Vol. 24, No. 1, June 2008 (41 - 67)
Investigating Perceived Security Threats of Computerized Accounting Information Systems An Empirical Research applied on Jordanian banking sector Dr. Talal H. Hayale University of Windsor Ontario-Canada Dr. Husam A. Abu Khadra The Arab Academy for Banking and Financial Sciences Amman-Jordan
Abstract Theobjective of this study is to investigate perceived security threats of Computerized Accounting Information Systems (CAIS) that face Jordanian domestic banks. An empirical survey using self-administrated questionnaire has been carried out to achieve the above-mentioned objective. The study results reveal that accidental entry of “bad" data by employees, accidental destruction of data by employees;intentional entry of "bad” data by employees and employees' sharing passwords are the top four security threats that face domestic banks. The paper concludes that most security threats that face domestic banks are internally generated and unintentional. Introduction Over the last decade, an evolution of auditing and accounting development occurred as an irreversible movement toward the“electronization” of the business process. For example, an increasing amount of information that supports significant financial statement assertion is electronically initiated, recorded, processed and reported by information technology systems, which entail progressively incorporating technology into auditing and accounting work (Greenstein and Vasarhelyi, 2000). Many efforts appeared to evolve the audit modeltoward a more actiondriven method of control, revision and assurance, (Timothy et al, 1998). Several professional committees have undertaken this endeavor, such as AICPA with the introduction of SAS No.941 in 2001. However, these
AICPA, Auditing Standards Board. “SAS No. 94: The Effect of Information Technology on the Auditor’s Consideration of Internal Control in a Financial StatementAudit”. April 2001. This SAS spots the light on the effect of information technology on the auditor’s consideration in a financial statement audit; moreover, it tries to provide guidance to auditors about the effect of IT on internal controls 1 1 1 which were programmed or built into the software, and confirms that these controls should be tested and included in the audit strategy (Kinsun Tam, 2002).Dr. Talal Hayale, Dr. Husam Abu Khadra
initiatives were in the form of general instructions, and nothing specific can be considered as detailed guidance to the auditors in their work. Accordingly, the responsibility has increased dramatically on the accounting profession, to recognize and assess the threats which are associated with Control Systems (CS) in the IT environment.This partly due to the fact that technology in many cases developed faster than the advancement in CS, (Ryan & Bordoloi, 1997). The objective of this article is to investigate the security threats that Computerized Accounting Information Systems (CAIS) encounter, and to identify the most frequent threats faced by the Jordanian domestic banks. This review contributes effectively in highlighting theareas that need more focusing and attention to minimize the effect of these threats to banks that could result from losing critical information. According to the information available to the researchers to date, there has been no empirical study in this area in the Jordanian environment. The aim of this article is to address the following questions: 1. What are the most security threatschallenging CAIS in Jordanian domestic banks? 2. Are there significant differences among respondents in the study sample (Internal Auditors and Head of Computer Departments (HOCD)) in respect of the perceived security threats. Literature Review The concept of internal control over security threats is as old as accounting itself (Henry, 1997); however, it has only attracted attention since the beginning...