Investigating Adequacy of Security Controls in Saudi Banking Sector: An Empirical Study

Abstract

The objective of this research is to explore the existence and adequacy of implemented security controls of computerized accounting information systems (CAIS) in the Saudi banking sector (SBS). An empirical survey, using a self-administrated questionnaire, was conducted to investigate the opinions of the heads of internal audit departments (HoIAD) and the heads of computer departments (HoCD) in the entire population of the SBS regarding the adequacy of implemented security controls in their banks. The results of study reveal that the vast majority of Saudi banks have adequate CAIS security controls in place. The study provides valuable empirical results in this regard. Some weak points of the security controls were discovered, and accordingly, some recommendations to strengthen the security controls in SBS are suggested. From a practical standpoint, managers, bankers and practitioners alike stand to gain from the findings of this study. The results enable bank managers and practitioners to better secure their CAIS and to champion the security of information technology for the success of their banks.