The Role of the Mechanisms of Information Technology Governance in Activating the Risk Management of Computerized Accounting Information Systems According to (NIST800-37) Framework of Internal Control

Abstract

This study assesses and analyzes the reality of the mechanisms of information technology governance and risk management of computerized accounting information systems, in addition to testing and analyzing their relationships. It highlights the effect of using the mechanisms of information technology governance in reducing the risks of computerized accounting information systems in business organizations in the Kurdistan Region of Iraq. The aim of this study is to identify the availability of mechanisms of information technology governance in business organizations in the Kurdistan Region, the risks ofcomputerized accounting information systems and how to manage them as well as the inadequacy of controls for the security of these systems.In order to achieve these goals, four main hypotheses are adopted and directed to test the reality of the research variables. The study adopts the descriptive analytical method within the framework of the theoretical presentation of the research and variables, and uses the statistical analysis in writing the practical side of the study. Data is collected through a questionnaire to obtain the opinions of 56 auditors and managers of joint-stock companies in the Kurdistan Region of Iraq.The research reached a set of findings and recommendations, the most prominent of which is that the mechanisms of information technology governance has a role in activating risk management of computerized accounting information technology, and that the mechanisms of information technology governance has an effect on risk management of computerizedaccounting information systems. The most important recommendation is the need for organizations to adopt internal control frameworks related to protecting computerized accounting information systems to protect them from the risks related to them.