The Mediating Role of Security Controls between Information-technology Risks and the Security of Accounting Information Systems: A Field Study in Telecommunication Companies Operating in the Republic of Yemen

Abstract

This study aims to test Security Controls (SCs) as a mediator between information-technology risks (ITR) and the security of AISs in telecommunication companies operating in Yemen (TCOY). To achieve this objective, a questionnaire was used to collect data according to the comprehensive method, where (356) questionnaire forms were distributed and the validated questionnaire forms for analysis were (218). To analyze the data, (SmartPLS) was used in assessing the measurement model and the structural model, as well as in the evaluation of path coefficients and testing the hypotheses of the study. It has been concluded that ITRs negatively affect the security of AISs before the mediation of SCs (47.6%). The results indicate that the mediation of SCs between ITRs and security of AISs is a partial mediation. Also, ITRs have an indirect negative impact on the security of AISs after the mediation of SCs (25.3%), as part of the impact is transferred through SCs from ITRs to the security of AISs (indirect impact). The study concluded with a set of recommendations, most notably: paying more attention to the confidentiality, integrity and availability of information, keeping abreast of technological developments, implementing SCs and updating them constantly, supporting the information security by the higher management, improving security-response activities, accelerating the implementation of robust authentication, giving great attention to access control, and effectively monitoring security policy-implementation. This is to raise the level of security of AISs and reduce the negative impact of ITRs.