THE EFFECT OF GENERAL CONTROLS OF INFORMATION SYSTEM AUDITING IN THE PERFORMANCE OF INFORMATION SYSTEMS :FIELD STUDY Mansour Naser ALraja Assistant Professor of Management Information Systems, Jerash University-Jordan post code 26150 JORDAN Nayef Rage ALomiam Assistant Professor of public Administration, Jerash University-Jordan Abstract This study aimed to determine the role played by the general controls of information systems auditing in improving the performance of information systems in banks listed in the Amman Stock Exchange. To achieve the objectives and testing of hypotheses a questionnaire was developed especially for the collection of data from a study sample, which consisting of (64) employees at banks listed in Amman Stock Exchang, the number of questionnaires analyzed are (52), representing (81.25 %) of the questionnaires distributed. By using appropriate statistical tests, results of the study showed that banks listed in Amman Stock Exchang apply General controls of information systems auditing in general, also it found that there is a significant relationship between general controls of information systems auditing and information systems performance, and general controls of information systems auditing has a significant impact on information systems performance. Keywords: General controls, Information systems, Auditing, performance, Bank, Amman Stock Exchange. 1. Introduction The need to provide strategic information for all concerned levels, is one of the challenges faced by most companies in the digital economy, which is witnessing a revolution of the developments and changes at different levels of economic and social in general and technological especially, information is the core of the administrative leader work in the business. When the need for efficiently and effectively information increase, that raise the required for controls and standards include a methodology of systems development review, and review of the used systems documentation, and also to confirm the effectiveness of legal controls which used at bank. All this is done by the process of systems auditing, by reviewing all stages of developing the systems and confirm appropriate controls, and identification and application it, as a result that reducing the economic cost of the systems and improve the quality of information provided by the systems and thus increase the system's ability to adapt to the latest changes, leading to achievement of objectives, so this study came to focus on this vital subject and important in one of the important sectors in Jordan, which is facing increasing competition, it is the private banking sector. 2. Study objectives This study aimed to determine the role played by the general controls of information systems auditing in improving the performance of information systems in banks listed in the Amman Stock Exchange. We can subdivide this main goal into following goals: - Determine the role of general controls of information systems auditing in improving the quality of information provided by the systems - Determine the role of general controls of information systems auditing in increase the contribution of information systems to achieve the objectives of the bank. - Determine the role of general controls of information systems auditing in facilitate the adaptation of systems with the latest changes. - Determine the role of general controls of information systems auditing in reducing the economic cost of the systems. COPY RIGHT 2013 Institute of Interdisciplinary Business Research 356
3. Literature Review 3.1. General Controls of Information System Auditing As soon as data and management procedures are handled by automated systems, Information Systems Auditing comes into place. This includes new methodologies and control techniques, pertinent to an automated environment. Information System Auditing requires an opinion about the Information Systems and data that they process. The data must be accurate, complete and authorized. Errors must be properly detected and corrected in time and there must be planned and accurate procedures to guarantee the continuation of operations(piattini, 2000). Ron Weber has defined IS audit as "the process of collecting and evaluating evidence to determine whether a computer system (information system) safeguards assets, maintains data integrity, achieves organizational goals effectively and consumes resources efficiently." (Sayana, 2002). Information System Auditing Objectives: The general Information System Auditing Objectives are as Follows (Piattini, 2000): Validation of the organizational aspects and administration of the Information Service function. Validation of the controls of the system development life cycle. Validation of access controls to installations, terminals, libraries, etc. Automation of Internal Auditing activities. Internal Training. Training members of the Information Service Function Department Collaboration with External Auditors Controls: consist of all the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards. Control Objectives: In general, the major control objectives are considered to be as follows (Piattini, 2000): Safeguarding of assets Guarantee data accuracy, reliability and authorization Operation efficiency Compliance with organizational policies and procedures Types of IS audit(auditor General s, 2006): - Audit of IS general controls. - Audit of application controls. - Audit of IS development controls. - IS performance audit. 3.2. performance of information systems Information systems is a group of components that interact to produce information (Kroenke,4,2007), also, an information systems collects, processes, stores, analyzes, and disseminates information for a specific purpose. While Computer-based information system is an information system that uses computer technology to perform some or all of its intended tasks (Turban and others, 2006), information systems exist help business achieve their goals and objectives, as we know business themselves do not do anything and it cannot act. It is the people within a business who sell, buy, design, produce, finance, market, account, and manage. So information systems exist to help people who work in a business to achieve the goals and objectives of that business(kroenke, 2007). The basic components of information system are: hardware, software, database, networks, procedures, and people(turban and others, 2006). COPY RIGHT 2013 Institute of Interdisciplinary Business Research 357
A number of important forces affect the pace and effectiveness of progress in using information systems and in delivering business benefits. The relative weighting of each factor varies over time, and will also vary from one organization to another. These factors include(ward and Peppard, 2002): 1. the capabilities of the technology; 2. the economics of deploying the technology; 3. the applications that are feasible; 4. the skills and abilities available, either in-house or from external sources, to develop the applications; 5. the skills and abilities within the organization to use the applications; 6. the pressures on the particular organization or its industry to improve performance. The top ten dimensions of Information Systems performance (Chang, 2001): 1. Information Systems impact on strategic direction; 2. Integration of Information Systems planning with corporate planning; 3. Quality of information outputs; 4. Information Systems contribution to organizational financial performance; 5. Information Systems function operational efficiency; 6. User/management attitudes about Information Systems function; 7. Information Systems staff competence; 8. Integration with related technologies across other organizational units; 9. Adequacy of system development practice; and 10. Ability of Information Systems function to identify and assimilate new technologies 3.3. Related Works (Allinson, 2001) in this study Information on principles, techniques and processes used, and the reason for the recording, storing and releasing of audit information for evidentiary purposes have been studied. It is shown that most organizations studied generate and retain audit trails but the approach is not consistent nor is it comprehensive. It is suggested that these materials would not withstand a serious legal challenge. (Buchanan & Gibb, 2007) This study discusses three challenges to current practice: limited guidance on management of scope; ambiguous linkage to related ICT development processes; and the lack of a standard methodological approach. In response to these challenges, the role and scope of the IA is reexamined, key relationships to information strategy and information system architecture (ISA) are defined and mapped, and a two-dimensional matrix is proposed to manage scope. (Buchanan & Gibb, 2008) they consider the comprehensiveness, applicability, and usability of four commonly cited information audit methodologies. Comprehensiveness considers the conceptual, logical, and structural completeness of each methodological approach. Applicability considers the scope of each approach, and the ability to tailor the approach to individual organizational requirements. Usability considers the perceived ease with which each approach can be adopted and applied. A methodological baseline has also been established, which provides a reusable framework to guide future methodology selection, and for developing an individual or tailored approach to the information audit. Also (Buchanan & Gibb, 2008) in the next study they present and discuss five information audit (IA) case studies, which tested the application and usability of an IA methodology. The studies also trailed an IA scope matrix and incorporated process modeling. The main strengths of the IA methodology were found to be the logical structuring of stages, provision of a comprehensive toolkit, and the flexibility to remove stages not relevant to the client brief. A limitation of the methodology was found to be its lack of instructional depth. The IA scope matrix was COPY RIGHT 2013 Institute of Interdisciplinary Business Research 358
successfully trailed, and process modelling proved extremely valuable, encouraging participant involvement by focusing on readily understandable aspects of day-to-day work, and providing an organizational model of information flow. (Philee, 2009) Hamed and Hoda Philee considered that the information technology and business internal controls as a major factor for business security, they found the IT usage need to strong internal controls. 4. Study Questions We can summarize the main problem of the study by asking: what is the impact of general controls of information systems auditing in the performance of information systems in banks listed in the Amman Securities Exchangee? We can subdivide this main question into following questions: - what is the impact of general controls of information systems auditing in improving the quality of information provided by the systems? - what is the impact of general controls of information systems auditing in increase the contribution of information systems to achieve the objectives of the bank? - what is the impact of general controls of information systems auditing in facilitate the adaptation of systems with the latest changes? - what is the impact of general controls of information systems auditing in reducing the economic cost of the systems? 5. Hypothesis and Study Model To answer the study questions, the research depend on the following main hypothesis: There is a significant effect of general controls of information systems auditing on the performance of information systems in banks listed in the Amman Securities Exchange? And subdivided by the following assumptions: - There is a significant effect of general controls of information systems auditing on improving the quality of information provided by the systems? - There is a significant effect of general controls of information systems auditing on increase the contribution of information systems to achieve the objectives of the bank? - There is a significant effect of general controls of information systems auditing on facilitate the adaptation of systems with the latest changes? - There is a significant effect of general controls of information systems auditing on economic cost of the systems? General Controls of Information systems Auditing Information systems Strategy. Documentation Legal Controls to protect Information Systems Information Systems Performance Quality of information Information system contribution The system's ability to adapt to the new changes Economic cost of the system COPY RIGHT 2013 Institute of Interdisciplinary Business Research 359
6. Methodology 6.1. Population and Sample The target population for this study comprised all the Banks listed in Amman Securities Exchange. A sample of (8) banks were chosen randomly from the targeted population, 58 questionnaires were distributed, the response rate was about 81.25 % (52 usable responses). 6.2. Data Collection Secondary data was collected based on the findings of published papers, articles, books, prior studies, and the World Wide Web. The primary data collection was carried out using a self-designed questionnaire, this adopted instrument comprises three sections, the first section covers the demographic information (Gender, Age, Period of working at bank, Education ), the second section contains (18) items measuring Information systems performance, the third section measures general controls of Information systems auditing through (21) items also, Five Likert-type scales were used to score the responses. 6.3. Instrument Reliability The reliability of data collected instrument was measured using Cronbach's alpha coefficient; the reliability test was conducted to check for inter-item correlation in each of the variables in the questionnaire. The closer Cronbach's alpha is to one, the higher the internal consistency reliability (Sekaran, 2003). The test results are as follows: Cronbach alpha for Independent Variable = 0.785, Cronbach alpha for dependent Variable = 0.899, Cronbach alpha for over all instruments = 0.912 which approached to the acceptable limit. 6.4. Data Analysis Methods Statistical Package for Social Sciences (SPSS) was used to analyze the data. Descriptive techniques such as; frequencies, percentages, means, standard deviation (Std.) and coefficient of variation were used to describe the variables. Spearman correlation and multiple regression analysis were used to test hypothesis of the study. 7. Statistics Analysis and Hypothesis Testing 7.1. Analysis of Personal and Functional Characteristics We used several questions to find out the distribution of the study sample, according to personal and functional characteristics, such as gender, age, Period of working at bank, and Education. Table (1) shows these properties. Table (1) Personal and Functional Characteristics (N=52) Percent 53.8 46.2 38.5 36.5 15.4 9.6 9.6 69.2 21.2 40.4 34.6 19.2 5.8 Frequency 28 24 20 19 8 5 5 39 11 21 18 10 3 male female less than 30 years 31-40 41-50 51 and more pre bachelor bachelor MBA & PhD 5years and less from 6 to 10 from 11 to 15 16and more Variable GENDER AGE EDUCATION Period of working at bank COPY RIGHT 2013 Institute of Interdisciplinary Business Research 360
No. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 7.2. Study variables Description To determine the availability of the study variables, we divided the main independent variable into three major dimensions, and the dependent variable into four major dimensions, each dimension was measured with a set of indicators shown in the table(2). Table (1) variables Description Characteristics (N=52) Questions There is a clear definition of the vision and mission of information systems. There is a clear methodology for strategic planning for information systems linked to the overall strategy of the bank. Strategic plan identifies key priorities for information systems, and resources that systems need. Information systems unit is involved in building and implement the overall strategy of the bank. (x1) information systems Strategy. The bank Documents all procedures used in data collection. The Bank has a mechanism to make sure that the data collected, is in conformity with the procedures adopted by the bank. The Bank has written standards describe where and when the operating procedures perform. The performance of information systems performance is Measured by documented standards. There is a standard format for recording data. All models adopted by the bank, dated. The name of person or entity which collect the data is specified on these forms. The auditing of the data recorded, done by another specialist. The bank relies specific actions are periodically carried out to ensure the accuracy of the information system. (x2) Documentation. The Bank uses passwords and smart cards to verify the identity of persons and data sources. To protect data against illegal use, the bank determine the responsibilities of access to data and to deal with it. protection procedures Increase whenever the importance of data Increase. The bank use the data encryption technology to protect it from change and replacement. To protect the data, bank uses a system to registration the date and time of the codes, turn it off, suspended, restarted, and cancellation. There is deterrent procedures against those who display the system and information to penetrate and danger. Bank relies protection standards comparable to international used standards. The bank regulations require that the users of information systems must be expertise and competence. (x3) Legal Controls to protect Information Systems (X) General Controls of Information Systems Auditing The information which provided by the systems is Features with modernity. The information is provided at the right time. The provided information is featured with the sincerity and consistency. The provided information is featured with the accurate, realistic and concise.. The provided information is featured with the flexibility. Information is provided according to the requirements of beneficiary using multiple methods. Mean 3.8269 4.0000 4.2885 3.9615 4.0192 3.9423 4.0962 4.0000 3.9423 3.5769 3.8077 3.7115 3.9231 3.7500 3.8611 4.0192 3.7308 3.8654 3.9423 3.8846 3.9231 4.0769 3.9615 3.9255 3.9158 4.1538 3.9423 4.0000 4.1538 3.8654 3.9808 Std. 1.27911 1.10258 1.16040 1.02826.81175.91638.99528.94972 1.16170 1.17734 1.08535 1.14338 1.06359 1.16946.67492 1.32088 1.17349 1.18865 1.07400 1.16575 1.21826 1.15209.92803.82034.48723 1.33409 1.07400 1.04787.95762 1.25290 1.05701 COPY RIGHT 2013 Institute of Interdisciplinary Business Research 361
28 29 30 31 32 33 34 35 36 37 38 39 (y1) Quality of information provided by systems The current Information systems is correspond with requirements of decisions relating to the achievement of the objectives of the Bank in general. Information systems which used in the bank, guarantee provide service to all units and departments in the bank. There is an integration and mutual coordination between the different departments in the Bank, to use information from the placed plans, correspondence with the unity and stability of the objectives to be achieved. Information systems which used at the bank, helps to quickly provide information in response to customer requirements. Information systems which used at the bank, enables to complete doing daily works immediately on-line. (y2)information system contribution to achieving the objectives of the bank Information systems which used at the bank is featured with highly efficient of storage, classification, retrieval, and update data and information that I need in my work. Information provided by the information systems which used at the bank meet the needs of decision makers at all administrative levels. Information systems which used at the bank is featured with ability to provide the information in spite of the size growing and diversity of operations. The information has the required of accuracy and reliability in spite of the size growing of operations. (y3) The system's ability to adapt to the new changes Information provided by the current Information Systems provides useful return justify their cost. Usually I get better results for my decisions when I depend on information provided by the system. Information systems helps to strengthen the financial position of the bank by reducing costs and increasing sales. (y4) Economic cost of the system (Y) Information Systems Performance 4.0160 3.9615 3.7692 4.0385 3.9231 3.7500 3.8885 3.9038 4.0000 4.0192 3.7885 3.9279 3.7885 3.8077 3.5769 3.7244 3.9124.79367 1.17091 1.13094 1.06571 1.41208 1.15258.83117 1.19245 1.18818.98000 1.09072.76750 1.17718 1.17220 1.22628.93287.70112 7.2.1. General Controls of Information System Auditing As it clear from the table (2) the total mean is (3.9158), and the answers of the study sample on these dimensions were close, the standard deviation indicates that, which was (.48723), which reflects the perception of respondents to the importance of General Controls of Information System Auditing, this importance was according to the views of sample members, arranged as follows: information systems Strategy with mean (4.0192) and a standard deviation (.81175), second place Legal Controls to protect Information Systems with mean (3.9255) and a standard deviation (.82034), and came Documentation in third place with mean (3.8611) and a standard deviation (.67492) 7.2.2. performance of information systems Also from the table (2) we can see the total mean of information systems performance is (3.9124), and the answers of the study sample on these dimensions were very close, the standard deviation indicates that, which was (.70112), the arrangement of these dimensions according to the sample members opinion, as follows: Quality of information provided by systems with mean (4.0160) and a standard deviation (.79367), second place The system's ability to adapt to the new changes with mean (3.9279) and a standard deviation (.76750), third place Information system contribution to achieving the objectives of the bank with mean (3.8885) and a standard deviation (.83117), and Economic cost of the system came in fourth place with mean (3.7244) and a standard deviation (.93287). COPY RIGHT 2013 Institute of Interdisciplinary Business Research 362
7.3. Hypothesis Testing We used Pearson's test to identify if there is relationship between General Controls of Information System Auditing and performance of information systems, As it seen in Table (3), the output indicates that there is a positive significant correlation at (P 0.01) between General Controls of Information System Auditing and information systems performance, which implies that the Banks which listed in Amman Securities Exchange focus on information systems audit to improve the systems performance but they must give more important to the information systems auditing in the future (r = 0.725), also we can note that there is no relationship Legal Controls to protect Information Systems and performance of information systems and sometimes sounds negative. Table (3) Correlations (N=52) X x1 x2 x3 Y Pearson Correlation.725 **.803 **.861 ** -.063 Sig. (2-tailed).000.000.000.656 N 52 52 52 52 y1 Pearson Correlation.647 **.793 **.749 ** -.077 Sig. (2-tailed).000.000.000.590 N 52 52 52 52 y2 Pearson Correlation.676 **.776 **.806 ** -.076 Sig. (2-tailed).000.000.000.590 N 52 52 52 52 y3 Pearson Correlation.449 **.437 **.647 ** -.115 Sig. (2-tailed).001.001.000.418 N 52 52 52 52 y4 Pearson Correlation.672 **.637 **.700 **.085 Sig. (2-tailed).000.000.000.550 N 52 52 52 52 ** Correlation is significant at the 0.01 level (2-tailed). * Correlation is significant at the 0.05 level (2-tailed). COPY RIGHT 2013 Institute of Interdisciplinary Business Research 363
Multiple regression analysis was conducted to test the hypotheses. Multiple regression identifies how much of the variance in the dependent variable will be explained when a set of variables is able to predict a particular outcome. Using multiple regression analysis is subject to normality of the data. Hypothesis 1: Table (4) Model Summary Model R R Square Adjusted R Square Std. Error of the Estimate 1.840 a.705.687.44419 Table (5) ANOVA b Model Sum of Squares df Mean Square F Sig. 1 Regression 22.655 3 7.552 38.274.000 a Residual 9.471 48.197 Total 32.126 51 b. Dependent Variable: y1 Table (6) Coefficients a Standardized Unstandardized Coefficients Coefficients Model B Std. Error Beta t Sig. 1 (Constant).148.505.293.771 x1.516.106.528 4.854.000 x2.451.129.384 3.510.001 x3.013.076.013.168.867 a. Dependent Variable: y1 adopt to the results of regression analysis, the General Controls of Information Systems Auditing (especially (x1) information systems Strategy and (x2) Documentation) as it seen in table (6) affect directly in order (β = 0.528, 0.384, P 0.01) on Information Quality, as it shown from table (4) (R 2 = 0. 705) This means that General Controls of Information Systems Auditing have been interpreted (70.5%) of the variance in Information Quality that provided by Information systems, and also we noted from table (5) that the value of the statistical test (F = 38.274) is statistically significant at (P 0.01). this analysis lead us to accept the first hypothesis which said: There is a significant effect at level (P 0.01) of general controls of information systems auditing on improving the quality of information provided by the systems. COPY RIGHT 2013 Institute of Interdisciplinary Business Research 364
Hypothesis 2: Table (7) Model Summary Model R R Square Adjusted R Square Std. Error of the Estimate 1.861 a.741.725.43608 Table (8) ANOVA b Model Sum of Squares df Mean Square F Sig. 1 Regression 26.105 3 8.702 45.759.000 a Residual 9.128 48.190 Total 35.233 51 b. Dependent Variable: y2 Table (9) Coefficients a Unstandardized Coefficients Standardized Coefficients Model B Std. Error Beta t Sig. 1 (Constant) -.381.496 -.767.447 x1.428.104.418 4.100.000 x2.638.126.518 5.059.000 x3.021.075.021.282.779 a. Dependent Variable: y2 adopt to the results of regression analysis, the General Controls of Information Systems Auditing (especially (x2) Documentation and (x1) information systems Strategy) as it seen in table (9) affect directly in order (β = 0.518, 0.418, P 0.01) on information systems contribution to achieve the bank goals, as it shown from table (7) (R 2 = 0.741) This means that General Controls of Information Systems Auditing have been interpreted (74.1%) of the variance in information systems contribution to achieve the bank goals, and also we noted from table (8) that the value of the statistical test (F = 45.759) is statistically significant at (P 0.01). this analysis lead us to accept the second hypothesis which said: There is a significant effect at level (P 0.01) of general controls of information systems auditing on increase the contribution of information systems to achieve the objectives of the bank. COPY RIGHT 2013 Institute of Interdisciplinary Business Research 365
Hypothesis 3: Table (10) Model Summary Model R R Square Adjusted R Square Std. Error of the Estimate 1.648 a.420.384.60246 Table (11) ANOVA b Model Sum of Squares df Mean Square F Sig. 1 Regression 12.620 3 4.207 11.590.000 a Residual 17.422 48.363 Total 30.042 51 b. Dependent Variable: y3 Table (12) Coefficients a Unstandardized Coefficients Standardized Coefficients Model B Std. Error Beta t Sig. 1 (Constant) 1.258.685 1.835.073 x1 -.022.144 -.023 -.149.882 x2.749.174.658 4.294.000 x3 -.034.104 -.036 -.329.744 a. Dependent Variable: y3 adopt to the results of regression analysis, the General Controls of Information Systems Auditing (especially (x2) Documentation) as it seen in table (12) affect directly (β = 0.658, P 0.01) on the system ability to convoy rapid changes, as it shown from table (10) (R 2 = 0.420) This means that General Controls of Information Systems Auditing have been interpreted (42%) of the variance in the system ability to convoy rapid changes, as it shown from table, and also we noted from table (11) that the value of the statistical test (F = 11.590) is statistically significant at (P 0.01). this analysis lead us to accept the third hypothesis which said: There is a significant effect at level (P 0.01) of general controls of information systems auditing on facilitate the adaptation of systems with the latest changes. COPY RIGHT 2013 Institute of Interdisciplinary Business Research 366
Hypothesis 4: Table (13) Model Summary Model R R Square Adjusted R Square Std. Error of the Estimate 1.751 a.564.536.63513 Table (14) ANOVA b Model Sum of Squares df Mean Square F Sig. 1 Regression 25.020 3 8.340 20.675.000 a Residual 19.363 48.403 Total 44.382 51 b. Dependent Variable: y4 Table (15) Coefficients a Unstandardized Coefficients Standardized Coefficients Model B Std. Error Beta t Sig. 1 (Constant) -1.158.723-1.603.116 x1.334.152.291 2.195.033 x2.718.184.520 3.909.000 x3.195.109.172 1.788.080 a. Dependent Variable: y4 depending on the results of regression analysis, the General Controls of Information Systems Auditing (especially (x2) Documentation) as it seen in table (15) affect directly (β = 0.261, P 0.01) on economic cost of systems, as it shown from table (13) (R 2 = 0. 564) This means that General Controls of Information Systems Auditing have been interpreted (56.4%) of the variance in the economic cost of systems, and also we noted from table (14) that the value of the statistical test (F = 20.675) is statistically significant at (P 0.01). this analysis lead us to accept the fourth hypothesis which said: There is a significant effect at level (P 0.01) of general controls of information systems auditing on economic cost of the systems. COPY RIGHT 2013 Institute of Interdisciplinary Business Research 367
Main Hypothesis: Table (16) Model Summary Model R R Square Adjusted R Square Std. Error of the Estimate 1.908 a.824.813.30349 Table (17) ANOVA b Model Sum of Squares df Mean Square F Sig. 1 Regression 20.649 3 6.883 74.727.000 a Residual 4.421 48.092 Total 25.070 51 b. Dependent Variable: Y Table (18) Coefficients a Unstandardized Coefficients Standardized Coefficients Model B Std. Error Beta t Sig. 1 (Constant).030.345.087.931 x1.342.073.396 4.704.000 x2.614.088.591 6.989.000 x3.035.052.041.673.504 a. Dependent Variable: Y As it clear from the results of regression analysis, the General Controls of Information Systems Auditing (especially (x2) Documentation and (x1) information systems Strategy) as it seen in table (18) affect directly in order (β = 0.591, 0.396, P 0.01) on Information systems Performance (quality of information provided by systems, information system contribution to achieving the objectives of the bank, the system's ability to adapt to the new changes, economic cost of the system), as it shown from table (16) (R 2 = 0.824) This means that General Controls of Information Systems Auditing have been interpreted (82.4%) of the variance in Information systems Performance, and also we noted from table (17) that the value of the statistical test (F = 74.727) is statistically significant at (P 0.01). this analysis lead us to accept the main hypothesis which said: There is a significant effect at level (P 0.01) of general controls of information systems auditing on the performance of information systems in banks listed in the Amman Securities Exchange. COPY RIGHT 2013 Institute of Interdisciplinary Business Research 368
8. Conclusions After analyzing the data and testing the hypotheses, the following major conclusions were reached: 1. General controls of information systems auditing dimensions (Information Systems Strategy, Documentation, and Legal Controls) are provided in high percentages with a mean (4.0192, 3.8611, 3.9255) compared with the expected mean which is (3).T 2. here is significant statistical relationship between general controls of information systems auditing and information systems performance at the confidence level (P 0.01). 3. The study revealed that general controls of information systems auditing have a significant statistical impact on information systems performance and explains (82.4%) of the variation in information systems performance 9. Recommendations According to the findings of this study we can give some suggestions, might be they can help managers in the banks that listed at Amman Securities Exchange if they use them effectively. 1. Banks that listed at Amman Securities Exchange highly encouraged to illustrate the strong relationship between general controls of information systems auditing and information systems performance especially Legal Controls to protect Information Systems. 2. Banks that listed at Amman Securities Exchange highly encouraged to develop a clear strategy allow them to increase the role of general controls of information systems auditing in improvement Economic cost of the system, and Information system contribution to achieving the objectives of the bank. 3. reinforcement the role of general controls of information systems auditing in raising Quality of information provided by systems, andthe system's ability to adapt to the new changes COPY RIGHT 2013 Institute of Interdisciplinary Business Research 369
References 1. Steven Buchanan, Forbes Gibb, The information audit: Theory versus practice, International Journal of Information Management 28 (2008) 150 160. 2. Steven Buchanan, Forbes Gibb, The information audit: Methodology selection, International Journal of Information Management 28 (2008) 3-11. 3. Steven Buchanan, Forbes Gibb, The information audit: Role and scope, International Journal of Information Management 27 (2007) 159 172. 4. Caroline Allinson, Information Systems Audit Trails in Legal Proceedings as Evidence, Computers & Security Vol.20, No.5, pp.409-421, 2001. 5. Hamed and Hoda Philee, Information Technology and Internal Controls, February 6, 2009, http://ssrn.com/. 6. Western Australian Auditor General s Report, Information Systems Audit Report, Report 2 April 2009. 7. The Auditor General s, Methodological Recommendations for Information Systems Audit, Order No. V-65 of 27 April 2006. 8. Mario Piattini, Auditing information systems, Chapter I, Basic Concepts of Information System Auditing, Rafael Rodríguez de Cora, 2000, IDEA Group Publishing. 9. Anantha Sayana, The Information System Audit Process, Information Systems Control Journal, Volume 1, 2002. 10. IS AUDITING PROCEDURE EVALUATION OF MANAGEMENT CONTROLS OVER ENCRYPTION METHODOLOGIES DOCUMENT P9, 2009 ISACA. 11. IS AUDITING PROCEDURE IRREGULARITIES AND ILLEGAL ACTS DOCUMENT P7, 2009 ISACA. 12. IS AUDITING GUIDELINE, G6 MATERIALITY CONCEPTS FOR AUDITING INFORMATION SYSTEMS, 2009 ISACA. 13. IS AUDITING GUIDELINE FOLLOW-UP ACTIVITIES DOCUMENT G35, 2009 ISACA. 14. IS AUDITING GUIDELINE, G8 AUDIT DOCUMENTATION, 2009 ISACA. 15. IS AUDITING GUIDELINE, G39 IT ORGANISATION, 2009 ISACA. 16. IS AUDITING PROCEDURE, P1 IS RISK ASSESSMENT MEASUREMENT, 2009 ISACA. 17. Ward, John and Peppard, Joe (2002) Strategic Planning for Information Systems, Third Edition, John Wiley & Sons Ltd, England 18. Kroenke, David M. (2007), Using MIS, Pearson Education, Inc, New Jersey. 19. Turban, Efraim and leidner, Dorothy and Mclean, Ephraim and Wetherbe, James with contribution by: Chung, Christy and Tse, Daniel and Lew, Maggie (2006), Information Technology for management transforming organizations in the digital economy, 5 th Edition, John Wiley & sons, Inc. 20. Chang, Cha-Jan Jerry(2001), the development of a measure to assess the performance of the information systems function: a multiple-constituency approach, PhD thesis, Faculty of the Katz Graduate School of Business, University of Pittsburgh. COPY RIGHT 2013 Institute of Interdisciplinary Business Research 370