Journal of Information Engineering and Applications

The study examined the impact of information security and information technology (IT) audit in selected banks in Ghana. The study specifically, ascertained the degree of exposure to threats, it examined the extent of implementation of information security and IT audit system in the bank to protect information from threats, determined the impact, the performance and finally identified the challenges of the banks in managing information security system. A structured questionnaire was used as the main research instrument.  Four banks were selected for the study, including two local and two foreign banks. A total of 20 employees (5 from each) were sampled from the Headquarters of each bank in Accra. Only managers, IT managers, and Risk managers were sampled. The study found that the sampled level exposure of banks to threats to information systems is low. Local banks were however more exposed to threats than foreign banks. Largely the banks managed threats to information system by implementing strategies, including having an information security policy, information security organization, asset and human resource security system, information access control IT Audit system. The performance of banks in information system was moderate. Information security and IT audit system had correlated positively to the overall performance of the banks. Availability of information security policy has significant positive impact on bank performance. The study encouraged the banks to improve upon their information security and IT audit practices to ensure improvement in the performance of the banks in information security management.

Keywords: Employee, Technology, Audit,Management