Developing the Authenticity Framework of Electronic ... - ScienceDirect

Available online at www.sciencedirect.com

ScienceDirect Procedia Economics and Finance 31 (2015) 834 – 838

INTERNATIONAL ACCOUNTING AND BUSINESS CONFERENCE 2015, IABC 2015

Developing the Authenticity Framework of Electronic Business Records in SMEs Companies Siti Nuur-Ila Mat Kamala, Nurul Huda Md Yatimb, Suhaila Osmanc, Mohammad Nazri Alid, Norlina M.Alie, Jafalizan Md. Jali f a-c Faculty of Information Management, Universiti Teknologi MARA Johor Faculty of Computers and Mathematical Sciences,Universiti Teknologi MARA Johor e Faculty of Business and Management, Universiti Teknologi MARA Johor f Faculty of Information Management, Universiti Teknologi MARA Puncak Perdana

d

Abstract Due to the dependency of ICT and technological advancement nowadays, most businesses are conducted electronically. This contemporary paradigm indirectly causes the creation of records especially the business records in an electronic form. The authenticity of an electronic record is a vital matter to be considered to suit its function as an electronic evidence of business transactions such as sales contract, deed to property and claims of ownership memo among others. In the context of Small to Medium Enterprises (SME), an authentic electronic business evidence is fundamental to the successful handling of unanticipated information security incidents. The inability of providing a complete series of authentic business records as an evidence towards the incidents may cause a critical problem in sustaining their business. It is more difficult for smaller business organizations to absorb the losses caused by crime-related incidents. This conceptual paper aims to develop the authenticity parameter of electronic business records and how it applies to SMEs. ©©2015 This is an open access article under the CC BY-NC-ND license 2015The TheAuthors. Authors.Published PublishedbybyElsevier ElsevierB.V. B.V. (http://creativecommons.org/licenses/by-nc-nd/4.0/). Peer-review under responsibility of Universiti Teknologi MARA Johor. Peer-review under responsibility of Universiti Teknologi MARA Johor Keywords: Business record; Electronic records; Authenticity; Parameter; SMEs

* Corresponding author. Tel.: +6-013-3689606 E-mail address: [email protected]

1. Introduction Due to the dependency of ICT and technological advancement nowadays, most businesses are conducted electronically. This contemporary paradigm indirectly causes the creation of records especially business records in

2212-5671 © 2015 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).

Peer-review under responsibility of Universiti Teknologi MARA Johor doi:10.1016/S2212-5671(15)01175-2

Siti Nuur-Ila Mat Kamal et al. / Procedia Economics and Finance 31 (2015) 834 – 838

835

an electronic form. Electronic records differ from physical records. Electronic records require constant and continuous maintenance as they depend on hardware and software systems (Blazic AJ, 2007). This difference makes it challenging to retain the authenticity of electronic records due to their nature that is they can be modified easily unlike physical records which results in losing trustworthiness (S. A. Majore et al, 2014). The authenticity of an electronic record is a vital matter to be considered to suit to its function as an electronic evidence of business transaction such as sales contract, deed to property and claims of ownership memo among others. In the context of Small Medium Enterprise (SME), authentic electronic business evidence is fundamental to successful handling of unanticipated information security incidents. The inability of providing a complete series of authentic business records as evidence towards the incidents may cause a critical problem in sustaining their business. It is more difficult for smaller business organizations to absorb the losses caused by crime-related incidents. In order to prepare smaller business for incidents of this nature, the researchers perceive that the opportunity to make a study delineating a stable authenticity framework is necessary in order to provide the best authentic evidence constituted by business electronic records to be admissible in a digital forensic environment as well. 1.1. Problem statement This study is motivated by the need to provide a guideline for SMEs on providing a complete series of authentic electronic business records as admissible evidence as maintaining the authenticity of records has become challenging due to the complex and rapidly evolving digital technologies (Xie, S.L. 2011). SMEs are the focus of this study since it is mentioned by Hafsah, H. (2013) that SMEs are the backbone of economy and it is necessary to prepare smaller organizations to protect and defense themselves against demise of the organization in the case of harmful unanticipated information security incidents as they are unable to provide the important relevant electronic evidence to support any company’s business issues. This issue causes direct and indirect deficiency of economic growth of Malaysia. Apart from that, there has been a great deal of research done on delineating the parameters of the authentic archival electronic records which involve the authenticity of non-current records but none focuses on the business electronic records. Hence, it is vital to establish a framework of authentic electronic business records. As supported by Blazzic A.J, Klobuear T. and Jerman B.D (2007) the ability to rely on electronic records is an issue of increasing concern with the rise of formal e-commerce and e-government. 1.2. Purpose of inquiry and inquiry question This conceptual paper is intended to develop the authenticity framework of electronic business records that is appropriate to the SME Companies. Therefore, the research questions for this paper are: x What are the characteristics of authentic electronic business records for SMEs? x What are the contributing elements of the framework taking into account the authenticity aspects of electronic business records in SMEs? x How to develop a guideline for SME in providing the authentic electronic business records? 1.3. Significance of inquiry This conceptual paper is significant because it will determine the standard of requirements in developing the authenticity framework and would bring the necessary foundation of electronic records forensic concept specifically for SMEs in order to gain an understanding about electronic records as authentic electronic documentary evidence. As a consequence, the authenticity of electronic records is precisely established on the records themselves and may become a tool functioning as a guideline of record authenticity identification to serve as admissible electronic evidence.

836


1.4. Literature review Business records are business information that contains the transaction between two or more parties in the form of electronic and paper documents that are kept for future references (International Records Management Trust, 2009). In the context of electronic business records, it refers to the business records in a form of digital record that can be manipulated, transmitted or processed by a computer. Currenty, most records are produced and stored electronically and digitally using various types of media storage and computer system (S.A. Majore et al, 2014). Due to technological advancement, most business is conducted electronically (Barske D. Et al, 2010), resulting in the records which carry the valuable information and which represent a unique asset of electronic evidence to the business will be principally produced electronically (Webster B.M et al, 1999). This presents a unique challenge for the SMEs to retain the authenticity of electronic records as they can easily be altered or modified due to its nature. Mohd H. (2007) identified records management system as one of the key success factors towards entrepreneur and small business industries and there was 61 % of entrepreneurs involved with electronic records in their business. A critical concern on records management specifically electronic records is needed to ensure they are able to produce reliable electronic records as an evidence before it is required. SME account for large proportion businesses in Malaysia with 97.3 % of establishment. According to the SME Annual Report 2013/14 by the Council of the National SME, SME contribution to Gross Domestic Product (GDP) by key economic activity has increased from 32.7 percent in 2012 to 33.1 percent in 2013 (Table 1). In fact, according to the report on employment, this sector has contributed 52 percent of employment. Table 1. SME’s contribution to Gross Domestic Product (GDP) by key economic activity Year

2005

2006

2007

2008

2009

2010

2011

2012

2013

(%) share to GDP Agriculture Mining & Quarrying Construction Manufacturing Services Plus : import duties

3.4 0.1 0.7 8.1 17.0 0.1

3.5 0.1 0.7 8.1 17.2 0.1

3.4 0.1 0.7 8.2 18.2 0.1

3.3 0.1 0.7 7.8 19.1 0.2

3.4. 0.1 0.8 7.4 19.9 0.2

3.4 0.1 0.8 7.7 19.8 0.2

3.4. 0.1 0.8 7.8 20.1 0.3

3.3 0.1 0.9 7.9 20.2 0.4

3.2 0.1 1.0 7.9 20.6 0.4

Share of SME GDP to overall GDP

29.4

29.6

30.7

31.2

31.7

32.0

32.5

32.7

33.1

e : estimation

p : preliminary

Source: Department of Statistic Malaysia

Since SMEs are becoming one of the national economic growth engines it is a great loss for the nation if the SMEs are unable to avoid the potential information security incidents which cause the damage towards small enterprise due to the incompetencies to absorb the losses as easily as larger organizations do. This potential risk can only be overcome by having a reliable and authentic business electronic records as they exist as memory and evidence of those activities. It is therefore important to conduct a study delineating a stable authenticity framework for SMEs to serve as a guideline and standards in order to provide the authentic electronic business evidence. As mentioned by Xie, S.L. (2011) to function as memory and evidence, electronic records must be assessed and maintained as authentic entities. As the SMEs are particularly exposed to the potentially unanticipated information security incidents, electronic evidence which is comprised of authentic electronic business records is fundamental to the successful handling of such incidents. An organisation that is not properly prepared for such incidents could find itself unable to defend its positions. As stated by Mohd H.(2007) records management is one of the critical success factors of small businesses. It shows that there is a need of having a comprehensive records management by putting the priority of having authentic records serving as an admissible evidence for cases in which the SMEs cannot recover lossess after an


incident due to lack of authentic evidence, or the cost of obtaining such evidence might be out of reach if the company is not properly prepared for the incident (Barske D. Et al, 2010). This small enterprises are less likely to be able to absorb losses as easily as larger organisations. It is therefore important that management takes the requisite steps to avoid finding itself facing these situations. The key to avoiding these situations is to have plans in place that will produce reliable digital evidence before it is required. A record is authentic if it is what it intends to be and if it is created or sent by the person who claims to have sent it (Boudrez F., 2007). It must be possible to prove that records are what they say they are. The authenticity of a record is derived from the record keeping system in which it was created or received, maintained and used. A record is authentic if it can be verified that it is exactly as it was when first transmitted or set aside for retention. 1.5. Proposed theoretical framework This conceptual paper would propose the following research framework as illustrated in Fig. 1.

Records Properties Authenticity Parameters

Content

Structure

Context

Fig. 1. The Proposed Authenticity framework of electronic business records

For a record to be considered reliable and authentic, at the very least the records must posses the following essential characteristics which are content, structure and context (S.A. Majore at al, 2014). i. Content This refers to the element which conveys information (eg. Text, data, symbols, numerals, images and sound) and what the record says. ii. Structure This relates to both the appearance and arrangement of the content (for example, the layout, fonts, page and paragraph breaks, tables, graphs and charts) and the relationship of the record to other related records in the system (i.e. the links). This includes structural information about the application software used to create the record’s content and information about the system (the platform and hardware, among others) that manages the links between records. iii. Context This refers to the background information that helps to explain the meaning of the document. This includes two types of information. Firstly, there is information that identifies the particular document, such as the title, author and date of creation. Secondly, there is information about the creator and the purpose of creation like the nature of the business function or activity, the creating agency and unit concerned. In the digital age, more and more records are being created using information technologies, yet adequate measures are not being established to protect those records as evidence, especially in developing countries (Millar L., 2004).

837

838


1.6. Conclusion Looking at the significance of having an authentic electronic business records among the SMEs as indirect weapons towards the potential security risks, a firm framework development must be provided since none of the security frameworks developed through previous studies focuses specifically on the electronic business records authenticity. By having the mean framework as a consequence, the authenticity of electronic business records is precisely established on the records themselves and may become a tool funtioning as a guideline of record authenticity identification to serve as an admissible elctronic evidencefor the legal requirements. References A.J. Blazic (2007). Long term trusted archive services. Digital society. First international conference on the ICDS’07, January 2-6, pp. 29. A.J. Blazic et al (2007). Long term trusted preservation service using service interaction protocol and evidence records. Comput Stand Intefaces, 2(3), pp398-412 Boucher, K., and Endicott-Popovsky, B. (2008), Digital forensics and records management: What we can learn from the discipline of archiving. In Proceedings of Information Systems Compliance and Risk Management Institute Seattle, WA: University of Washington. British Columbia Electronic Evidence Project. (2006). Available at http://www.courtsgov.bc.ca/sc/ElectronicEvidenceProject/ElectronicEvidenceProject.asp Canada Evidence Act, R.S.C. 1985, c. C-5 as am. Canadian General Standards Board, (2005). Electronic Records as Documentary Evidence (CAN/CGSB-72.34). D. Barske (2010). A digital forensic readiness framework for South African SME’s. Journal of Institute of Electrical and Electronics Engineers. Electronic Records and E-Discovery, (2012). The authority on managing record and Information. Retrieved on August 15, 2015 from http://www. arma.org/erecords/index.cfm F. Boudrez, (2007). Digital signatures and electronic record. Arch Sci, vol 7(2), pp:179-193. Hafsah bin Hashim, (2013). Overview of SME sector in Malaysia. September 23, 2013, Mandarin Oriental Hotel, Kuala Lumpur. Laporan tahunan PKS 2013/2014. Retrieved on Apri 10, 2015 from http://www.smecorp.gov.my/vn2/sites/Default/files/SME%20AR%2013_2014%20BM%20%20Lampiran%201.pdf Managing electronic records. (2009). International records management trust. Retrieved on April 10, 2009 from http://www.irmt.org Millar, L. (2004). International Council on Archives, ICA. Authenticity of electronic records: a report prepared for UNESCO and the International Council on Archives. Available at http://www.ica.org/en/node. Mohd Hassan bin Mohd Osman (2007). Faktor-faktor yang mempengaruhi kejayaan usahawan kredit mikro di Negeri Johor. Fakulti Pengurusan dan Pembangunan Sumber manusia: Universiti Teknologi Malaysia. Ranjit Kumar, (2014). Research methodology: a step by step guide for beginners. University of Western Australia:SAGE Sherry L.Xie, (2011). Building foundations for digital records forensics: a comparative study of the concept of reproduction in digital records management anddigital forensics. The American Archivist vol. 7, pp 576-599. Sekie A. M., Hyunguk Yoo and Taeshik Shon. (2013). Next generation electronic record management system based on digital forensics. International Journal of Security and Its Application vol.7(1):189-193 Sekie A. M., Hyunguk Yoo and Taeshik Shon. (2014). Secure and reliable electronic record management system using digital forensic technologies. Journal of Supercomput vol.70:149-165. Understanding the context of electronic records management. (2009). International records management trust. Retrieved on April 10, 2009 from http://www.irmt.org. Webster BM, Hare CM & McLeod J. (1999). Records management practices in small and medium sized enterprises: a study in North East England. Journal of Information Science, 25 (4), pp.283-294.