[Podcast] Developing a culture of accounting information security: Solutions to protect accounting information systems in the context of the 4.0 Industrial Revolution
31 August, 2024
Keywords: Accounting information security culture, Accounting information security behavior, Accounting information system protection, 4.0 Industrial Revolution
In a complex digital world, many businesses have invested in advanced security technologies and other mechanisms that support information security purposes, especially accounting information because the complexity and the types of risks are increasing and constantly changing. Developing an information security culture (ISC) is considered a highly effective measure. The results of the study “Information security culture model in accounting information systems: An empirical study in Vietnam” from the author group of University of Economics Ho Chi Minh City (UEH) will support the corporate investors a better understanding of ISC and the relationship between its elements in the accounting information system (AIS), resulting in building strategies for developing and changing ISC.

The necessity to develop a culture of accounting information security
The 4.0 Industrial Revolution with outstanding developments in information and communications technologies (ICTs) has brought positive changes in business operations and competitive advantage. On the other hand, this creates many challenges and risks for businesses. One of the serious global threats that businesses face is information system security. According to the Cybersecurity Business Report, cybercrime is believed to have caused losses of “more than $6 trillion in 2021, up from $3 billion in 2015.” Therefore, ensuring information systems can adapt creatively to advances in ICTs is becoming one top priority for businesses.
ICTs have also significantly influenced the accounting field. However, AIS is facing many risks of attack. In this context, the majority of technical solutions deployed by businesses rely on information system technologies and human control in the system. However, good information systems mechanisms need to address both technical and non-technical aspects. Therefore, the focus is on establishing ISC at businesses.
ISC is being an emerging research field. The current researches on ISC have mostly been conducted in developed countries whereas the socio-cultural environment in developing countries together with the lack of resources and knowledge is creating various major barriers in promoting information system awareness but has not received much attention yet. In Vietnam, the application of ICTs to AIS has received rather a lot of attention in the recent times. However, the research on information systems in accounting has been rather limited. Therefore, the objective of this study is to focus on ISC, an important solution for the AIS goal. The findings of this study will help administrators have a deeper understanding of the role of ISC and the relationships between ISC components in AIS. On this foundation, businesses can build strategies and policies to improve ISC and information security behavior of employees.
Information security culture and Accounting information system
*Information security culture
ISC is understood to be an ideal information security and safety culture, with every employee following instructions voluntarily in a manner that makes it their second nature. Three common characteristics of ISC include: shaping employee behavior toward safety concerns, creating a safe environment within an organization, and requiring the participation of all employees. The ISC, considered to be the presumption of acceptable accounting information security behavior, is promoted to the organization’s employees. The quality of ISC is determined by the organization’s beliefs and by evaluating and managing the principle of respect for the truth and the reasonableness of end users’ and administrators’ beliefs regarding the information security of their organization.
From a practical perspective, ISC is an important element to combat human-related risks. The OECD has published Security Guidelines for Information Systems and Networks with a focus on building ISC. Similarly, the United Nations General Assembly (2003) introduced a document titled Creating a Global Culture of Cybersecurity. Currently, the diversity of information security frameworks listed as ISO 27000, NIST and Security, COBIT, COSO provides guidance on information security education, training and awareness (SETA) programs and information security policies and mechanisms to address human factors.
ISC has two levels: organizational and individual. In this study, the author group is interested in ISC from personal aspects including attitudes, behaviors, abilities and perceptions. To be demonstrated as follow:
- Attitude refers to employees’ feelings and beliefs regarding safety protocols and issues.
- Accounting information security behavior includes policies, procedures, and compliance.
- The competency element in ISC is related to the capabilities, the skills, the knowledge and the expertise of employees in information security, allowing them to comply with the organization’s security policies and procedures.
- Information security awareness is an important element of ISC because information security awareness refers to the extent to which employees understand the importance of information security policies, rules and guidelines of the organization. Information security awareness is also considered the degree to which employees behave according to the organization’s information security policies, rules and guidelines. The awareness of policies and procedures and the awareness of roles and responsibilities are two components of information security awareness. Most scholars believe that establishing an ISC will reduce the inside threats to information security.
*Accounting information system
AIS is a subsystem that integrates information from its various subsystems and transmits this information to the information processing subsystems of the organization with the purpose of assisting managers in decision making. Today, AISs are more interested in financial and non-financial data and information. In the context of the digital world, many businesses develop computer-based AIS and use many management accounting tools with the support of ICTs.
Despite the advantages of ICTs, these technologies can create an unsafe environment because their effectiveness depends greatly on how they are implemented within the organization. As a result, AIS safety and control aspects are increasingly becoming a concern for both business and scientific community. The current employees are rated as the highest source of information security incidents, followed by former employees of the organization. Information security issues often involve carelessness or human error. Therefore, organizations have a desire to develop necessary skills for employees and to attract their interest in the process of implementing information security through the construction and the development of ISC.
The research overview illustrates that the majority of previous studies focus on information security issues in general. Meanwhile, the impacts of ICTs on AIS are increasing and leading to other problems in accounting information security. Therefore, in this study, the author chose the research scope as the information security for those computerized AISs.
Cognitive Attitude Behavior Model (KAB) and Information Security Culture
In accordance with the KAB Model, human knowledge, attitudes and behaviors are related to each other. Knowledge is a person’s understanding of a specific field, which plays an important role in influencing human attitudes and behavior. Attitude represents an individual’s positive or negative perception of performing a behavior. Behaviors are actions performed based on knowledge and attitudes. It reflects the way people apply their knowledge and attitudes into practice. Based on KAB, the previous studies have confirmed that: as employees’ knowledge of information security increases, their attitudes improve, leading to the improved accounting information security behavior.
From overviewing previous studies and background theories, the author group has developed research hypotheses and a research model (depicted in Figure 1) as follows:
- H1. Awareness of accounting information security has a positive influence on behavioral orientation for accounting information security.
- H2. Information security attitude has a positive influence on accounting information security behavior orientation.
- H3. Information security capacity has a positive influence on accounting information security behavior orientation.
- H4. Orienting accounting information security behavior has a positive influence on accounting information security behavior.
- H5. Information security attitude has a positive influence on accounting information security behavior.
- H6. Information security capacity has a positive influence on accounting information security behavior.
- H7. Information security experience moderates the impact of accounting information security behavioral orientation on accounting information security behavior.
Figure 1. Research model
Data collection
Data is collected online from administrators, accountants, auditors, IT/information security staff who perform work related to accounting information security with a sample size of 181. Table 1 demonstrates that the research sample has diverse demographic characteristics of survey participants; therefore, the collected data is appropriate for the research objectives.
Table 1. Statistics description of research samples
Amount | Percentage (%) | |
Operation fields | 181 | 100% |
Manufacturing; Manu-Com; Manu-Com-Ser | 56 | 30,9% |
Commerce, Service | 95 | 52,5% |
Construction | 11 | 6,1% |
Others | 19 | 10,5% |
Working position | 181 | 100% |
Unit Head/Vice-head | 21 | 11,6% |
Chief Accountant | 32 | 17,7% |
Accountant/Controller/Auditor | 83 | 45,9% |
Sector manager | 23 | 12,7% |
Information Technology/Information security staff | 22 | 12,2% |
Experiences in Information security | 181 | 100% |
< 2 years | 41 | 22,7% |
2-5 years | 72 | 39,8% |
5- 10 years | 44 | 24,3% |
>10 years | 24 | 13,3% |
Years of working | 181 | 100% |
< 2 years | 37 | 20,4% |
2- 5 years | 63 | 34,8% |
5 – 10 years | 41 | 22,7% |
> 10 years | 40 | 22,1% |
(Source: Analysis from research group)
Research results
Data analysis results present that accounting information security behavior orientation is significantly affected by the awareness of accounting information security and accounting information security capacity. However, accounting information security attitude does not affect accounting information security behavioral orientation.
Accounting information security behavior is most strongly influenced by accounting information security behavior orientation and accounting information security capacity. However, the impact of attitude towards accounting information security on accounting information security behavior is denied.
The results of analyzing the moderating role of experience illustrate that experience acts as a moderating variable in the relationship between behavioral orientation of accounting information security and ISB accounting information security behavior.
Management implications
The research results help administrators better understand ISC and the relationships among its elements in AIS, resulting in building strategies for developing and changing ISC. To improve ISB, administrators need to focus on improving information system awareness and employees’ capacity. Currently, the awareness, the capacity and the behavior of employees at Vietnamese enterprises are only at a fairly average level with a rating of 5/7 points. Therefore, businesses need to improve these factors to increase ISB.
Managers also need to focus on building a specific, unified ISC and to clearly communicate policies and ISC to all employees so that they can understand and accurately perceive their ISC businesses development strategies for implementing the correct strategy. Businesses also need to make employees clearly aware of their responsibilities and roles regarding activities related to information systems. As experience in ISC plays a moderating role in the relationship between behavior and ISB, managers should focus on information security training to improve qualifications and experience of employees regarding accounting information systems, all of which help minimize the errors and the risks related to information systems.
In the context of information security risks, especially accounting information, which is increasingly becoming a concern for businesses, this study is interested in aspects of information security culture and the relationship of them in AIS. Data, collected from 181 employees undertaking jobs related to accounting and information security were analyzed, demonstrated that accounting information security awareness and capacity strongly influence behavioral orientation regarding employees’ accounting information security. These ISC structures make significant contributions to the accounting information security behavior of the accountants. These findings have provided new insights into the elements of ISC, contributing management implications towards the managers so as to achieve the protection of accounting information systems in the context of complex technological environments.
Please refer to the full research titled “Information security culture model in accounting information systems: An empirical study in Vietnam” on UEH website.
Author group: Pham Tra Lam, Dau Thi Kim Thoa, Nguyen Phuoc Bao An – University of Economics Ho Chi Minh City (UEH).
This is an article in a series of articles spreading research and applied knowledge from UEH with the message “Research Contribution For All – Research For The Community”, UEH respectfully invites dear readers to look forward to the upcoming newsletter UEH Research Insights.
News and photos: Author group, UEH Department of Marketing and Communications

[Podcast] Developing Vung Tau into a World-Class Tourism City
16 January, 2025
[Podcast] Postdigital Design Strategies for Media Art
6 January, 2025
[Podcast] NFTs – Artistic Innovation or Just a New Hype?
27 December, 2024
[Podcast] Boosting Employee Creativity with Constructive Feedback
23 November, 2024
[Podcast] “Dutch Disease” in Remittances and the Case of Vietnam
4 November, 2024
[Podcast] Latest approaches for sustainable universities
11 July, 2024
Data Law – Part 1: Necessity for a New Approach
18 May, 2024
Advertising Evaluation on Tiktok Platform
14 May, 2024
[Podcast] Advertising Evaluation on Tiktok Platform
13 May, 2024
Promoting Learner Autonomy in English Language Learning (Part 1)
24 November, 2023
ArtTech And Sustainable Development
27 October, 2023
Motivation of EFL Vietnamese Students in Economics-related Majors
12 October, 2023
Climate Change And Our Society: The Urgency Of Gender Inequality
12 October, 2023
People Analytics in Vietnam
10 March, 2022
Revolution in Experimental Economics
30 January, 2022
The Sharing Economy: Governance Issues in Vietnam
24 January, 2022
Employment Policy For Ho Chi Minh City in Post-social distancing Period
28 December, 2021
Lifelong learning at UEH: Towards a Sustainable University
28 December, 2021
Building a Decentralized Stock Market based on Blockchain Technology
24 December, 2021
Consumer price index from big data mining perspective (Big data)
17 November, 2021
Overview Of Digital Currency – Part 5: DIEM Private Stabilized Currency
11 November, 2021