The awareness of information security in Maltese audit firms : with a focus on the human element

Abstract

PURPOSE Given that the importance of information security (IS) within organisations is increasing, it was seen necessary to contribute towards this field by analysing the level of security awareness of auditors and accountants in Maltese audit firms. In an effort to do this, the main focus of the research was to give an insight on employee awareness of relevant security threats, the attitude and perception of senior personnel towards the importance of human security awareness, and the gap that exists between documented security policies and individual security practices. DESIGN: Semi-structured interviews were carried out with senior personnel responsible for or having a background knowledge of IS. A different set of questions were set for staff members employed within the audit, accountancy or tax departments of the 'Big Four' audit firms and within medium-sized firms. FINDINGS: The bigger firms are working their way through security challenges evident from the generally higher levels of security threat awareness that exist amongst staff members when compared to the smaller firms. On the other hand, the absence of a security framework as well as of security awareness training suggests that senior management within medium-sized organisations lack commitment towards the role that staff members play in safeguarding information assets. CONCLUSIONS The study elicited that high value is placed on the confidentiality principle. Consequently, whilst greater importance is to be placed on the other two security tenets - integrity and availability, IS should also be viewed as a means to gain competitive advantage. Additionally, Maltese audit firms should work their way towards narrowing the existing gap between policies and practices. Increasing employee involvement in the 'Big Four' audit firms and instilling a security corporate culture in smaller firms may serve to enhance security effectiveness and ensure long term business success. VALUE: It is anticipated that this study will help to increase an understanding of the importance and effectiveness of IS in today's business world and the roles that both audit firms and their staff hold in securing vital information assets.