اطار مقترح للرقابة الداخلية لتعزيز الثقة في نظام المعلومات المحاسبي ICBS : دراسة حالة في المصرف الاهلي العراقي == A Suggested Frame For The Internal Control To Support Trust In The Icbs A Case Study In The Iraqi National Bank
Author name:
ابتهال قاسم كطيو الحسين
Supervisor name:
بشرى عبد الوهاب محمد حسن الجواهري
General topic:
Administration and Economics
Specific topic:
Accounting
Degree:
Master
University:
University of Kufa - Faculty Of Administration And Economics - Department Of Accounting
Language:
Arabic
University location:
Najaf
First pages:
07T4316 - p.pdf
Abstract:
على الرغم من تنامي استثمارات المصرف في نظم المعلومات المحاسبية المتطورة الا ان التباينات مزاالت حاسمة بين عموم المصارف في مدى نجاحها ليس من خلال اقتنائها لنظم معلومات محاسبية متطورة فقط، بل في سعيها لاقتناء منظومة لتقنية المعلومات غير قابلة للتقليد والاخت | In spite of the growing bank investments in the developed ICBS, the deviations among banks still crucial on the level of their success in acquiring developed accounting information systems as well as in their attempts to acquire an information technique system that could not be imitated or penetrated. Acquiring the distinguished performance is no longer connected to the modernized systems types, rather it is more connected to providing this system with the serious elements. The effective interior control could participate in providing and supporting trust. This stud aims to create a theoretical and intellectual frame for trust services, define the methods and steps that could be followed to response efficiently to the information security risks. It also aims to demine the procedures that should be followed to maintain the confidentiality and privacy of the ICBS inputs and outputs, as well as defining the involved policies to process data and report them effectively to all their authorized users. In one aspect, the study depends on formulizing a proposed frame to evaluate the interior control effectiveness in the accounting information systems applied in Iraqi private bank and its ability to support trust. The study concludes a set of results that could be summarized as following : - The bank does not have a purchasing unit, rather it followed the main supplier in Amman that is to say it does not have the authority to choose the system it should use. In case of sudden accidents, there are no certain procedures to retrieve the backups relating the stored data. Moreover the backup storage is saved on hard disc and kept in the bank building rather than in a more save place. Holding period had not been defined and that allow the unauthorized employees to access those data. Though the password is subjecting to many conditions; it should be complicated and should be changed within 99 days, yet many risks had been observed represented by adopting simple password and did not changed within the defined time, sometimes it lasts for 730 days, sequentially the unauthorized employees have greater chance to access the users accounts with the increasing chance of access the system to damage the saved data confidentiality and safety. Hence the following recommendation are presented by the researcher : - The bank should have a purchasing unit to be provided with the involved and required systems and devices. Certain procedures should be put to retrieve the backups In case of sudden accidents, and the backups should be kept in a save places out of the organization or company with certain machinery to save these data according to their importance. A clear policy should be followed to separate responsibilities by informing each employee with his own responsibility which should be defined according to experience and qualifications. The security procedures should be developed and modernized periodically. Complexity is involved to in using password which must be changed within 99 days. The users should be subjected to control procedures to be restricted to laws and informing them of the hazards and risks that the bank might face if they reveal or exchange certain confidential information unintentionally as well as setting punishment in case of breaching such procedures or instructions.
