Internal Control and Standard Operating Procedures in Malaysian Corporations


  • Nadianatra Musa Faculty of Computer Science and IT, Universiti Malaysia Sarawak, Kota Samarahan, Malaysia.
  • Bob Clift School of Accounting and Corporate Governance, University of Tasmania, Hobart, Australia.


Board Management, IS/IT, Security, Senior Management,


The security, standards, and related controls of IT/IS infrastructure along with its implementation in Malaysian Corporation has been the main focus of the study. A cross sectional analysis has been implemented, using the qualitative research design, to evaluate the importance of internal control and standard operating procedures. The interview data, website analysis, and mail surveys have been collected concerning the perfection of boards and senior management about the IS/IT security processes. Both the senior and board management are ought to be responsible and accountable to ensure that IS/IT risks are addressed in the standards and policies of IS/IT security. Success and failure of development are also the responsibility of boards and senior management. IT/IS procedures must be implemented by corporation to control the risk related with the use of operation and information systems that supports the mission of business.


. V. J. Marsick, K. Watkins,“Informal and Incidental Learning in the Workplace, (Routledge Revivals),” Routledge,2015 Jun 11.

. D. M. Dozier, L. A. Grunig, J. E. Grunig,“Manager's guide to excellence in public relations and communication management,”Routledge, 2013 Oct 18.

. R. Pereira, M. C. Baranauskas, S. R. da Silva,“Social Software and Educational Technology: Informal, Formal and Technical Values,”Educational Technology & Society, 2013 Jan 1, 16(1), pp. 4-14.

. W. Pieters, T. Dimkov, D. Pavlovic,“Security policy alignment: A formal approach”, IEEE Systems Journal, 2013 Jun, 7(2), pp. 275-287.

. N. Musa, “Role of the boards and senior management within formal, technical and informal components: IS/IT security governance in the Malaysian publicly listed companies(Doctoral dissertation,” University of Tasmania).

. G. Soda, A. Zaheer,“A network perspective on organizational architecture: performance effects of the interplay of formal and informal organization”,Strategic Manage J, 2012 Jun 1, 33(6), pp. 751-771.

. M. Schumacher, E. Fernandez-Buglioni, D. Hybertson, F. Buschmann, P. Sommerlad,“Security Patterns: Integrating security and systems engineering,” John Wiley & Sons, 2013 Jul 12.

. R. Von Solms, J. Van Niekerk,“From information security to cyber security”,Comput Secur, 2013 Oct 31, 38, pp. 97-102.

. T.R. Peltier,“Information Security Policies, Procedures, and Standards: guidelines for effective information security management,” CRC Press, 2016 Apr 19.

. W. H. Baker, L. Wallace, “Is information security under control?: Investigating quality in information security management,”IEEE Security & Privacy, 2007 Jan, 5(1), pp. 36-44.

. A. Gemino, B. H. Reich, C. Sauer,“Plans versus people: Comparing knowledge management approaches in IT-enabled business projects”,International Journal of Project Management, 2015 Feb 28, 33(2), pp. 299-310.

. Kucharska, Wioleta, and Rafał Kowalczyk. “Trust, Collaborative Culture and Tacit Knowledge Sharing in Project Management–a Relationship Model.” (2016).

. A. J. Wood, B. F. Wollenberg,“Power generation, operation, and control,” John Wiley & Sons, 2012 Nov 7.

. A Amran, S. K. Ooi, R. T. Mydin, S. S. Devi. “The Impact of Business Strategies on Online Sustainability Disclosures”,Business Strategy and the Environment, 2015 Sep 1, 24(6), pp. 551-564.

. Lai, Alessandro, Gaia Melloni, and Riccardo Stacchezzini. “Corporate sustainable development: is ‘integrated reporting’a legitimation strategy?.”Business Strategy and the Environment 25, no. 3 (2016): 165-177. DOI: 10.1002/bse.1863

. S. Mishra, G. Dhillon,“Information Systems Security Governance Research: A Behavioral Perspective”, Annual NYS Cyber Security Conference, 2007.

. S. P. Williams, C. A. Hardy, J. A. Holgate,“Information security governance practices in critical infrastructure organizations: A sociotechnical and institutional logic perspective,”Electronic Markets, 2013 Dec 1, 23(4), pp. 341-354.

. S. Mishra,“Organizational objectives for information security governance: a value focused assessment”,Information & Computer Security, 2015 Jun 8, 23(2), pp. 122-144.

. Dhillon, Gurpreet, Lemuria Carter, and Javad Abed. “Defining Objectives For Securing The Internet Of Things: A Value-Focused Thinking Approach.” (2016).

. J. A. Sherer, T. M. Hoffman, E. E. Ortiz, “Merger and Acquisition Due Diligence: A Proposed Framework to Incorporate Data Privacy, Information Security, E-Discovery, and Information Governance into Due Diligence Practices”, Rich. JL & Tech, 2014,21, pp. 1.

. M. Mueller, A. Schmidt, B. Kuerbis, “Internet security and networked governance in international relations,”International Studies Review, 2013 Mar, 15(1), pp. 186-104.

. Debreceny RS. “Research on IT governance, risk, and value: Challenges and opportunities”,Journal of Information Systems, 27(1), 2013 Jun, 129-135.

. Flores WR, Antonsen E, Ekstedt M. “Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture”, Comput Secur, 43, 2014 Jun 30, 90-110.

. Rafiee, Abozar Solat, Akbar Alem Tabriz, and Mohammadreza Babaei. “Organizational Characteristics Role in the Implementation of Information Security in Knowledge Management with a Focus on Employee Safety Behavior.” Modern Applied Science 10, no. 2 (2016): 123. DOI:

. Tejay GP, Barton KA. “Information System Security Commitment: A Pilot Study of External Influences on Senior Management”, InSystem Sciences (HICSS), 46th Hawaii International Conference on 2013 Jan 7 (pp. 3028-3037). IEEE.




How to Cite

Musa, N., & Clift, B. (2017). Internal Control and Standard Operating Procedures in Malaysian Corporations. Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 9(2-10), 25–31. Retrieved from

Most read articles by the same author(s)