Investigating the Perceived Threats of Computerized Accounting Information Systems in Developing Countries: An Empirical Study on Saudi Organizations
Dr Ahmad A. Abu-Musa (Department of Accounting & MIS, KFUPM, Saudi Arabia)
Abstract
The objective of this paper is to investigate the significant perceived security threats of computerized accounting information systems (CAIS) in Saudi organizations. An empirical survey using a self-administered questionnaire has been carried out to achieve this objective. The survey results revealed that almost half of the responded Saudi organizations have suffered financial losses due to internal and external CAIS security breaches. The statistical results also revealed that accidental and intentional entry of bad data; accidental destruction of data by employees; employees’ sharing of passwords; introduction of computer viruses to CAIS; suppression and destruction of output; unauthorized document visibility; and directing prints and distributed information to people who are not entitled to receive are the most significant perceived security threats to CAIS in Saudi organizations. Accordingly, it is recommended to strengthen the security controls over the above weaken security areas and to enhance the awareness of CAIS security issues among Saudi organizations to achieve better protection to their CAIS.
Conclusion
The main objective of this paper was to investigate the significant perceived security threats of CAIS, through their frequency of occurrence, in the Saudi organizations. A list of CAIS security threats was developed based on the previous studies (for example, Loch et al., 1992; Davis, 1996 and Henry, 1997, and Abu-Musa 2001) and available literature in this area. However, some other security threats were suggested and included in this list to be investigated for the first time in the Saudi environment. The results reported that accidental and intentional entry of bad data by employees, accidental destruction of data by employees, introduction of computer viruses to the system, employees’ sharing of passwords; suppression and destruction of output; unauthorized document visibility; and misdirecting prints and distributing information to people not entitled to receive them are the most perceived significant security threats to CAIS in the Saudi organizations. Accordingly, it is recommended to strength the implemented security controls over the weak point to provide a better protection to CAIS against these perceived security threats.
The results of Kruskal-Wallis test show that there are no significant differences between different organizations’ types regarding the frequency of occurrence of CAIS security threats in the Saudi environment (except for accidental and intentional destruction of data by employees). However, further research could be undertaken to extend and improve this research. The current research intended to investigate the security threats of CAIS in the Saudi organizations. More research is needed to have evidence from other developing countries. A comparative study could be carried out to investigate the significant differences between developing and developed countries regarding the CAIS security issues investigated.