The Role of the Mechanisms of Information Technology Governance in Activating the Risk Management of Computerized Accounting Information Systems According to (NIST800-37) Framework of Internal Control (An analytical Study of a Sample of Joint Stock Compan

Shiler A. Rasheed akrayi; Osama Hussein Ali

doi:10.25212/lfu.qzj.5.3.20

Authors

Shiler A. Rasheed akrayi Department of Accounting, college of Administration & Economic, University of Duhok, Duhok, Iraq.
Osama Hussein Ali Department of Accounting, college of Administration & Economic, University of Duhok, Duhok, Iraq.

DOI:

https://doi.org/10.25212/lfu.qzj.5.3.20

Keywords:

IT Governance, Risk Management, accounting information system, IT Risk, NIST, Auditor, Joint Stock Company.

Abstract

This study assesses and analyzes the reality of the mechanisms of information technology governance and risk management of computerized accounting information systems, in addition to testing and analyzing their relationships. It highlights the effect of using the mechanisms of information technology governance in reducing the risks of computerized accounting information systems in business organizations in the Kurdistan Region of Iraq. The aim of this study is to identify the availability of mechanisms of information technology governance in business organizations in the Kurdistan Region, the risks of
computerized accounting information systems and how to manage them as well as the inadequacy of controls for the security of these systems.
In order to achieve these goals, four main hypotheses are adopted and directed to test the reality of the research variables. The study adopts the descriptive analytical method within the framework of the theoretical presentation of the research and variables, and uses the statistical analysis in writing the practical side of the study. Data is collected through a questionnaire to obtain the opinions of 56 auditors and managers of joint-stock companies in the Kurdistan Region of Iraq.
The research reached a set of findings and recommendations, the most prominent of which is that the mechanisms of information technology governance has a role in activating risk management of computerized accounting information technology, and that the mechanisms of information technology governance has an effect on risk management of computerized
accounting information systems. The most important recommendation is the need for organizations to adopt internal control frameworks related to protecting computerized accounting information systems to protect them from the risks related to them.

Downloads

Download data is not yet available.

References

Grewal, Peter and Knutsson, Fredrik. (2005). IT Governance in a global logistics company. Goteborg. Sweden, Master thesis, Gothenburg University, Department of Informatics, Sweden.

Taiwo, J.N. Edwin, Agwu M. (2016). Effect of ICT on Accounting Information System and Organizational Performance. Journal of European law review, Vol. 8 (6), pp. 1-17.

Lim, Francis Pol C. (2013). Impact of Information Technology on Accounting Systems, Asia-pacific Journal of Multimedia Services Convergent with Art. Journal of Humanities, and Sociology, Vol. 3 (2), pp. 93-106.

Wiedenhoft, Guilherme Costa, Luciano, Edimara Mezzomo and Magnagnagno, Odirlei Antonio. (2017). Information technology governance in public organizations: identifying mechanisms that meet its goals while respecting principles system. Journal of Information Systems and Technology Management. Vol. 14, 1, pp. 69-78 .

Alhassan, Mohammed Mahfouz and Adjei-Quaye, Alexander.(2017). Information Security in an Organization, International Journal of Computer, Vol.24,No.1.

Mirela Gheorghe.(2010).Audit Methodology for IT governance ,journal of Informatica economica Vol.14, NO,1, Bucharest

Chaudhry, Junaid & Ibrahim, Ahmed & Valli,Craig & McAtter,Ianm (2028), A security review of local government using NIST CSF: A case study,Journal of Supercomputing,.DOI: https://doi.org/10.1007/s11227-018-2479-2.

Al-Zwyalif, Inaam,(2013), IT governance and its impact on the usefulness of accounting information reported in financial statement, International Journal of Business and Social Science, Vol.4,NO.2.

Hossin, Adel Mohamed & Ayedh, Abdullah Mohammed, (2016), “The risks of electronic accounting information system in the central bank of Libya”, South East Asia Journal of Contemporary Business, Economics and Law, Vol. 10 (1).

C) Books:

Grembergen, Wim Van. (2004). Strategies for Information technology governance: Idea Group Publishing, USA.

Stoneburner, Gary; Goguen, Alice, & Feringa, Alexis. (2002). Risk Management Guide for Information Technology Systems, National Institute of Standards and Technology. Gaithersburg, Maryland, USA.

Michael, M.G. and Michael, Katina. (2014). Uberveillance and the Social Implications of Microchip Implants: Emerging Technologies, IGI Global, USA

Ross.W,Jeanne, Weil,Peter,(2004),IT governance, Harvard Business school press bosten, UK.

D) Standards and other related material:

CobiT 4.1. Framework. (2007). IT Governance Institute, Rolling Meadows. Illinois, SAD. USA.

ISO. (2015). Quality management principles. International Organization for Standardization. Switzerland.

CNSS. (2010). National Information Assurance (IA) Glossary. Committee on National Security Systems, USA.

ISACA. (2008). Definitions, Information Systems Audit and Control Association. USA.

NIST. (2018). Risk Management Framework for Information Systems and Organizations،: National Institute of Standards and Technology publisher. USA.

NIST. (2019). NIST risk management framework webcast. USA, NIST.

E) Others:

- Grembergen,Wim Van & Joshi, Anant & Huygh, Tim & De Haes, Steven, (2018) An Empirical Assessment of Shared Understanding in IT Governance Implementation, Hawaii International conference on system Sciences.

- Lukács, Adrienn, (2016), “what is privacy? The history and definition of privacy”, Tavaszi Szél Tanulmánykötet, Budapest, 15-17 April, Hungary.