International Research Journal of Finance and Economics ISSN 1450-2887 Issue 68 (2011) EuroJournals Publishing, Inc. 2011 http://www.eurojournals.com/finance.

htm

Factors Affecting the Role of Internal Auditor in the Protection of Computerized Accounting Information Systems from Electronic Penetration (A Field Study on Banks Operating in Jordan)
Jamal Adel Sharairi Associate Professor&Mohammad Hisham Lababidi, Part- time Lecturer Accounting Department, Al Al-Bayt University, Mafraq - Jordan E-mail: jamalsharairi@yahoo.com Abstract The purpose of this study aimed at identifying the factors affecting the role of internal auditor in the protection of computerized accounting information systems from Electronic Penetration in the banks operating in Jordan. To achieve the objectives of the study and answering its questions a (84) questioners were distributed on internal auditors specialized in auditing accounting information systems and information technology in the operating banks in Jordan. The questionnaires suitable for analysis were amounted (75) questionnaire, that analyzed using descriptive statistical methods and multiple regression analysis. The results of the study when analyzing the arithmetic mean and standard deviation, that the internal auditor has a significant role in the protection of computerized accounting information systems from Electronic Penetration, represented in testing the security controls against the contained information with an unknown source, and that the auditor is doing a pilot testing through the attempt of penetrating of information in order to assess the effectiveness of the existed controls. It also showed that there is an impact of knowledge and skill to the internal auditor for his role in the protection of computerized accounting information systems, and this shows that the more the editor has knowledge and skill; his role will be more effective in the protection of the computerized accounting information systems. The study recommended the enhancement of internal auditor's understanding and realizing to the nature of bank's work in order to implement his role in the protection of the computerized accounting information systems to be more efficient, effective and accurate when determining any penetration of the computerized accounting information. 1. Introduction The developments and changes in the economic environment as information revolution, the liberalization of global trade, the emergence of the giant banks with branches, sections and intensified competition among banks have resulted in all of these developments which led to the imposition of local and international significant challenges on the departments of banks to find control systems and powerful and sophisticated administrative and accounting controls, that enable them to take various responsibility and assist in the various economic usage and efficient use of economic resources, which gives them a competitive advantage are most in need.

International Research Journal of Finance and Economics - Issue 68 (2011)

141

However, in this development and using accounting information systems in banks led to the desire of many banks to enter these systems in the field of their work and that because of what these systems provide in the accuracy of the work, speed in accomplishing, the efficient tool of accountants, their accuracy in work and the access to the required accounting information as soon as possible and at the lowest possible cost. And thus, this development led to subjection the computerized accounting information systems to the risk of electronic penetration. Based on the above, the internal audit is one of the important means for management to confirm and verify the compliance of administrative units in the financial and administrative policies, legislations, financial and administrative systems, and the adopted public policies. The internal audit has been developed and increased the attention to it and standards, guidelines and moral constitutions had been issued and became one of the important units in the most modern banks in the world.

2. Study Problem
Due to the enormous increase in the use of technology systems and various programs, many banks have acquired and implement the latest systems and electronic software that enabled them to perform many tasks and accounting functions faster and more accurate. But on the other side, the computerized accounting information systems seemingly impregnable against penetration and security threats as there is a belief that the penetrated computer has high skills in representation and fraud in order to obtain confidential information and to hack illegally to the information, and he can exploit the existence of gaps or weakness areas in the software and operation systems which is usually caused by errors in programming or unintended distortions in the programming process in order to find those gaps. Thus, this study focused on factors affecting the role of internal auditor in the protection of computerized accounting information systems from electronic penetration (hacking) and thus, the study seeks to answer the following questions: 1. What role is played by the internal auditor for the protection of computerized accounting information systems from the electronic penetration (hacking)? 2. Is there a statistically significant impact of knowledge and skill to the internal auditor for his role in the protection of computerized accounting information systems? 3. Is there a statistically significant impact of the knowledge of the internal auditor of the nature of work on his role in the protection of computerized accounting information systems from the electronic penetration (hacking)? 4. Is there a statistically significant impact of the security control strategy for electronic commerce in the banks on the role of internal auditor in the protection of computerized accounting information systems?

3. The Significance of the Study

The significance of this study came as a result of what the computerized accounting information systems in the operating banks in Jordan may expose of electronic penetration (hacking), and the role of internal auditor in participating in the protection of these information as confirmed by the results of previous studies, the significance emerges as a result of the great advances in information technology and computer industry, which has led to the easiness to copy, modify and change data and stored files on computer memory and this thing is not accompanied by similar development in the practices and controls at banks, in addition this study can benefit other sectors whether they were in the service sector, or insurance sector to identify the control procedures applied in the computerized accounting information systems and to get benefit from, and the importance of the study comes as well as a result

142

International Research Journal of Finance and Economics - Issue 68 (2011)

of the lack of studies looking at the involvement of internal auditor in the protection of computerized accounting information systems from electronic penetration (hacking).

4. Objectives of the Study

The most important objectives of this study, which seeks to achieve are: 1. Identifying the role of internal auditor in the protection of computerized accounting information systems from electronic penetration (hacking). 2. Identifying the knowledge and skill impact of the internal auditor for his role in the protection of computerized accounting information systems from electronic penetration (hacking). 3. Identifying the impact of knowing the nature of the work of internal auditor for his role in the protection of computerized accounting information systems from electronic penetration (hacking). 4. Identifying the impact of security control strategy for electronic commerce in banks on the role of internal auditor in the protection of computerized accounting information systems from electronic penetration (hacking).

5. Hypotheses of the Study

The first hypothesis: There is a statistically significant impact of the knowledge and skill of the internal auditor on his role in the protection of computerized accounting information systems from electronic penetration (hacking). The second hypothesis: There is a statistically significant effect of the internal auditor to know the nature of work on his role in the protection of computerized accounting information systems from electronic penetration (hacking). The third hypothesis: There is a statistically significant impact of the security control strategy for electronic commerce in banks on the role of internal auditor in the protection of computerized accounting information systems from electronic penetration (hacking).

6. Population and Sample of the Study

The study population consists of internal auditors working in the operating banks sector in Jordan with a number of 22, and a purposive sample was taken consisted of (84) internal auditors specialized in auditing computerized accounting information systems and information technology at operating banks in Jordan, as they are being the concerned subject of the study, in order to achieve the objectives of the study and test hypotheses and to achieving the results, (84) questionnaires have been distributed, (78) questionnaires have been restored and (75) questionnaires were suitable for analysis.

7. Data Collection Sources

The research depended in its collection of required data for this study on two main types of primary sources. The first type of primary sources is to test the hypotheses, where a questionnaire fit with the nature of the study has been designed and presented to a number of specialized and efficient arbitrators, and after taken their remarks, the questionnaires were distributed to internal auditors at operating banks in Jordan, in order to achieve the objectives of the study and to reach to results. And the second source is the secondary sources which is used to indicate the affecting factors of the role of internal auditor in protecting computerized accounting information systems from electronic penetration (hacking), where it was referred to the books, articles, research papers, previous studies, and theses that are looking for the message subject and serve it especially in the preparation of the theoretical framework.

International Research Journal of Finance and Economics - Issue 68 (2011)

143

8. Previous Studies:
1. Al- Salah study (2009), entitled "Security Risks of Electronic Accounting Information Systems and Their Impact on the Accuracy and Credibility of Financial Statements in the Jordanian Banks Field Study" This study aimed at identifying the security risks of electronic accounting information systems and their impact on the accuracy and credibility of financial statements, the researcher used the descriptive method of analysis by gathering information from books, periodicals, Arab and foreign articles, in addition to the field study. The study found out that the Jordanian commercial banks are exposed to several risks that threaten the security of accounting information systems, including the electronic theft of data and information, obliterate or destroy certain items of the outputs, printing and distribution of information by persons not authorized to do so, and gathering the staff same passwords. The study recommended that the Jordanian banks must put controls to staff when using the electronic computer, and training of internal auditors to assess the control measures in the system and the suitability of these control procedures in reducing the risks of the security of accounting information systems. 2. Al- Buhaisi & Al-Sherif study (2008) entitled "The Dangers of Electronic Accounting Information Systems This study aimed at identifying the risks facing the electronic accounting information systems with operating banks in Gaza strip and to identify the most important reasons that lead to the occurrence of such risks and determine actions that prevent the occurrence of such risks, the two researchers have distributed a questionnaire on the operating banks in Gaza strip and analyzing this questionnaire, many conclusions have been concluded to identify the most important risks facing the electronic accounting information systems in the operating banks in the Gaza strip and the most important: The accounting information systems risk is due to reasons related to bank staff as the lack of experience as well as reasons related to the occurrence of management of banks as a result of the absence of clear policies and written procedures, and the weakness of the control tools applied in the banks. The main recommendations of the study: It is necessary to support the higher management of the banks the security of its information and work to create a special section of information technology in all banks. The need to develop procedures to ensure continuity of work and preparedness of information systems to work in crisis situation. 3. Jabali and Nazmi study (2007), entitled "Measuring the Degree of Implementation of Internal Audit Based on Business Risk in the Jordanian Banking Sector" This study aimed at measuring the degree of implementation of internal audit based on business risk in the Jordanian banking sector where the population of the study is composed from the managers of internal audit in Jordanian banks. All population of the study has been dealt with as one sample and the data which has been collected by a package of statistical programs (SPSS) was analyzed, the study reached that the concept of conventional auditing is no longer sufficient to meet the needs of businesses in general and banks in particular and the approach of auditing based on business risk, which is used in many developed countries of the world, particularly in recent years is appropriate for the work of these facilities as well as the internal auditors do not use the auditing approach based on business risk in auditing Jordanian banks regarding the risks of the external environment and operational processes risks while using auditing approach based on risk of information.

144

International Research Journal of Finance and Economics - Issue 68 (2011)

4. Guma' Study (2006) entitled "The Awareness of the Higher Management to Develop the Knowledge in the Profession of Internal Auditing and its Impact on the Internal Auditor." This study aimed at determining the trends of development in knowledge in the profession of internal auditing at both the scientific, professional, and in practice to determine the duties of the internal audit profession in the Jordanian business organizations, an experiment study has been conducted on (111 companies) to measure the awareness of the higher management to develop knowledge in the profession of internal auditing. The study showed that internal auditors in the 21 century need to check and audit everything in the company, also the internal auditing' profession now has an integrated structure of knowledge, which provide them the elements of the perfect profession, although the banking sector in Jordan was more sectors committed to the establishment of internal auditing department, but less aware of the development of knowledge in the profession of internal auditing. 5. (Lawrence Study, 2006) entitled "The Role of Internal Control and the Auditing Committee to Maintain the Security of Information in Risk Business" The purpose of this study was to investigate the extent of the information technology auditors' concerns of risk management, cost and yield, also the study tried to identify the extent of determining the cost of the events that affect the security of information by the internal control function. To achieve these objectives, the researcher had work content analysis of the data owned by the companies; on the basis that these companies often have valuable information consists of files, customer's transactions, strategic work plan, marketing strategy and budgets. The results of the study showed that the internal controls does not work on risk management and cost-benefit analysis, as it also does not specify the cost of events. The study recommended that companies must activate their internal control and that by doing the work risk assessment and presenting it to management and to identify the appropriate provider for the accounting programs, also the companies must identify training programs for auditors as well as the need to educate all staff, not only the staff of internal controls, so that there is feedback from the various departments on the developments of technology. 6. (Warren Study, 2005) entitled "The Information Systems Risks a Survey of Three Countries Warren have a study to test the practices and risks related to the security of electronic information systems in both Australia, United States of America and Britain to test whether there were substantial differences in the practices and applications of information systems in these countries and the results of the study has indicated to the following: The weakness of the information security system's levels in the Australian facilities, a number of problems has been identified resulting from poor controls and the control procedures applied in those facilities. With respect to the UK, the results of the study showed that (42%) of the facilities do not have a policy of electronic information security systems, and about (49%) of the facilities have included restrictions on the budget for the information security systems. With respect to the United States of America, study findings indicate that most of the losses were resulted of information theft, tampering and financial embezzlement, the results of the study did not show fundamental differences between internal and external risks to the security of information systems in such facilities, it indicated that the practices relating to the security of information systems are more effectiveness in the United States of America compared with their counterpart in Australia and Britain.

International Research Journal of Finance and Economics - Issue 68 (2011) 9. The Theoretical Framework of the Study

145

9.1. Definition of Electronic Penetration Electronic Penetration: It is that some individuals (HACKERS) who enjoy high-capacity on access to sites, and therefore the systems, information, and sabotage them through a server that run the system or tampering with the actual contents of web pages or to conduct electronic eavesdropping through access to some data, and electronic information leaked from the computer (llMarshall,2009). 9.2. Methods of Electronic Penetration 1. End-user Piracy: They occur when an employee of the company or any end-user copy a version of the software without permission license. 2. Excessive Use of the Program by Users: This kind of piracy happens when a large number of users through the network uses centralized version of the program at the same time if the staff work within the Journal network, and they install the program on the server so that the terminal screens can all access to the program. 3. Internet piracy: This occurs when downloading a program from the internet while the general rules must be applied in the procurement of such programs through buying such online programs as conventional purchasing processes. 4. Downloading Hard Disk Methods: This kind is happened often in places that sell hardware, so when computers shops make copies of programs and install these copies in the computers that are sold to the users and also this process increase the efficiency of the procurement process from the point of the view of the buyer specifically, and that when he sees that all the programs he needs are installed in the computer he wants to buy, which makes it a catalyst for the procurement process. 5. Reproducing and Imitating Programs: This type is happened through counterfeiting and producing programs that are similar to the original software, and this is done illegally where these software are sold as legal programs as it is easy to detect this type of piracy through the service that is provided with the software, such as the user manual and a license to use and Lalely cards and registration cards. 6. Piracy of Rejecting the Distributed Service: The pirate who uses this type of piracy is using the programs and tools that fake the numbers of internet addresses in which the users will be implied that this user is a legitimate company such as the attack done on the yahoo.com site in which the pirate will do what he knows as the work done by the zombies which are cannibals where using certain programs and tools to communicate with millions of users through the internet and control them to do all of the attack on the company (victim), and in our example, the company yahoo.com will then consume all the sources of this company and the service will be rejected for the nest legitimate users to use yahoo.com site (Nabih, 2010) (Al-Titi, 2010). 9.3. Forms of Electronic Penetration Malicious Software The term malicious programs are called on a variety of threats that their source is viruses programs of the types of (Trojan or worm for example), computer virus program is a crook program that is developed to attack other programs or data files to damage without the knowledge of the user. Most computer viruses are paid with the download programs of display messages, or images. The viruses are spread from one computer to another, whether through the attached files to e-mails or during the reproduction of infected files (Yassin, 2009) Spyware Programs Any person can be performed to download or store a program that monitors everything other user can do with the computer. One of spyware programs a program that called (Key Loggers), that can register each click or movement to the user, in order to steal the numbers of the stored program, and to create

146

International Research Journal of Finance and Economics - Issue 68 (2011)

an introductions to attack on the internet seeking for e-mail accounts, and to steal the password or access which used to protect computer systems, or in order to obtain personal information such as credit card pin numbers, also these programs record websites visited by the user and the applications are used and the password is entered or printed on a computer. Cyber Vandalism and Cyber Crimes All information systems are facing threats of cyber vandalism and blatant piracy and attacks and raids of (Hackers and Crackers) whether to implement the financial fraud, data theft, eavesdropping on the banks or individuals for commercial purposes or personal and competitive. Another form of vandalism against websites and information systems, the pirates campaigns that attempt to flood the network servers with tons of e-mails or attempts to counterfeit the connection request to disable servers or to weaken their efficiency in processing job applications.. This phenomenon is called (DOS) is a shortcut for the term Denial of Service. (DOS) is used for the destruction of the capacity of information system in the implementation of tasks and conventional functions that it designed for. It is true that some of these campaigns would not be exposed to information system resources, but aimed at the current level of performance, and may cause to disable the site and the system, which affects the result on the existence of information maintained by the system. If the site manages the activity of e-commerce or ebanking services, we can imagine the losses disrupt operation of the website that can reached to millions of dollars per day, as happened for example for eBay companies and Buy.com Inc., which were subjected to this kind of vandalism campaigns through the internet network. As well as vandalism is not only limited to the digital world, but also extends to all attempts to material vandalism, theft, fraud and causing deliberate damages to the programs and hardware information system, for example, American FBI estimated the cost of material vandalism in computers (Computer Sabotage Costs) about $ 15 billion each year, not to mention spending growing expenditures for business organizations on the programs of security information and network security, which was almost about $ 4 billion in the year 2000, and it is certain to continue the value of spending upwards in the coming years because of the importance gained by an increasingly technology security and protection of resources information systems for many reasons, including growing crimes of white banners with estimated losses of 400 billion dollars each year specifically in the United States. (Hall Mars, 2009). Cyber Warfare and Cyber Terrorism We must not forget that the wars in various forms and the political conflict in its ancient and modern types in addition to the clash of ideologies, all have become critical issues on the internet. The struggle of the political, social, cultural and the economical and commercial competition nowadays an electronic dimension that the conflict powers meet with each other and use all their technical and IT skills to achieve the desired goals within the agenda of the opposing conflict forces in the world. There are many indications and meanings for the cyber warfare between the major powers and other contents that can be called digital terrorism which are not limited to groups believe in violence but also include institutions, organizations and agencies seeking to use the internet to carry out cyber attacks in order to disrupt the work of internet services providers, sabotage the national communication networks, or sabotage the electrical power distribution production network. The cyber warfare is the other side of the political wars on ground and that digital terrorism is a digital electronic form of terrorism practiced by individuals, communities and nations (Yassin, 2009). 9.4. Levels of Electronic Penetration According to Sam's penetration scale, the levels of penetration or informational attack have six levels according to the degree of risk: The first level of the attack: A mailbox bomb that lead to disability of the system from providing any service. The second level of the attack: Unauthorized access to the information system or computers that allowing reading files or copying them for the non-authorized penetrator.

International Research Journal of Finance and Economics - Issue 68 (2011)

147

The third level of the attack: The hacker can access to unauthorized sites for him. The fourth level of the attack: The hacker could read secret files. The fifth level of the attack: The hacker can move and copy confidential files. The sixth level of the attack: The hacker can through this level of penetration because there is an open channel to enter into the other parts of the system and tampering with its contents. The attacker uses in his attack what is known as a logic bomb that is a program that destroys data. (Al-janbihi, 2006). 9.5. Types of Electronic Penetration Penetration is classified into three types: devices' penetration, site penetration and mail penetration. In order for the process of penetration to be done, a program must be designed to allow the hacker who wants to penetrate the computer of someone else or a website on the internet or the penetration of someone's personal e-mail someone, many programs have been designed that allow the process of penetration and make it easy, but most of those programs had a major weakness point that reduces its potentials which is the possibility of sensing these programs on the device that has been penetrated and therefore, it is possible to follow up these programs and eliminate them with the exception of one program that its designers enable to overcome this flaw that exists in all other penetration programs and this program is called (Trojan) (Al-Janbihi, 2006). Trojan: Is a program to break into the security system masquerading in an innocent form in order to enter into the system and corrupt it, it is spread by all possible contacts means and worked to spy on the computers of companies or individuals and send confidential information to hackers via the internet, which leads to expose a lot of confidential information and steal a lot of financial credit card numbers. (Al-Titi, 2010). 9.6. Internal Auditing Procedures in the Light of the Information Technology Auditing stages can be divided in light of the information technology environment to the following stages: A. Initial Auditing Tests The auditor does this step at the beginning of operating the computer system, this step is aimed at formulating a clear idea on the mechanism of the flow of operations within the automated accounting information system and shed light on the extent of exploitation of computer in the operations and determine the extent of adoption of accounting applications and what are the controls procedures. (Kamel, 2003). B. Commitment Tests The auditor at this stage examines the control means before operating the computer system, and it is better for him to participate in the elaboration of control methods for this system, the goal of this stage is to identify the strengths and weaknesses in the internal control system, and thus determine the reliability, as well as the size of the tests that must be done, and the nature of the required auditing evidences, and the time consumed in conducting auditing, and identifying activities and processes that need to be focused upon, which according to these tests the size of detailed tests can be determined. (Al-Saqa', 2002). C.Detailed Tests After verifying the reliability of the control measures, the auditor begins the final stage of the auditing, which is a detailed testing, and examination of the reliability of running data through making sure that the initial data that fed the computer with is a real and reliable data, in addition to conducting sudden checking while running the program on the computer and verify that the auditing script and evidences supporting the operation, are enable to judge the accuracy and completeness of electronic prepared data

148

International Research Journal of Finance and Economics - Issue 68 (2011)

and make sure that the system outputs of the information is sound, accurate and complete and to verify whether the program outline is irrelevant with the running of these machines and the one who operates these machines has nothing to do with the files and copies saved in the library. If the auditor found out that the operation results are accurate and complete, then he can confirm the adequacy and effectiveness of the control tools, in this step the auditor decides whether there is a need for additional auditing procedures and thus modifying the auditing programs. (Ali and others, 2003). 9.7. Methods of Internal Auditing in the Light of the Information Technology Despite of the many impacts associated with the use of computers in accounting data management, the accepted and recognized auditing standards and not affected, since the basic concepts and the known auditing levels remained the framework of the auditing process whether it was manual or computerized. (Eshtwi, 2002). This means that the difference between the auditing in a computer environment and manual one is limited only in the used methods in the implementation of the auditing process, which relies on the possibility of computer wholly or partly in accordance with the development of the level and according to the auditor's experience. The most important methods of auditing in the light of information technology is auditing on the computer, it depends on the same manual auditing steps, as the auditor ignores the presence of the computer, as well as using it in the auditing processes, and he does not attempt to use or learn how to operate it and processing data and information in it. While the auditing through the computer, the auditor must be familiar with using a computer, and thus he can make the audit process automatically and identify the used programs in the field of auditing through the computer, and the operation systems and its ability to exclude the unaccepted operations and reject them and follow their corrections and then process them with a required treatment, this method gains the auditors sufficient experience in the field of operating systems and in the area of administrative and accounting applications used in the computer. The researcher finds that this method is inexpensive, fast and simple and it does not require the availability of sufficient expertise by the auditor. The parallel simulation requires from the auditor to write a program for the computer through which the auditor can repeat one part of the system that is applied by the customers, for example, the auditor may wish to collect the debtors balances sheet for one customer that is existed as a readable form that can be read only by the computer only, so the main file for the client can be operated on the auditor's computer or on the client's computer using the same computer program developed by the auditor, the auditor then compares the total output from the computer with the total general ledger (Hamada, 2002). The method of integrated testing is considered an integrated test method extended to the entrance of experimental data, in which the auditor can establish a fake unit that can be a section, customer, supplier or fake provider etc., where he integrates them within the establishment's files. The method of tracking and observation is considered an extension of the method of integrated testing, where it can select a test data from within the actual data for the operations, with marking of such data, and track the results of operation at each point of the actual data, and the primary feature of this method is that it uses actual data of the facility, and then avoid the auditor the use of reverse restraints, and thus avoid problems that may result in the separation. The method of auditing with computer assisting this method is represented by using general computerized audit programs. These programs are conceder as a tool for audit which designed by specializing facilities in various audit process and the general computerized audit programs are features in two advantages: First: These programs are designed the same way in which they can train most of the auditors to use it in the field of automation of the data. Second: the possibility of applying a single program for a large number of tasks without incurring the cost of designing of several special programs. (Mlim, Emerson, 2001).

International Research Journal of Finance and Economics - Issue 68 (2011)

149

The method of experimental data Using this technique auditor test a fake operations prepared by him and then he processed it using a client software programs. The objective of this technique is to determine whether a client computer programs can be running the real and faked financial operations. To investigate this, the auditor will enter different types of financial operations in the client's program under the supervision of the auditor himself, where it is determined whether the computer programs of the client has dealt with different types of data correctly as it is programmed. (Thunaibat, 2006). 9.8. Internal Audit standards in light of information technology The standards serve as a model that should be followed by the auditor in the completion of the audit process, and the scientific and professional bodies develop these Standards. (Al- Ramly, Abdullah, 2008). The following address the most important auditing standards in light of the information technology environment: First- The Scientific and Practical Rehabilitation of the Auditor The auditor must be qualified, academically and practically and have specialized skills to enable him to implement the audit process in an environment of accounting information systems, the auditor can enlisted the expertise and skills of his co-workers or others, so the responsibility will be equal in both cases. (SOCPA). Second- Making the Necessary Professional Care The auditor should made the necessary professional care in the implementation of all stages of the audit and in the preparation of the report, or else, his behavior in this case does not agree with the profession ethics and considered as breaching his legal duties. The required professional care would obliged the auditor to strive to work and uses his scientific and practical experiences and to be independence and aware of his professional rights and duties when the implementing the audit process. (SAS No.73). 9.9. Internal Auditing Controls' Considerations done by the auditor for the protection of computerized accounting information: (According to international standards versions of auditing business practices, and the rules and the profession's ethics of the issued by the International Federation of Accountants in 2006): 1. The auditor should take into consideration the environment and control procedures implemented by the facility on its e-commerce activities. 2. The auditor takes into account the efficient use of firewalls and security software. 3. The auditor test an effective use of encryption, including: Preserve the privacy and security of transmission through, for example, permitting the keys to decode the encryption. Prevent the misuse of encryption technology through, for example, control and safekeeping of keys for decoding the code. 4. The auditor takes into account whether controls on develop and implement systems will support e-commerce activities. 5. The auditor takes into account the integrity of the e-business process, where the auditor is concerned with integrity of information in the accounting system, which has to do with ecommerce operations to a large extent rely on the assessment of viability of the systems used to capture and handle such information. 6. The auditor takes into account the controls that govern the process of integrating e-business processes with financial systems, and controls on systems changes and data conversion to make the tuning process is done automatically.

150

International Research Journal of Finance and Economics - Issue 68 (2011)

10. Analysis of Results and Testing Hypotheses 10.1. Used Statistical Methods In order to achieve the objectives of the study and testing its hypotheses, many techniques, methods and statistical ways have been used, as the following: Using Cronbach's alpha Measure in order to check the validity and reliability of the used tool. Using ratios and frequencies for the analyzing the demographic characteristics. Using arithmetic means and standard deviations, in order to detect the trends of the individuals' answers to the questions of the study. Using multiple linear regression analysis. Using analysis of the correlation coefficient. Statistical SPSS have been used to analyze the data and extract results. 10.2. Study Tool In order to achieve the objectives of the study, a search tool (questionnaire) was developed which included on the different aspects about the factors affecting the role of internal auditor in protecting computerized accounting information systems from electronic penetration, after referring to the theoretical literature and previous studies related to the subject of the current study, as well as by reviewing the relevant research tools. The tool was formed from two parts; the first part included a variety of items in order to obtain personal data that are characterized by the study sample, and the other contained paragraphs that measure key variables of the study. Likert five scales measure has been adopted to determine the degree of importance of each item of the questionnaire, where (5) points was given to the situation of "strongly agree" and (4) points for the case of "agree", and (3) points to the case of "neutral" and (2) points to the "disagree" and (1) point to "strongly disagree". 11.3. Information Analyzes for the Demographic Characteristics: In this section we have general information on the respondents of the questions of the questionnaire, table No. (3) shows the demographic characteristics of the study sample.
Table 1: The Distribution of the Study Sample due to its Demographic Variables
Number 3 11 51 10 75 12 19 19 25 75 36 8 11 20 75 2 38 25 10 75 Percentage 4.0 14.7 68.0 13.3 100.0 16.0 25.3 25.3 33.3 100.0 48.0 10.7 14.7 26.7 100.0 2.7 50.7 33.3 13.3 100.0

Variable Qualification

Experience

Specialization

Functional level

Doctorate Master Bachelor Diploma Total Less than three years 3-6 years 7-10 years More than ten years Total Account Management Financial banking Other Total Assistant Auditor Auditor Senior Auditor Audit Director Total

International Research Journal of Finance and Economics - Issue 68 (2011)

Table 1: The Distribution of the Study Sample due to its Demographic Variables - continued
CMA CIA CPA CISA JCPA Total Without Certificate 3 44 44 7 9 27 48 75 4.0 5.3 5.3 9.3 12.0 36.0 64.0 100.0

151

Professional certification

Total

11.4. Reliability of the Study Coefficient of reliability (Cronbach's alpha) was used to measure the degree of credibility of the responses to the questionnaire paragraphs, where this coefficient depend on measuring the stability and internal consistency of the paragraphs of the questionnaire for its ability to produce results compatible to the responses of respondents toward the paragraphs of the questionnaire. Table (4) shows the results of reliability of the survey using the Cronbach's Alpha method.
Table 2: The Reliability of the study results using Cronbach's alpha for internal consistency
Factors Knowledge and skills Nature of Work Knowledge Security Control Strategy for Electronic Commerce in Banks The Internal Auditor Role in the Protection of the Accounting Information Factors as a whole Number of Paragraphs 8 12 20 10 50 Cronbach's Alpha Value 0.744 0.836 0.852 0.838 0.918

Table No. (2) shows the results of reliability of the survey using the Cronbach's Alpha for internal consistency, and review the values of reliability coefficients of internal consistency, it shows that all the values of these transactions were statistically acceptable and reflect the values of the high value of consistency in a high degree that reflect the stability of study fields, and the values of coefficients Cronbach's alpha in the field of knowledge and skills were low, it was amounted of (0.744), while the highest where in the fields of security control strategy for electronic commerce in banks, it amounted of (0.852), the value of Cronbach's alpha value for the tool as a whole (0.918). 11.5. Analyzing Data and Trends for the Variables of the Study The arithmetic mean, standard deviation and the relative importance have been extracted to describe the answers of the sample towards paragraphs: A. Paragraphs related to the knowledge and skill of the internal auditor
Table 3: The Arithmetic Mean, Standard Deviation, the Relative Importance of the Internal Auditor's Knowledge and Skill Paragraphs
Paragraph The internal auditor can play a central role to protect the computerized accounting information from hacking and cracking. The internal auditor depends on many of the auditing standards to reduce the risk of piracy and electronic penetration related to banking operations. Banks contribute to adopt different approaches to a large role of the internal auditor. Mean 3.56 SD 1.19 Relative Importance 71.20 Rank 8

4.11 3.99

0.94 0.74

82.20 79.80

1 2

152
Table 3:

International Research Journal of Finance and Economics - Issue 68 (2011)

The Arithmetic Mean, Standard Deviation, the Relative Importance of the Internal Auditor's Knowledge and Skill Paragraphs - continued

The internal auditor's work may face significant risks in how to control the risk of piracy and electronic penetration. The internal auditor has enough knowledge in the related legislation and laws of electronic business. The internal auditor has enough knowledge in the nature of the electronic applications work and the extent of its readiness. The internal auditor needs to take more caution to confront the dangers of hacking and cracking. The internal auditor works in the control of private or confidential information available to staff. Knowledge and skills

3.60 3.92 3.83 3.85 3.61 3.81

1.00 0.91 0.95 1.00 1.17 0.60

72.00 78.40 76.60 77.00 72.20 76.20

7 3 5 4 6

Table (3) shows the values of the arithmetic mean, standard deviation, the relative importance of the paragraphs of the knowledge and skill of the internal auditor and after reviewing the order of the paragraphs of this factor, it becomes apparent that the second paragraph, which states that "the internal auditor depends on many of the internal auditing criteria to reduce the risk of piracy and electronic penetration related to banking operations" and it occupied the first rank between the factor's paragraphs with arithmetic mean of (4.11) and standard deviation of (0.94) and represents the average rate of (82.20%), while the first paragraph occupied the last rank between the paragraphs, which states that "the internal auditor can play a central role to protect computerized accounting information from hacking and cracking" with arithmetic mean of (3.56), and standard deviation of (1.19), which represents the average rate of (71.20%), as for the arithmetic mean of the factor as a whole it is amounted of (3.81) with a standard deviation of (0.60), this represents the average rate of (76.20%). B. Paragraphs Related to the Internal Auditor Knowledge of the Nature of the Work
Table 4: The Arithmetic Mean, Standard Deviation and the Relative Importance of the Paragraphs of the Internal Auditor Knowledge of the Nature of the Work
Paragraph The Internal Audit requires auditor's eligibility in his ability to identify a plan to confront the dangers of hacking and cracking through the control element. Effective control over the risks of hacking and cracking require the presence of internal auditor with a large degree of experience and knowledge in the field of information technology. The size of banks requires sufficient capacity for the internal auditor to obtain financial statements free of ambiguity. The involvement of the internal auditor in the development of a strategic plan to confront the dangers of hacking and cracking which conceder as a large part of the solution. Participation of the internal auditor in the development of a strategic plan to confront the dangers of hacking and cracking, need to have a computer and accounting skills. Participation of the internal auditor in the development of a strategic plan to confront the dangers of hacking and cracking, need to have an academic and a high professional certificate in audit specialization. Mean 4.01 SD 1.02 Relative Importance 80.20 Rank 5

4.11

0.89

82.20

3.91 4.15

0.99 0.94

78.20 83.00

8 1

3.85

1.02

77.00

11

3.89

1.1

77.80

International Research Journal of Finance and Economics - Issue 68 (2011)

Table 4:

153

The Arithmetic Mean, Standard Deviation and the Relative Importance of the Paragraphs of the Internal Auditor Knowledge of the Nature of the Work

The senior management in the bank committed to provide sufficient autonomy for the internal auditor work with regard to electronic activities. The senior management in the bank committed to train and qualifies internal auditors to keep up with rapid technological developments with respect to information technology. The internal auditor contributes in the formulation of the foundations necessary to prevent the risk of hacking and cracking. The ability to predict the risk of piracy and electronic penetration will help in achieving a greater role for internal auditor. Electronic banking process requires the presence of internal auditors who are able to identify glitches accurately. Practicing an administrative democracy in the bank will give the internal auditor a greater chance to submit more transparent financial reports. Knowledge about the nature of work

3.93

1.04

78.60

3.88

1.04

77.60

10

3.69

0.96

73.80

12

4.15

0.82

83.00

4.08

0.82

81.60

3.97 3.97

1.15 0.59

79.40 79.40

Table No.(4) shows the arithmetic mean values and standard deviation and the relative importance of the paragraphs of internal auditor knowledge of the nature of work and in reviewing the order of the paragraphs of this factor, it becomes apparent that the twelve paragraph states that "Internal auditor involvement in the development of the plan strategy to confront the dangers of hacking and cracking is conceder as a large part of the solution" has occupied the first rank among the paragraphs factor with the arithmetic mean of (4.15) and standard deviation of (0.94) and represents the average rate of (83.0%) while the seventeenth paragraph occupied, which states that "The internal auditor contributes in the formulation of the foundations necessary to prevent the risk of hacking and cracking" the last rank between the paragraphs with the arithmetic mean of (3.69) and standard deviation of (0.96) which represent the average rate of (73.80%) as for the arithmetic mean of the factor as a whole, it is amounted of (3.97) with a standard deviation of (0.59) which represent the average rate of (79.40%). C. Paragraphs Related to Security Control Strategy for Electronic Commerce in Banks
Table 5: The Arithmetic mean, Standard Deviation and Relative Importance of the Paragraphs of the Security Control Strategy for Electronic Commerce in Banks
Paragraph The bank uses the appropriate encryption and specific protocols methods to ensure data confidentiality of electronic banking operations. The bank shall inform the customers of the bank's policy related to confidentiality, security and to ensure that it is fully understood. The bank is committed to provide the customers with special information about general security for their personal computers including the use of necessary software for virus protection and firewalls. The bank is committed to the special emergency plans related to ensuring the continuity of proceeding processes electronically. The bank provides sufficient infrastructure to put restrictions on the activities of internal and external users. Mean 4.35 3.99 SD 0.91 1.06 Relative Importance 87.00 79.80 Rank 2 12

3.77

1.17

75.40

15

4.13 4.13

1.12 0.86

82.60 82.60

7 8

154
Table 5:

International Research Journal of Finance and Economics - Issue 68 (2011)

The Arithmetic mean, Standard Deviation and Relative Importance of the Paragraphs of the Security Control Strategy for Electronic Commerce in Banks
4.09 4.21 4.05 4.17 4.41 4.27 4.15 0.82 0.89 1.03 0.95 0.70 0.86 0.82 81.80 84.20 81.00 83.40 88.20 85.40 83.00 10 4 11 5 1 3 6

The bank offers its customers the elements of adequate confidence and security to deal with electronic transactions. There is adequate control on performing methods allowing physical access to computers (such as key, secret logo, magnetic cards). The person responsible for controlling access to computers is independent from the programmer. There is an insurance coverage for software and for the cost of damage caused by accidents. Backup copies are being saved of data and software. The origin data or software is placed in an external location (such as safe deposit box, or to the director of the executive authority) Adequate steps are being taken to avoid unauthorized copies of software. There is a sufficient link between the applied procedures on the software and manual work to prevent unauthorized access, and to verify the continued attempts to bypass the control processes to access devices. Employees are transferred between different tasks in the department from time to time to prevent the reliance on one person to do a specific task which is difficult to find an alternative. A mandatory leaves are given for employees to reduce the possibility of penetration of the system and to identify their performance during their absence. Employment policies include access to employment backgrounds to reduce the possibility of employing dishonest members. There is documentation showing that users of the systems that have been trained well. The access to sensitive and important data is being restricted in the bank. Accessing to the computers is restricted to the well-known staff only. Computers are installed in the closed areas and remain under control when not in use. Security control strategy for electronic commerce.

3.95

0.98

79.00

13

3.56

1.14

71.20

20

3.67 3.71 3.65 4.13 3.93 3.67 4.00

1.26 1.17 1.13 0.95 1.13 1.08 0.52

73.40 74.20 73.00 82.60 78.60 73.40 80.00

17 16 19 9 14 18

Table No.(5) shows the arithmetic means values and standard deviation and the relative importance of the paragraphs of the security control strategy for electronic commerce in banks, and in reviewing the order of the paragraphs of this factor, it shows that paragraph number thirty which states that "Copies of data and software is being kept to backup" has occupied the first rank between paragraphs of the factor with arithmetic mean of (4.41) and standard deviation of (0.70) which represent the average rate of (88.20%), while paragraph number thirty-fourth occupied, which states "Staff is transferred between the different tasks in the department from time to time to prevent the reliance on one person to do a specific task which is difficult to find an alternative" the last rank between the paragraphs of the factor with the arithmetic mean of (3.56) and standard deviation of (1.14), which represent the average rate of (71.20%). While the arithmetic mean of the factor as a whole is amounted of (4.00) with a standard deviation of (0.52) which represent the average rate of (80.0%).

International Research Journal of Finance and Economics - Issue 68 (2011)

155

D. Paragraphs Related to the Internal Auditor Role in the Protection of Computerized Accounting Information Systems from Electronic Penetration
Table 6: The arithmetic mean, standard deviation and the relative importance of the internal auditor's paragraphs role in the protection of accounting information systems from electronic penetration
Paragraph The internal auditor tests the effective use of encryption. The internal auditor tests the mechanism controls, such as: registration of integrity test. The internal controls test the issues with taking into account the integrity of the e-guide. The internal auditor takes into account the need to perform additional actions such as: to confirm details of the e-business operation or the account balances with third parties. The internal auditor works to test the safety controls against the unknown source of contained information. The internal auditor tests digital signatures. The internal auditor tests the electronic seals history. The internal auditor conducts pilot tests by making attempted penetration of information for evaluating the effectiveness of existing controls. The internal auditor supervises the modification and developing of the computerized accounting system. The internal auditor supervises the switching of new information system. The role of the auditor in the protection Mean 3.69 3.80 3.81 SD 1.13 1.00 0.91 Relative Importance 73.80 76.00 76.20 Rank 8 7 6

3.88

0.80

77.60

4.03 3.88 3.83 3.88 3.57 3.65 3.80

0.84 1.04 1.06 0.97 1.15 1.11 0.64

80.60 77.60 76.60 77.60 71.40 73.00 76.00

1 3 5 4 10 9

Table no. (6) shows the values of the arithmetic mean, standard deviation and the relative importance of the role of the paragraphs of the internal auditor in the protection of computerized accounting information systems from hackers and crackers, and in reviewing the order of the paragraphs of this factor, it shows that the forty five paragraph, which states that "The internal auditor works to test safety controls against unknown source contained information" has occupied the first rank between the paragraphs of the factor with arithmetic mean of (4.03) and standard deviation of (0.84) which represents the average rate of (80.60%), while the forty nine paragraph, which states that "The internal auditor oversees on modification and development of the computerized accounting system" has occupied the last rank between the paragraphs of the factor with arithmetic mean of (3.57) and standard deviation of (1.15) which represents the average rate of (71.40%). While the arithmetic mean of the worker as a whole is amounted of (3.80) with a standard deviation of (0.64) which represents the average rate of (76.0%). E. Analysis of the Independent Variables as a Whole
Table 7: The Arithmetic Mean, Standard Deviation and Relative Importance of Each Variable that Affecting the Role of Internal Auditor in the Protection of Computerized Accounting Information Systems from Electronic Penetration
Variable Knowledge and skills Knowledge about the nature of work Control strategy Variables as a whole Mean 3.81 3.97 4.00 3.93 SD 0.60 0.59 0.52 0.46 Relative Importance 76.20 79.40 80.00 78.60 Rank 3 2 1 Torsion Coefficient 1.02 1.08 0.23 0.59 -

156

International Research Journal of Finance and Economics - Issue 68 (2011)

Table No. (7) shows the arithmetic mean values and standard deviation and the relative importance of each variable of variables affecting the role of internal auditor in protecting computerized accounting information systems from electronic penetration, and in reviewing the values of arithmetic mean and its order, it shows that the variable of control's strategy has been achieved greater than the rest of the variables, as verified an average of (4.00) and with a standard deviation of (0.52) which represents the average rate of (80%), followed by the knowledge variable about the nature of work with an average of (3.97) and standard deviation of (0.59) which represents the average rate of (79.40%), while a knowledge variable and skill achieve with arithmetic mean of (3.81) and standard deviation of (0.60) which represents the average rate of (76.20%). The table also shows the values of torsion transactions, which amounted to the knowledge and skills factor of (-1.02) and for a knowledge of the nature of work factor of (-1.08) and for a security controls strategy of (-0.23), these values fall within the acceptable normal range for transactions sprains, and therefore data are distributed naturally.
Table 8: The Multiple Testing Link Results of Independent Factors
VIF 1.68 1.85 1.24 Tolerance 0.595 0.540 0.807

Factor Knowledge and skills Knowledge about the nature of work Security control strategy

Table (8) shows the multiple testing link results of to independent factors, The value of inflation variability VIF for the factor of knowledge and skills (1.68) and a knowledge of the nature of work factor (1.85) and a security controls strategy factor of (1.24) and the values of tolerance have reached (0.595) and (0.540) and (0.807) of the factors prior to the arrangement, where the values of inflation variance consider normal because they are less than the value of (5), so the values of calibration tolerance values consider as normal and it refers to a contrast values, as the acceptable tolerance is the inverted variance inflation factor, which was acceptable. 11-6 Testing the Hypotheses of the Study The First Hypothesis: There is a statistically significant impact of the knowledge and skill of the internal auditor on his role in the protection of computerized accounting information systems from electronic penetration. The Second Hypothesis: There is a statistically significant impact of the internal auditor knowledge of the nature of work on his role in the protection of computerized accounting information systems from electronic penetration. The Third Hypothesis: There is a statistically significant impact of the security control strategy for electronic commerce in banks on the internal auditor role in the protection of computerized accounting information systems from electronic penetration. To verify these hypotheses a multiple linear regression analysis has been used and its results are described in the following table A. The use of multiple linear regression analysis to determine the impact of independent variables as a whole in the role of internal auditor in the protection of computerized accounting information systems from electronic penetration

International Research Journal of Finance and Economics - Issue 68 (2011)

Table 9:

157

The results of multiple linear regression analysis to examine the impact of independent variables in the role of internal auditor in the protection of computerized accounting information systems from electronic penetration
r R2 of Variable 0.205 0.044 0.136 R2 Overall Model 0.385 F (F) Sig 0.000 T (T) Sig 0.045 0.364 0.000
0 0

Independent Variables

Knowledge and skill of the internal auditor the internal auditor knowledge of the nature of the work Security controls strategic

0.621

14.84

2.03 0.91 3.96

0.265 0.126 0.509 0.258

Table (9) shows the analysis of linear regression results to examine the impact of independent variables as a whole in the role of internal auditor in the protection of computerized accounting information systems from electronic penetration, and found the level of associated significance of calculated (t) value that the existence of the importance of the two variables are the knowledge and skill of the internal auditor (0.045), and security control strategy variable (0.000), while expressing the value of the significance level of (0.364) to the variable of internal auditor knowledge of the nature of work for non-relevance of the impact of this variable, because the level of significance is greater than (0.05) and it is noticed that this variable contributes little in the interpretation of private contrast with linked variable, as the percentage of interpretation were (0.044) as comparing with the interpretation percentage these two variables the knowledge and skill of the internal auditor that reached of (20.5%), and the security controls strategy variable by (13.6%). B. Using a multiple linear regression analysis to determine the impact of knowledge and skill variable of the internal auditor and a security control strategy variable on the role of internal auditor in the protection of computerized accounting information systems from electronic penetration
Table 10: The multiple linear regression analysis results to examine the impact of knowledge and skill variable of the internal auditor and a security control strategy variable on the in the protection of computerized accounting information systems from electronic penetration
Independent Factor R R 2 for the Factor 0.205 R2 Overall Model 0.378 F Sig (F) 0.000 t Sig (T) 0.002 0 Study Hypothesis Result Acceptance

Knowledge and skill of the internal auditor Security controls strategy

0.615

21.89

3.14

0.333

0.351

0.173

4.47

0.000

0.546

Table (10) shows the multiple linear regressions analysis results to examine the impact of independent variables in the role of internal auditor in the protection of computerized accounting information systems from hackers after excluding the internal auditor's knowledge variable of the nature of the work, it was found that the value of the significance level associated with the calculated (T) value of the importance of these two variables, namely knowledge and skill of the internal auditor by (0.002) and security controls strategy variable of (0.000) because the level of significance is less than (0.05) and it is noticed that the knowledge and skill variable of the internal auditor will contribute more to (20.5%) compared to control security strategy variable of (17.3) in the interpretation of yield variation of the variable. It is also noted the high proportion of the interpretation contrast to the second variable (security controls strategy) compared to the previous value which amounted of (13.6%).

158

International Research Journal of Finance and Economics - Issue 68 (2011)

Also it can be seen through the value of (F) and the level of its significance which amounted of (0.000) to accept these two variables in the model consisting of one of them, explains where these two variables together accounted of (37.8%). The role of the auditor = 0.351 + 0.333 the knowledge and skill of the internal auditor + 0.546 security control strategy Y=0+1X1+2 12. Conclusions and Recommendations 12.1. Results The research found the following results: 1. The results of the study showed when analyzing the arithmetic mean and standard deviation for the role of the internal auditor in the protection of computerized accounting information systems from electronic penetration, that that there is a great role of the internal auditor in the protection represented as follows: A The internal auditor works to test safety controls against the unknown source contained information. B The internal auditor takes into account the need to perform additional actions such as: to confirm details of the operation of e-business or account balances with third parties. C The internal auditor tests the digital signatures. D The internal auditor conducting a pilot tests through attempting the penetration of information for evaluating the effectiveness of existing controls. E The Internal auditor tests the seals of the electronic date. F The internal auditor tests the issues' controls with taking into account the integrity of the electronic guide. G The internal auditor tests the automatic controls such as: registration integrity tests. H The internal auditor tests the effective use of encryption. 2. The results showed that there is an impact of knowledge and skill to the internal auditor for his role in the protection of computerized accounting information systems, and this indicates that the more knowledge and skill the auditor has, he will have more role in the protection of computerized accounting information systems. 3. The results of the study showed the irrelevance of the impact of knowledge of the internal auditor about the nature of work on his role in the protection of computerized accounting information systems, where the level of significance was greater than (5%), and also appeared that this variable contributes little in the interpretation of dependent contrast variable, as the percentage of interpretation was (0.044). 4. The results showed that there is the impact of the security control strategy for of e-commerce in banks on the role of internal auditor in protecting computerized accounting information systems, and this indicates that the more the security control of e-commerce was large, he will have more role in the protecting of computerized accounting information systems. 5. Through the interpretation of the results, it is clear that the study sample has a scientific efficiently and a high practical experience, since most of the respondents has a bachelor degree, and that the majority of the study sample had more than 10 years of experience. 12.2. Recommendations In the light of what has reached from the results, the research recommends the following: 1. Promote understanding and awareness of the internal auditor of the bank's work, so his role in the protection of computerized accounting information systems will be more efficient, effective and accurate when selecting any breach of computerized accounting information. 2. The necessity of the internal auditor's participations of any amendment or development or shifting to a new computerized accounting system in the bank, so that the auditor can find out

International Research Journal of Finance and Economics - Issue 68 (2011)

159

any port or a specific defect which makes it easy to penetrate the system and therefore the ease of discovery of breach as soon as possible. 3. The necessity of the senior management in the bank to commit in training and qualifying internal auditors to keep up with rapid technological developments with regard to information technology. 4. The need for a process of assessing the risk of piracy and electronic penetration in banks from time to time and the attention to the impact of those risks on the internal control system and the need to expect them before they occur and to find appropriate solutions in the event when they occur. 5. The need to obtain the largest possible number of internal auditors at operating banks in Jordan of the certificate (CISA), which is auditing the computerized information systems, so as to reduce the risk of piracy and electronic penetration.

References
[1] Ahmed Goma'a, "Senior management's understanding to develop knowledge in the profession of internal auditing and its impact on the internal auditor", Volume 13, Issue 1, Kuwait University Journal, 2006. Alsaeid Ahmed El Saqa, "Interior Auditing: financial and operational aspects" the Saudi Society of treatment, version 12, Riyadh, 2002. Idris Eshtaiwi, "Auditing: standards and procedures", Al jamaheria for publication and distribution, Benghazi, Libya, 1997. Versions of International Standards of Business Practices Auditing, Assurance, and the Rules and Ethics of the Profession, the International Federation of Accountants, Talal Abu-Ghazaleh College of Business, 2006 edition. Thomas Meleem and Henkey Emerson, "The auditing between theory and practice", translation and revision of Ahmed Hamed Hjjaj and Kamal Al Din Said, Dar Al Mareekh Publishing House, Riyadh, Saudi Arabia, 2001. Khader Ismail Al-Titi, "The basics of information security and computer", Dar Hamed Publishing and Distribution House, 2010. Saad Ghaleb Yasin, "Management Information Systems", Dar Al Yazouri, 2009. Abdo Hamada, "The Role of Internal Audit in Raising the Efficiency of Accounting Information in the Computer Environment", unpublished Master Thesis, University of Aleppo, 2002. Imad Al Salah, "Information Security Risk of Electronic Accounting and its Impact on the Accuracy and Credibility of Financial Statements of Commercial Banks in Jordan", unpublished Master Thesis, University of Al Al-Bayt, 2009. Abdul Wahab Ali Naser and others, "Studies in: Advanced Auditing", Al Dar Al jame'ia House for Printing and Publishing and Distribution, Alexandria, 2003. Esam Al Buhaisi, Huria Al Sharif, "The risk of Electronic Accounting Information Systems", Journal of Islamic university, Volume 16, No., 2, 2008. Mohamed Al Ramli and Ahmed Abdalellah, "Proposed Framework for Internal Auditing Standards in Light of the Evolution of Information Technology", Journal of contemporary business research, University of Assiut, No. 2. Board of Directors of the Saudi Organization for Certified Public Accountants SOCPA, "The Audit Standard in Enterprises that Use Computers", March 1997, paragraph 112. Ali Thunaibat, "Auditing in the Light of International Auditing Standards and Regulations and Local Laws and the Application and Theory," Deanship of Scientific Research, University of Jordan, 2006.

[2] [3] [4]

[5]

[6] [7] [8]

[9]

[10] [11] [12]

[13] [14]

160 [15] [16]

International Research Journal of Finance and Economics - Issue 68 (2011) . Mohamed Kamel, "Basics of Auditing in an Environment of Operating Systems of Electronic Data," Dar Al jame'ia Publishing House, Alexandria, 2003. Mahmoud Al-Jabali, Ehab Nazmi, "Measuring the Degree of Implementation of Internal Audit Based on Business Risk in the Banking Sector of Jordan", Arab Journal of Management, Volume 27, Number 2, December 2007. Munir Al Janbihi, Mamdouh Al Janbihi, "The Security of Electronic Information," Dar Al-Fikr Al Jame'i, 2006. Nesreen Abdul Hameed Nabih "Software Piracy and its Impact on the Global Economy," modern office campus, 2010. AICPA Professional Standards, SAS No.7 Using the Work of a Specialist," AU Section 336, December, 1998, Parag.8 International Auditing Practice statement, 2000. Marshall, B, Romney, Paul ,Joan stein Bart, Accounting Information System prentice Hall, New Jersey, 2009 Richter, Lawrence, "Risky Business Team with Audit Committee to Tackle It Security Needs " Journal of Accountancy ,www. findarticles.com, June 2006 Warren, MJ Security practice: survey evidence from three countries. Linguistics Information Management 2005.

[17] [18] [19] [20] [21] [22] [23] [24]