adj R 2 = 0.685, Adj R 2 = 0.695, Adj R 2 = 0.700, Adj R 2 = 0.762, Adj R 2 = 0.735, the efficacy of internal controls, and the efficacy in turn affects operating performance.The internal control mechanism, however, will lead to operating performance only through the process of internal control efficacy.The comparison of the H 1 , H 2 and H 3 results and the H 5 , H 7 and H 9 results showed that the explanatory power of the capability of computerized internal controls on variances of operating performance indicators (that is, ROA, ROE and EPS) was stronger than that of internal control efficacy.In other words, the capability of computerized internal controls could better predict operating performance than internal control efficacy.The capability of computerized internal controls was therefore shown to be an effective predictor of operating performance.The H 5 , H 7 and H 9 results also showed the different levels of influence of the three independent variables, that is, the control efficacy of financial information reliability, the control efficacy of operational effectiveness and efficiency and the control efficacy of laws and regulations compliance on the dependent variables, which is, operating performance indicators of ROA, ROE and EPS.The control efficacy of financial information reliability had no significant influence on these three performance indicators, that is, ROA, ROE and EPS.Operational effectiveness and efficiency control efficacy had a significant influence on ROA and ROE, but not on EPS.Control efficacy on legal compliance had a significant influence on ROA, ROE and EPS.Control efficacy of financial information reliability may be relevant to external users of financial information but not directly related to internal operations.Hence, it did not have a direct impact on operating performance.Legal compliance may boost operating performance by reducing errors and fraudulent behavior, so it had direct effects on operating performance.
The major contribution of this paper was to examine the importance of the adaptation of computerized internal controls in a digital environment, and to perform an empirical analysis on the influence of such adaptation on internal control efficacy and operating performance.The deployment of automatic and timely computerized internal controls in an IT system, in accordance with the levels of computerization, means good adaptation capability in computerized internal controls.This will influence internal control efficacy and operational results.The results can serve as a foundation for further studies, as well as a reference in the deployment of internal controls for the adoption of a new IT system.
This paper endeavored to be robust in its approaches, but it had two research limitations due to environmental factors such as time, manpower and resources: 1.The empirical research was based on a questionnaire survey.It gauged the perceptions of respondents but could not ensure whether the respondents truly understood the items and provided factual answers.2. The research scope was limited to listed companies in Taiwan, pursuant to the Taiwan Securities and Exchange Commission.

Conclusion
Based on literature reviews and empirical studies, this paper proposed an adaption model for the computerization of internal controls, as a reference for the establishment of internal controls in an IT system along with the evolution of the IT environment.The adaptation capability of computerized internal controls and the efficacy of internal controls were defined as the dependent variables of internal control efficacy and operating performance in the regression analysis.The results showed that the adaptation capability of computerized internal controls had a significant influence on internal control efficacy and operating performance.However, the influence of internal control efficacy on operating performance indicators such as ROA, ROE and EPS was significant only in the case of certain independent variables.

Figure 2 .
Figure 2. The proposed research model.

Table 1 .
Definition of variables.

Table 2 .
Descriptive statistics of variables.

Table 3 .
Descriptive statistics of performance indicators.
DISCUSSIONThe adaptability of computerized internal controls affects