Search results

This chapter adopts Porter’s ‘audit trinity’ approach comprising internal audit, external audit and audit committee to discuss the role auditing can play in the management of corporate fraud.

The chapter maps the historical background of and the developments in external audit as an assurance service, the internal audit function and the audit committee. Based on this, it explains the nature, types and possible causes of corporate fraud within the context of business risk with a view to establishing how auditing can help in managing such frauds.

The chapter highlights the relationships that should exist between the three audit types in order to support a sound internal control system as a tool for preventing and detecting corporate fraud.

The chapter identifies cost, opportunity, connivance and managerial override as factors that could limit the ability of auditing to manage corporate fraud. It also suggests ways of addressing these limitations.

As the current upward trend in IT adoption for corporate operations continue to open new sets of corporate fraud windows, this chapter examines how an entity’s internal controls can be used to prevent and detect these growing fraud schemes.

The chapter’s unique strength is its adoption of a holistic approach to auditing to suggest ways of managing corporate fraud – a novelty in the corporate fraud literature. It is hoped that future research in the area will bring empirical insights to the issues raised and perspectives covered in the chapter.

Computerized accounting information systems (CAIS) are becoming more readily available to all types and sizes of business. The increased growth in real‐time and online data processing in CAIS has made access to these systems more available and easier for many users. Therefore, implementing adequate security controls over organisations, CAIS and their related facilities has become a necessity. The main objective of this article is to investigate the adequacy security controls implemented in the Egyptian banking industry (EBI) to preserve the confidentiality, integrity and availability of the banks' data and their CAIS through a proposed security controls check‐list. The security controls check‐list of CAIS was developed based on the available literature and the empirical results of previous studies. It includes many security counter‐measures that are empirically tested here for the first time. The entire population of the EBI has been surveyed in this research. The significant differences between the two respondent groups had been investigated. The statistical results revealed that the vast majority of Egyptian banks had adequate CAIS security controls in place. The results also revealed that the heads of computer departments (HoCD) paid relatively more attention to technical problems of CAIS security controls. This study has provided invaluable empirical results regarding inadequacies of implemented CAIS security controls in the EBI. Accordingly some recommendations were suggested to strengthen the security controls in the Egyptian banking sector.

The main objective of the paper is to investigate the existence and adequacy of implemented Computerized Accounting Information Systems (CAIS) security controls to prevent, detect and correct security breaches in Saudi Arabian organizations. This is the first part of a two‐part paper on the subject.

This paper presents and examines the literature review related to CAIS security controls.

Finds that the results of the study will enable managers and practitioners to better secure their CAIS and to champion IT development for the success of their business.

This paper fills a vacuum by conducting research in Saudi Arabia, a developing country, whereas previous research has mainly involved developed countries.

Procuring relief products and services is a challenging process for humanitarian organizations (HOs), yet it accounts for approximately 65% of relief operations’ costs (Moshtari et al., 2021). This paper aims to examine how procurement internal controls, materials and purchasing procedure standardization influence information integration and procurement performance.

In this study, partial least square structural equation models and multigroup analysis were used to analyze data collected from 170 HOs.

Procurement internal controls and material and purchasing procedure standardization fully mediate between information integration and procurement performance.

The study focuses only on HOs. Since humanitarian procurement projects take place over a period of several years, it is difficult to capture the long-term effects of information integration, procurement internal controls, material and purchasing procedure standardization and procurement performance. In this regard, a longitudinal study could be undertaken, provided that the required resources are available.

Procurement managers should implement information integration practices within acceptable procurement internal controls and standardize material and purchasing procedures to boost procurement performance.

By integrating information through procurement internal controls and standardizing material and purchasing procedures, procurement performance in a humanitarian setting can be systematically optimized.

The purpose of this chapter is to investigate what internal auditors see as a need for improvement regarding current business risk practices for controlling employee fraud. A survey of internal auditors compares perceptions of current versus desired situations in regard to six common practices of employee fraud risk management: training in fraud risk management, understanding how job procedures are designed to manage fraud risks, recognizing basic indicators of fraud, providing appropriate employee compensation incentives, reporting suspicions of fraud, and background verification of job applicants. Comparisons for each practice are made between the United States and Canada.The main finding is that the largest weakness in the employee fraud risk management practices relates to providing employees with training in their risk management programs. Seemingly related deficiencies are also indicated in both employee understanding of how their job procedures are designed to manage fraud risks and the ability of employees to recognize basic indicators of fraud. No measure of fraud prevention is more important than those involving the employees who actually conduct the affairs of an organization. The identification and ranking of gaps in employee fraud risk management practices can be used to make a case to deal with areas needing improvement.

With the popularity of electronic commerce, many organizations are facing unprecedented security challenges. Security techniques and management tools have caught a lot of attention from both academia and practitioners. However, there is lacking a theoretical framework for information security management. This paper attempts to integrate security policy theory, risk management theory, control and auditing theory, management system theory and contingency theory in order to build a comprehensive theory of information security management (ISM). This paper suggests that an integrated system theory is useful for understanding information security management, explaining information security management strategies, and predicting management outcomes. This theory may lay a solid theoretical foundation for further empirical research and application.

Various organizational landscapes have evolved to improve their business processes, increase production speed and reduce the cost of distribution and have integrated their Internet with small and medium scale enterprises (SMEs) and third-party vendors to improve business growth and increase global market share, including changing organizational requirements and business process collaborations. Benefits include a reduction in the cost of production, online services, online payments, product distribution channels and delivery in a supply chain environment. However, the integration has led to an exponential increase in cybercrimes, with adversaries using various attack methods to penetrate and exploit the organizational network. Thus, identifying the attack vectors in the event of cyberattacks is very important in mitigating cybercrimes effectively and has become inevitable. However, the invincibility nature of cybercrimes makes it challenging to detect and predict the threat probabilities and the cascading impact in an evolving organization landscape leading to malware, ransomware, data theft and denial of service attacks, among others. The paper explores the cybercrime threat landscape, considers the impact of the attacks and identifies mitigating circumstances to improve security controls in an evolving organizational landscape.

The approach follows two main cybercrime framework design principles that focus on existing attack detection phases and proposes a cybercrime mitigation framework (CCMF) that uses detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface. The methods and implementation processes were derived by identifying an organizational goal, attack vectors, threat landscape, identification of attacks and models and validation of framework standards to improve security. The novelty contribution of this paper is threefold: first, the authors explore the existing threat landscapes, various cybercrimes, models and the methods that adversaries are deploying on organizations. Second, the authors propose a threat model required for mitigating the risk factors. Finally, the authors recommend control mechanisms in line with security standards to improve security.

The results show that cybercrimes can be mitigated using a CCMF to detect, assess, analyze, evaluate and respond to cybercrimes to improve security in an evolving organizational threat landscape.

The paper does not consider the organizational size between large organizations and SMEs. The challenges facing the evolving organizational threat landscape include vulnerabilities brought about by the integrations of various network nodes. Factor influencing these vulnerabilities includes inadequate threat intelligence gathering, a lack of third-party auditing and inadequate control mechanisms leading to various manipulations, exploitations, exfiltration and obfuscations.

Attack methods are applied to a case study for the implementation to evaluate the model based on the design principles. Inadequate cyber threat intelligence (CTI) gathering, inadequate attack modeling and security misconfigurations are some of the key factors leading to practical implications in mitigating cybercrimes.

There are no social implications; however, cybercrimes have severe consequences for organizations and third-party vendors that integrate their network systems, leading to legal and reputational damage.

The paper’s originality considers mitigating cybercrimes in an evolving organization landscape that requires strategic, tactical and operational management imperative using the proposed framework phases, including detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface, which is currently inadequate.

The purpose of this paper is to present an argument for the use of cognitive interviews to be use in financial crime investigations. In particular, the paper argues that the components of cognitive interview make it useful for financial crime investigators to gather and collate information on financial criminality.

The paper chronicles the literature on cognitive interviews to critically evaluate its usefulness in previous studies.

A critical examination of the literature shows that cognitive interviews were successfully used in a variety of circumstances. Despite its difficulties, the empirical evidence reveals that cognitive interview fared well in laboratory studies across different (and vulnerable) population groups.

There is evidence to suggest that cognitive interviews can be an effective technique to interview witnesses of financial crimes. The fact that white-collar criminals, more often than not, comes from a “gentleman background” and are not accustomed to the role of “criminal suspect,” makes cognitive interview techniques a useful tool for fraud investigators.

To the author’s knowledge, this is the first paper of its kind to conduct a thorough literature review and apply cognitive interview techniques to financial crime investigation.

To provide financial institutions an overview of the developments in cybersecurity regulation of financial institutions during 2015 by the United States, the United Kingdom, and the European Union, as well as guidance for developing effective cyber-risk management programs in light of evolving cyber-threats and cyber-regulatory expectations.

Reviews US, UK and EU regulatory developments in the cybersecurity area and provides several best practice tips financial institutions should consider and implement to improve their cybersecurity compliance programs.

While cyber-threats and financial regulators’ expectations for cyber-security are constantly evolving, recent guidance and enforcement efforts by the US, UK and EU illustrate the need for financial institutions to develop effective cybersecurity programs that address current regulatory compliance requirements and prepare for emergency cyber responses.

Financial institutions should utilize the Federal Financial Institutions Examination Council’s Cybersecurity Assessment Tool to assess their cyber-risk profile and cyber-preparedness.

Practical guidance from experienced financial regulatory and privacy lawyers that provides a survey of the current regulatory environment and recommendations for cyber-security compliance.

The purpose of this paper is to conceptualize detectives in police investigations as knowledge workers.

The paper is based on a literature review covering knowledge organizations, police organizations, police investigations, and detectives as knowledge workers.

The paper finds that the changing role of the detective as a resource influences investigation performance in solving complex and organized crime.

This exploratory research provides no final conclusions.

Leadership in police investigations needs to focus on knowledge management among detectives rather than information collection in each criminal case.

Until this paper, the secretive nature of the detective world has been unexplored by manpower researchers.