Iso 27.001
Vol. 24, No. 1, June 2008 (41 - 67)
Investigating Perceived Security Threats of Computerized Accounting Information Systems An Empirical Research applied on Jordanian banking sector Dr. Talal H. Hayale University of Windsor Ontario-Canada Dr. Husam A. Abu Khadra The Arab Academy for Banking and Financial Sciences Amman-Jordan
Abstract The objective of this study is to investigate perceived security threats of Computerized Accounting Information Systems (CAIS) that face Jordanian domestic banks. An empirical survey using self-administrated questionnaire has been carried out to achieve the above-mentioned objective. The study results reveal that accidental entry of “bad" data by employees, accidental destruction of data by employees; intentional entry of "bad” data by employees and employees' sharing passwords are the top four security threats that face domestic banks. The paper concludes that most security threats that face domestic banks are internally generated and unintentional. Introduction Over the last decade, an evolution of auditing and accounting development occurred as an irreversible movement toward the “electronization” of the business process. For example, an increasing amount of information that supports significant financial statement assertion is electronically initiated, recorded, processed and reported by information technology systems, which entail progressively incorporating technology into auditing and accounting work (Greenstein and Vasarhelyi, 2000). Many efforts appeared to evolve the audit model toward a more actiondriven method of control, revision and assurance, (Timothy et al, 1998). Several professional committees have undertaken this endeavor, such as AICPA with the introduction of SAS No.941 in 2001. However, these
1
AICPA, Auditing Standards Board. “SAS No. 94: The Effect of Information Technology on the Auditor’s Consideration of Internal Control in a Financial Statement