Search results

The Prevention and Combating of Corrupt Activities Act, Act 12 of 2004, was instituted to curb corrupt activities. It imposes a duty on people in positions of authority to report corrupt or suspected corrupt activities and related activities. However, auditors are not listed in this Act as persons in a position of authority. This article discusses whether, despite the fact that the Prevention and Combating of Corrupt Activities Act does not place such a reporting duty on an auditor, auditors nevertheless have a duty in terms of other legislation to report any unlawful activities that they uncover in the course of their work, or which they suspect to have been committed. The article also examines whether auditors are required to consider the risk of corruption.

Many unanswered questions remain regarding the authors’ understanding of how entrepreneurship can be fostered in the public sector. To fill this knowledge gap, the purpose of this paper is to conduct an empirical investigation to determine the relationship between different organisational factors and entrepreneurial orientation (EO) in the South African public sector.

Primary data are sourced from middle-level managers at municipalities in the three largest provinces across South Africa. Hypotheses are statistically tested using regression analyses.

Results reveal that the organisational antecedents of structure and culture explain a significant amount of variation in the EO dimensions of innovativeness, risk taking and proactiveness. Additionally, the findings on organisational rewards converge with an emerging stream of research which highlights that while rewards works well to motivate individuals in the private sector, they are negatively correlated with entrepreneurship in the public sector.

The study implications relate to the efficiency and effectiveness of service delivery of municipalities in South Africa. Due to increases in community protest actions, it is necessary not only to maximise efficiency in the provision of services, but also to innovate and be proactive in order to achieve more with less resources.

By investigating previously unrelated factors in the public sector, the authors create closer conceptual and empirical links between the role of organisational factors and each of the EO dimensions. Furthermore, the study takes place in a relatively under-researched entrepreneurship and public sector context.

This study aims to compare judicial and auditor expectations of audit in the detection and reporting of money laundering in Iran. It also aims to assess the implications of expectations gap for the reliability of data provided to the Financial Action Task Force (FATF) in its blacklisting policy.

Questionnaires were administered to auditors to determine perceptions of their anti-money laundering (AML) reporting obligations. These were also completed by Iranian judges who hear money laundering prosecutions and who agreed to participate in the research. The group was created through the “snowballing” technique.

There is significant divergence between judges and auditors regarding the latter’s AML reporting obligations. Self-perception among auditors regarding investigative duties is insufficiently aligned with expectations of the FATF, particularly where there is use of corporate structures, charities and trusts in which identity of true owners, of payers and payees of funds cannot be accurately verified. This gap presents a significant terrorist financing risk.

The expectations gap makes training in forensic accounting, as well as compliance with international reporting expectations, a matter of urgency for the Iranian auditing profession. The judiciary needs to be more aware of international expectations.

Data regarding judicial expectations of auditors’ AML reporting obligations is difficult to obtain and of a highly sensitive nature. This research has obtained such data which has relevance to the FATF blacklisting policy, and to international organisations tasked with disrupting terrorist financing networks.

This article aims to review popular frameworks used to examine fraud and earmarks three areas where there is considerable scope for academic research to guide and inform important debates within organisations and regulatory bodies.

The article reviews published fraud research in the fields of auditing and forensic accounting, focusing on the development of the dominant framework in accounting and fraud examination, the fraud triangle. From this review, specific avenues for future research are identified.

Three under-researched issues are identified: rationalisation of fraudulent behaviours by offenders; the nature of collusion in fraud; and regulatory attempts to promote whistle-blowing. These topics highlight the perspective of those directly involved in fraud and draw together issues that have interested researchers in other disciplines for decades with matters that are at the heart of contemporary financial management across the globe.

In spite of the profound economic and reputational impact of fraud, the research in accounting remains fragmented and emergent. This review identifies avenues offering scope to bridge the divide between academia and practice.

A survey is here systematically conducted to analyse auditors’ perceptions of dysfunctional auditing behaviour (DAB). As a result of many accounting scandals and litigations faced by audit firms, this paper aims to assess whether factors leading to DAB are embedded in audit firms’ practices.

The sample used in this study comprises auditors at all levels of employment with the big four audit firms in the United Kingdom (UK). DAB is analysed using two signals/indicators: premature sign-off and under-reporting of chargeable time. Time budget pressure and time deadline pressure are the factors considered here as potentially pushing auditors to exhibit DAB. A careful and considered analysis and interpretation is here articulated. Additionally, the sample individuals are divided into audit trainees and experienced auditors to assess any potential differences in the perception of DAB that reflect the experience factor.

Coordination with internal auditors, different perceptions between audit trainees and experienced auditors of dysfunctional behaviour, working during their personal time and the box-ticking exercise are amongst the findings that may help practitioners to understand the reasons behind dysfunctional behaviour and identify measures to mitigate it.

The study can aid concerned executives and audit partners to minimise DAB related to different time pressures by casting light on the key ethical issues. The study is conducted on a sample of the big four firms in the UK covering all organisational structure. It assesses if experience plays a role in the perception of DAB.

Employee behaviour is a continuous concern owing to the number of information security incidents resulting from employee behaviour. The purpose of this paper is to propose an approach to information security culture change management (ISCCM) that integrates existing change management approaches, such as the ADKAR model of Prosci, and the Information Security Culture Assessment (ISCA) diagnostic instrument (questionnaire), to aid in addressing the risk of employee behaviour that could compromise information security.

The ISCCM approach is constructed based on literature and the inclusion of the ISCA diagnostic instrument. The ISCA diagnostic instrument statements are also presented in this paper. The ISCCM approach using ISCA is illustrated using data from an empirical study.

The ISCCM approach was found to be useful in defining change management interventions for organisations using the data of the ISCA survey. Employees’ perception and acceptance of change to ensure information security and the effectiveness of the information security training initiatives improved significantly from the as-is survey to the follow-up survey.

The research illustrates the ISCCM approach and shows how it should be combined with the ISCA diagnostic instrument. Future research will focus on including a qualitative assessment of information security culture to complement the empirical data.

Organisations do not have to rely on or adapt organisational development approaches to change their information security culture – they can use the proposed ISCCM approach, which has been customised from information security and change management approaches, together with the presented ISCA questionnaire, to address information security culture change purposefully.

The proposed ISCCM approach can be applied to complement existing information security management approaches through a holistic and structured approach that combines the ADKAR model, Prosci’s approach of change management and the ISCA diagnostic instrument. It will enable organisations to focus on transitioning to a positive or desired information security culture that mitigates the risk of the human element in the protection of information.

It is well‐known that the primary threat against misuse of private data about individuals is present within the organisation; proposes a system that uses intrusion detection system (IDS) technologies to help safeguard such private information. Current IDSs attempt to detect intrusions on a low level whereas the proposed privacy IDS (PIDS) attempts to detect intrusions on a higher level. Contains information about information privacy and privacy‐enhancing technologies, the role that a current IDS could play in a privacy system, and a framework for a privacy IDS. The system works by identifying anomalous behaviour and reacts by throttling access to the data and/or issuing reports. It is assumed that the private information is stored in a central networked repository. Uses the proposed PIDS on the border between this repository and the rest of the organisation to identify attempts to misuse such information. A practical prototype of the system needs to be implemented in order to determine and test the practical feasibility of the system. Provides a source of information and guidelines on how to implement a privacy IDS based on existing IDSs.

This study aims to investigate the relationship between perceived usefulness, ease of use and adoption of online banking by customers in the Indian context. Using the technology acceptance model (TAM) as the base, this study underscores the importance of perceived enjoyment, security and trust in influencing customer satisfaction.

Using a structured survey instrument, this paper gathered data from 476 respondents in the southern part of India. First, the instrument’s psychometric properties were tested, and hypotheses were tested using Hayes’s PROCESS macros.

The results indicated that (i) perceived usefulness and perceived ease of use are positively related to the attitude of the consumers to use online banking, (ii) attitude to use is positively related to adoption intention and (iii) adoption intention positively predicts customer satisfaction. The results also reveal that (i) perceived enjoyment moderates the relationship between attitude to use and adoption intention, (ii) trust moderates the relationship between adoption intention and customer satisfaction and (iii) security (second moderator) moderates the moderated relationship between trust (first moderator) and adoption intention on customer satisfaction.

As with any survey research, self-report measures have the inherent problems of common method bias and social desirability bias. However, the authors have taken adequate care to minimize these limitations. In addition, the research has implications for consumer behavior concerned with online banking.

This study contributes to both practicing managers and the literature on online banking. The study suggests that bank managers need to focus on ensuring security and earning customers’ trust to motivate them to adopt online banking.

The study contributes to society by unraveling the antecedent conditions leading to accepting innovative changes initiated by banks. Especially in rural and cooperative banks, customers adopting online banking helps save their time and energy in visiting the physical locations of banks.

This study provides new insights into the complex relationships among variables contributing to customer satisfaction. The double-layered moderated moderated-mediation conceptual model developed and tested in this study is a novel idea that makes a significant contribution to the growing literature on online banking.

Despite the widespread use of authentication schemes and the rapid emergence of novel authentication schemes, a general set of domain-specific guidelines has not yet been developed. This paper aims to present and explain a list of human-centered guidelines for developing usable authentication schemes.

The guidelines stem from research findings within the fields of psychology, human–computer interaction and information/computer science.

Instead of viewing users as the inevitable weak point in the authentication process, this study proposes that authentication interfaces be designed to take advantage of users’ natural abilities. This approach requires that one understands how interactions with authentication interfaces can be improved and what human capabilities can be exploited. A list of six guidelines that designers ought to consider when developing a new usable authentication scheme has been presented.

This consolidated list of usable authentication guidelines provides system developers with immediate access to common design issues impacting usability. These guidelines ought to assist designers in producing more secure products in fewer costly development cycles.

Cybersecurity research and development has mainly focused on technical solutions to increase security. However, the greatest weakness of many systems is the user. It is argued that authentication schemes with poor usability are inherently insecure, as users will inadvertently weaken the security in their efforts to use the system. The study proposes that designers need to consider the human factors that impact end-user behavior. Development from this perspective will address the greatest weakness in most security systems by increasing end-user compliance.

The purpose of this paper is to discuss and theorise on the appropriateness and potential impact of risk homeostasis in the context of information security.

The discussion is mainly based on a literature survey backed up by illustrative empirical examples.

Risk homeostasis in the context of information security is an under-explored topic. The principles, assumptions and methodology of a risk homeostasis framework offer new insights and knowledge to explain and predict contradictory human behaviour in information security.

The paper shows that explanations for contradictory human behaviour (e.g. the privacy paradox) would gain from considering risk homeostasis as an information security risk management model. The ideas discussed open up the prospect to theorise on risk homeostasis as a framework in information security and should form a basis for further research and practical implementations. On a more practical level, it offers decision makers useful information and new insights that could be advantageous in a strategic security planning process.

This is the first systematic comprehensive review of risk homeostasis in the context of information security behaviour and readers of the paper will find new theories, guidelines and insights on risk homeostasis.