Search results

This study aims at investigating the extent of SysTrust’s framework (principles and criteria) as an internal control approach for assuring the reliability of accounting information system (AIS) were being implemented in Jordanian business organizations.

The study is based on primary data collected through a structured questionnaire from 239 out of 328 shareholdings companies. The survey units were the shareholding companies in Jordan, and the single key respondents approach was adopted. The extents of SysTrust principles were also measured. Previously validated instruments were used where required. The data were analysed using t-test and ANOVA.

The results indicated that the extent of SysTrust being implemented could be considered to be moderate at this stage. This implies that there are some variations among business organizations in terms of their level of implementing of SysTrust principles and criteria. The results also showed that the extent of SysTrust principles being implemented was varied among business organizations based on their business sector. However, there were not found varied due to their size of business and a length of time in business (experience).

This study is only conducted in Jordan as a developing country. Although Jordan is a valid indicator of prevalent factors in the wider MENA region and developing countries, the lack of external validity of this research means that any generalization of the research findings should be made with caution. Future research can be orientated to other national and cultural settings and compared with the results of this study.

The study provides evidence of the need for management to recognize the importance of the implementation of SysTrust principles and criteria as an internal control for assuring the reliability of AIS within their organizations and be aware which of these principles are appropriate to their size and industry sector.

The findings would be valuable for academic researchers, managers and professional accounting to acquire a better undemanding of the current status of the implementation of the SysTrust principles (i.e., availability, security, integrity processing, confidentiality, and privacy) as an internal control method for assuring the reliability of AIS by testing the phenomenon in Jordan as a developing country.

Many organisations, including professional councils, operate manually to ensure document flow to clients and stakeholders. This results in the loss of valuable documentation such as certificates and the incurring of costs due to the returning of post to the sender. The purpose of this study was to explore digital transformation of document flow at the South African Council for Social Science Professionals.

The methodological approach involved qualitative data collected through interviews, observation and document analysis in response to research questions. The study was a participatory action research project that involved collaboration between researchers and study participants in defining and solving the problem through needs assessment exercise. All three phases of participatory action research were followed, namely, the “look phase”: getting to know stakeholders so that the problem is defined on their terms and the problem definition is reflective of the community context; the “think phase”: interpretation and analysis of what was learned in the “look phase” and the “act phase”: planning, implementing, and evaluating, based on information collected and interpreted in the first two phases.

The study identified various issues relating to poor data quality, high rate of registered postal returns and non-delivery electronic messages that cannot reach all the intended recipients and accumulation of data for decades. In this regard, the study proposes a framework that can be used by SACSSP to update and verify their details on the portal, as well as digital certificates for membership.

Although the proposed framework is tailor-made for the professional council, it is not depended on prescribed technologies due to usage of open standards that can be used by industry and researchers. Therefore, it can be applied in other context where institutions such as universities communicate with many clients via postal or courier services.

The study used participatory action research involving the researchers and the organisation to solve the problem. The study presented a workflow that the council can use to ensure that the documents reach intended recipients. Furthermore, digital transformation of the process will ensure that the registered professionals are able to access their certificates online and can print them when necessary.

This paper aims to update the cybersecurity-related accounting literature by synthesizing 39 recent theoretical and empirical studies on the topic. Furthermore, the paper provides a set of categories into which the studies fit.

This is a synthesis paper that summarizes the research literature on cybersecurity, introducing knowledge from the extant research and revealing areas requiring further examination.

This synthesis identifies a research framework that consists of the following research themes: cybersecurity and information sharing, cybersecurity investments, internal auditing and controls related to cybersecurity, disclosure of cybersecurity activities and security threats and security breaches.

Academics, practitioners and the public would benefit from a research framework that categorizes the research topics related to cybersecurity in the accounting field. This type of analysis is vital to enhance the understanding of the academic research on cybersecurity and can be used to support the identification of new lines for future research.

This is the first literature analysis of cybersecurity in the accounting field, and it has significant implications for research and practice by detailing, for example, the benefits of and obstacles to information sharing. This synthesis also highlights the importance of the model for cybersecurity investments. Further, the review emphasizes the role of internal auditing and controls to improve cybersecurity.

Information systems' security is more critical than ever before since security threats are rapidly growing. Before putting in place information systems' security measures, organizations are required to determine the maturity level of their information security governance. Literature review reveals that there is no recent study on information systems' security maturity level of banks in Ethiopia. This study thus seeks to measure the existing maturity level and examine the security gaps in order to propose possible changes in Ethiopian private banking industry's information system security maturity indicators.

Four private banks are selected as a representative sample. The system security engineering capability maturity model (SSE-CMM) is used as the maturity measurement criteria, and the measurement was based on ISO/IEC 27001 information security control areas. The data for the study were gathered using a questionnaire.

A total of 93 valid questionnaires were gathered from 110 participants in the study. Based on the SSE-CMM maturity model assessment criteria the private banking industry's current maturity level is level 2 (repeatable but intuitive). Institutions have a pattern that is repeated when completing information security operations but its existence was not thoroughly proven and institutional inconsistency still exists.

This study seeks to measure the existing maturity level and examine the security gaps in order to propose possible changes in Ethiopian private banking industry's information system security maturity indicators. This topic has not been attempted previously in the context of Ethiopian financial sector.

investigate and analyze the aspects of legitimation, theorization and trends for the evolution of research in information technology governance (ITG) in Brazil, according to researchers familiar with the matter.

By means of a qualitative and quantitative research of exploratory-descriptive approach, the Delphi method was applied using a questionnaire supported by content analysis.

ITG is an increasingly interdisciplinary research field, with significant help from other fields of knowledge, such as administration, computer science and engineering. The main means of ITG publication are periodicals (MISQ, JMIS, JISTEM RESI), scientific events (AMCIS, ECIS, HICSS, EnANPAD, CONTECSI) and researchers, such as Peter Weill and Edimara Mezzomo Luciano. Best practice models are the most significant theoretical frameworks, and the main trend of research are on emerging technologies such as cloud computing and Internet of things (IoT) in the context of ITG.

To the unavailability of some researchers to participate in the second phase of the Delphi research performed, as well as the non-completion of a third Delphi round. Likewise, the “Block B (open answer questions)” it was not contemplated in the second phase for a new collection of answers, which could partially change the results presented here.

The results show important insights for ITG researchers that can allow new researches about its applications, jointly reflecting on relevant aspects for the advancement of this research field.

There are several research contributions to broaden the discussion and the evolution of this new scientific field in Brazil and that can be grouped for each set of stakeholders: academia and related researchers; the practicing community of business managers and private and public organizations; the academic legitimizing bodies; the non-academic legitimating bodies and researchers from other areas of knowledge.

ITG is a concept that emerged as part of corporate governance (CG), which has evolved as an emerging theme and is expanding in the international academic arena. However, the current stage of legitimation, theorization and trends of ITG in the Brazilian researches are lacked greater understanding, in order to provide better targeting for new researches.

Following the surge of documents laying out organizations' ethical principles for their use of artificial intelligence (AI), there is a growing demand for translating ethical principles to practice through AI governance (AIG). AIG has emerged as a rapidly growing, yet fragmented, research area. This paper synthesizes the organizational AIG literature by outlining research themes and knowledge gaps as well as putting forward future agendas.

The authors undertake a systematic literature review on AIG, addressing the current state of its conceptualization and suggesting future directions for AIG scholarship and practice. The review protocol was developed following recommended guidelines for systematic reviews and the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA).

The results of the authors’ review confirmed the assumption that AIG is an emerging research topic with few explicit definitions. Moreover, the authors’ review identified four themes in the AIG literature: technology, stakeholders and context, regulation and processes. The central knowledge gaps revealed were the limited understanding of AIG implementation, lack of attention to the AIG context, uncertain effectiveness of ethical principles and regulation, and insufficient operationalization of AIG processes. To address these gaps, the authors present four future AIG agendas: technical, stakeholder and contextual, regulatory, and process. Going forward, the authors propose focused empirical research on organizational AIG processes, the establishment of an AI oversight unit and collaborative governance as a research approach.

To address the identified knowledge gaps, the authors present the following working definition of AIG: AI governance is a system of rules, practices and processes employed to ensure an organization's use of AI technologies aligns with its strategies, objectives, and values, complete with legal requirements, ethical principles and the requirements set by stakeholders. Going forward, the authors propose focused empirical research on organizational AIG processes, the establishment of an AI oversight unit and collaborative governance as a research approach.

For practitioners, the authors highlight training and awareness, stakeholder management and the crucial role of organizational culture, including senior management commitment.

For society, the authors review elucidates the multitude of stakeholders involved in AI governance activities and complexities related to balancing the needs of different stakeholders.

By delineating the AIG concept and the associated research themes, knowledge gaps and future agendas, the authors review builds a foundation for organizational AIG research, calling for broad contextual investigations and a deep understanding of AIG mechanisms. For practitioners, the authors highlight training and awareness, stakeholder management and the crucial role of organizational culture, including senior management commitment.

Cyberattacks are becoming increasingly widespread, and cybersecurity is therefore increasingly important. Although the technological aspects of cybersecurity are its best-known characteristics, the cybersecurity phenomenon goes beyond the detection of technological impacts, and encompasses all the dimensions of an organization. This study thus focusses on an additional set of organizational elements. The key elements of cybersecurity organizational readiness depicted here are cybersecurity awareness, cybersecurity culture and cybersecurity organizational resilience (OR). This study aims to qualitatively assess small and medium enterprises’ (SMEs) overall level of organizational cybersecurity readiness.

This study focused on conducting a cybersecurity organizational readiness assessment using a sample of 53 Italian SMEs from the information and communication technology sector. Informed mixed method research, this study was conducted consistent with the principles of the explanatory sequential mixed method design, and adopting a quanti-qualitative methodology. The quantitative data were collected through a questionnaire. Qualitative data were subsequently collected through semi-structured interviews.

Although many elements of the technical aspects of cybersecurity OR have yielded very encouraging results, there are still some areas that require improvement. These include those facets that constitute the foundation of cybersecurity awareness, and, thus, a cybersecurity culture. This result highlights that the areas in need of improvement are exactly those that are most important in fighting against cyber threats via organizational cybersecurity readiness.

Although the importance of SMEs is obvious, evidence of such organizations’ attitudes to cybersecurity are still limited. This research is an attempt to depict the organizational issue related to cybersecurity, i.e. overall cybersecurity organizational readiness.