Abstract
Occupational fraud, the use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the organization’s resources or assets, is a growing concern for all organizations. While the typical organization loses at least 5% of annual revenues to fraud, current methods of detection and prevention are not fully adequate to reduce increasing occurrences. Although information systems are making life easier, they are increasingly being used to perpetrate fraudulent activities, and internal employee security threat is responsible for more information compromise than external threats.
The purpose of this research is to examine how information security policy quality and enforcement impacts compliance and mediates organizational fraud levels in a sampling of small to medium-size firms. We will examine if (1) organizations with low (high) quality information security policy experience lower (higher) information security policy compliance; (2) organizations with strong (weak) enforcement of the existing policy experience lower (higher) levels of information security policy compliance; (3) if there is any significant interaction effect between information security policy quality and enforcement and (4) if perceived information security policy compliance is inversely related to reported organizational fraud.
Completion of this research will approach the fraud problem from a perspective that has not been studied previously and will inform current findings regarding the potential direct and indirect effects of information security noncompliance on organizational fraud by giving insights into the motivation leading to compliance versus noncompliance decisions encountered by employees in various organizational settings.
Included in
Accounting Commons, Information Security Commons, Management Information Systems Commons, Technology and Innovation Commons
Investigating Information Security Policy Characteristics: Do Quality, Enforcement and Compliance Reduce Organizational Fraud?
Occupational fraud, the use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the organization’s resources or assets, is a growing concern for all organizations. While the typical organization loses at least 5% of annual revenues to fraud, current methods of detection and prevention are not fully adequate to reduce increasing occurrences. Although information systems are making life easier, they are increasingly being used to perpetrate fraudulent activities, and internal employee security threat is responsible for more information compromise than external threats.
The purpose of this research is to examine how information security policy quality and enforcement impacts compliance and mediates organizational fraud levels in a sampling of small to medium-size firms. We will examine if (1) organizations with low (high) quality information security policy experience lower (higher) information security policy compliance; (2) organizations with strong (weak) enforcement of the existing policy experience lower (higher) levels of information security policy compliance; (3) if there is any significant interaction effect between information security policy quality and enforcement and (4) if perceived information security policy compliance is inversely related to reported organizational fraud.
Completion of this research will approach the fraud problem from a perspective that has not been studied previously and will inform current findings regarding the potential direct and indirect effects of information security noncompliance on organizational fraud by giving insights into the motivation leading to compliance versus noncompliance decisions encountered by employees in various organizational settings.