Journal of International Technology and Information Management

Document Type



A business must recognize and address various risk factors when establishing and maintaining its information system. The overall risk to management is that the control environment does not protect proprietary business data and the financial reporting system that produces financial statements and other information used by investors, creditors and regulatory agencies. These risks require that management implement efforts to ensure the integrity and effectiveness of control procedures over business activities while being aware of additional system issues such as failing to adequately consider other risks which are more business-oriented including the risk of failing to prevent or detect fraudulent or illegal activities. Worldwide in 2008 the value of economic data stolen was estimated to be a trillion dollars. After the public outcry from the business failures such as Enron there were efforts by the U.S. government, business community and the accounting profession to strengthen business control environments to better address such risk factors and thereby improving the quality of financial data. One result of these efforts has been that businesses are guided by the features of the Sarbanes-Oxley Act (2002) and efforts by COSO (2007) which indirectly allude to but do not specifically address these risk factors in a technology-based business environment. Currently almost all records maintained by a business organization are now in an electronic format with over two-thirds never converted to hard copy. The integral nature of a networked system necessitates having adequate control aspects that ensure the confidentiality of business proprietary data and to ensure this data is not stolen or misused. One aspect of this issue is that of insider hacking to transfer or misuse proprietary business data. This issue and recommendations for management and their auditors are reported in this research.