Role of ICT Risk Management on Insider Fraud Prevention in Commercial Banks in Nairobi County

Abstract

Purpose: The main objective of the research was to investigate the role of ICT risk management on reduction of insider frauds in the Kenyan banks in Nairobi County. The research explored ICT risks management practices incorporated in the banking industry to mitigate and control insider fraud.
 Methodology: Explorative research design and inferential statistics were used. The unit of analysis was the ICT risk management professionals in all the commercial banks in Nairobi County. 42 commercial banks formed the population of the study. The unit of observation were the ICT security, audit and risk professionals mandated with implementing ICT risk management. The targeted number was at least one respondent from each bank from the three departments identified: internal audit, Information technology, and security managers. In total, the study targeted 42 respondents and a total 29 responses were received which formed 69% of the targeted population. Responses from the distributed questionnaires were analyzed using statical packages for social science (SPSS). The open-ended questions were listed, analysed and reported by descriptive narrative with such statistics as mean and standard deviation. The ANOVA test was used to test the results.
 Findings: The findings revealed that there is a positive but insignificant correlation between ICT risk assessment, ICT awareness, Information security implementation and a significant positive correlation between information security audits and Insider fraud prevention. This study recommends that ICT risk assessment; ICT risk awareness; information security audits; and information security policy are important for preventing insider fraud in commercial banks, but there is need to implement them in conjunction with other stringent measure to increase efficiency
 Unique Contribution to Theory, Practice and Policy: The findings give a theoretical basis for validating the effectiveness of ICT risk management practices in Banks in Nairobi County, this can be adopted by other counties in Kenya. For policy implementation, the study will be important to the central bank of Kenya and any other institution that regulates the banking sector in Kenya in reviewing the current ICT Risk management guidelines. The study shows the adoption of the selected ICT risk management practices by different banks and gives a measure of their effectiveness that ICT Security professionals can use. The study gives the banking sector ICT security professionals a perspective on how ICT risk management can help them improve their ability to curb insider fraud. The study adds to the pool of knowledge for to scholars and academicians.