The implementation of SysTrust principles and criteria for assuring reliability of AIS: empirical study

• DOI: https://doi.org/10.1108/IJAIM-05-2017-0067
• Published date: 05 August 2019
• Date: 05 August 2019
• Pages: 461-491
• Author: Ahmed H. Al-Dmour,Masam Abood,Hani H. Al-Dmour
• Subject Matter: Accounting & Finance,Accounting/accountancy,Accounting methods/systems

The implementation of SysTrust

principles and criteria for assuring

reliability of AIS: empirical study

Ahmed H. Al-Dmour and Masam Abood

University of Brunel, London, UK, and

Hani H. Al-Dmour

The University of Jordan, Amman, Jordan

Abstract

Purpose –This study aims at investigatingthe extent of SysTrust’s framework (principles and criteria) as

an internal control approach for assuring the reliability of accounting information system (AIS) were being

implementedin Jordanian business organizations.

Design/methodology/approach –The study is based on primary data collectedthrough a structured

questionnaire from 239 out of 328 shareholdings companies. The survey units were the shareholding

companies in Jordan, and the single key respondents approach was adopted. The extents of SysTrust

principles were also measured. Previously validated instruments were usedwhere required. The data were

analysedusing t-test and ANOVA.

Findings –The results indicated that the extent of SysTrust being implemented could be considered to

be moderate at this stage. This implies that there are some variations among business organizations in

terms of their level of implementing of SysTrust principles and criteria. The results also showed that the

extent of SysTrust principles being implemented was varied among business o rganizations based on their

business sector. However, there were not found varied due to their size of business and a length of time in

business (experience).

Research limitations/implications –This study is only conducted in Jordanas a developing country.

Although Jordanis a valid indicator of prevalent factors in the widerMENA region and developing countries,

the lack of external validityof this research means that any generalization of the researchfindings should be

made with caution. Future research can be orientated to other national and cultural settings andcompared

with the resultsof this study.

Practical implications –The study provides evidence of the need for management to recognize the

importance of the implementationof SysTrust principles and criteria as an internal control for assuring the

reliability of AIS within their organizations and be aware which of these principles are appropriate to their

size and industrysector.

Originality/value –The findings would be valuable for academic researchers, managers and

professional accounting to acquire a better undemanding of the current status of the implementation of

the SysTrust principles (i.e., availability, security, integrity processing, confidentiality, and privacy) as an

internal control method for assuring the reliability of AIS by testing the phenomenon in Jordan as a

developing country.

Keywords Internal control system, AIS, SysTrust principles, Jordanian shareholdings companies

Paper type Research paper

© Ahmed H. Al-Dmour, Masam Abood and Hani H. Al-Dmour. Published by Emerald Publishing

Limited. Thisarticle is published under the CreativeCommons Attribution (CC BY4.0) licence. Anyone

may reproduce,distribute, translate and createderivative works of this article (for bothcommercial and

non-commercial purposes), subject to full attribution to the original publication and authors. The full

terms of thislicence may be seen at http://creativecommons.org/licences/by/4.0/legalcode

Implementation

of SysTrust

principles

461

Received21 May 2017

Revised26 June 2017

6July2017

Accepted9 July 2017

InternationalJournal of

Accounting& Information

Management

Vol.27 No. 3, 2019

pp. 461-491

EmeraldPublishing Limited

1834-7649

DOI 10.1108/IJAIM-05-2017-0067

The current issue and full text archive of this journal is available on Emerald Insight at:

www.emeraldinsight.com/1834-7649.htm

Introduction

The adoption of information technology as a pillar in the business world renders it

critical in terms of reliability and security. System assurance, as a core part of

management, is required to ensure that the accounting system and information initiated

is reliable. Information technology in business is essential as long as it is reliable and

secure. System reliability in administration primarily guarantees the solidity of data and

accounting framework. However, an unreliable system can exhibit a number of side

effects, such as failure to prevent unauthorized access to the system, making it

vulnerable to viruses, hackers and loss of data confidentiality Loss of data integrity,

including defiled, inadequate and invented information, and genuine support issues

bringing about unintended negative reactions from system changes, such as loss of

access to system administrations, loss of information privacy or loss of information

trustworthiness (Boritz, 2005;McPhie, 2000;Topash, 2014). In fact, the complexity of

computerized information systems has increased the necessity of the assessment of the

reliability of a firm’s internal control systems (Joseph et al., 2009).

Furthermore, due to globalizationand the advancement of technology around the world,

the achievements of the overall objectives of the business become more difficult and

complicated. This includes the mission and visions that are also affected by other factors

such as fraud, money laundering and terrorism activities. To avoid such challenge caused

by advances in technology, companies tend to designtheir strategies whereby dealing with

customers, provision of service,corporate social responsibilities and successful procedureof

control system are embedded therein (Douglas, 2011). To enhances and maintain the

reliability of controlsystem, the American Institute of Certified Public Accountants(AICPA)

and the Canadian Institute of CharteredAccountants (CICA) has developed a new assurance

service called SysTrust, whereby a public accountant can write about the adequacy of

controls over the reliability of a system. The team formulated a definition of system

reliability as “a system that operates without material error, fault or failure in system

availability, privacy, integrity, and maintainability during a specified time in a specified

environment”(Saitio,2001).

Computerized accounting information systems can face a range of potential threats, and

this entails protection of data from abuse and physicaland moral loss where administration

of business companies tend to design a rigid controlsystem that is reliable and guarantees

protection from both internal andexternal threats. This keeps the quality of outputs of the

systems and aids in the efficient achievement of the organization’sobjectives. Furthermore,

a reliable system is also required as continuousauditing is conducted under the supervision

of real-time accounting systems.The expected benefits from web-based continuous auditing

depend on the reliability of real-time accounting systems. AICPA (2017) pointed out the

characteristicsof a reliable system as follows:

Accuracy: The system must obtain record and report the information to be audited

accurately, completely, and on a timely basis.

Security: There must be controls to prevent unauthorized access to business data

and processes. When violations are detected or suspected, the system must warn the

auditor and there must be temporary restriction

Integrity: The system processing must be complete, accurate, timely and in

accordance with the entity’s transaction approval and output distribution policy.

Maintainability: The system must be updated to provide continuous accuracy,

security and integrity.

IJAIM

27,3

462