The proposed research is characterized by a descriptive-analytical approach, which is suitable to look at the organizational phenomena and explain the correlations between the institutional roles and governance needs. The research approach to be used is the study of theoretical and regulatory provisions pertaining to cyber risk management and the inclusion of the accounting role in safeguarding financial data in the state sector. This is to determine the current organizational gap and create a recommended framework to be used to fill the gap.
The methodology of the research is as follows:
To find the conceptual basis of the study, a detailed overview of the literature and previous research on the issue of cyber risk governance, enterprise risk management, and the changing nature of the role of the accounting function in the digital environment.
This will entail an analytical review of internationally accepted governance and risk management standards (which include the COSO, NIST and ISO 27001) that are broadly recognized as reference models of cyber risk and information governance [8],[3]. to identify organizational needs in terms of financial information protection and the level to which these frameworks acknowledge the accounting role in governance systems.
A conceptual comparative study of the requirements of cyber risk governance and real organizational positioning of the accounting role in the nonprofit sector to identify gaps and the level of institutional maladjustment.
The logical creation of a proposed organizational framework that explicitly presents the positioning and roles of the accounting function within cyber risk governance structures. The presented framework is based on the results of the theoretical study and identified organizational gap, and the goal is to improve the protection of financial information and strengthen the principles of good governance in the state sector.
The above theoretical foundation forms the analytical background of the paper to study cyber risk governance and diagnose the gap in the organization that is the focus of this research.
The issue of cyber risks has become one of the major strategic threats to the general institutions, especially with the growing dependence on electronic financial information systems [12]. Cyber risk governance is the organizational structure, which outlines the policies, distributes responsibilities, and organizes the decision-makers to address digital threats that can destroy data integrity, especially governmental finances [8].
Cyber risk governance does not just entail the technical security of the systems; it includes strategic-level roles, organizational responsibility and endorsing transparency. In the government sector, the significance of the cyber risk governance is increased because it is directly connected to the protection of the public budget, the reputation of the financial reporting, and the trust of the citizens in the governmental institutions [6].
Cyber risk governance must be done through ensuring that roles are well assigned to sections of the organizational structure to facilitate coordination and integration between technical, financial, and administrative operations in safeguarding financial information against digital threats [5].
Accounting activity is one of the essential foundations of the generation of government financial information, as well as its credibility [13]. The digital transformation has made its role not limited to the recording and disclosure activities as it is now closely connected to the integrity of the electronic financial processing systems and the quality of the generated data [12].
In this view, the accounting role can be considered as a part of an organization that can play its role in cyber risk governance by: [6], [1].
Engaging in the process of identifying cyber risk to digital financial data .
Understanding the possibility of cyber threats to affect financial reporting .
Participating in the creation of financial data protection policies .
Presentation of relevant information to senior management to help them make decisions on the risks that affect transparency and accountability.
Nonetheless, according to the experience in most governmental establishments, there are no well-spelled organizational roles given to the accounting role under cyber risk governance frameworks [12]. This ambiguity leaves a loophole in an organizational gap between the requirements of governance and the real institutional placement of the accounting function [8].
According to the organization literature, proper cyber risk governance involves transparency in assignments and the combination of technologic and financial processes to ensure the security of confidential information [5],[8]. But, in reality, practical experience shows that the management of cyber risks is usually the focus of technical departments, and the accounting department rarely participates in the evaluation of risks that have a significant impact on financial reporting [14].
The gap in the organization is manifested in a number of important dimensions which include: [2], [12], [20].
The lack of a formally set organizational position of the accounting function to cyber risk governance committees.
Minimal involvement of the accounting department in assessing the financial reporting of the cybersecurity breaches.
The absence of policy coherency between financial disclosure policies and cybersecurity policies.
The constriction of the role of the accounting function to the reactive fine-tuning of the events after they have occurred instead of the active participation in risk management.
This disconnect leads to poor financial and technical integration of both risk management perspectives, which leads to the low overall risk management effectiveness on cyber risk management in protecting financial information of government [5].
Source: Developed by the author based on the reviewed literature
Table (1) concretizes the listed organizational gap by aligning the governance requirements with the current institutional practices. The comparison demonstrates structural exclusion of accounting function of cyber risk governance committees, it has limited functional involvement in financially material risk assessment and lacks policy integration between cybersecurity and financial governance functions. These results show that the gap is not only procedural, but structural and institutional, which compromises the systematic integration of financial oversight and the field of digital risk management in the public sector.
In addition, there is a poor integration between the policies of cybersecurity and financial governance policies, which leads to ambiguous institutional processes to protect financial information. This kind of misalignment can have an adverse impact on the quality and stability of financial reporting [2]. Thus, the lack of financial and technical integration of risk management decreases the overall risk management of cyber risk in safeguarding governmental financial information [5].
To fill this gap, therefore, involves the repositioning of the accounting role in the structure of cyber risk governance by means of designing a systematic approach that would facilitate the incorporation between the financial and technical aspects in the protection of governmental financial information.
Due to the results of the organizational gap analysis, the current paper outlines an organizational framework that tries to reposition the role of the accounting aspect in cyber risk governance structures in the public sector [15]. The framework aims to guarantee that there is an integration between the financial and technical aspect in the protection of financial information in line with the current literature that underscores the need to have institutional integration in the management of digital risks [11].
The framework proposed is built on four organizational dimensions interrelated with each other:
The given framework formally uses the accounting function as part of the cyber risk governance framework by establishing its duties under organizational documents and internal policies accordingly with the information technology governance requirements in public institutions [18]. This dimension comprises: [9] ,[19].
1. Assuring formal coverage of the accounting role in the cyber risk governance committees.
2. The scope of its responsibility in relation to financially material cyber risks is clearly defined.
3. Incorporating the protection of financial information in its officially stipulated organizational responsibilities.
The aim of this dimension is to remove ambiguity in an organization concerning how the accounting role is placed in the digital risk management systems[16].
The suggested model focuses on the development of the functional area of the accounting position in order to incorporate [4], [20]. [7].
1. Being involved in defining cyber risks, which can undermine the integrity of financial information.
2. The effects of cybersecurity breaches or digital threats on financial reporting.
3. Investing funds in designing and developing cyber risk management policies.
With this growth the accounting role is now no longer reactive (post-incident) in nature, but rather proactive (risk assessment, governance) .
The suggested framework denotes a need to attain systematic integration between [10], [17].
Policies on information security.
Financial governance policies.
Disclosure and Transparency Requirements.
This merger is done by harmonizing the process of cybersecurity with the regulations of financial reporting, which will guarantee the institutional convergence and avoid the isolation of the technical and financial aspects. The rationale of this approach is evident in the studies on the significance of disclosure governance, financial reporting quality, and audit quality in the digital settings [1].
The framework suggested involves establishing institutional mechanisms that will be used in the sustained monitoring of the financial cyber risks.This includes: [7], [18].
Acquiring cyber risk performance measurement into financial information administrative report.
Determining the extent to which financial data has been exposed to online risks.
Making periodic reports to the senior management about the risk that could befall the integrity and reliability of the financial reporting.
It is predicted that the proposed framework implementation will entail: [2] ,[9], [21]
Enhance a combination of financial and technical aspects of risk management.
Increase the security of governmental financial data.
Strengthen the values of transparency and accountability.
Minimise the chances of negative effects of cyber risks on credibility and reliability of financial reporting.
Source: Developed by the researcher based on the reviewed literature.
The figure demonstrates the offered organizational framework formed based on the recognized organizational gap between the requirements of the governance of cyber risks and the institutional role of the accounting function. It theorizes that structural integration, broadening of functional responsibility, integration of policies and sustained institutional surveillance are all constructive in terms of protection of financial information. The framework enhances the collaboration of financial and technical aspects and the improvement of transparency and accountability in the government sphere due to the systematic inoculation of the accounting role in the system of cyber risk governance.