Ahmad A. Abu‐Musa scite author profile

2008

Purpose -The purpose of this paper is to investigate empirically the impact of emerging information technology (IT) on internal auditors' (IA) activities, and to examine whether the IT evaluations performed in Saudi organizations vary, based on evaluation objectives and organizational characteristics. Design/methodology/approach -A survey, using a self-administered questionnaire, is used to achieve these objectives. About 700 questionnaires were randomly distributed to a sample of Saudi organizations located in five main Saudi cities. In total, 218 valid and usable questionnairesrepresenting a 30.7 percent response rate -were collected and analyzed using Statistical Package for Social Sciences -SPSS version 15. Findings -The results of the study reveal that IA need to enhance their knowledge and skills of computerized information systems (CIS) for the purpose of planning, directing, supervising and reviewing the work performed. The results of the study are consistent with Hermanson et al. that IA focus primarily on traditional IT risks and controls, such as IT data integrity, privacy and security, asset safeguarding and application processing. Less attention has been directed to system development and acquisition activities. The IA's performance of IT evaluations is associated with several factors including: the audit objectives, industry type, the number of IT audit specialists on the internal audit staff, and the existence of new CIS. Practical implications -From a practical standpoint, managers, IA, IT auditors, and practitioners alike stand to gain from the findings of this study. Originality/value -The findings of this study have important implications for managers and IA, enabling them to better understand and evaluate their computerized accounting systems.

Perceived Security Threats of Computerized Accounting Information Systems in the Egyptian Banking Industry

2006

This paper investigates the perceived security threats to computerized accounting information systems (CAIS) in the Egyptian banking industry (EBI) by surveying the entire population of the EBI. Differences between the respondents' opinions regarding the perceived security threats have been identified and investigated in the context of the EBI. The results of the study reveal that accidental entry of bad data by employees, accidental destruction of data by employees, introduction of computer viruses to the system, natural and human-made disasters, employees' sharing of passwords, and misdirecting prints and distributing information to unauthorized people are the most significant perceived security threats to CAIS in the EBI. In all cases, the heads of internal audit departments reported higher occurrence frequencies of CAIS security threats compared to the heads of computer departments.

Information security governance in Saudi organizations: an empirical study

2010

PurposeThis paper seeks to empirically examine the existence and implementation of information security governance (ISG) in Saudi organizations.Design/methodology/approachAn empirical survey, using a self‐administered questionnaire, is conducted to explore and evaluate the current status and the main features of ISG in the Saudi environment. The questionnaire is developed based on ISG guidelines for boards of directors and executive management issued by the Information Technology (IT) Governance Institute and other related materials available in the literature. A total of 167 valid questionnaires are collected and processed using the Statistical Package for Social Sciences, version 16.FindingsThe results of the study reveal that although the majority of Saudi organizations recognize the importance of ISG as an integrant factor for the success of IT and corporate governance, most of them have no clear information security strategies or written information security policy statements. The majority of Saudi organizations have no disaster recovery plans to deal with information security incidents and emergencies; information security roles and responsibilities are not clearly defined and communicated. The results also show that alignment between ISG and the organization's overall business strategy is relatively poor and not adequately implemented. The results also show that risk assessment procedures are not adequately and effectively implemented, ISG is not a regular item in the board's agenda, and there are no properly functioning ISG processes or performance‐measuring systems in the majority of Saudi organizations. Accordingly, appropriate actions should be taken to improve implementing and measuring the ISG performance in Saudi organizations.Originality/valueFrom a practical standpoint, managers and practitioners alike stand to gain from the findings of this study. The results of the paper enable them to better understand and evaluate ISG and to champion IT development for business success in Saudi organizations.

Investigating the Perceived Threats of Computerized Accounting Information Systems in Developing Countries: An Empirical Study on Saudi Organizations

Journal of King Saud University - Computer and Information Scie

2006

Exploring the importance and implementation of COBIT processes in Saudi organizations

Info Mngmnt & Comp Security

2009

PurposeThe purpose of this paper is to explore the importance and implementation of the Control Objectives for Information and Related Technology (COBIT) processes in Saudi organizations.Design/methodology/approachAn empirical survey, using a self‐administered questionnaire, was conducted to achieve this purpose. A total of 500 questionnaires were distributed to a selected sample of organizations in Saudi Arabia. Of these, 127 valid questionnaires – representing 25.4 percent response rate – were collected and analyzed using the Statistical Package for Social Sciences (SPSS) version 16.FindingsThe results of this paper reveal that the majority of respondents perceive the importance of the COBIT processes and domains, but a lower percentage believe that such processes are adequately implemented in their organizations. It is observed that banks, financial institutions, and service organizations show more concern and application of COBIT processes compared with other organizations. The results also reveal that IT specialists, internal auditors, and executive managers perceive and appreciate the importance of COBIT processes more than the others.Practical implicationsThe results of this paper will enable Saudi organizations to better understand, implement, evaluate, and manage information technology governance (ITG) for their businesses success. The paper provides useful information for executive managers, IT managers, accountants, auditors, and academics to understand the implementation phase and impact of COBIT on ITG in Saudi organizations.Originality/valueThe paper provides useful information for executive managers, IT managers, accountants, auditors, and academics, to understand the implementation phase and impact of COBIT on ITG in Saudi organizations.