FREE ELECTRONIC LIBRARY - Abstracts, online materials

Pages:   || 2 |


-- [ Page 1 ] --


Vol 4, No 1, 2012 ISSN: 1309-8055 (Online)



Abu Bakar Malami

International Islamic University Malaysia


E-mail: amalams2008@yahoo.com

Zaini Zainol

International Islamic University Malaysia

Senior Lecturer

E-mail: zzaini@iium.edu.my

Sherliza Puat Nelson International Islamic University Malaysia Senior Lecturer E-mail: sherliza@iium.edu.my ─


─ Internal control system is an important pillar in an organisation. Considering the evidence from major accounting fraud cases that occurred consequence to weak internal control, such as Enron, it could also occur in a financial institution.

Hence, the objective of this study is to investigate the bank managers’ opinion on the likelihood of security threats in the computerised banking systems (CBS) in Malaysia. Since most major financial institutions operate in the capital city of Kuala Lumpur, questionnaires were sent to selected bank branches in Kuala Lumpur. The findings are expected to provide a platform for bank managers to share their threats’ experience. Secondly, to assist them in designing and formulating a sound and effective internal control system that will provide reasonable assurance for achieving the bank’s mission. Findings are also expected to provide general insights of internal control system, as most information is very remote and confidential, thus generate a platform for promoting an efficient and effective internal control practice in financial institutions.

Key Words: Threats, Internal Control, CBS, Malaysia JEL Classification: M15, M41, M40


Vol 4, No 1, 2012 ISSN: 1309-8055 (Online)

1. INTRODUCTION The increase use and the surge reliance on technological facilities by individuals, corporations, and governments in performing an effective and efficient operation of their daily business activities (Davis, 2001), had change the length of information dissemination, more especially in the IT based organization.

Consequently, the risk to ensure adequate security of information system has significantly increased (Musa, 2006a). Jackson (2000) highlighted that loss of information or a breach of security could be financially devastating. Similarly, Jin and Cheng (2005) contended that loss of confidential data or the destruction of information assets would financially harms organizational reputation. The growth use of the Internet by IT based institutions has heightened the threat of cybercrimes, and also it evolved a medium for some people to commit other computer related crimes. According to the National Institute of Standards and Technology (2005) IT based organization are more vulnerable to various threats which could directly or indirectly cause various types of damages that may cause asubstantial financial loss. These damages may range from human based threats, technological based threats, and natural and/or environmental threats.

The implication of these threats would adversely implicate an organizational database integrity that may cause destruction of the entire organizational database.

In view of this, there is need for organizations to carefully and cautiously explore and understand the major threats facing their information system, so that, appropriate security control measures should be properly devised against information security risk. The objective of the paper are; (1) to offer discussion on the potential threats in computerized banking systems by reviewing literature; (2) to investigate the threats that likely to face the Malaysian’s computerized banking system.

The structure of this paper is organized as follows. The next section discusses the review of related literature regarding the issue of information system security threats, followed by the methodology applied in this study, while the next section demonstrates the empirical findings as well as the discussion of the research.

Finally, the paper concludes by proposing some recommendations.

2. LITERATURE REVIEW Statistic shows that financial institutions play a vital role to the growth of global economic activities (Casolaro and Gobbi, 2004). According to Treasury Malaysia, industries within the Malaysian service sector (i.e. financial & insurance industries) played a pivotal role to the Malaysian service GDP in 2008, in which


Vol 4, No 1, 2012 ISSN: 1309-8055 (Online) the finance and insurance services, accounted for 21 percent of the GDP.1 Also, Bank Negara Malaysia (BNM) in its 2010 Annual Report demonstrated that the sector has the largest contribution to the Malaysian economic growth contributing

3.9 percentage points to the overall GDP growth2. As such the sector has to be given due consideration that would help it improves its performance.

The rapid change in information technology, the wide spread of user-friendly devices and the dependence of organizations on information system to execute their various operations have increased various threats to information system security which in turn adversely affect the business operation (Chang and Jan, 2010; Musa, 2006a, 2010; Sun et al., 2006; Kankanhalli et al., 2003; Salehi et al., 2010). Specifically, the growing dependent on the computerized information systems by banking and financial sector in executing its business operations have made it impossible to separate information technology (IT) from the business of the banks and the financial institutions (Beheshti, 2004). Thus, the need for focused attention on the issues of the information systems security risk in computerized system and the security controls to safeguard information and information systems (Musa, 2004).

Empirically, Loch et al. (1992) conducted a study on threats to information security. The findings of their study revealed that unintentional human based threats, natural disaster threats and technological based threats were ranked among the major threats challenging Egyptian banking industry. In replication of the work of Loch et al., (1992) Davis (1996) study revealed that employees’ entry of bad data and the accidental destruction of data as well as the computer viruses were considered to be the most threats in a microcomputer environment.

However, unauthorized access to data and /or system by employees’ accidental entry of bad data by employees and poor segregation of duties were rated as the major threats to the mid-range computer environment. Musa (2006a) investigated and evaluated the existence and adequacy of implemented accounting information system security control in the Saudi organizations in order to prevent, detect, and control accounting information system security breaches. He found out that there were adequate implementations of controls to the Saudi organizations’ accounting information system security. Similarly, Musa (2006b) investigate the perceived security threats to computerized accounting information system in the Egyptian banking industry by surveying the entire population of the EBI. His study revealed that accidental entry of bad data by employees, introduction of computer Treasury Malaysia, Economic Report 2009/2010, 2009 Bank Negara Malaysia Annual report 2010 (http//www.tindakmalaysia.com)


Vol 4, No 1, 2012 ISSN: 1309-8055 (Online) viruses to the system, natural and human made disasters, employees sharing of passwords, misdirecting of prints and distribution of information to unauthorized people were found the most significant perceived security threats to CAIS in the EBI.

3. RESEARCH METHODOLOGY The current study is empirical by nature; the data of this study were collected using a postal self-administered questionnaire. The questionnaires have been distributed to the selected 201 banks branches operating in Kuala Lumpur, Malaysia. The questionnaire was adapted from the work of (Musa, 2006b). The respondents were asked to indicate the degree of occurrences of each security threats by indicating one among the five available options: that range from ‘Not likely to occur’ to ‘most likely to occur’.

Cross-tabulation statistics of the collected data were designed to gain better understanding of the research variables. Out of 201 questionnaires distributed to target respondents (i.e. Bank Branch Managers) only seventy six were returned representing 38.0% of the response rate. We divided type of threats into five categories namely human threats-unintentional, human threats-intentional, technological threats, natural threats, and environmental threats (www.sans.org/).


4.1 Respondent profile Table 1 indicates different types of bank branches considered in the study. The results show that conventional bank has the highest rate of percentage with 78.9% (60) whereas Islamic bank has frequency of 16 indicating 21.1% of the total branches. In term of working experience, 40 (52.6%) of the respondents stated that they were working in their current position for more than ten years. While 36 (47.4%) of the respondents reported to have less than ten years’ working experience in the observed bank branches. From the statistic, it could be inferred that since the majority of the respondents were in their current positions for more than ten years, they were expected to have capability, skills and knowledge about their jobs, and thus, that may increase the accuracy and reliability of their responses.


Vol 4, No 1, 2012 ISSN: 1309-8055 (Online)

–  –  –

4.2.1 Human Unintentional Threats This variable attempted to determine how banks’ branch manager perceived the possibility of human accidental threats in their banks. As human being is the engine of an organization be it IT based or not, they are considered to be one of the threats to the banks. Table 2 shows the rates of accidental human threats among the respondents from different types of banks’ branches. The results revealed that majority of the respondents from all the banks’ branches alleged that their banks were very likely to have faced unintentional human threats with 26 (34.2%), which constituted approximately one-third of the respondents. Also, 18 (23.7%) believed that their banks were likely to confront this type of threats.

However, 14 (18.4%) and 11 (14.5%) responded that their banks’ branches were not likely or least likely to face such threats respectively.


Vol 4, No 1, 2012 ISSN: 1309-8055 (Online) In light of this, it could be said that all the three banks’ branches were confronted with this type of threats. This might be the result of lack of technical and/or adequate knowledge among the employees to operate the system. To mitigate the likelihood of this threat; continual training of employees should be scheduled and computer system and/or robot system should be put in place to substitute human services. Prior studies (Loch et al., 1992; Neumann, 1995; Baskerville, 1996;

Cohen, 1997) confirmed that human unintentional threats were the most significant threats against the information system. However, Paul and Baskerville (2005) longitudinal study of information system threat contradicted prior studies that human unintentional errors were the major threats to information system.

Their results indicated that the threats appeared to be insignificant and a poorly recognized issue for information systems security. The result of their study was also inconsistent with this current study as the findings of this current study indicated high level of the likelihood of this threat.

4.2.2 Human Intentional Threats This variable starts to explore the view of banks’ managers on the likelihood of intentional threats. Deliberate human threats is one of the major threats that challenging institutions, as there were disgruntle employees, hackers among other, that deliberately stole an organization’s resources for their personal uses. The research findings depicted that a total of 15 respondents (19.7%) reported that their banks did not encounter any of this type of threats as shown in Table 2. A similar number of respondents supported this view when they said that their banks were less likely to have faced this threat. However, a relatively large percentage (28.9%) of respondents declared that they were likely challenged by this kind of threats in their bank branches. Thus, 18 (23.7%) believed that their banks were very likely to have faced the threat. With few respondents representing (7.9%) declared that they were most likely to be attacked by the threat. Overall, the banks’ branches were somewhat challenged with this threat, most of the respondents were of the belief that they were likely or even very likely to face this type of threat. In this regard, the banks should reconsider reviewing their management philosophy and style. More especially, when it comes to training of employees thereby intensifying staffs knowledge and skills that would help reduce the occurrences of accidental errors. Similarly, recruitment policies and procedures such as background check of employees to avoid employing dishonest or untruthful personnel in the banks.


Vol 4, No 1, 2012 ISSN: 1309-8055 (Online) 4.2.3 Technology Based Threats Development and rapid adoption of technology by institutions have increased technological threats, especially in the IT based organizations such as banks.

Therefore, this variable attempted to determine the likely occurrences of this threat in the Malaysian computerized banking system.

Technological threats are inevitable in almost every organization. More especially the IT based organizations (e.g. Banks), the results demonstrated that 19 (25.0%) and 20 (26.3%) of the respondents reported that they were likely and very likely to have confronted with technological threat in their respective banks (Table 2).

Pages:   || 2 |

Similar works:

«IN THE UNITED STATES BANKRUPTCY COURT FOR THE NORTHERN DISTRICT OF ALABAMA SOUTHERN DIVISION In re: ) ) ) Elnora Macklin, ) Case No.: 05-12750-BGC-13 ) Debtor. ) ) Elnora Macklin, ) ) Plaintiff, ) ) vs. ) A. P. No.: 08-00013-BGC-13 ) Jefferson Finance, LLC, ) ) Defendant. ) Memorandum Opinion on MOTION FOR SUMMARY JUDGMENT1 I. Background The defendant’s Motion for Summary Judgment is the latest phase in a lengthy dispute between these parties. The following is a summary of that dispute. The...»

«_ Identifying Potential Dropouts: Key Lessons for Building an Early Warning Data System A Dual Agenda of High Standards and High Graduation Rates _ A white paper prepared for Staying the Course: High Standards and Improved Graduation Rates, a joint project of Achieve and Jobs for the Future, funded by Carnegie Corp. of New York Prepared for Achieve, Inc., by Craig D. Jerald President, Break the Curve Consulting PART I. INTRODUCTION Last year many of America’s political, business, and...»

«FITCH RATES RYANAIR HOLDING PLC 'BBB+'; OUTLOOK STABLE Fitch Ratings-New York/London-16 May 2014: Fitch Ratings has assigned Ryanair Holdings plc (RYA) a 'BBB+' Long-term Issuer Default Rating (IDR). The Outlook is Stable. Ryanair's low cost advantage and substantial liquidity are key drivers of the rating. The company's high margins, significant cash generation, and financial flexibility further differentiate RYA from most airline peers. RYA's solid capacity for meeting its financial...»

«New OECD Publication, October 2010 © Robert Young Fotolia.com Paying for Biodiversity Enhancing the cost-effectiveness of payments for ecosystem services Executive summary Biodiversity and ecosystems provide invaluable services to society. These include food, clean water, genetic resources, recreational services, flood protection, nutrient cycling and climate regulation, amongst many others. Ecosystem services provide critical life support functions and benefits, contributing to human health,...»

«Preparation of Detailed Project Report for Municipal Solid Waste Management in ULBs of Andhra Pradesh. (Zone-II: East Godavari & West Godavari) Draft DPR (Revised) TANUKU September, 2016 Submitted To: Andhra Pradesh Urban Finance and Infrastructure Development Corporation (APUFIDC) Submitted by: Darashaw and Co. Pvt. Ltd. In JV with PBS Consultancy Services Hyderabad. Preparation of Detailed Project Reports for Implementation of Draft Detailed Project Report Municipal Solid Waste Management in...»

«econstor A Service of zbw Leibniz-Informationszentrum Wirtschaft Make Your Publication Visible Leibniz Information Centre for Economics O'Neill, Jim; Terzi, Alessio Working Paper Changing trade patterns, unchanging European and global governance Bruegel Working Paper, No. 2014/02 Provided in Cooperation with: Bruegel, Brussels Suggested Citation: O'Neill, Jim; Terzi, Alessio (2014) : Changing trade patterns, unchanging European and global governance, Bruegel Working Paper, No. 2014/02 This...»

«WHY HEALTH IS NOT SPECIAL: ERRORS IN EVOLVED BIOETHICS INTUITIONS* By Robin Hanson I. Introduction There is a widespread feeling that health is special; the rules that are usually used in other policy areas are not applied in health policy. Health economists, for example, tend to be reluctant to offer economists’ usual prescription of competition and consumer choice, even though they have largely failed to justify this reluctance by showing that health economics involves special features such...»

«BUDGET, FINANCE AND PERSONNEL COMMTTEE May 19, 2009 2:00 P.M. Councilwoman Berz, Chairwoman, called the meeting of the Budget, Finance and Personnel Committee to order with Councilpersons Ladd, Scott, McGary, Benson and Gilbert present. Councilmen Rico and Robinson joined the meeting later. City Attorney Michael McMahan and Shirley Crownover, Assistant Clerk to the Council, were also present. Others present included Dan Johnson, Richard Beeland, Chief Parker and Daisy Madison. COUNCIL’S...»

«Minutes of the Municipal District of Ennis Meeting held on Tuesday December 2nd, 2014, at 3.30 p.m. in the Council Chamber, Áras an Contae, New Road, Ennis, Co. Clare.Present: Councillors: J. Flynn, J. Breen, T. Mc Namara, P. Daly, A. Norton, M. Howard, P. Murphy, C. Colleran Molloy. Officials: Ger Dollard, Director of Services, Eamon O’Dea, Senior Executive Engineer, Catherine O’ Hara, Meetings Administrator & Fiona Whelan, Staff Officer. Item No. 1. Minutes of November monthly meeting...»

«Proceedings of the Second European Academic Research Conference on Global Business, Economics, Finance and Banking (EAR15Swiss Conference) ISBN: 978-1-63415-477-2 Zurich-Switzerland, 3-5 July, 2015 Paper ID: Z549 Business University Student Entrepreneurial Competencies: Towards Readiness for Globalization Nerisa Paladan, Faculty of School of Business and Social Sciences, International University of Grand-Bassam, Ivory Coast. E-mail: paladan.n@iugb.edu.ci _ Abstract Business School around the...»

«How Do Capital Markets Influence Product Market Competition? MICHAEL H. RIORDAN Department of Economics and Graduate School of Business, Columbia University, New York, NY 10027, USA. E-mail: mhr21@columbia.edu Abstract. This article is the written version of the author’s keynote presentation to the inaugural International Industrial Organization Conference held in Boston on April 4-5, 2003. It summarizes selectively a literature on the interaction between the capital and product markets at...»

«Strengthening Subnational Finance in LDCs UNCDF | FFDO/UN-DESA Informal Background Paper In preparation for the Asia Expert Group Meeting on “Implementing the Addis Ababa Action Agenda and the Sustainable Development Goals at the Local Level” Table of Contents (I) Setting the stage – Municipal finance and the 2030 Agenda for Sustainable Development. 4 Localizing the new global development agenda Financing challenges at the local level Special challenges for subnational finance in LDCs...»

<<  HOME   |    CONTACTS
2017 www.abstract.dislib.info - Abstracts, online materials

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.