Internal Control and Standard Operating Procedures in Malaysian Corporations
Keywords:Board Management, IS/IT, Security, Senior Management,
AbstractThe security, standards, and related controls of IT/IS infrastructure along with its implementation in Malaysian Corporation has been the main focus of the study. A cross sectional analysis has been implemented, using the qualitative research design, to evaluate the importance of internal control and standard operating procedures. The interview data, website analysis, and mail surveys have been collected concerning the perfection of boards and senior management about the IS/IT security processes. Both the senior and board management are ought to be responsible and accountable to ensure that IS/IT risks are addressed in the standards and policies of IS/IT security. Success and failure of development are also the responsibility of boards and senior management. IT/IS procedures must be implemented by corporation to control the risk related with the use of operation and information systems that supports the mission of business.
. V. J. Marsick, K. Watkins,“Informal and Incidental Learning in the Workplace, (Routledge Revivals),” Routledge,2015 Jun 11.
. D. M. Dozier, L. A. Grunig, J. E. Grunig,“Manager's guide to excellence in public relations and communication management,”Routledge, 2013 Oct 18.
. R. Pereira, M. C. Baranauskas, S. R. da Silva,“Social Software and Educational Technology: Informal, Formal and Technical Values,”Educational Technology & Society, 2013 Jan 1, 16(1), pp. 4-14.
. W. Pieters, T. Dimkov, D. Pavlovic,“Security policy alignment: A formal approach”, IEEE Systems Journal, 2013 Jun, 7(2), pp. 275-287. Doi.org/10.1109/jsyst.2012.2221933
. N. Musa, “Role of the boards and senior management within formal, technical and informal components: IS/IT security governance in the Malaysian publicly listed companies(Doctoral dissertation,” University of Tasmania). Doi.org/10.1109/icitst.2013.6750242
. G. Soda, A. Zaheer,“A network perspective on organizational architecture: performance effects of the interplay of formal and informal organization”,Strategic Manage J, 2012 Jun 1, 33(6), pp. 751-771. Doi.org/10.1002/smj.1966
. M. Schumacher, E. Fernandez-Buglioni, D. Hybertson, F. Buschmann, P. Sommerlad,“Security Patterns: Integrating security and systems engineering,” John Wiley & Sons, 2013 Jul 12.
. R. Von Solms, J. Van Niekerk,“From information security to cyber security”,Comput Secur, 2013 Oct 31, 38, pp. 97-102. Doi.org/10.1016/j.cose.2013.04.004
. T.R. Peltier,“Information Security Policies, Procedures, and Standards: guidelines for effective information security management,” CRC Press, 2016 Apr 19. Doi.org/10.1201/9780849390326
. W. H. Baker, L. Wallace, “Is information security under control?: Investigating quality in information security management,”IEEE Security & Privacy, 2007 Jan, 5(1), pp. 36-44. Doi.org/10.1109/msp.2007.11
. A. Gemino, B. H. Reich, C. Sauer,“Plans versus people: Comparing knowledge management approaches in IT-enabled business projects”,International Journal of Project Management, 2015 Feb 28, 33(2), pp. 299-310. Doi.org/10.1016/j.ijproman.2014.04.012
. Kucharska, Wioleta, and Rafał Kowalczyk. “Trust, Collaborative Culture and Tacit Knowledge Sharing in Project Management–a Relationship Model.” (2016).
. A. J. Wood, B. F. Wollenberg,“Power generation, operation, and control,” John Wiley & Sons, 2012 Nov 7.
. A Amran, S. K. Ooi, R. T. Mydin, S. S. Devi. “The Impact of Business Strategies on Online Sustainability Disclosures”,Business Strategy and the Environment, 2015 Sep 1, 24(6), pp. 551-564. Doi.org/10.1002/bse.1837
. Lai, Alessandro, Gaia Melloni, and Riccardo Stacchezzini. “Corporate sustainable development: is ‘integrated reporting’a legitimation strategy?.”Business Strategy and the Environment 25, no. 3 (2016): 165-177. DOI: 10.1002/bse.1863
. S. Mishra, G. Dhillon,“Information Systems Security Governance Research: A Behavioral Perspective”, Annual NYS Cyber Security Conference, 2007.
. S. P. Williams, C. A. Hardy, J. A. Holgate,“Information security governance practices in critical infrastructure organizations: A sociotechnical and institutional logic perspective,”Electronic Markets, 2013 Dec 1, 23(4), pp. 341-354. doi.org/10.1007/s12525-013-0137-3
. S. Mishra,“Organizational objectives for information security governance: a value focused assessment”,Information & Computer Security, 2015 Jun 8, 23(2), pp. 122-144. Doi.org/10.1108/ics-02-2014-0016
. Dhillon, Gurpreet, Lemuria Carter, and Javad Abed. “Defining Objectives For Securing The Internet Of Things: A Value-Focused Thinking Approach.” (2016).
. J. A. Sherer, T. M. Hoffman, E. E. Ortiz, “Merger and Acquisition Due Diligence: A Proposed Framework to Incorporate Data Privacy, Information Security, E-Discovery, and Information Governance into Due Diligence Practices”, Rich. JL & Tech, 2014,21, pp. 1.
. M. Mueller, A. Schmidt, B. Kuerbis, “Internet security and networked governance in international relations,”International Studies Review, 2013 Mar, 15(1), pp. 186-104. Doi.org/10.1111/misr.12024
. Debreceny RS. “Research on IT governance, risk, and value: Challenges and opportunities”,Journal of Information Systems, 27(1), 2013 Jun, 129-135. Doi.org/10.2308/isys-10339
. Flores WR, Antonsen E, Ekstedt M. “Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture”, Comput Secur, 43, 2014 Jun 30, 90-110. Doi.org/10.1016/j.cose.2014.03.004
. Rafiee, Abozar Solat, Akbar Alem Tabriz, and Mohammadreza Babaei. “Organizational Characteristics Role in the Implementation of Information Security in Knowledge Management with a Focus on Employee Safety Behavior.” Modern Applied Science 10, no. 2 (2016): 123. DOI: http://dx.doi.org/10.5539/mas.v10n2p123
. Tejay GP, Barton KA. “Information System Security Commitment: A Pilot Study of External Influences on Senior Management”, InSystem Sciences (HICSS), 46th Hawaii International Conference on 2013 Jan 7 (pp. 3028-3037). IEEE. Doi.org/10.1109/hicss.2013.273.
How to Cite
TRANSFER OF COPYRIGHT AGREEMENT
The manuscript is herewith submitted for publication in the Journal of Telecommunication, Electronic and Computer Engineering (JTEC). It has not been published before, and it is not under consideration for publication in any other journals. It contains no material that is scandalous, obscene, libelous or otherwise contrary to law. When the manuscript is accepted for publication, I, as the author, hereby agree to transfer to JTEC, all rights including those pertaining to electronic forms and transmissions, under existing copyright laws, except for the following, which the author(s) specifically retain(s):
- All proprietary right other than copyright, such as patent rights
- The right to make further copies of all or part of the published article for my use in classroom teaching
- The right to reuse all or part of this manuscript in a compilation of my own works or in a textbook of which I am the author; and
- The right to make copies of the published work for internal distribution within the institution that employs me
I agree that copies made under these circumstances will continue to carry the copyright notice that appears in the original published work. I agree to inform my co-authors, if any, of the above terms. I certify that I have obtained written permission for the use of text, tables, and/or illustrations from any copyrighted source(s), and I agree to supply such written permission(s) to JTEC upon request.