期刊名称:International Review of Management and Business Research
印刷版ISSN:2307-5953
电子版ISSN:2306-9007
出版年度:2014
卷号:3
期号:2Part 4
页码:1174-1188
出版社:Academy of IRMBR
摘要:This research examines three types of information security and control procedures for organizations that are expected to be used within Accounting Information Systems (AIS): security and general control for organizations; security and general control for Information Technology (IT), and application controls for transaction processing. In practice, this study found that banks, to be able to protect themselves against computer fraud, formulate control procedures relate to input controls, processing controls, output controls, and physical security. Furthermore, banks and accountants in their practice adapted several methods for thwarting (mitigating) computer crimes, abuses, and fraud as follows: Enlist top-management support; Increase employee awareness and education1; Assess security measures and protects passwords2; Implement controls which based on the believe that most computer crimes and abuse succeed because of the absence of control rather than the failure of control. The study found that the solution to the computersecurity problems of most banks is straightforward: design and implement control. This means that accountants install control procedures to deter computer crimes, and managers enforce them, and both internal and external auditors test them. Furthermore, the study found that no bank Employ forensic accountants in the normal situation. Top managers in many banks explain that when a bank suspects an ongoing computer crime or fraud, it can hire forensic accountants to investigate its problems, document findings, and make recommendations. Accountants may use specialized software tools to help them perform their tasks3. Good security for banks starts with a clear disaster recovery plan and a solid security policy which are not applied and many banks are not conducting a risk assessment procedure. Probably the best security investment in Jordanian banks is user training: training individual users on data recovery and ways to defeat social engineering.
关键词:Information Security; Information Technology; Control Procedures; Accounting Information Systems; Internet; Computer Abuse; Fraud; Forensic Accounting; Corporate Governance; Financial Institutions; Jordan.
