Securing Information Technology for Banks and Accounting Information Systems

摘要

This research examines three types of information security and control procedures for organizations especially banks that are expect to be use within Accounting Information Systems (AIS): security and general control for banks; security and general control for Information Technology (IT); and application controls for transaction processing. To achieve these objectives, the study adopted a semi-structured interviews conducted within 11 banks listed in Amman Stock Exchange in 2017 and welling to participate. The participants are computer security practitioners and accountants as four individuals from each bank to gain a deep insight about the information security and control procedures during their activities. This study found that banks, to be able to protect themselves against computer fraud, formulate control procedures relate to input controls, processing controls, output controls, and physical security. Furthermore, banks and accountants in their practice adapted several methods for mitigating computer crimes and abuses as follows: Enlist top-management support; Increase employee awareness and education; Assess security measures and protects passwords; Implement controls which based on the believe that most computer crimes and abuse succeed because of the absence of control rather than the failure of control. The study found that the solution to the computer-security problems of most banks is straightforward: design and implement control. This means that accountants install control procedures to deter computer crimes and managers enforce them, and both internal and external auditors test them. Furthermore, the study found that no bank Employ forensic accountants in the normal situation. Top managers in many banks explain that when a bank suspects an ongoing computer crime or fraud, it can hire forensic accountants to investigate its problems, document findings, and make recommendations. Accountants may use specialized software tools to help them perform their tasks. Good security for banks starts with a clear disaster recovery plan and a solid security policy are not applied and many banks are not conducting a risk assessment procedure, which may open a window for further research.