Information System Audit Strategies and Data Security Measures Among Commercial Banks in Kenya

Abstract

The evolution of new technologies in commercial banks has fostered a heavy reliance on technology for their operational processes, expanding the array of options for service delivery with technological integrations has resulted to improved efficiency in operations. However, these advancements bring forth diverse challenges, such as intricate systems, internal security threats, and heightened vulnerability to fraud risks. This study examined the effect of information system audit strategies on data security measures of commercial banks in Kenya. The study delves into information systems audit strategies and data security measures among commercial banks in Kenya, aiming to address several key objectives. Firstly, it seeks to assess the extent to which information system audit strategies have been embraced by Commercial banks in the Kenyan. Secondly, the study aims to identify and understand the prevailing data security measures implemented by commercial banks in Kenya. Thirdly, it endeavors to explore the intricate relationship between information system audit strategies and the actual data security measures adopted by these banks and lastly, the research aims to uncover and comprehend the challenges faced in the realm of information system audits within commercial banks in Kenya. The study employed the cross-sectional descriptive research design. The study focused on commercial banks in Kenya. All the 40 commercial banks in Kenya were considered with the target population being the information system auditors, system administrators, ICT heads, data managers, Information security officers, and cyber security specialists within the banks. Primary data was collected using the aid of a structured questionnaire through drop and pick where 29 were returned. Both descriptive and inferential statistics were performed. The findings revealed that information system audit strategies have a statistically significant effect on data security measures. The study further revealed that data security has been realized by the banks which has been enabled by the existence of various data security measures for instance data encryption, firewall protocols and automated risk and monitoring which has ensured data integrity, confidentiality in information sharing and prevention of information access by unauthorized parties. Nonetheless, effective implementation of information systems is impeded by challenges such as include the costs of implementing information audits which is expensive, frequent cyber-attacks, demanding compliance procedures and the need for highly experienced personnel. The study recommends that banks should provide more resources and budgets to invest in sophisticated systems, collaboration by players in the industry to mitigate cyber-crime and data-breaches, investing in technology and borrowing of best practices from international banks