The Impact of Information System Control and Audit on the Perceived Risk of the Computer Crime in Case of Financial Institutions

정보시스템통제 및 감사가 컴퓨터범죄의 인지된 위험에 미치는 영향: 금융기관을 중심으로

The information system control includes organizational structure, control mechanism, and management tools which contribute to accomplish the goals of information system: asset safeguarding, data integrity, effectiveness, and efficiency. Information system audit is the process to evaluate whether the information system accomplishs the goals. Information system auditor examine the reliability of information system control and suggest recommendations to improve the information system control. Both information system control and information system audit activities contribute to prevent and detect the computer crime for the organization. This paper proposes a causal model of information system control/audit and the perceived risk of computer crime, and tests the model using a survey on 38 financial institutions in Korea. Statistical results show that information system control and audit significantly reduce the computer crime risk perceived by the user group. The general control has a stronger impact than the application control. In addition, it turns out that the greater the deviation between the importance and the actual level of information system control is, the higher the perceived risk of computer crime is.