An Empirical Investigation of the Security Controls of Computerized Accounting Information Systems (CAIS) in the Selected Listed Companies in Sri Lanka

Abstract

The rapid development of IT, availability of user friendly accounting software and the increased competition have forced companies to adapt CAIS in order to remain competitive whereas threats to CAIS are unavoidable in the dynamic environment. In this scenario, security controls of CAIS are vital to the organizations. This study examines the existence and adequacy of implemented computerized accounting information system (CAIS) security controls to prevent, detect and correct security breaches in the selected listed companies in Sri Lanka. An empirical survey using a self-administered questionnaire has been carried out to achieve the objective. 41 out of 118 usable questionnaires have been collected to different types of companies representing 13 out of 20 sectors from 4th November to 10th December 2008. The results of the study spotlight a number of inadequately implemented CAIS security controls and significant differences among listed companies regarding the adequacy of implemented CAIS security controls. Based on the findings, some recommendations are given to strengthen the breaches in the present CAIS security controls in the listed companies. Findings of this study help accountants, auditors, managers, and IT users to better understand and secure their CAIS in order to achieve success of their visions. Keywords: Accounting, Computer security control, Information systems, Information Technology For full paper: fmscresearch@sjp.ac.lk