One of the most important studies in this field was conducted by Loch et al. Henry (1997) conducted a survey to determine the nature of accounting systems and security in use. Henry's survey results showed that 80.3 percent of companies supported their accounting systems.
Physical security and system change authorization are used by less than 40 percent of respondents. The results of the study reinforced the need for better security control in most of the companies surveyed. Descriptive statistics (such as frequencies and percentages) of the collected data were performed to identify the main characteristics of the research variables.
In the next part, a brief description of the research sample and the profile of the respondents will be presented; and key research findings will be discussed. Twenty-one respondents from the retail trade—representing 15.4 percent of the total response—participated in the survey. Additionally, 6 respondents in each of the service organization and oil and gas industry categories participated in the current survey.
27 respondents (about 20 percent) were managers; 16 respondents (about 12 percent) were internal auditors and a similar number of respondents were controllers.
Accidental entry of bad data by employees
Reported security losses ranged from SR 10,000 in some organizations to over 200 million in some financial institutions. Statistical findings regarding perceived security threats to CAIS in Saudi organizations will be presented and discussed in the following sections. The result is an indication of the high frequency of accidental entry of bad data by employees in Saudi organizations.
Intentional entry of bad data by employees
Accidental destruction of data by employees
Intentional destruction of data by employees
Unauthorized access to the data and / or system by employees
Unauthorized access to the data and / or system by outsiders
Employees’ sharing of passwords
Natural disasters
Disasters of human origin
Introduction (entry) of computer viruses to the systems
Suppression or destruction of output
Creation of fictitious / incorrect output
Theft of data / information
The vast majority of respondents (around 70 percent) indicated that theft of data/information is rare in their organizations, as it may occur less than once a year; and 9.6 of the respondents reported that theft of data/information never occurred in their organizations. However, 13.2 percent of respondents believed that it could happen once a year to monthly and the minority of respondents (less than 9 percent) believed that theft of data/information happened more than once a year to monthly. The results suggested that theft of data / information has a low level incidence in the Saudi organizations.
Unauthorized copying of output
Unauthorized document visibility
Unauthorized printing and distribution of data / information
The results provide evidence of the low frequency of suppression and unauthorized dissemination of information in Saudi organizations.
Directing prints and distributed information to people not entitled to receive The statistics revealed that 55.1 percent of respondents indicated that this threat
Sensitive documents are handed to non- security cleared personnel for shredding
Interception of data transmissions
The results demonstrate the low frequency of interception of data transmissions from remote locations in Saudi organizations.
Discussion of the Results
Previous studies have also shown that, with the right professional help, human errors can be easily corrected or significantly reduced. According to Haugen and Selin (1999) unintentional actions, although sometimes costly, can be corrected or avoided through training and supervision. Deliberate actions such as entering bad data, destroying data, introducing computer viruses, generally fall under the name of computer crime.
These crimes can be sabotage aimed at destroying CAIS components or acts of computer fraud where the intention is to steal money, data, computer time and/or services. It would also include manipulative activities such as deleting or altering records and files to remove harmful information or create false information. However, according to the results of the current study, it appears that the deliberate entry of bad data by employees is a low security threat in Saudi organizations.
Deliberate entry of bad data is more likely to be associated with computer crimes such as computer fraud. However, there are many possible reasons for committing computer crimes such as embezzlement and computer fraud. According to Haugen and Selin (1999), employees may commit such computer crimes and steal from the company they work for, the more common reasons being revenge, overwhelming personal debt, substance abuse and lack of internal controls.
The results tend to provide evidence of consistent perception regarding the significant CAIS security threats in Saudi organizations. The results of the Kruskal-Wallis test (Appendix 2) showed no significant differences between different Saudi organizations regarding the frequency of occurrence of CAIS security threats, except for accidental and intentional destruction of data by employees (at significance level p = 0.05). It is also noted that banks and financial institutions as well as other organizations offering Internet services reported higher perception of the occurrence of such security threat compared to other organizations.
Conclusion and Recommendations for Further Research
Consequently, it is recommended to strengthen the implemented security controls over the weak point to provide a better protection to CAIS against these perceived security threats. The results of Kruskal-Wallis test show that there are no significant differences between different organization types regarding the frequency of occurrence of CAIS security threats in the Saudi environment (except for accidental and intentional destruction of data by employees). The current research was intended to investigate the security threats of CAIS in the Saudi organizations.
A comparative study could be conducted to examine the significant differences between developing and developed countries with respect to the CAIS security issues investigated. 2001), Evaluating the Security of Computerized Accounting Information Systems:. An Empirical Study of Egyptian Banking Industry", Ph.D. 2003), "The Perceived Threats to the Security of Computerized Accounting Information Systems", The Journal of American Academy of Business, Cambridge, USA, Vol. Marston (1991), "The Role of Internal Auditor in the Prevention and Detection of Computer Fraud", Public Money and Management, winter, p. 1999), "Managing and controlling computer misuse", Information Management &. 1990), "Accounting irregularities and Computer Fraud", National Public Accountant, (Vol.. 1994), "Internal Control Checklist for Hospitality Computer Systems", Bottom Line, (Vol Perceived Security Threats to Today's Accounting Information Systems: A Survey of CISAs ”, IS Revision & Kontrol Journal, (Volume 3) , pp.
Selin (1999), "Identifying and Controlling Computer Crime and Employee Fraud", Industrial Management and Information Systems, (Vol. Ivancevich, (2000) "Information Technology-Related Activities of Internal Auditors", Journal of Information Systems, (Supplement, Vol. 14, issue 1), pp. Yang (1998), "Impact of Banking Information Systems Security on Banking in China: The Case of Large State Owned Banks in Shenzhen Economic Special Zone - An Introduction", Journal of Global Information Management, (Volume 6, no. 3), p.
Wright Business and Audit Risks Associates With ERP Systems: Knowledge Differences between Information Systems Audit Specialists and Financial Auditors", Journal of Information Systems, binnenkort beschikbaar. 37] National Institute of Standards and Technology (2003), Computer Security Division, Information Technology Laboratory, Standards for Security Categorization of Federal Information and Information Systems, Initial Publication Draft, versie 1.0, mei.38] OESO (Organisatie voor Economische Samenwerking en Ontwikkeling) (1992), Guidelines for the Security of Information Systems, The Council of the OECD, 26 november.
1976), Crime By Computer, Charles Scribner's Sons, New York. 1990), "Computer Related Crimes: An Educational And Professional Challenge", Managerial Auditing Journal, (Vol. 5, Iss. 4), p. Bordoloi (1997), "Evaluating Security Threats in Mainframe and Client/Server Environments", Information & Management, (Vol. 32, No. 3), p. 1987), Computers, Business and Security, Butterworth Publishers, London. 53] White, Gayle Webb and Sheila J Pearson (2001), "Controlling Business Email, Computer Use and Computer Security"; Information management and computer security, Vol.
My research topic is "Investigating the Perceived Threats of Computerized Accounting Information Systems in Developing Countries: An Empirical Study on Saudi Organizations". The research objective is to investigate the significant perceived threats of computerized accounting information systems in Saudi companies.
Your Accounting Information System
Assessment of the Threats of Accounting Information Systems
ﺮﻃﺎﳐ ﺔﻴﺒﺳﺎﶈا تﺎﻣﻮﻠﻌﳌا ﻢﻈﻧ ﻦﻣأ
ﺔﻳدﻮﻌﺴﻟا تﺄﺸﻨﳌا ﻰﻠﻋ ﺔﻴﻧاﺪﻴﻣ ﺔﺳارد
ﺪﲪأ ﺪﺒﻋ
ﻢﺴﻗﺔﺒﺳﺎﶈا
ﺔﻌﻣﺎﺟﻚﻠﳌا
ﺚﺤﺒﻟا ﺺﺨﻠﻣفﺪﻬﻳ
اﺬﻫ ﺔﻴﺴﻴﺋﺮﻟا ﺮﻃﺎﺨﳌا رﺎﺒﺘﺧإو ﻰﻠﻋ فﺮﻌﺘﻟا ﱃإ ﺚﺤﺒﻟا
ﻦﻣأ دﺪ ﱵﻟا
ﺔﻳدﻮﻌﺴﻟا تﺄﺸﻨﳌا ﰲ ﺔﻴﻧوﱰﻜﻟﻹا ﺔﻴﺒﺳﺎﶈا تﺎﻣﻮﻠﻌﳌا ﻢﻈﻧﺪﻘﻟو
ﻰﻠﻋ ﺔﻴﻧاﺪﻴﻣ ﺔﺳارد ﻞﻤﻌﺑ ﺚﺣﺎﺒﻟا مﺎﻗ
ﺔﻳدﻮﻌﺴﻟا تﺄﺸﻨﳌا
ﺎﻣﺪﺨﺘﺴﻣ ﺖﺤﺿوأ ﺪﻘﻟو .ضﺮﻐﻟا اﺬﳍ ًﺎﺼﻴﺼﺧةﺪﻌﻣ ءﺎﺼﻘﺘﺳإ ﺔﻤﺋﺎﻗ ﻚﻟذ ﰱ
رﺪﻟا ﺔﺠﻴﺘﻧ ﺔﺳا
نأ
ﺐﺒﺴﺑ ﻚﻠﺗ جرﺎﺧو ﻞﺧاد ﻦﻣ صﺎﺨﺷأ ﺔﻄﺳاﻮﺑ ﺔﻴﺒﺳﺎﶈا تﺎﻣﻮﻠﻌﳌا ﻢﻈﻧ ﻦﻣأ ﻰﻠﻋ تﺎﻳﺪﻌﺘﻟا
تﺎﻣﻮﻠﻌﳌا ﻢﻈﻧ ﻦﻣأ دﺪ ﱴﻟا ﺮﻃﺎﺨﳌا ﻢﻫأ نأ ﺔﺳارﺪﻟا ﺞﺋﺎﺘﻧ ﲑﺸﺗوﺔﻴﻧوﱰﻜﻟﻹا
ﺴﻟا تﺄﺸﻨﳌا ﰱ ﺔﻳدﻮﻌ
تﺎﻧﺎﻴﺒﻟ ﺪﻤﻌﺘﳌا ﲑﻏو ﺪﻤﻌﺘﳌا لﺎﺧدﻹا ﰱ ﻞﺜﺘﲤﲑﻏ
ﻦﻣ تﺎﻧﺎﻴﺒﻠﻟ ﺪﻤﻌﺘﳌا ﲑﻏ ﲑﻣﺪﺘﻟا ﻚﻟﺬﻛو ﺔﻤﻴﻠﺳ
ﺪﻌﻳ ﺎﻤﻛ .ةﺄﺸﻨﳌا ﻰﻔﻇﻮﻣ ﻞﺒﻗكاﱰﺷإ
لﺎﺧدإو ؛ﺮﺴﻟا تﺎﻤﻠﻛ ﺲﻔﻧ ماﺪﺨﺘﺳإ ﰱ تﺄﺸﻨﳌا ﻰﻔﻇﻮﻣ
مﺎﻈﻨﻟا ﱃإ تﺎﺳوﲑﻓ
ﱮﺳﺎﶈاﻟاو ؛ﱮﺳﺎﶈا مﺎﻈﻨﻟا تﺎﺟﺮﳐ ﺾﻌﺑ ﺲﻤﻃ وأ ﲑﻣﺪﺗو
تﺎﻣﻮﻠﻌﳌاﺔﻣﺎﳍا
ﺐﺳﺎﳊا تﺎﺟﺮﳐ ﺾﻌﺑ ﻪﻴﺟﻮﺗ ﻚﻟﺬﻛو ؛ﺎﻬﻴﻠﻋ عﻼﻃﻹﺎﺑ ﻢﳍ ﺺﺧﺮﻣ ﲑﻏ صﺎﺨﺷﻹ
ﱃﻷاﱃإ
ﻴﻋﺪﺘﻟ ﺔﺤﻠﻣ ﺔﺟﺎﳊا وﺪﺒﺗ ﰒ ﻦﻣو .ﺔﻳدﻮﻌﺴﻟا تﺄﺸﻨﳌا ﰱ ﺔﻴﻧوﱰﻜﻟﻹا تﺎﻣﻮﻠﻌﳌا ﻢ
ﻂﺑاﻮﻀﻟا ﻰﻠﻋ ﺔﻴﺑﺎﻗﺮﻟا
ﺮﻃﺎﺨﳌا ﻚﻠﺘﺑ ﺔﻘﻠﻌﺘﳌا ﺔﻴﻠﺧاﺪﻟا ﺔﺑﺎﻗﺮﻟا ﻢﻈﻧ ﰱ ﻒﻌﻀﻟا طﺎﻘﻧﻚﻟﺬﻛو
تﺄﺸﻨﳌا ﻞﺧاد ﻰﻋﻮﻟا ةدﺎﻳز
ﺔﻴﺒﺳﺎﶈا تﺎﻣﻮﻠﻌﳌا ﻢﻈﻧ ﻦﻣﺄﺑ ﻖﻠﻌﺘﻳ ﺎﻤﻴﻓ ﺔﻳدﻮﻌﺴﻟاﺔﻴﻧوﱰﻜﻟﻹا
ﺪﺿ ﺔﻴﻓﺎﻜﻟاو ﺔﻣزﻻا ﺔﻳﺎﻤﳊا ﺮﻓﻮﺗ ﻰﻜﻟ
ﱴﻟا ﺔﻠﻤﺘﶈاو ﺔﻴﻟﺎﳊا ﺮﻃﺎﺨﳌادﺪ
ﻨﻟا ﻚﻠﺗ ﻦﻣأ.ﻢﻈ
