Role of ICT Risk Management on Insider Fraud Prevention in Commercial Banks in Nairobi County
DOI:
https://doi.org/10.47604/ijts.2135Keywords:
Insider Fraud, ICT Risk Management, BanksAbstract
Purpose: The main objective of the research was to investigate the role of ICT risk management on reduction of insider frauds in the Kenyan banks in Nairobi County. The research explored ICT risks management practices incorporated in the banking industry to mitigate and control insider fraud.
Methodology: Explorative research design and inferential statistics were used. The unit of analysis was the ICT risk management professionals in all the commercial banks in Nairobi County. 42 commercial banks formed the population of the study. The unit of observation were the ICT security, audit and risk professionals mandated with implementing ICT risk management. The targeted number was at least one respondent from each bank from the three departments identified: internal audit, Information technology, and security managers. In total, the study targeted 42 respondents and a total 29 responses were received which formed 69% of the targeted population. Responses from the distributed questionnaires were analyzed using statical packages for social science (SPSS). The open-ended questions were listed, analysed and reported by descriptive narrative with such statistics as mean and standard deviation. The ANOVA test was used to test the results.
Findings: The findings revealed that there is a positive but insignificant correlation between ICT risk assessment, ICT awareness, Information security implementation and a significant positive correlation between information security audits and Insider fraud prevention. This study recommends that ICT risk assessment; ICT risk awareness; information security audits; and information security policy are important for preventing insider fraud in commercial banks, but there is need to implement them in conjunction with other stringent measure to increase efficiency
Unique Contribution to Theory, Practice and Policy: The findings give a theoretical basis for validating the effectiveness of ICT risk management practices in Banks in Nairobi County, this can be adopted by other counties in Kenya. For policy implementation, the study will be important to the central bank of Kenya and any other institution that regulates the banking sector in Kenya in reviewing the current ICT Risk management guidelines. The study shows the adoption of the selected ICT risk management practices by different banks and gives a measure of their effectiveness that ICT Security professionals can use. The study gives the banking sector ICT security professionals a perspective on how ICT risk management can help them improve their ability to curb insider fraud. The study adds to the pool of knowledge for to scholars and academicians.
Downloads
References
ACFE. (2012). Report to the Nations on insider fraud and abuse. Association of Certified Fraud Examiners, Fraud Department. US: ACFE.
ACFE. (2020). Report to The Nations on insider fraud and abuse https://legacy.acfe.com/report-to-the-nations/2020/docs/RTTN-Banking-Financial.pdf
Akelola, D. S. (2014). Prosecuting Bank; Fraud in Kenya ; challenges faced by the Banking Sector. Journal of Finance and Management in Public Services. Volume 14. Number 1.
CBK. (2017). CBK Annual Report for 2015. Nairobi: Central Bank Of Kenya.
CBK. (2021). Performance and Development in the Kenyan Banking Sector for the Quarter ended 31st March 2015 Retrieved from https://www.centralbank.go.ke.
Central Bank of Kenya (CBK) (2014). Bank Supervision Annual Report 2014. Nairobi: CBK, Kenya.
Deloitte . (2015). India banking fraud survey April 2015; Edition II. India: Deloitte.
E&Y. (2014). EY's Global Information, Get ahead of cybercrime; EY Global Information Security Survey. UK: Ernst Young International.
Ekran. (2021, November 23). Insider fraud prevention: tips & tricks for your organization. https://www.ekransystem.com/en/blog/insider-fraud-prevention.
Fraud.Net. (2019, October 31). Internal Fraud (Insider Fraud). https://fraud.net/d/internal-fraud-insider-fraud/
Jaidev, U. P. (2012). A Review of Theories that Support Transfer of Training. International Journal of Science and Research, 957.
KEBS. (2014). Kenya Bureau of Standards . Kenya Bureau of Standards. http://www.kebs.org/index.php?opt=certification&view=isms
Ke-Cirt. (2016, January 1). About us Communication Authority of Kenya . Communication Authority of Kenya. http://www.ke-cirt.go.ke/index.php/about-us/
Kenyaplex. (2012, November 21) Functions of Commercial Banks in Kenya. Kenyaplex. https://www.kenyaplex.com/resources/6179-functions-of-commercial-banks-in-kenya.aspx
Mahinda, C. G. (2012, October). Determinants of insider fraud in commercial banks in. erepository.uonbi. http://erepository.uonbi.ac.ke/handle/11295/12977
Maurer, R. (2013, November 4). Fight fraud with employee awareness. Retrieved from www.shrm.org/hrdisciplines:http://www.shrm.org/hrdisciplines/safetysecurity/articles/pages/fight-fraud-employee-awareness.aspx
MSG. (2008, January 5). Management study guide,expectancy theory of motivation. Management Study Guide. http://www.managementstudyguide.com/expectancy-theory-motivation.htm
Mulwa, D. K. (2012, October). A survey of insider information security threats in commercial banks. Uon digital repository home. http://erepository.uonbi.ac.ke/bitstream/handle/11295/14568/Mulwa_A%20survey%20of%20insider%20information%20security%20threats%20management%20in%20commercial%20Banks%20in%20Kenya.pdf?sequence=4
Mwabu, D. K. (2013). Factors influencing electronic fraud in the banking industry in Kenya: a case of Kenya commercial bank central region (Doctoral dissertation, University of Nairobi).Uon digital repository home. http://erepository.uonbi.ac.ke/bitstream/handle/11295/60487/Mwabu_Factors%20Influencing%20Electronic%20Fraud%20In%20The%20Banking%20Industry%20In%20Kenya.pdf?sequence=3
Mwithi, J. M., & Kamau, D. J. (2015). Strategies Adopted by commercial banks to combat fraud, a survey of selected commercial banks. International Journal of Current Business and Social Sciences | IJCBSS, 14.
Ng, Z. X., Ahmad, A., & Maynard, S. B. (2013). Information Security Management; Factors that influence information security investments in SMEs. Edwin Cowan University Research Online (pp. 60-73). Perth, Western Australia: Edwin Cowan University.
Njenga, N., & Osiemo, P. (2013). Effect of fraud risk management on organisations' performance, a case study of deposit taking microfinance institutions in Kenya, 2013. International Journal of Sciences and Entrepreunership(7), 1-23.
Njiru, S. W. (2013, April 8). A Framework to Guide Information Security Initiatives for Banking Information Systems: Kenyan Banking Sector Case Study Strathmore university. https://su-plus.strathmore.edu/handle/11071/2336
Njuguna, M. C. (2013, October). Response Strategies To Fraud By The Listed Commercial Banks in Kenya. University of Nairobi repository. http://chss.uonbi.ac.ke/sites/default/files/chss/RESPONSE%20STRATEGIES%20TO%20FRAUD%20BY%20THE%20LISTED%20COMMERCIAL%20BANKS%20IN%20KENYA.pdf
Nyanchama, D. M. (2014, August 6). Information Security in Kenya: The Missing Links. Africa Executive.http://www.africanexecutive.com/modules/magazine/articles.php?article=7959
Omolo, S. A. (2012, June 1). Implementation of an Information Technology Risk Management Framework;The case of Kenya Revenue Authority. Strathmore University https://su-plus.strathmore.edu/bitstream/handle/11071/3490/Implementation.pdf?sequence=1
PWC. (2020). 2020 Global Economic Crime and Fraud Survey - Kenya report. https://www.pwc.com/ke/en/assets/pdf/gecs-report-2020.pdf
Said, J., Alam, M.M., Ramli, M., & Rafidi, M. (2017). Integrating ethical values into fraud triangle theory in assessing employee fraud: Evidence from the Malaysian banking industry. Journal of International Studies, 10(2), 170-184. doi:10.14254/2071-8330.2017/10-2/1
Sang, M. J. (2014). Determinants of fraud control measures in commercial banks, a survey of selected commercial banks in Nakuru town. International Journal of Science and Research, 2178.
Scott, A. (2013, April).. How to create a good information security policy. Computer Weekly. https://www.computerweekly.com/feature/How-to-create-a-good-information-security-policy
Sykes, T. A., Venkatesh, V., & Gosain, S. (2009, June 2). Model of acceptance with peer support; a social network perspective to understand employees system use. MIS Quarterly, pp. 371-393.
Venkatesh, V., Thong, J. Y., & Xu, X. (2012). Consumer acceptance and use of information Technology, Extending the unified theory of acceptance and use of technology. MIS Quarterly Vol. 36 No. 1 pp. 157-178/March 2012 1, 159.
Waitumu, N. (2014, Summer). Upsurge of Custimers Transactions Frauds in Kenya. United States International University Africa Digital Repository. http://erepo.usiu.ac.ke/bitstream/handle/11732/40/Njeri.pdf?sequence=1
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Rose Wangui Mwai, Dr Samuel Wabala, Dr Ken Ogada
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution (CC-BY) 4.0 License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.