Risk assessment and security systems of accounting information in the context of IT application
DOI:
https://doi.org/10.35774/visnyk2025.01.244Keywords:
accounting, reporting, information, information systems, information technologies, information risks, information protection, information security standardsAbstract
Introduction. The introduction of information systems and technologies has significantly transformed and accelerated the processes of data collection, exchange, and processing. It has also improved communication conditions for the development of new business technologies. However, alongside its considerable advantages, the implementation of IT in economic relations has introduced new challenges. One of the critical issues is that business digitalization has progressed at a faster pace than information security systems. This has led to emerging threats and risks that must be minimized to ensure the protection of accounting and reporting information.
The purpose is to study systemic and non-systemic risks and assess effective measures to protect accounting and reporting information in the context of information and communication technology (ICT) implementation.
Methods. To achieve the research objective, the study employs a systematic and analytical approach to information generalization, as well as bibliographic, conceptual, and functional analysis methods.
Results. The study reveals the structure of information risks specific to corporate- type entities using IT. It identifies groups of risks associated with data loss and access restrictions, data falsification and loss of legitimacy, as well as risks of disclosure (leakage) or theft of commercial or confidential information, among others. A multi-level information security system is proposed, which should be developed in four key areas: physical, legal, software-technical, and organizational information protection. The approach to defining and regulating this security system should be determined by the enterprise or corporation and formalized in the relevant internal documents. For corporate entities operating as a single legal entity, such regulations can be outlined in the accounting policy directive. In corporate groups that operate on a contractual basis, the primary regulatory document may be a unified internal corporate standard for information security policy. This document should establish both internal corporate rules for protecting accounting and reporting data and guidelines for interaction with external information systems.
Prospects. Further research in this area should focus on identifying and minimizing risks and developing systematic methods for protecting accounting and reporting information.
References
Tsyfrova ekonomika: trendy, ryzyky ta sotsialni determinanty (2020). [Digital economy: trends, risks, and social determinants] Za zah. red. O. Pyshchulinoi. Tsentr Razumkova. Kyiv: Zapovit, 2020. 274 p. [in Ukrainian].
Yevtushevska, O. A. (2015). Informatsiina bezpeka yak element pidvyshchennia efektyvnosti kompleksnoho kontroliu pidpryiemstv vodnoho transportu [Information security as an element of increasing the efficiency of comprehensive control of water transport enterprises]. Zovnishnia torhivlia: ekonomika, finansy, pravo – Foreign trade: economics, finance, 5-6, 157–162. [in Ukrainian].
Tsal-Tsalko, Yu. S., Moroz, Yu. Yu. (2017). Oblikova polityka pidpryiemstva ta yii kiberbezpeka [Accounting policy of the enterprise and its cybersecurity]. Oblik, analiz i kontrol v umovakh suchasnykh kontseptsii upravlinnia ekonomichnym potentsialom i rynkovoiu vartistiu pidpryiemstva: zb. nauk. prats, t. I, ch. I, Zhytomyr: PP «Ruta». P. 8–11. [in Ukrainian].
Resler, M. (2024). Vplyv tsyfrovoi ekonomiky na oblikovo-analitychnu system [The impact of the digital economy on the accounting and analytical system]. Acta Academiae Beregsasiensis. Economics, 5, 441-450. DOI: https://doi. org/10.58423/2786-6742/2024-5-441-450. [in Ukrainian].
Rozheliuk, V. M. (2013). Zakhody zabezpechennia zakhystu oblikovoi informatsii [Measures to ensure the protection of accounting information]. Bukhhalterskyi oblik, analiz ta audyt: problemy teorii, metodolohii, orhanizatsii: zb. nauk. prats Natsionalnoi akad. statystyky, obliku ta audytu, 2 (12), 335–340. [in Ukrainian].
Bardash, S. V., Hrabchuk, I. L. (2021). Tsyfrovi tekhnolohii v sferi bukhhalterskoho obliku: osnovni mozhlyvosti ta ryzyky [Digital technologies in the field of accounting: main opportunities and risks]. Efektyvna ekonomika - Effective economy, 9. DOI: 10.32702/2307-2105-2021.9.18. [in Ukrainian].
Muravskyi, V., Pochynok, N., Farion, V. (2021). Klasyfikatsiia kiberryzykiv u bukhhalterskomu obliku [Classification of cyber risks in accounting]. Visnyk Ekonomiky - Herald of Economics, 2, 129–144. DOI: https://doi.org/10.35774/ visnyk2021.02.129. [in Ukrainian].
Lim, Jae-Hee. (2010). A Study on the Effects of Accounting Information System Characteristics on Accounting Information System Performance. Korea International Accounting Review, (34), 129–146. DOI: 10.21073/kiar.2010..34.006. [in English].
Haija, Mohammed. (2021). The Impact of Computerized Accounting Information Systems Risks on the Quality of Accounting Information. International Journal of Business and Management, 16(7), 91–103. DOI: 10.5539/ijbm.v16n7p91. [in English].
Nazarova, I. Y. (2024). Modernizatsiia elektronnykh oblikovo-informatsiinykh system v korporatyvnykh obiednanniakh]: dys. ... d-ra ekon. nauk: 08.00.09 – bukhhalterskyi oblik, analiz ta audyt (za vydamy ekonomichnoi diialnosti) [Modernization of electronic accounting and information systems in corporations: Thesis ... Dr. Econ. Sciences: 08.00.09 – accounting, analysis and audit (according to information on economic activity)]. Ternopil, 2024. 578 p. [in Ukrainian].
Viter, S. A., Svitlyshyn, I. I. (2017). Zakhyst oblikovoi informatsii ta kiberbezpeka pidpryiemstva [Accounting information protection and cybersecurity of the enterprise]. Ekonomika i suspilstvo – Economy and society, 11, 497–502. [in Ukrainian].
Dykyi, A. P. (2008). Poriadok zabezpechennia bezpeky bukhhalterskoi informatsii v umovakh zastosuvannia suchasnykh kompiuternykh tekhnolohii [Procedure for ensuring the security of accounting information in the conditions of using modern computer technologies.]. Problemy teorii ta metodolohii bukhhalterskoho obliku, kontroliu i analizu – Problems of theory and methodology of accounting, control and analysis, 3, 208-214. [in Ukrainian].
Shpak, V. A. (2015). Orhanizatsiia zakhystu oblikovoi informatsii [Organization of accounting information protection.]. Bukhhalterskyi oblik, analiz ta audyt: problemy teorii, metodolohii, orhanizatsii – Accounting, analysis and audit: problems of theory, methodology, organization, 2, 181–187. [in Ukrainian].
Muravskyi, V. V. (2018). Kompiuterno-komunikatsiina forma obliku: monohr. [Computer-communication form of accounting: monogr.]. Ternopil, TNEU, 486 p. [in Ukrainian].
Popivniak, Yu. M. (2019). Kiberbezpeka ta zakhyst bukhhalterskykh danykh v umovakh zastosuvannia novitnikh informatsiinykh tekhnolohii [Cybersecurity and protection of accounting data under conditions of modern information technology]. Biznes Inform – Business Inform, 8, 150–157. DOI: 10.32983/2222-4459-2019-8- 150-157. [in Ukrainian].
Hrabchuk, I. L. (2018). Orhanizatsiia zakhystu oblikovoi informatsii v umovakh hibrydnoi viiny [Organization of accounting information protection in the context of hybrid war]. Problemy teorii ta metodolohii bukhhalterskoho obliku, kontroliu i analizu – Problems of theory and methodology of accounting, control and analysis, 3, 20–24. [in Ukrainian].
