Accounting Forum

ISSN: (Print) (Online) Journal homepage: https://www.tandfonline.com/loi/racc20

Cloud accounting risks and mitigation strategies:

evidence from Australia

Daisy Yau-Yeung , Ogan Yigitbasioglu & Peter Green

To cite this article: Daisy Yau-Yeung , Ogan Yigitbasioglu & Peter Green (2020): Cloud
accounting risks and mitigation strategies: evidence from Australia, Accounting Forum, DOI:
10.1080/01559982.2020.1783047

To link to this article: https://doi.org/10.1080/01559982.2020.1783047

View supplementary material

Published online: 07 Jul 2020.

Submit your article to this journal

Article views: 35

View related articles

View Crossmark data

Full Terms & Conditions of access and use can be found at

https://www.tandfonline.com/action/journalInformation?journalCode=racc20
ACCOUNTING FORUM
https://doi.org/10.1080/01559982.2020.1783047

Cloud accounting risks and mitigation strategies: evidence

from Australia
Daisy Yau-Yeung, Ogan Yigitbasioglu and Peter Green
School of Accountancy, QUT Business School, Brisbane, Australia

ABSTRACT ARTICLE HISTORY

Much has been written about the adoption and benefits of cloud Received 15 October 2019
computing in different contexts, yet it is not clear how cloud Accepted 11 June 2020
computing has affected the practice of accounting. This empirical
KEYWORDS
study applies transaction cost economics to explore the risks of Cloud accounting; cloud
cloud-based accounting systems and services in Australia and it accounting risks; software as
identifies several risk mitigation strategies adopted by a service (SaaS); transaction
organisations. The findings based on interviews with accounting cost economics; technology-
practices, amongst others, are classified according to the organisation-environment
Technology-Organisation-Environment framework. The evidence framework
suggests that cloud accounting not only introduces specific risks
to the “accounting process” but some of the known risks
associated with other cloud-based applications are more
pronounced. While transaction-specific factors such as vendor
selection and contractual arrangements were considered
important as risk mitigation strategies, internal measures including
policy development and staff training were seen as critical to
cloud accounting.

1. Introduction
Many organisations are moving to the “cloud” due to the advantages that the cloud model
affords such as low upfront costs and near-instant scalability of IT resources (Marston
et al., 2011). According to Gartner (2013, 2017), the size of the worldwide public cloud
market increased from US$109 billion in 2012 to $246.8 billion in 2017. The rapid rise
of cloud computing also opened up the possibility to move aspects of accounting practice
into the cloud (Deshmukh, 2005; Dimitriu & Matei, 2014b).
Cloud-based accounting systems and services are increasingly being promoted by pro-
fessional services firms and accounting practices (Masterman, 2016). However, according
to industry reports, the uptake of cloud accounting has been relatively slow and less than
expected (Bullock, 2017). For example, an earlier survey with CFOs in Australia and New
Zealand in 2013 reported an adoption rate of only 12% for cloud accounting (William
Buck, 2013). Also, Dimitriu and Matei (2015) reported that less than 30% of accountants
and business owners intended to migrate their accounting work to the public cloud. While
the use of public cloud computing (e.g. for email and document sharing) is now as high as

CONTACT Ogan Yigitbasioglu ogan.yigitbasioglu@qut.edu.au

Supplemental data for this article can be accessed https://doi.org/10.1080/01559982.2020.1783047
© 2020 University of South Australia
2 D. YAU-YEUNG ET AL.

91% according to some surveys (RightScale, 2018, 2019), why is it that organisations have
been slow to move to cloud accounting?
Although reports by the business press suggest that cloud accounting adoption in
countries such as Australia is increasing (CCH, 2013, 2014), it is argued that the slow
uptake of cloud accounting is attributed to a lack of research regarding its threats and
risks (Christauskas & Miseviciene, 2012; KPMG, 2015).
The slow uptake of cloud accounting is problematic, in particular for small and medium
enterprises (SME) that have most to gain from cloud accounting systems and services as
they often lack capital and expertise to host cutting edge hardware and software on
premise (Garengo et al., 2005; Marston et al., 2011). Because cloud computing offers IT
efficiency and agility through access to modern IT resources beyond other IT outsourcing
models (Leimeister et al., 2010; Yigitbasioglu, 2015), its uptake potentially can narrow the
divide between SMEs and large organisations’ IT capabilities (Riggins & Dewan, 2005).
This uptake in turn may lead to better SME capabilities, financial reporting and
decision-making, which highlights the importance of cloud-based accounting systems
and services.
While some studies discuss the risks of cloud accounting (Arsenie-Samoil, 2011; Dimi-
triu & Matei, 2014a; Păcurari & Nechita, 2013), most of these studies are speculative or
anecdotal, and they provide little empirical evidence about the actual risks faced by
cloud accounting users. Thus, research is needed to provide insights into the risks of
cloud accounting so as to uncover the uncertainties around this technology in the
context of accounting systems and services (Moll & Yigitbasioglu, 2019), which may
improve its uptake and governance. Given this gap, the objectives of this study are to
explore the specific risks associated with cloud accounting in organisations, as well as to
identify strategies to mitigate its risks.
This study uses transaction cost economics (TCE) as a lens because cloud accounting is
considered a form of outsourcing (Marston et al., 2011). TCE has been the dominant
analytical framework in the IT outsourcing literature to explain an organisation’s choice
to internalise processes/resources (e.g. accounting, IT) as opposed to purchasing them
externally (e.g. Ellram et al., 2008; Everaert et al., 2010; Lacity et al., 2011; Schermann
et al., 2016). While TCE has attracted some criticism in the literature, particularly in its
ability to predict the contract type between a buyer and a vendor (Alaghehband et al.,
2011; Lacity et al., 2011; Schermann et al., 2016), it remains a powerful theory as an indi-
genous theory of IT outsourcing is yet to be developed (Aubert & Rivard, 2016; Lacity &
Khan, 2016; Schermann, et al., 2016).
The use of TCE in the cloud computing literature is limited (Yigitbasioglu, 2014).
TCE may offer a valuable lens to study the risks of cloud accounting because many of
the concepts from TCE such as transaction costs, transaction uncertainty and asset specifi-
city are likely to be applicable (Williamson, 1981). We propose the following research
questions (RQ):
RQ 1: What are the risks associated with cloud accounting systems and services?

It is important that organisations address the risks of new technology when it is applied to
their context, in this case, accounting systems and services, as research has shown that
SMEs in particular are more vulnerable to the application of new technologies because
 ACCOUNTING FORUM 3

of limited resources (Poba-Nzaou et al., 2014; Sukumar et al., 2011). We therefore propose
a second research question:
RQ 2: What risk mitigation strategies are adopted by the users of cloud-based accounting
systems and services?

We address the above research questions by using a qualitative approach and we interview
directors, accountants, and IT personnel in accounting and professional service firms.
Semi-structured interviews provide an in-depth exploration of the risks associated with
cloud accounting as well as relevant risk mitigation strategies used by adopters. In
doing so, we contribute to the accounting literature by specifically examining the risks
of using cloud computing for accounting systems and services. This approach differs
from many prior studies on cloud computing that have taken a “blanket approach” to
explaining the use of the cloud. By contrast, our study contributes by adequately contex-
tualising the use of the cloud for providing accounting information and services to clients
(both internal and external to the organisation or firm) through identifying and examining
context-specific solutions (Hong et al., 2013). Without adequate contextualisation, it is
difficult to ascertain to what extent the findings of such “blanket approach”-cloud comput-
ing studies apply to cloud accounting. We argue that there are differences in the risks
involved when using cloud accounting systems and services as opposed to other, more
generic applications of cloud computing such as cloud-based email (e.g. Hotmail,
Gmail) or document sharing (e.g. Dropbox, OneDrive). Moreover, to the best of our
knowledge, this study is the first empirical study that specifically examines the risk of
cloud accounting systems and services in a mature economy.
The remainder of the paper is structured as follows. The following section outlines the
literature on cloud accounting systems and services and associated risks. This section also
reviews TCE and the Technology, Organisation and Environment (TOE) framework
where the latter is used to structure the findings of the study. Section 3 provides a descrip-
tion of the method used to address the research questions. The findings are presented in
Section 4 and Section 5 concludes the paper.

2. Literature review
2.1. Cloud accounting
Cloud accounting is a type of cloud computing application with the specific purpose of
processing financial data. It moves the installation, processing and data storage of the
accounting systems and services from on-premise to the remote servers of cloud service
providers (Dimitriu & Matei, 2015; Mihai, 2015) (Figure 1).
Cloud accounting applications are delivered as services over the Internet (Ruan, 2013).
As such, these resources are flexible and they can be accessed by different authorised
devices such as computers, tablets and smart phones (Cleary & Quinn, 2016; Williams,
2010). The National Institute of Standards and Technology (NIST) from the US Depart-
ment of Commerce (2011, p. 2) defines cloud computing as:
… a model for enabling ubiquitous, convenient, on-demand network access to a shared pool
of configurable computing resources (e.g. networks, servers, storage, applications, and ser-
vices) that can be rapidly provisioned and released with minimal management effort or
service provider interaction.
4 D. YAU-YEUNG ET AL.

Figure 1. Cloud accounting.

Cloud computing services are deployed in four different ways: private cloud, community
cloud, public cloud and hybrid cloud (Information and Communication Technology
Council, 2013; Katzan, 2010; NIST, 2011). There are three service models to provide
public cloud services: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and
Software as a Service (SaaS) (Information and Communication Technology Council,
2013; Katzan, 2010; NIST, 2011). SaaS is the largest segment of public cloud services world-
wide and cloud accounting is typically delivered as SaaS (Gartner Inc, 2016; Ionescu et al.,
2013a). Hence, the focus of this study is SaaS in a public cloud infrastructure setting.
Cloud vendors provide cloud accounting services for a subscription fee to businesses
and allow them to use the software to enter and process financial transactions (Dimitriu
& Matei, 2014a, 2014c). There are several cloud accounting vendors in Australia: Reckon
One, QuickBooks Online and MYOB are offered on-premise and in the cloud, while Xero
and Saasu live only in the cloud (Tadros & Redrup, 2018). Xero in particular offers an eco-
system for third party app developers that provides bespoke add-ons (e.g. for analytics,
invoicing) and which can be integrated with Xero (XeroApps, 2020). This situation is
much like the Apple business model (Bergvall-Kåreborn & Howcroft, 2013; Montgomerie
& Roscoe, 2013) that has attracted significant interest in the accounting literature (see, for
example, the Special Issue in Accounting Forum: Issue 37).

2.2. Cloud accounting research

Relative to “cloud accounting”, the more generic “cloud computing” literature is well
established in terms of number of studies and diversity of empirical evidence (Senyo
et al., 2018). There are two distinct research streams in the cloud computing literature
(Vithayathil, 2018). While researchers in computer science and engineering continue to
focus on hardware, software, performance, security, metering, etc. aspects of cloud com-
puting (e.g. Armbrust et al., 2010; Vecchiola et al., 2009), others address organisational
and governance issues (e.g. Choudhary & Vithayathil, 2013; Marston et al., 2011; Senar-
athna et al., 2016; Vithayathil, 2018; Yigitbasioglu, 2015).
Studies identify various risks associated with public cloud computing services from
both technical and organisational perspectives. While not an exhaustive list, the risks
identified in the cloud computing literature include (i) lower reliability of cloud services,
 ACCOUNTING FORUM 5

(ii) limited customisation, (iii) security concerns, (iv) loss of control, (v) privacy concerns,
(vi) legal compliance (vii) dependency on providers and (viii) location of servers (Bălţă-
tescu, 2014; Dutta et al., 2013; Haag & Eckhardt, 2014; Lang et al., 2018; Marston et al.,
2011; Middleton, 2012; Repschlaeger et al., 2013).
According to several literature reviews on cloud computing, TOE (Tornatzky et al.,
1991) is the most widely applied framework (Senyo et al., 2018; Yigitbasioglu, 2015).
This situation may be attributable to TOE’s holistic view of innovation where organis-
ational motivations, capabilities, and the broader environment are given equal consider-
ation (Rui, 2007). Also, it may not come as a surprise given TOE’s popularity in the
wider IT adoption literature (Alshamaila et al., 2013).
Although the cloud computing literature does offer some valuable insights on the risks
of the technology, there is insufficient evidence about how, and to what extent, these risks
apply to cloud accounting systems and services. Accounting systems and services are con-
cerned with financial data. Because such systems and services are critical to organisations
and/or clients alike, cloud accounting users will see other, more context-specific risks in
addition to those risks associated with cloud technology (Dimitriu & Matei, 2015;
Zhang & Gu, 2013). TCE informs us that because of the highly specific nature of organ-
isational and client data and information, information security risk in terms of availability,
integrity and confidentiality (Gordon & Loeb, 2002) is of specific, significant concern for
adopting accounting and professional service organisations because these attributes ensure
that management and clients alike have access to timely and accurate data for decision-
making. The reliability, accuracy and timeliness of data is critically important for external
reporting to stakeholders, and to comply with statutory obligations (Hardy, 2006). Fur-
thermore, because accounting systems maintain customer, supplier, client, taxation and
service-specific information, there may be additional requirements to comply with
privacy laws and data export restrictions (Weir et al., 2017). Indeed, TCE would tell us
that because of this asset specificity (viz. the nature of the data and information con-
cerned), externally-provided, cloud-based systems would be difficult to justify to users
for their accounting systems and services.
Potential risks of cloud accounting have been suggested in the literature (see Table 1),
(Arsenie-Samoil, 2011; Dimitriu & Matei, 2014a; Păcurari & Nechita, 2013; Shkurti &
Muça, 2014; Zhang & Gu, 2013). However, as Table 1 shows, the literature predominantly
consists of anecdotal articles. Moreover, it shows that there is little empirical research or
evidence to substantiate the anecdotal claims (see Table 1). Furthermore, while these
studies provide some insights, they were all carried out in developing countries where
the applicability of the findings to other contexts may be limited. As we stated earlier,
to the best of our knowledge, this study is the first empirical study that specifically exam-
ines the risk of cloud accounting systems and services in a mature economy.
As per Table 1, the limited literature on cloud accounting presents some of the benefits
and risks of the technology for accounting systems and services. As far as the risks are con-
cerned, Păcurari and Nechita (2013), Christauskas and Miseviciene (2012) and KPMG
(2015) point out that there are concerns with clients’ trust in using cloud accounting
systems and services because of cyber security risks. Thus, there is the view that organis-
ations hesitate to move their systems and services to the cloud due to the threat to integrity
of cloud accounting data when the systems are compromised (Christauskas & Miseviciene,
2012; Dimitriu & Matei, 2014a; Zhang & Gu, 2013). Security risks are also critical due to
6 D. YAU-YEUNG ET AL.

Table 1. Studies on cloud accounting.

Study Cloud accounting advantages Cloud Accounting Risks Discussed Type of paper
Arsenie-Samoil Reduces costs, increase, flexibility, Security, compatibility, Opinion article
(2011) controlled use of assets, remote confidentiality, legality, loss of
access independence
Christauskas and increases accounting processing Lack of trust in transaction security, Opinion article
Miseviciene Capacity, real-time financial Lack of information about security
(2012) information, reduces investment costs
and long-term IT maintenance costs
Ionescu et al. Profitable to businesses, achieves cost Security and confidentiality of data, Empirical
(2013b) savings poor Internet connection, loss of (Survey-no
control, dependency on providers theory)/
Romania
Păcurari and Centralised financial data and Trust in using cloud accounting and Opinion article
Nechita (2013) transactions, real-time status security issues
Zhang and Gu Serious consequences when the Opinion article
(2013) cloud financial data is damaged or
attacked
Dimitriu and Matei Does not require many specific Security and privacy concerns Opinion article
(2014a) conditions, reduces the upfront costs,
streamlines long-term maintenance,
improves flexibility and efficiency
Dimitriu and Matei Real-time update of financial data, Security issues, loss of Internet Opinion article
(2014c) reduction of capital expenditures connection
Shkurti and Muça Cost savings Accuracy of financial information, Empirical
(2014) data security, compatibility with (Survey-no
existing systems and theory)/
organisational policies Albania
Corkern et al. (2015) Global and remote accessibility, Data security and reliability of cloud Opinion article
increases flexibility providers
Dimitriu and Matei Provides access to real-time financial Security and safety of financial Opinion article
(2015) information, lowers expenses, information, risk of suspension of
increases organisations’ productivity Internet connection
Prichici and Ionescu Value adding to the business, reduction Security Opinion article
(2015) of technological difficulties, ensures
accuracy and quality of data,
accounting indispensability
Weir et al. (2017) None Security risks due to weak audit trail Opinion article
and vulnerable forensic data
Soni et al. (2018) Cost savings, better security, scalability, Security risks Survey/India
real-time insights etc.
Rudansky-Kloppers None None Survey/South
and Van den Africa
Bergh (2019)

data protection laws in various countries and regions such as the European Union as
organisations can face heavy fines if these laws are breached (Weir et al., 2017).
Compatibility with existing systems and organisational policies are also major barriers
to adoption (Shkurti & Muça, 2014). For example, some cloud software may only work
with a particular operating system or only with a newer version of an operating system
or browser, which may lead to additional costs.
A further risk of cloud accounting systems and services is the potential interruption of
Internet connection that may cause cloud accounting users to suspend their activity, which
affects business continuity and performance (Corkern et al., 2015; Dimitriu & Matei,
2014a; Shkurti & Muça, 2014). Dimitriu and Matei (2015) consider the concerns of Inter-
net availability and security in a quantitative study in Romania and they report that 99% of
accountants experienced problems related to the availability and consistency in financial
 ACCOUNTING FORUM 7

data when using cloud accounting systems and services. However, no insights regarding
the effects, frequency and solutions to these problems were given. As mentioned pre-
viously, most studies on cloud accounting to date have been speculative and they
merely present commentaries on the topic.

2.3. Risk mitigation strategies in cloud accounting

Some risk mitigation strategies have been suggested in the cloud computing literature,
which are equally applicable to cloud accounting systems and services: vendor evaluation
in terms of security policies and certification, disaster recovery capability, financial health
of vendor, service performance and compatibility of systems (e.g. see Brender & Markov,
2013). Others have suggested frameworks for risk management (e.g. Islam et al., 2017)
that are similar to industry frameworks such as COSO Enterprise Risk Management and
ISO 31000.
Several authors discuss risk mitigation strategies, but they do not indicate if, or to what
extent, organisations use these risk management strategies. For example, Dimitriu and
Matei (2014c) argue that it is important that organisations establish their own require-
ments and needs before considering a cloud accounting solution. Specifying the require-
ments will increase the likelihood that the cloud accounting solution fits with individual
and organisational needs. Once the requirements are defined, the technical and
financial aspects need to be considered. Technical aspects refer to organisations’ charac-
teristics and the complexity of their financial reporting.
The costs involved in implementing cloud accounting systems and services must also be con-
sidered (Dimitriu & Matei, 2014c). Additional costs include the cost of hardware or devices, cus-
tomisation of existing systems and staff training on top of the monthly subscription fee.
A policy on cloud accounting usage and a risk response plan is also recommended
(Dimitriu & Matei, 2015). In addition, whenever possible, organisations are advised to
introduce a trial period for cloud accounting products before making a long-term commit-
ment to ensure the cloud accounting solution suits their needs. Finally, Păcurari and
Nechita (2013) suggest that it is important for accounting practitioners to have continuous
training on understanding the latest developments in the technology, particularly on the
progress of cloud accounting.
All of these suggestions appear reasonable but a theoretical basis is lacking for under-
standing the risks and the associated mitigation strategies. The following section intro-
duces TCE, which is the lens adopted in this paper to study the risks associated with
cloud accounting systems and services.

2.4. Transaction cost economics

According to Williamson (1985, 1989, 2013, 2014) and Coase (1937) transaction costs
include costs incurred in searching for suppliers and partners, negotiating transactions
and monitoring and enforcing contracts. Often organisations make asset-specific invest-
ments that have little value outside the relationship and this situation may give rise to
opportunistic behaviour (Coase, 1937).
While organisations may decide to buy externally to reduce costs, when transaction
uncertainty and transaction costs become too high, they may choose to revert to
8 D. YAU-YEUNG ET AL.

internal sourcing. Uncertainty refers to the degree of unpredictability and volatility of

the future. It is important because it makes transactions and investments more
complex. Consistent with the TCE argument, the intention to adopt cloud computing
has been found to be negatively associated with technical and contractual risks (Yigit-
basioglu, 2014).
Of particular concern are the more transction-specific risks (due to transacting with
another party) associated with cloud-based accounting systems and services when com-
pared to other services as these services are specifically designed to fulfil accounting frame-
works and standards, and to process and distribute financial information (Lakew et al.,
2014). Therefore, it is critical for both internal and external stakeholders that the security
and integrity of the financial information and data are preserved.
Furthermore, relative to generic cloud computing applications such as email (e.g.
Hotmail) or document sharing (e.g. DropBox), cloud accounting software may need to
be customised to suit the needs of the adopter, which leads to asset specificity. Moreover,
cloud accounting solutions can vary significantly due to functionality and user interface so
users may require some training before they can effectively operate the system. As TCE
would predict, this situation will increase asset specificity and vendor lock-in. It presents
context-specific risks to the adopter (Aubert & Rivard, 2016). Furthermore, there may be
significant switching costs involved when moving from one cloud accounting provider to
another due to data incompatibility issues, although vendors may provide incentives to
reduce switching costs.
Another risk in cloud accounting relationships is the risk of opportunistic behaviour
and opportunistic renegotiation. For example, there may be some uncertainty around
the performance of the service and the contractual arrangements to address that aspect.
Contracts may be incomplete in the sense that it may be unclear how service disruptions
and inferior performance issues are resolved and what penalties apply for the vendor (Moll
& Yigitbasioglu, 2019).
As previously discussed, TCE has been the dominant analytical framework in the IT
outsourcing literature (Lacity et al., 2011; Schermann et al., 2016), and it has had
limited application in cloud computing (Yigitbasioglu, 2014, 2015). It can therefore
provide valuable theoretical insights to analyse the risks of cloud accounting. In the
next section we explain the organising framework and the research method.

2.5. Organising framework: technology-organisation-environment

The TOE framework illustrates how an organisation’s context influences the decision to
adopt new technology (Tornatzky & Fleischer, 1990). The technological context considers
both internal and external technologies that are important to an organisation, and it
includes both equipment and processes that may improve an organisations’ efficiency
and productivity (Tornatzky & Fleischer, 1990, pp. 163–166). Cloud accounting relies
on the technical architecture and network infrastructure of an organisation and it is
required to communicate with other internal systems (Scott, 2007). As far as external
factors are concerned, cloud accounting vendors play an important role in ensuring
that cloud accounting services are of high standard.
The organisational context refers to organisational resources, characteristics and capa-
bility to change to support a new technology. The characteristics include organisational
 ACCOUNTING FORUM 9

scale, degree of centralisation, complexity of managerial structure and the quality of the
human resources of the organisations (Tornatzky & Fleischer, 1990, pp. 153–163), as
well as organisational culture (Leidner & Kayworth, 2006). Cloud accounting adoption
is likely to be unsuccessful when there is a mismatch between organisational character-
istics and outsourcing.
Finally, the environmental context of TOE relates to the size and structure of the indus-
try, the organisation’s competitors, the macroeconomic context, the availability of service
providers and the regulatory environment (Tornatzky & Fleischer, 1990, pp. 166–174).
Competitive pressure and the type of industry are factors that drive cloud accounting
adoption (Scott, 2007). Examples for the environmental context include statutory require-
ments and pressures from professional accounting bodies to impose standards on cloud
accounting systems services to ensure professionalism and quality.

3. Research methodology
As the objective of this study was to explore the risks and risk mitigation strategies associ-
ated with cloud accounting systems and services, a qualitative approach was deemed
appropriate. Patton (2002, p. 14) describes qualitative methods as facilitating “the study
of issues in depth and detail.” Denzin and Lincoln (1994, p. 3) explain that qualitative
research consists of “a complex, interconnected family of terms, concepts and assumptions
that cuts across disciplines, fields and subject matter.” Moreover, as Partington (2002,
p. 154) explains, qualitative research using the principles of grounded theory provides a
“thickness of description”. Furthermore, Partington (2002, p. 144) explains that qualitative
techniques such as semi-structured interviews allow researchers to obtain a “full richness
of the data” that admirably takes into account the context of the research problem. It is the
context – accounting systems and services provided and operated in the cloud – that is the
essence of the investigation in this paper.
This study adopted semi-structured interviews to address the research problem, which
permitted interviewees to freely express themselves (Crabtree, 1999). Purposeful sampling
was used to recruit participants for the study as the sample only included cloud accounting
users (Patton, 2002). We obtained ethical approval prior to data collection from our
institution.
Participants were recruited via LinkedIn. The target participants for the study included
Accountants and Graduate Accountants from client-facing firms, Company Directors,
Financial Controllers, and IT Managers who had experience in providing accounting
systems and services through cloud accounting. This approach allowed capture of a
diverse range of views from different firms and organisations to improve the robustness
of the findings. As cloud accounting experience was a prerequisite for being a participant
in the study, the LinkedIn network was searched using the terms “cloud accounting”,
“Xero” or “MYOB” in users’ profiles based in Brisbane, Australia for convenience. The
search resulted in a total of 58 potential participants with cloud accounting experience.
Contact requests were then sent to each potential participant introducing the researchers
and explaining the purpose of the research. A reminder to the identified individuals was
sent if the request was not accepted. The final sample size for the study was 16 interviewees
from 15 organisations. Theoretical saturation was achieved after 12 interviews, as sub-
sequent interviews did not yield any new concepts (Guest et al., 2006).
10 D. YAU-YEUNG ET AL.

The interviews lasted 20–50 min (around 30 min on average) and they were conducted
in the interviewees’ offices. The participants consented to being interviewed by signing a
consent form. The interview protocol is provided in Appendix 1. As per the interview pro-
tocol, first, the interviewees were asked to identify risks associated with cloud accounting.
This first section was followed with questions on risk mitigation strategies that their
organisations had adopted and those strategies they had considered. The key questions
were sent to the interviewees prior to the interviews, which allowed them to get familiar
with the type of questions they would be asked (Minichiello et al., 2008). Response bias
was minimised by ensuring full anonymity of the participants and by giving them the
option to withdraw from the study should they wish to do so. Also, leading questions
were avoided during the interviews for objectivity. Furthermore, the interview protocol
used by the interviewer (see Appendix 1) ensured that interviews and data collection
were conducted in a consistent manner.
The interviews were transcribed and analysed using NVivo 11. Thematic analysis was
carried out using the approach by Corbin and Strauss (2008) starting with open coding to
generate codes, followed by axial and selective coding to identify different themes.
The risks were organised according to the Technology-Organisation-Environment (TOE)
framework as not all the risks that were identified in this study were transactional in nature.
Thus, a holistic and general organising framework (Rui, 2007) was adopted to group risks
into three distinct themes. A holistic approach is advocated in the IT literature (Fichman,
2004; Lyytinen & Rose, 2003) and TOE has been previously used in cloud computing
research to study its adoption (Alshamaila et al., 2013; Lian et al., 2014; Lin & Chen, 2012).

4. Findings
4.1. Participant profiles
Table 2 summarises the demographic profiles of the 16 interviewees from the 15 organis-
ations. Ten of the interviewees worked at an accounting practice/firm whereas the remain-
ing six worked in other types of professional service organisations of various sizes.

4.2. Cloud accounting risks identified

Under the technological context of the TOE framework, cloud accounting risks identified
by participants were (i) hardware and software compatibility, (ii) Internet stability and
availability, (iii) cloud accounting server stability and availability, (iv) data security, (v)
data maintenance and backup. These risks were all suggested in previous cloud computing
research and to some extent in the cloud accounting literature.
With respect to organisational risks, (i) lack of top management support, (ii) staff resist-
ance to change, (iii) firm size and characteristics, (iv) and dependency on cloud accounting
providers were of concern. Again, all of these risks were mentioned in previous literature.
Under the environmental context, cloud accounting risks identified were financial
statement reliability, legal compliance, location and ownership of cloud data, where the
latter were acknowledged previously in the cloud computing literature (e.g. Lang et al.,
2018; Marston et al., 2011). Table 3 summarises all the cloud accounting risks identified
in the study.
 ACCOUNTING FORUM 11

Table 2. Participant profiles.

Years of Cloud
Interview Accounting Level of Position in Age
Designation Experience Education Service Area Organisation Size Group
I01 1 Bachelor Accounting Auditor Small 20–29
Degree Practice
I02 1 Bachelor Accounting Director Small 50–59
Degree Practice
I03 2 Bachelor Accounting Accountant Small 20–29
Degree Practice
I04 2 Bachelor Accounting Firm Graduate Accountant SME 20–29
Degree
I05 3 Bachelor Retail – Business General Operation SME 40–49
Degree to Business Director
I06 1 Postgraduate Insurance IT Manager Large 30–39
I07 1.5 Bachelor Professional Director SME 30–39
Degree Services
I08 2 Bachelor Accounting Firm Tax and Business SME 20–29
Degree Services
Accountant
I09 4 Postgraduate Education Corporate SME 40–49
Accountant
I10 4 Bachelor Retail Accounting Manager Large 30–39
Degree
I11 1 Bachelor Hospitality Business Owner/ SME 20–29
Degree Manager
I12 2.5 Bachelor Accounting Firm Graduate Accountant Large 20–29
Degree
I13 9 Postgraduate Accounting Director Small 40–49
Practice
I14A 2 Postgraduate Accounting Firm Associate Director Large 40–49
I14B 5 Bachelor Accounting Firm Manager Large 30–39
Degree
I15 5 Postgraduate Accounting Principal Small 30–39
Practice

4.3. Risks specific to cloud accounting

Four cloud accounting risks identified from this study were considered to be more
context-specific to cloud accounting: legal compliance, location of data, ownership of
data and financial statement reliability. Interestingly, all these context-specific risks in
cloud accounting fell under the environmental context in the TOE framework. These
risks are discussed separately below.

4.3.1. Legal compliance

Cloud accounting users discussed their concerns regarding legal compliance when using
cloud accounting. The cloud accounting users who were also members of professional
accounting bodies such as Certified Practising Accountant (CPA) or Chartered Accoun-
tants Australia New Zealand (CAANZ) expressed comparatively higher concerns with
respect to legal compliance. They mentioned that their bosses or clients treated them as
consultants because they were accounting professionals. They were relied upon to
provide updated and accurate information regarding legal compliance requirements on
the use of cloud accounting.
Also, certain legal aspects such as privacy law compliance fell into a “grey area” because
cloud accounting involves processing and storing financial data and information in the
12 D. YAU-YEUNG ET AL.

Table 3. Risks of cloud accounting identified.

Frequency
Total (out of Accounting practices Non-accounting practices
Contexts Risks 16) (out of 10) (out of 6)
Technology Internet Stability and Availability 14 8 6
Cloud Server Stability and 10 7 3
Availability
Data Security 12 7 5
Hardware and Software 6 3 3
Compatibility
Data Loss 5 3 2
System Maintenance and Data 5 1 4
Backup
Organisation Dependency on Cloud 5 2 3
Accounting Providers
Staff Resistance to Change 5 2 3
Lack of Top Management 4 2 2
Support
Firm Size and Characteristics 3 0 3
Environment Financial Statement Reliability 10 6 4
Legal Compliance 7 3 4
Data Location 6 4 2
Ownership of Data 5 4 1

cloud. Hence, there is a possibility of information leakage when the cloud accounting
server of the client is under attack, as commented by Corkern et al. (2015). In this scenario,
it is questionable whether the accountants have a breach of professional code of conduct
and professional standards, or not. This finding was inconsistent with speculation in the
more general cloud computing literature, which suggested that the legal environment was
not significant as a determinant of cloud computing adoption (Borgman et al., 2013). The
main reason for this inconsistency is that there was a higher concern in cloud accounting
due to statutory requirements in the accounting industry and the privacy of financial
data as commented by Christauskas and Miseviciene (2012) and Dimitriu and Matei
(2014a):
In accounting … .we have certain statutory obligations, privacy of our clients, data … We are
by statute required to have a level of privacy and a level of security. And when we are
effectively outsourcing that, … where is the primary responsibility and where is the legal liab-
ility. (I02)

The cloud accounting users who were not accounting professionals also mentioned their
concerns on legal compliance when using cloud accounting. However, they expressed that
they relied heavily on their accountants (both internal and external) on ensuring that their
businesses met all the legal requirements:
I don’t have that much time to worry about this stuff [legal compliance]. I assume that my
accountant will tell me if there are any problems. (I07)

This finding suggests that legal compliance is a major concern in the use of cloud account-
ing and specifically for professional accountants. Thus, the risk associated with legal com-
pliance is higher and more specific to cloud accounting because of greater concern and
more statutory requirements on the accounting industry and the privacy of sensitive
financial data.
 ACCOUNTING FORUM 13

4.3.2. Location of data

The users discussed their awareness of the worldwide location of data when using cloud
accounting systems and services. Some of them expressed significant concerns about
their financial data being stored globally, not predominantly stored in Australia.
Marston et al. (2011) discuss data location concerns with cloud computing, although
the concern was mainly for government entities.
According to Christauskas and Martinkus (2004) and Gelinas et al. (2011), financial
information stored in cloud accounting information systems is more sensitive because it
influences the economic decisions of organisations and clients. When the cloud accounting
data is stored in overseas data centres, it is subject to foreign jurisdictions (Marston et al.,
2011) and there is a likelihood of interruption by governments in some countries. While
for small businesses this may not be an issue, large international organisations might face
more uncertainty because their financial information may be considered more sensitive:
The data is actually hosted by the company that is providing the services, … . it may be sub-
jected to different regulations and different jurisdictions by different countries, … . [there
would be a] different impact if you are not actually directly dealing with those countries. (I06)

Breach of legal or contractual requirements with clients, and of government legislation was
also a concern. Most government contracts have clauses stating that tenderers need to
ensure their financial data is stored within Australia. This suggests that the worldwide
location of data for cloud accounting is a risk because this storage location may lead to
potential breaches of contractual agreements on data storage location conditions. This
risk is especially high when the cloud accounting users are contracting with the govern-
ment or any other government-related bodies:
A lot of companies running into problems because they contracted with the government,
they are not allowed to host their data outside of Australia. (I09)

Participants from accounting practices also discussed their concerns about potential inter-
ruptions to cloud accounting systems and services when the data is hosted in other
countries. Governments from those countries may exercise Internet censorship due to pol-
itical reasons. These situations may significantly disrupt the accounting systems and services:
There are a couple of regimes such as North Korea and China where there is significant Inter-
net censorship so if there is a change in their leadership and regimes in another country
different to what we [are] used to, how would you know that services and access to providers
will not be cut off by the government? (I02)

4.3.3. Ownership of data

Interviewees discussed their concerns and experience with the ownership of the cloud
accounting data as “ownership” of the data can be extremely difficult to establish and
pursue when, for example, outright data loss has occurred when a service-
provider undergoes liquidation, simply closes its doors, or withdraws its service (Clarke,
2013).
It was not clear to the users who owns the actual cloud accounting data when the data
is not physically stored on the user’s premises. In addition, as most cloud accounting
services run on a subscription model, there were concerns regarding the access or
14 D. YAU-YEUNG ET AL.

recovery of cloud accounting data after the termination of the subscriptions. This finding
suggests that the legal authority for the cloud accounting data ownership is vague.
This risk usually becomes more apparent when terminating the subscription for cloud
accounting services. Issues arise such as whether or not the users can recover all the
cloud accounting data they input, and also how long the cloud accounting service provi-
ders are able to keep the data after termination of the subscription. If there are disputes
with the cloud accounting service providers, the interviewees were not sure if they
could get back all their cloud accounting information in such circumstances. Though
some cloud accounting systems allow users to export the accounting data, one interviewee
advised that even if the users can export the cloud accounting data into their own
machines, the data may still not be usable (or meaningful) without the specific cloud
accounting applications:
… ..which raises a question of, ‘who is actually controlling the data?’ who is actually, the
actual owners of the data … . are you owning the data, or actually the services providers
owning the data? (I06)

Interviewees from accounting practices discussed their additional concerns about cloud
accounting data ownership as they also acted as the agents between their clients and
the cloud accounting service providers. In addition to the ownership issues between the
users and their cloud accounting service providers, there were also potential disputes
between the clients and their accountants about the cloud accounting data ownership
when the clients terminate the relationship with their accountants:
Clients have hosted [cloud accounting] through their accountants and they have disputes
with their accountants and decided to leave them and the accountant said ‘no’ that’s our soft-
ware we are not giving you those [data]. (I02)

4.3.4. Financial statement reliability

Many interviewees discussed their concerns on the financial statement reliability when
using cloud accounting, which was consistent with the findings of one of the few empirical
studies (Shkurti & Muça, 2014). The interviewees discussed experiences that affected the
financial statement reliability of their financial reports when using cloud accounting.
Reasons for the unreliability were the design of the cloud accounting applications, how
they are programmed and the errors that occurred when linking to the banking insti-
tutions for downloading banking information. The errors in the “bankfeed” function,
which is a popular and exclusive function for cloud accounting, easily caused unreconciled
accounts or unreliable reports. When errors occurred, it took a long time to rectify them. If
the users were unaware of the errors, the financial reports generated from cloud account-
ing would include errors:
The way the bankfeed works is it would match it up for you, … . it does mismatch a few
things. (I05)

Other interviewees mentioned that the design structure of the cloud accounting appli-
cation pushed the users to follow its way of data entry only. If the users recorded the
data in the “normal” way and they did not follow the specific way required by the appli-
cations, the cloud accounting data would be processed incorrectly and the reports
 ACCOUNTING FORUM 15

generated would include errors. Lots of time and effort was required to figure out how the
cloud accounting applications work and to learn the specific ways to enter the data:
I’ve actually seen an incident where the data that was being processed in the way it was being
processed in the cloud environment was causing irregularity. (I09)

Another reason causing financial statement reliability issues was the sharing of the system
and data with multiple users at the same time. Cloud accounting users from both account-
ing practice and professional service backgrounds discussed their concerns on this issue
during the interviews. Cloud accounting allows multiple-user access, which is one of
the advantages of using cloud accounting. But multiple data entry points make it easier
to duplicate entries of transactions. This situation occurred when there were human
errors or unauthorised changes of data in the cloud accounting system. Moreover, it pro-
vided an opportunity for intentional or unintentional changes in the cloud accounting
system that were usually difficult to detect:
Now you may have multiple people can access it … . you may have conflicting data and the
information and multiple entry points to actually being dealt with. So they may be actually
having issues with duplicated entries, which is due to human errors, but then is like you
increase that risks. (I06)

Users from accounting practices expressed serious concerns about the multiple access
functionality, as prior to cloud accounting the accounting practices maintained a
“double ledger set” system. They used a separate ledger system to enter all the financial
data they collected from their clients to prepare the financial statements. The double
ledger set system ensured that there was no intentional or unintentional changes by
clients. Any changes made in their clients’ on-premises accounting system would not
change the financial data in the accountants’ system. Using cloud accounting changed
this double ledger set system to a single ledger system. The accountants and their
clients were now sharing the same ledger system and data set on the cloud. There was
no longer a safeguard for accountants to cross check the clients’ accounts. If the clients
accidentally changed the financial data on the cloud accounting after the
financial reports were prepared, those reports would no longer be a true representation
of the clients’ financial positions. This situation increased the risk for accounting
practices because they were responsible for preparing accurate financial reports for their
clients:
And when they [clients] change the information, it would affect our figures, and if we are
unaware that they have changed their figures, our figures is not true presentation
anymore. (I04)

4.4. Risks mitigation strategies for cloud accounting

Table 4 summarises the risk mitigation strategies for cloud accounting systems and ser-
vices identified through the interviews. In the data analysis process, some linkages in
the data were uncovered between the identified risks and in the subsequent discussion
on risks mitigation strategies. For example, those who mentioned “lack of training”
suggested “staff training” as a risk mitigation strategy. Furthermore, “ownership and
location” of cloud accounting data was followed with better “negotiation of terms and
16 D. YAU-YEUNG ET AL.

Table 4. The frequency distribution of cloud accounting risk mitigation strategies.

Interviewee AP/NAP A B C D E
I01 AP X
I02 AP X
I03 AP X
I04 AP X
I05 NAP X X
I06 NAP X X
I07 NAP X
I08 AP X
I09 NAP X X
I10 NAP X X X
I11 NAP X X
I12 AP X X
I13 AP X X X
I14A AP
I14B AP
I15 AP X X
9 5 4 3 3
A – Implementation of policies within organisations
B – Cloud accounting vendor assessment
C – Development of an adoption plan
D – Provide timely and adequate training for staff
E – Negotiation of precise contract terms and conditions
AP – Accounting Practice Background
NAP – Non-accounting Practice Background

conditions”. Another important finding identified in the interviews was that cloud
accounting users from a non-accounting background responded that that they would
consult their external accountants when asked about risk mitigation strategies.
The most recommended strategy mentioned by the interviewees was the implementation
of relevant policies within their organisations. Both cloud accounting users from accounting
practices and professionals service practices suggested that planning was essential before
implementing cloud accounting and that vendor assessment would help reduce risks. Inter-
estingly, only cloud accounting users who were from an accounting practices recommended
that training was essential and important. This finding may be due to the nature of the
accounting work involving accounting practices as they spend a large proportion of their
time with a cloud system. Also, only cloud accounting users from accounting practices rec-
ommended having precise terms and conditions in their engagement agreement with their
clients to avoid legal disputes. As per Table 4, most interviewees (except I14A and I14B) dis-
cussed at least one mitigation strategy during the interview.

4.4.1. Implementation of policies within organisations

Many cloud accounting users expressed that their organisations have policies
implemented to better manage the cloud accounting risks. Some of them commented
that organisational policies were mainly implemented to ensure adequate password pro-
tection, restrained mobile device uses and hierarchy of authority for cloud accounting
login. They agreed that satisfactory password protection policies and safeguards in com-
puter use, helped mitigate data security risks and data loss:
We cannot access the cloud account in other devices other than the company provided
devices … or using the public WiFi. There is really strict restriction on accessing the
cloud. (I10)
 ACCOUNTING FORUM 17

Some cloud accounting users reported that the software, hardware and network infrastruc-
ture in their organisations were continuously monitored by IT professionals in order to
maintain the stability of cloud accounting:
We have onsite [IT] support. They are consistently monitoring our computers, suspicious
emails, and … . (I12)

However, continuous IT monitoring may be more difficult for small and medium sized
organisations to achieve as they may not have the in-house capability and resources to
do so.
Regarding financial statement reliability, some cloud accounting users commented that
they had to instruct their clients (or the accountants) not to change any data or infor-
mation in the cloud accounting information systems without asking for permission.
They set up policies between all the parties who could access the cloud accounting
about what may be done on the cloud accounting files. In addition to the policies, they
would lock the cloud accounting data to the latest reconciled period so as to avoid unin-
tentional changes of data:
We try to lock the file if we don’t need that period anymore. We try to lock the file for the
client, so they don’t make silly changes. (I03)

A cloud accounting user recommended that even with the most efficient and effective
policies, it was most important to regularly keep reviewing, reassessing and monitor-
ing all policies as there were changes from time to time. To manage the cloud
accounting risks, proper IT governance within the organisation was seen as a good
strategy to reduce any intentional or unintentional human errors in the cloud
accounting system:
Just like any other risks, you need to actually review it [IT governance] in a timely manner.
You have to actually go back and review and reassess in terms of what exactly have changed
and whether there is any impact to you. (I06)

4.4.2. Cloud accounting vendor assessment

Some cloud accounting users suggested that a comprehensive evaluation of cloud account-
ing service providers was a good strategy as it can help reduce certain risks. Different cloud
accounting providers provide different functionalities in their systems. Also, to ensure that
the location of cloud accounting data and the ownership arrangement of the cloud
accounting data suits their needs, organisations needed to consult the vendors:
We have to have a very detailed background check of the service providers … . the reliability
of the service providers, the size of the company for the service providers and any goodwill.
We do a very detailed background check first before we sign contract with them or sign up
the account with them. (I10)

4.4.3. Development of an adoption plan

The interviews suggested that organisations investigate their own needs before considering
implementing cloud accounting based on their organisational characteristics and the com-
plexity of their financial reporting requirements. In addition, organisations are required to
consider their financial ability to accommodate additional costs such as hardware costs,
18 D. YAU-YEUNG ET AL.

customisation of existing systems and also any necessary staff training. Some cloud account-
ing users were specific about the need for pre-implementation planning as a risk mitigation
strategy for the impending take-up of cloud accounting. The compatibility of existing hard-
ware, software, network infrastructure and the cloud accounting is a very important con-
sideration for organisations because the upgrade of those systems incurs significant
additional costs. If costly upgrades are required, it may not be a financially viable decision
to implement cloud accounting. Organisations should investigate their own needs, charac-
teristics and financial ability to decide whether cloud accounting solutions fit them or not.
Organisations also need to consider the effect of different statutory requirements:
Making sure that the network bandwidth was adequate … . we had a look at our insurance
… . protect us against data breach … . looking at how to medicate the damage if that were
happened … . consider Australian privacy legislation … . We looked at what was the regulat-
ory requirements … . (I09)

Small and medium sized organisations may not have adequate knowledge and/or
resources to consider their own suitability. These organisations can involve their external
accountants to study their suitability for cloud accounting. Cloud accounting users who
were not from an accounting practice suggested that consulting accounting professionals
before implementing cloud accounting was a good idea as they were more knowledgeable
in the area:
Before we adopted cloud accounting, we first consulted our accounting, a CPA firm. So, they
helped us … to follow the current regulations. (I10)

4.4.4. Provide timely and adequate training for staff

Regarding what top management support the cloud accounting users would like to see,
three interviewees recommended that sufficient training to all staff before implementing
cloud accounting would help reduce staff resistance to change. Users also commented
that they did not receive adequate training for the use of cloud accounting before their
organisations implemented the new system. This resulted in staff unfamiliarity with the
cloud accounting systems and the staff needing to spend extra time and effort at the
early stage when switching to cloud accounting. This finding aligns with Khan et al.
(2016) suggesting that adequate training to staff would motivate and reduce user resistance
to new technology:
… . can have more ideas on how it works … . more confidence for the change. That is the
main point for the training, for the workshop. (I01)

A cloud accounting user commented that she was provided with intensive training for
cloud accounting as part of continuous professional development and this increased her
confidence in and also her awareness of the latest changes or updates to the cloud account-
ing system.

4.4.5. Negotiation of precise contract terms and conditions

Some cloud accounting users with an accounting practice background recommended the
inclusion of precise terms and conditions in the contract to minimise the chance of legal
disputes regarding the ownership of cloud accounting data. Also, a careful negotiation of
 ACCOUNTING FORUM 19

the terms and conditions would allow both the accountants and their clients to be clear
about the legal ownership of the cloud data. This negotiation would help strengthen the
trust between both parties, increase the confidence of the engagement relationship and
avoid disputes at the termination of relationship:
We do state in our engagement agreement about the ownership of the data on Xero to avoid
any disputes when the clients leave. (I13)

5. Summary and implications

Drawing on TCE, this study provides insights into the specific risks of cloud accounting
and it identifies several risk mitigation strategies to address the risks. TCE as a theoretical
lens helped to illuminate the transactional risks and costs associated with cloud account-
ing, much like the IT outsourcing literature has done on previous models of outsourcing
(Lacity et al., 2011). On the other hand, the use of TOE as an organising framework com-
plemented TCE because it highlighted some of the organisational and environmental risks
that TCE does not directly address.
While some of the cloud accounting risks identified overlap with those mentioned in
the wider cloud computing literature such as hardware and software compatibility, Inter-
net/server stability, data security, and data loss (Bălţătescu, 2014; Dutta et al., 2013; Haag
& Eckhardt, 2014; Lang et al., 2018; Marston et al., 2011; Middleton, 2012; Repschlaeger
et al., 2013) other risks that we identified were more specific to cloud accounting systems
and services. These risks were associated with the sensitivity and criticality of accounting
systems, which, when compromised, are likely to cause severe consequences and financial
losses for an organisation in terms of failure to meet statutory requirements (i.e. reporting
and data privacy), as well as disruptions to business. The identified risks specific to cloud
accounting were (i) financial statement reliability, (ii) legal compliance, (iii) location of
data, and (iv) ownership of data, which according to TOE can all be classified under
Environment. Although some of these risks had been mentioned in the cloud accounting
literature (Dimitriu & Matei, 2015; Ionescu et al., 2013b; Shkurti & Muça, 2014; Zhang &
Gu, 2013) or more broadly in the cloud computing literature (e.g. Lang et al., 2018;
Marston et al., 2011), this study has provided evidence to support these claims.
Consistent with TCE, the cloud accounting risks identified in this study increase uncer-
tainty and transaction costs for the adopting organisation. For example, the risks identified
under Technology (Internet stability and availability, data security, cloud server stability and
availability etc.) refer to risks around information security in terms of confidentiality, integ-
rity, and availability (Gordon & Loeb, 2002). Given the notion of incomplete contracts (Hart
& Moore, 1988), when security risks become significant, it may become too costly to
monitor and enforce contracts when service level agreements are breached. Similarly, trans-
action costs increase with some of the risks identified under Organisation. For instance, as
users of cloud accounting become accustomed to particular cloud-accounting software,
dependence on vendors and asset specificity is likely to increase (Aubert & Rivard, 2016).
Therefore, an attempt to switch to a different vendor is likely to be met with “staff resist-
ance”. This situation may lead to organisations finding themselves locked in to a particular
vendor, which in turn may increase vendor opportunism (Coase, 1937).
Organisations will favour internalising their accounting system when the cost of nego-
tiating and contracting to address risks identified under Environment (e.g. failure to
20 D. YAU-YEUNG ET AL.

comply with legislation, lack of financial statement reliability) become too high. While all
of the above transaction costs are significant and seemingly creating a barrier to adoption,
the standardisation of cloud services in terms of security requirements and contractual
provisions are likely to make these costs more manageable in the future.

5.1. Practical implications

To mitigate the cloud accounting risks, evidence from the interviewees suggest some appli-
cable strategies that relate to both the transactional aspect of cloud accounting, as well as
the internal readiness of the adopting organisation. Appendix 2 provides an overview of
the identified risks and the corresponding strategies.
Consistent with Dimitriu and Matei (2014c), the findings suggest that organisations
thoroughly assess the suitability of using cloud accounting in their organisations and con-
sider any potential hidden costs associated with IT outsourcing (Barthelemy, 2001) includ-
ing future needs and implications on costs. For example, there is a growing market for
“add-ons” to process payments (point-of-sale solutions) or for credit control that can
cost as much as the accounting software itself in terms of subscription fees, which can
quickly add up (XeroApps, 2020).
Organisations should undertake a comprehensive evaluation of cloud accounting pro-
viders because features and service levels are likely to differ, and they may not meet organ-
isational/professional standard/legal requirements in all instances and jurisdictions
(Brender & Markov, 2013).
Cloud accounting necessitates the implementation of new policies, particularly, in
relation to IT governance. First, roles and responsibilities should be ascertained within
the organisation prior to adoption to make sure adequate internal controls are in place.
Also, organisations should consider adopting risk management frameworks such as
COSO Enterprise Risk Management or ISO 31000 Risk Management to assist in mitigat-
ing risks more systematically.
Second, organisations would also benefit from allocating extra time for staff while they
get used to the new system, which requires support from top management (Kurnia et al.,
2019). Thus, organisations should consider providing adequate training before and after
adoption to facilitate a more “seamless” transition to a cloud-based system, which is a criti-
cal factor in system adoption (e.g. Beatty & Williams, 2006).
Finally, adopters are urged to familiarise themselves with the terms and conditions of
their contracts – both the accounting practice with the cloud accounting providers, and the
accounting practice with their clients. This strategy would provide some certainty, particu-
larly with regards to data ownership if the relationship is terminated. After all, accountants
have a moral obligation to educate their clients of potential risks including new technol-
ogies such as cloud accounting.
Some differences between the interviewees based on whether they were from
an accounting practice or not were observed. For instance, interviewees from
accounting practices seemed to be more concerned about data ownership and their
responsibility and obligations to comply with regulations. Also, given that accounting
practices engage with cloud accounting services more intensely than some of the
clients, the accountants emphasised the importance of training and contract negotiation
with the vendor.
 ACCOUNTING FORUM 21

The practical significance of this study is that the findings will increase organisations’
understanding of the risks in using cloud accounting, including strategies for how the risks
may be mitigated. Operationalising these proposed strategies will reduce uncertainty and
transaction costs. Moreover, they will improve the uptake of cloud accounting because this
will increase confidence in cloud accounting.

5.2. Conclusion
Using transaction cost economics as a theoretical lens, this study has identified the risks of
cloud-based accounting systems and services, as well as some risk mitigation strategies to
“smoothen” the transition to cloud. The findings suggest that cloud accounting not only intro-
duces specific risks to accounting (e.g. location and ownership of data) but some of the known
risks associated with other cloud-based applications (e.g. for email or document sharing) are
more pronounced. While transaction-specific factors such as vendor selection and contractual
arrangements were considered important as risk mitigation strategies, internal measures
including policy development and staff training were seen as critical to cloud accounting.
The use of TCE and TOE has provided a basis for categorising and analysing users’ per-
ceptions of cloud accounting risks and risk mitigation strategies. By contextualising the
use of cloud computing in accounting this study contributes to the limited literature on
cloud accounting systems and services and it is, to the best of our knowledge, the first
empirical investigation that specifically explores the risks of cloud accounting in a devel-
oped country setting.
This research has some limitations. They include the somewhat small sample size.
However, data collection continued beyond the point of theoretical saturation and there-
fore the findings are likely to be generalisable. Furthermore, some of the interviewees had
no more than a few years of experience with cloud accounting, although this was not sur-
prising given the novelty of the technology. Nevertheless, most of these individuals had
extensive experience in their industry.
Future research could extend this study using quantitative methods to validate the risks and
in particular, context-specific risks identified in this study. For example, surveys can be con-
ducted to investigate the effect of operationalisation of the proposed strategies on the risks and
actual costs of using cloud accounting. Also, future studies could focus on cloud accounting
users in accounting practices and investigate the effects of cloud accounting on the quality
of their work. Furthermore, a comparison of risk perceptions of non-users to users might
be valuable because this study only focussed on the actual cloud-accounting users. Finally, a
more in-depth investigation into the various risk mitigation strategies using a case study
approach would provide additional insights into the operationalisation of relevant strategies.

Acknowledgements
The authors would like to thank the editor (Carol Tilt) and two anonymous reviewers for their valu-
able comments on the paper.

Disclosure statement
No potential conflict of interest was reported by the author(s).
22 D. YAU-YEUNG ET AL.

ORCID
Ogan Yigitbasioglu http://orcid.org/0000-0001-6297-1783

References
Alaghehband, F. K., Rivard, S., Wu, S., & Goyette, S. (2011). An assessment of the use of transaction
cost theory in information technology outsourcing. The Journal of Strategic Information Systems,
20(2), 125–138. https://doi.org/10.1016/j.jsis.2011.04.003
Alshamaila, Y., Papagiannidis, S., & Li, F. (2013). Cloud computing adoption by SMEs in the north
east of England. Journal of Enterprise Information Management, 26(3), 250–275. https://doi.org/
10.1108/17410391311325225
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., Lee, G., Patterson, D.,
Rabkin, A., Stoica, I., & Zaharia, M. (2010). A view of cloud computing. Communications of
the ACM, 53(4), 50–58. https://doi.org/10.1145/1721654.1721672
Arsenie-Samoil, M. D. (2011). Cloud accounting. Ovidius University Annals, Economic Sciences
Series, 2, 782–787.
Aubert, B. A., & Rivard, S. (2016). A Commentary on “The role of transaction cost economics in
information technology outsourcing research”. The Journal of Strategic Information Systems,
25(1), 64–67. https://doi.org/10.1016/j.jsis.2016.02.001
Bălţătescu, I. (2014). Cloud computing services: Benefits, risks and intellectual property issues.
Global Economic Observer, 230, 230–242.
Barthelemy, J. (2001). The hidden costs of it outsourcing. MIT Sloan Management Review, 42(3),
60–69.
Beatty, R. C., & Williams, C. D. (2006). ERP II: Best practices for successfully implementing an ERP
upgrade. Communications of the ACM, 49(3), 105–109. https://doi.org/10.1145/1118178.
1118184
Bergvall-Kåreborn, B., & Howcroft, D. (2013). The apple business model: Crowdsourcing
mobile applications. Accounting Forum, 37(4), 280–289. https://doi.org/10.1016/j.accfor.2013.
06.001
Borgman, H. P., Bahli, B., Heier, H., & Schewski, F. (2013, January 7–10). Cloudrise: Exploring
cloud computing adoption and governance with the TOE framework. In System Sciences
(HICSS), 2013 46th Hawaii International Conference on (pp. 4425–4435). IEEE.
Brender, N., & Markov, I. (2013). Risk perception and risk management in cloud computing:
Results from a case study of Swiss companies. International Journal of Information
Management, 33(5), 726–733. https://doi.org/10.1016/j.ijinfomgt.2013.05.004
Bullock, S. (2017). Cloud accounting and big data uptake tipped to spike. Accountantsdaily.
Retrieved January 6, 2020, from https://www.accountantsdaily.com.au/technology/10539-
cloud-accounting-and-big-data-uptake-gathering-momentum
CCH. (2013). Cloud computing: A matter of survival for the accounting industry? Retrieved August
15, 2015, from CCH website https://www.cch.com.au/DocLibrary/CCH-Research-2013-Cloud-
computing-a-matter-of-survival-for-the-accounting-industry.pdf
CCH. (2014). Accountants to increase cloud investment: study. Computerworld, Retrieved February
6, 2018, from https://www.computerworld.com.au/article/559094/accountants-increase-cloud-
investment-study/
Choudhary, V., & Vithayathil, J. (2013). The impact of cloud computing: Should the IT department
be organized as a cost center or a profit center? Journal of Management Information Systems, 30
(2), 67–100. https://doi.org/10.2753/MIS0742-1222300203
Christauskas, C., & Martinkus, B. (2004). Information system for accounting. Folia Oeconomica:
Accounting Change in the Period of Economic Transformation in Poland and Lithuania, 173, 15–22.
Christauskas, C., & Miseviciene, R. (2012). Cloud–computing based accounting for small to
medium sized business. Engineering Economics, 23(1), 14–21. https://doi.org/10.5755/j01.ee.23.
1.1220
Clarke, R. (2013). Data risks in the cloud. Journal of Theoretical and Applied Electronic Commerce
Research, 8(3), 9–10. https://doi.org/10.4067/S0718-18762013000300005
 ACCOUNTING FORUM 23

Cleary, P., & Quinn, M. (2016). Intellectual capital and business performance. Journal of Intellectual
Capital, 17(2), 255–278. https://doi.org/10.1108/JIC-06-2015-0058
Coase, R. H. (1937). The nature of the firm. Economica, 4(16), 386–405. https://doi.org/10.1111/j.
1468-0335.1937.tb00002.x
Corbin, J., & Strauss, A. (2008). Basics of qualitative research: Techniques and procedures for devel-
oping grounded theory. Thousand Oaks, CA: Sage.
Corkern, S. M., Kimmel, S. B., & Morehead, B. (2015). Accountants need to be prepared for the big
question: Should i move to the cloud? International Journal of Management & Information
Systems, 19(1), 13. https://doi.org/10.19030/ijmis.v19i1.9085
Crabtree, B. F. (1999). Doing qualitative research. Sage Publications.
Denzin, N. K., & Lincoln, Y. S. (Eds.). (1994). Handbook of qualitative research. Sage.
Deshmukh, A. (2005). Digital accounting: The effects of the internet and ERP on accounting. Idea
Group Publishing.
Dimitriu, O., & Matei, M. (2014a). A New Paradigm for accounting through cloud computing.
Procedia Economics and Finance, 15, 840–846. https://doi.org/10.1016/S2212-5671(14)00541-3
Dimitriu, O., & Matei, M. (2014b). The Expansion of accounting to the cloud. SEA-Practical
Application of Science, 4, 237–240.
Dimitriu, O., & Matei, M. (2014c). Cloud accounting: A new player in the economic context [Paper
presented]. 2014 International Conference Communication, Context, Interdisciplinarity.
Retrieved August 23, 2015, from http://upm.ro/cci3/CCI-03/Eco/Eco%2003%2080.pdf
Dimitriu, O., & Matei, M. (2015). Cloud accounting: A New business model in a Challenging
context. Procedia Economics and Finance, 32, 665–671. https://doi.org/10.1016/S2212-5671
(15)01447-1
Dutta, A., Peng, G. C. A., & Choudhary, A. (2013). Risks in enterprise cloud computing: The per-
spective of IT experts. Journal of Computer Information Systems, 53(4), 39–48. https://doi.org/10.
1080/08874417.2013.11645649
Ellram, L. M., Tate, W. L., & Billington, C. (2008). Offshore outsourcing of professional services: A
transaction cost economics Perspective. Journal of Operations Management, 26(2), 148–163.
https://doi.org/10.1016/j.jom.2007.02.008
Everaert, P., Sarens, G., & Rommel, J. (2010). Using transaction cost economics to explain outsour-
cing of accounting. Small Business Economics, 35(1), 93–112. https://doi.org/10.1007/s11187-
008-9149-3
Fichman, R. G. (2004). Going beyond the dominant Paradigm for information technology inno-
vation research: Emerging concepts and methods. Journal of the Association for Information
Systems, 5(8), 314–355, Article 11. https://doi.org/10.17705/1jais.00054
Garengo, P., Biazzo, S., & Bititci, U. S. (2005). Performance measurement systems in SMEs: A
review for a research agenda. International Journal of Management Reviews, 7(1), 25–47.
https://doi.org/10.1111/j.1468-2370.2005.00105.x
Gartner Inc. (2013). Forecast: Public cloud services, Worldwide, 2011–2017, 4Q13 Update. https://
www.gartner.com/doc/2642020/forecast-public-cloud-services-worldwide
Gartner Inc. (2016). Predicts 2017: Cloud computing enters its second decade. https://www.gartner.
com/document/3534418?ref=special-report&refVal=3541017
Gartner Inc. (2017). Forecast: Public Cloud Services, Worldwide, 2014-2020, 4Q16 Update. https://
www.gartner.com/document/3562817?ref=ddisp&refval=3562817
Gelinas, U. J., Dull, R. B., & Wheeler, P. (2011). Accounting information systems. Cengage Learning.
Gordon, L. A., & Loeb, M. P. (2002). The economics of information security investment. ACM
Transactions on Information and System Security (TISSEC), 5(4), 438–457. https://doi.org/10.
1145/581271.581274
Guest, G., Bunce, A., & Johnson, L. (2006). How many interviews are enough?. Field Methods, 18(1),
59–82. https://doi.org/10.1177/1525822X05279903
Haag, S., & Eckhardt, A. (2014). Organizational cloud service adoption: A scientometric and
content-based literature analysis. Journal of Business Economics, 84(3), 407–440. https://doi.
org/10.1007/s11573-014-0716-6
24 D. YAU-YEUNG ET AL.

Hardy, G. (2006). Using IT governance and COBIT to deliver value with IT and respond to legal,
regulatory and compliance challenges. Information Security Technical Report, 11(1), 55–61.
https://doi.org/10.1016/j.istr.2005.12.004
Hart, O., & Moore, J. (1988). Incomplete contracts and renegotiation. Econometrica, 56, 755–785.
https://doi.org/10.2307/1912698
Hong, W., Chan, F. K., Thong, J. Y., Chasalow, L. C., & Dhillon, G. (2013). A framework and guide-
lines for context-specific theorizing in information systems research. Information Systems
Research, 25(1), 1–26. https://doi.org/10.1287/isre.2013.0501
Information and Communication Technology Council. (2013). Canada’s cloud imperative:
Improving business opportunities through enabling services. http://www.ictc-ctic.ca/what-we-
do/research/ict-subsectors/cloud-computing/
Ionescu, B., Ionescu, I., Tudoran, L., & Bendovschi, A. (2013b). Traditional accounting vs. Cloud
accounting. In Proceedings of the 8th International Conference Accounting and Management
Information Systems (pp. 106–125). AMIS.
Ionescu, B. S., Ionescu, I. M., & Tudoran, L. E. (2013a). Responsibility towards the customers of
subscription-based software solutions in the context of using the cloud computing technology.
Manager, 18, 130.
Islam, S., Fenz, S., Weippl, E., & Mouratidis, H. (2017). A risk management framework for cloud
migration decision support. Journal of Risk and Financial Management, 10(2), 10. https://doi.
org/10.3390/jrfm10020010
Katzan Jr., H. (2010). On the privacy of cloud computing. International Journal of Management and
Information Systems, 14(2), 1. https://doi.org/10.19030/ijmis.v14i2.824
Khan, S., Nicho, M., & Takruri, H. (2016). IT controls in the public cloud: Success factors for allo-
cation of roles and responsibilities. Journal of Information Technology Case and Application
Research, 18(3), 155–180. https://doi.org/10.1080/15228053.2016.1237218
KPMG. (2015). Cyber security: Are Australian CEOs sleepwalking or a step ahead? https://home.
kpmg.com/content/dam/kpmg/pdf/2016/01/cyber-security-2015-au-report.pdf
Kurnia, S., Linden, T., & Huang, G. (2019). A hermeneutic analysis of critical success factors for
enterprise systems implementation by SMEs. Enterprise Information Systems, 13(9), 1195–
1216. https://doi.org/10.1080/17517575.2019.1650960
Lacity, M. C., & Khan, S. A. (2016). Transaction cost economics on trial again: A commentary on
“the role of transaction cost economics in information technology outsourcing research: A meta-
analysis of the choice of contract type”. The Journal of Strategic Information Systems, 25(1), 49–
56. https://doi.org/10.1016/j.jsis.2016.02.002
Lacity, M. C., Khan, S. A., & Willcocks, L. P. (2011). Beyond transaction cost economics: Towards
an endogenous theory of information technology outsourcing. The Journal of Strategic
Information Systems, 20(2), 139–157. https://doi.org/10.1016/j.jsis.2011.04.002
Lakew, E. B., Xu, L., Hernandez-Rodriguez, F., Elmroth, E., & Pahl, C. (2014). A synchronization
mechanism for cloud accounting systems. In Cloud and Autonomic Computing (ICCAC),
2014 International Conference on (pp. 111–120). IEEE.
Lang, M., Wiesche, M., & Krcmar, H. (2018). Criteria for selecting cloud service providers: A delphi
study of quality-of-service attributes. Information & Management, 55(6), 746–758. https://doi.
org/10.1016/j.im.2018.03.004
Leidner, D. E., & Kayworth, T. (2006). Review: A review of culture in information systems research:
Toward a theory of information technology culture conflict. MIS Quarterly, 30(2), 357–399.
https://doi.org/10.2307/25148735
Leimeister, S., Böhm, M., Riedl, C., & Krcmar, H. (2010). The business perspective of cloud comput-
ing: Actors, roles and value networks, ECIS 2010. Association for Information Systems.
Lian, J.-W., Yen, D. C., & Wang, Y.-T. (2014). An exploratory study to understand the critical factors
affecting the decision to adopt cloud computing in Taiwan Hospital. International Journal of
Information Management, 34(1), 28–36. https://doi.org/10.1016/j.ijinfomgt.2013.09.004
Lin, A., & Chen, N.-C. (2012). Cloud computing as an innovation: Percepetion, attitude, and adop-
tion. International Journal of Information Management, 32(6), 533–540. https://doi.org/10.1016/
j.ijinfomgt.2012.04.001
 ACCOUNTING FORUM 25

Lyytinen, K., & Rose, G. M. (2003). Disruptive information system innovation: The case of internet
computing. Information Systems Journal, 13(4), 301–330. https://doi.org/10.1046/j.1365-2575.
2003.00155.x
Marston, S., Li, Z., Bandyopadhyay, S., Zhang, J., & Ghalsasi, A. (2011). Cloud computing: The
business perspective. Decision Support Systems, 51(1), 176–189. https://doi.org/10.1016/j.dss.
2010.12.006
Masterman, M. (2016). PWC launches holistic cloud solution. Accountsdaily. https://www.
accountantsdaily.com.au/technology/8913-pwc-launches-holistic-cloud-solution
Middleton, S. G. (2012). The economics fueling IT cloud computing. The Journal of Equipment
Lease Financing (Online), 30(2), C1.
Mihai, G. (2015). Cloud ERP and cloud accounting software in Romania. Annals of Dunarea De Jos,
University of Galati: Fascicle 1: Economics and Applied Informatics, 1, 61–66.
Minichiello, V., Aroni, R., & Hays, T. (2008). In-depth interviewing: Principles, techniques, analysis
(Vol. 3). Pearson Education Australia.
Moll, J., & Yigitbasioglu, O. (2019). The role of internet-related technologies in shaping the work of
accountants: New directions for accounting research. The British Accounting Review, 51(6).
https://doi.org/10.1016/j.bar.2019.04.002
Montgomerie, J., & Roscoe, S. (2013). Owning the Consumer: Getting to the core of the Apple
business model. Accounting Forum, 37(4), 290–299. https://doi.org/10.1016/j.accfor.2013.06.003
National Institute of Standards and Technology (NIST). (2011). The NIST definition of cloud com-
puting. http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf
Păcurari, D., & Nechita, E. (2013). Some considerations on cloud accounting. Studies and Scientific
Researches: Economic Edition, 18, 193–198.
Partington, D. (Ed.). (2002). Essential skills for management research. Sage.
Patton, M. Q. (2002). Qualitative research and evaluation methods. (3rd ed.). Sage Publications.
Poba-Nzaou, P., Raymond, L., & Fabi, B. (2014). Risk of adopting mission-critical OSS applications:
An interpretive case study. International Journal of Operations & Production Management, 34
(4), 477–512. https://doi.org/10.1108/IJOPM-03-2012-0117
Prichici, C., & Ionescu, BŞ. (2015). Cloud accounting: A new paradigm of accounting policies. SEA-
Practical Application of Science, 7, 489–496.
Repschlaeger, J., Wind, S., Zarnekow, R., & Turowski, K. (2013, August 15–17). Decision model for
selecting a cloud provider: A study of service model decision priorities. AMCIS 2013 Proceedings.
Riggins, F. J., & Dewan, S. (2005). The digital divide: Current and future research directions. Journal
of the Association for Information Systems, 6(12), 13.
RightScale. (2018). Cloud computing trends: 2018: State of the cloud survey, Flexera. https://www.
flexera.com/blog/cloud/2018/02/cloud-computing-trends-2018-state-of-the-cloud-survey/
RightScale. (2019). Cloud Computing Trends: 2018: State of the Cloud Survey, Flexera. https://
www.flexera.com/blog/cloud/2019/02/cloud-computing-trends-2019-state-of-the-cloud-survey/
Rudansky-Kloppers, S., & Van den Bergh, K. (2019). The absorption and usage of cloud accounting
technology by accounting firms in Cape Town for services provided to their clients. African
Journal of Science, Technology, Innovation and Development, 11(2), 161–180. doi:10.1080/
20421338.2018.1550933
Ruan, K. (2013). Cybercrime and cloud forensics: Applications for investigation processes.
Information Science Reference.
Rui, G. (2007). Information systems innovation adoption among organizations-a match- based fra-
mework and empirical studies (Doctoral dissertation). National University of Singapore. https://
core.ac.uk/download/pdf/48629863.pdf
Schermann, M., Dongus, K., Yetton, P., & Krcmar, H. (2016). The role of transaction cost econ-
omics in information technology outsourcing research: A meta-analysis of the choice of contract
type. The Journal of Strategic Information Systems, 25(1), 32–48.
Scott, J. E. (2007, June 3–6). An e-transformation study using the technology-organization-
environment framework. In BLED 2007 Proceedings (pp. 55).
26 D. YAU-YEUNG ET AL.

Senyo, P. K., Addae, E., & Boateng, R., (2018). Cloud computing research: A review of research
themes, frameworks, methods and future research directions. International Journal of
Information Management, 38(1), 128–139.
Senarathna, I., Yeoh, W., Warren, M., & Salzman, S. (2016). Security and privacy concerns for
Australian SMEs cloud adoption: Empirical Study of Metropolitan vs Regional SMEs.
Australasian Journal of Information Systems, 20, 1–20. https://doi.org/10.3127/ajis.v20i0.1193
Shkurti, R., & Muça, E. (2014). An analysis of cloud computing and its role in accounting industry
in Albania. Journal of Information Systems & Operations Management, 1, 1–12.
Soni, R., Saluja, R., & Vardia, S. (2018). Awareness and Adoption of Cloud Accounting Software: An
Empirical Research. IUP Journal of Accounting Research & Audit Practices, 17(2).
Sukumar, A., Edgar, D., & Grant, K. (2011). An investigation of e-business risks in UK SMEs. World
Review of Entrepreneurship, Management and Sustainable Development, 7(4), 380–401. https://
doi.org/10.1504/WREMSD.2011.042892
Tadros, E., & Redrup, Y. (2018). Xero only firms a challenge for MYOB, financial review. https://
www.afr.com/technology/xeroonly-firms-a-challenge-for-myob-20181009-h16en8
Tornatzky, L. G., & Fleischer, M. (1990). The processes of technological innovation. Lexington, MA:
DC Heath & Company.
Tornatzky, L. G., Fleischer, M., & Charkrabarti, A. K. (1991). Processes of technological innovation.
Lexington, MA: Lexington Books Lexington Books.
Vecchiola, C., Pandey, S., & Buyya, R. (2009, December 1416). High-performance cloud computing:
A view of scientific applications. In 2009 10th International Symposium on Pervasive Systems,
Algorithms, and Networks (ISPAN).
Vithayathil, J. (2018). Will cloud computing make the information technology (IT) department
obsolete? Information Systems Journal, 28(4), 634–649. https://doi.org/10.1111/isj.12151
Weir, G., Aßmuth, A., Whittington, M., & Duncan, B. (2017). Cloud accounting systems, the audit
trail, forensics and the EU GDPR: How hard can it be? Paper presented at the British Accounting
& Finance Association (BAFA) Annual Conference 2017.
William Buck. (2013). CFO Pulse, October/November 2013. https://4bdaj26zxj22ajrno3tfo51x-
wpengine.netdna-ssl.com/wp-content/uploads/2018/09/The_CFO_Pulse-_OctNov_2013_
Results.pdf
Williams, M. I. (2010). A quick start guide to cloud computing: Moving your business into the cloud
(1st ed.). Kogan Page.
Williamson, O. E. (1981). The economics of organization: The transaction cost approach. American
Journal of Sociology, 87, 548–577. https://doi.org/10.1086/227496
Williamson, O. E. (1985). The economic institutions of capitalism: Firms, markets, relational con-
tracting. Free Press.
Williamson, O. E. (2013). The transaction cost economics project: The theory and practice of the gov-
ernance of contractual relations. Edward Elgar.
Williamson, O. E. (2014). The transaction cost economics project. Montenegrin Journal of
Economics, 10(1), 7–11.
XeroApps. (2020). Xero App marketplace. https://apps.xero.com/au
Yigitbasioglu, O. M. (2014). Modelling the intention to adopt cloud computing services: A trans-
action cost theory perspective. Australasian Journal of Information Systems, 18(3), 193–210.
https://doi.org/10.3127/ajis.v18i3.1052
Yigitbasioglu, O. M. (2015). External auditors’ perceptions of cloud computing adoption in
Australia. International Journal of Accounting Information Systems, 18(3), 46–62. https://doi.
org/10.1016/j.accinf.2015.09.001
Zhang, L., & Gu, W. (2013). The simple analysis of impact on financial outsourcing because of the
rising of cloud accounting. Asian Journal of Business Management, 5(1), 140–143. https://doi.
org/10.19026/ajbm.5.5822