"The Impact of the COSO Internal Control Framework on Reducing Cybersecurity Risks: A Field Study of Banks in Sana’a, Yemen:"
Article Sidebar
Main Article Content
This study examines the impact of the COSO Internal Control Framework on mitigating cybersecurity risks in banks operating in the Republic of Yemen. The study adopts a descriptive–analytical approach due to its suitability for the research objectives. Primary data were collected through a questionnaire administered to financial managers, internal audit managers, and employees working in financial management, internal auditing, and information technology departments. A total of 154 valid responses were analysed.
The findings reveal a statistically significant impact of implementing the COSO framework on reducing cybersecurity risks in Yemeni banks. Specifically, a strong control environment, effective risk assessment, and well-designed control activities enhance banks’ ability to address cyber threats and minimize system vulnerabilities. The results also emphasize the critical role of information and communication, as well as continuous monitoring, in strengthening responses to cyberattacks and ensuring compliance with relevant standards and regulations.
Downloads
References
Abdullah, M., et al. (2018). Accounting control systems and firm performance. International Journal of Accounting Research, 6(2), 1–9.
Abu Al-Khair, M. H. (2023). The impact of internal audit quality on reducing cyber risks to support financial stability in electronic banks (Field study). Scientific Journal of Financial and Administrative Studies and Research, (1), 15–17.
Abu Kamil, M. A. (2011). Development of internal control tools aimed at protecting electronically prepared data in banks operating in the Gaza Strip (Master’s thesis). Islamic University, Gaza.
Abu Mayaleh, S. (2017). Impact of structuring internal control systems on improving the quality of external auditor performance in accordance with COSO model. Technical Research Journal, 5(1), 1–15.
Ahmad, W., Rasool, A., Javed, A. R., Baker, T., & Jalil, Z. (2021). Cyber security in IoT-based cloud computing: A comprehensive survey. Electronics, 11(1).
Al-Baghdadi, M. F. E.-S. (2021). The economics of cybersecurity in the banking sector. Journal of Legal and Economic Research, 76, 1446–1513.
Al-Dardour, H. (2023). The efficiency of internal control in improving financial performance. The Arab Journal of Scientific Publishing, (62).
Al-Fadl, A. A. M. A. (2024). The impact of cybersecurity spending on performance in Egyptian commercial banks. Journal of Contemporary Business Studies, 10(17), 1852–1906.
Al-Hakeem, M. A. (2010). The possibility of controlling automated accounting information systems (Master’s thesis). University of Damascus.
Al-Halemi, S. H. M. A. (2025). The impact of internal auditing and risk-based controls on reducing banking risks. International Journal of Scientific Development and Research, 10(12).
Al-Rahhamna, R. (2023). The impact of internal control and auditing on the financial performance of commercial banks (Master’s thesis). Philadelphia University.
Al-Sawalha, R. A. (2021). The impact of the internal control system structure according to the COSO framework (Master’s thesis). Isra University.
Amerham, J. A. (2022). The impact of internal audit quality on reducing cybersecurity risks. Journal of Financial and Commercial Research, 23(3), 325–377.
Benaroch, M. (2020). Cybersecurity risk in IT outsourcing. In Information systems outsourcing (pp. 313–334).
Berk, R., Heidari, H., Jabbari, S., Kearns, M., & Roth, A. (2021). Fairness in criminal justice risk assessments. Sociological Methods & Research, 50(1), 3–44.
Boiko, A., Shendryk, V., & Boiko, O. (2019). Information systems for supply chain management. Procedia Computer Science, 149, 65–70.
Bouche, R., & Owens, R. (2024). The role of internal control within cybersecurity based on the COSO-ERM model (Unpublished manuscript). Universidad UNIDOS.
Brian, J. (2020). Internal control and corporate governance. McGraw-Hill.
Buras, M., & Chihawi, A. (2021). The importance of evaluating the internal control system. Al-Khaldounia House.
Carballal, A., Galego-Carro, J. P., Rodriguez-Fernandez, N., & Fernandez-Lozano, C. (2022). Wi-Fi handshake analysis. PeerJ Computer Science, 8, e1185.
Castaner, X., & Oliveira, N. (2020). Strategic control and performance. Strategic Management Journal, 41(2), 225–246.
Crutzen, N., et al. (2017). Management control systems and performance. Management Accounting Research, 35, 15–30.
de Bruijn, H., & Janssen, M. (2017). Building cybersecurity awareness. Government Information Quarterly, 34(1), 1–7.
Elegado, A. N. (2023). Development of 6G network security. Innovatus Journal, 6(1), 1–6.
Florackis, C., Louca, C., Michaely, R., & Weber, M. (2022). Cybersecurity risk. NBER Working Paper No. 28196.
Frazer, L. (2020). Internal accounting control systems. Accounting Review, 95(3), 89–112.
Furnell, S. (2019). Password meters accuracy. Computer Fraud & Security, 2019(11), 6–14.
Geeng, C., Harris, M., Redmiles, E., & Roesner, F. (2022). Experiences with online security advice. In USENIX Security Symposium (pp. 305–322).
Ghelani, D. (2022). Cyber security threats and future perspectives. Authorea Preprints.
Goloshchapova, L., et al. (2017). Internal control and risk management. Journal of Economic Studies, 44(6), 900–915.
Haas, T. C. (2023). Adapting cybersecurity practice. Journal of Cybersecurity, 9(1), tyad004.
Hall, J., Sarkani, S., & Mazzuchi, T. (2011). Organizational capabilities in information security. Information Management & Computer Security, 19(3), 155–176.
Hamada, A. M. (2010). General control measures on electronic accounting information systems (Master’s thesis). University of Damascus.
Hussein, A. (2019). Internal control tools and cybersecurity risk management. Journal of Financial Research, 8(1), 101–130.
Jabr, G. J. (2023). Cybersecurity threats to electronic banks. Academic Journal of Social Sciences, (1), 53–70.
Khaled, M. (2016). Internal control in the context of electronic accounting systems. Dar Al-Fikr Al-Jami'i.
Le, N. T., Vu, L. T., & Nguyen, T. V. (2021). Internal control systems as anti-corruption practices. Baltic Journal of Management, 16(2), 173–189.
Luburić, R. (2017). Three lines of defence. Journal of Central Banking Theory and Practice, 6(1), 29–53.
Maqsood, S., & Chiasson, S. (2021). Cybersecurity literacy game. ACM TOPS, 24(4), 1–37.
Mohamed, A., & Ahmed, S. (2022). Internal control and cybersecurity in banks. Journal of Accounting Research, 14(2), 90–120.
Moussa Aich, & Khemoud, M. (2023). Cybersecurity (Master’s thesis). Mouloud Mammeri University.
National Institute of Standards and Technology. (2018). Framework for improving critical infrastructure cybersecurity (Version 1.1).
Rajab Jadallah Khalaf Hamid. (2020). Evaluation of internal control system procedures (High diploma research). University of Mosul.
Rajawat, A. S., et al. (2021). Securing 5G-IoT connectivity. Mathematical Problems in Engineering, 1–10.
Richardson, M. D., et al. (2020). Planning for cyber security in schools. Educational Planning, 27(2), 23–39.
Sinha, A., et al. (2020). Critical infrastructure security. In Quantum cryptography and the future of cyber security (pp. 134–162).
Taileb, N., & Hamidi, H. (2022). Conceptual approach to cybersecurity. Scientific Research, University of Chlef.
Tyagi, R. (2020). Cybersecurity challenges in 2020.
Ullah, Z., et al. (2020). AI and ML in smart cities. Computer Communications, 154, 313–323.
Usman, A., et al. (2023). Internal auditors’ characteristics in cybersecurity risk assessment.
Van Greuning, H., & Bratanovic, S. (2020). Analyzing banking risk. World Bank Publications.
Wang, V., et al. (2020). Internet banking cybersecurity. International Journal of Law, Crime and Justice, 62, 100415.
Whitman, M. E., & Mattord, H. J. (2021). Principles of information security. Cengage Learning.
Youssef Abdul Jabbar. (2013). Effectiveness of internal control procedures (Master’s thesis). Yarmouk University.
Zibaei, S., et al. (2022). Password managers and secure passwords. In SOUPS 2022 (pp. 581–597).
This work is licensed under a Creative Commons Attribution 4.0 International License.
All articles published in our journal are licensed under CC-BY 4.0, which permits authors to retain copyright of their work. This license allows for unrestricted use, sharing, and reproduction of the articles, provided that proper credit is given to the original authors and the source.