Drastic changes in computer technology are occurring with greater frequency than ever before, and many of these changes are being adopted into organizations' accounting information systems. With these technological advancements, however, come new security concerns for the information systems auditor. In fact, security concerns were recently included in the AICPA's list of the top 15 technology issues for 1995 [AICPA 1995]. In a recent survey conducted by Ernst & Young's Information Systems Auditing and Security Services group and InformationWeek [Ernst & Young 1994], 79% of information systems managers and executives in firms with over 2,500 employees believe that information system security risks have increased. The survey also revealed that management is sometimes willing to sacrifice system security for the sake of implementing new technology. Perhaps this could explain some of the problems NASDAQ encountered when recently implementing updated trading software.
This sacrifice of system security has tremendous implications for both external financial reporting and internal decision making. Without adequate security over a system, there can be no assurances as to the quality of the information generated by the system. Thus, suboptimal, and potentially disastrous, decisions may be made because of inaccurate data inputs resulting from inadequate security. For example, one PeachTree user discovered that the accounting software failed to alert an out-of-stock condition and computed the cost of a video camera to be $4,567,896 [Rigdon 1995].
A random sample of 3,054 members of the Information Systems Audit and Control Association and the American Institute of Certified Public Accountants were sent a "Threats to Accounting Information Systems Security Survey" adapted from Loch et al. [1992] in May 1995, with 355 usable surveys returned for a response rate of 11.6%. Of these 354 respondents, 161 reported holding the CISA designation and are the basis for the findings reported here.
Return to Charles E. Davis' vita
Return to Charles E. Davis' Home Page
Send E-mail to Charles_Davis@baylor.edu.