Defense Date

Summer 7-9-2018

Degree Type

Dissertation

Degree Name

Information Systems

Department

Business Administration

Committee Chair/First Advisor

Dr. Humayun Zafar

Committee Member or Co-Chair

Dr. Brad Schafer

Reader

Dr. Solomon Negash

Abstract

Organizational fraud, a deceitful practice or willful device resorted to with intent to deprive another of his right, or in some manner to do harm or injury, is a growing global concern. While cyberattacks from the outside are more expected, the internal security threat from trusted insiders is responsible for significantly more information compromise than external threats. Information systems make life easier but are increasingly used by employees to perpetrate fraudulent activities. For example, a trusted insider employee with access to sensitive customer databases could misappropriate information and sell it to a competitor for personal gain. These type losses are typical of organizational fraud averaging 5% of annual revenues, and current detection and prevention methods are not fully adequate to address the threat.

This research examines how organizational fraud is affected by information security policy characteristics. We specifically study the effects of quality and enforcement as mediated by security compliance using a sampling of survey data from selected organizations. Our results show that increased quality and enforcement supports increased compliance. We found an inverse relationship between policy compliance and organizational fraud. Additionally, our model demonstrates that compliance fully mediates between policy quality, policy enforcement, and the dependent variable fraud.

Included in

Accounting Commons

Share

COinS