The rapid proliferation of artificial intelligence (AI) and digital transformation technologies in the Vietnamese business environment has profoundly altered the landscape of accounting and auditing, simultaneously introducing new and complex information security challenges. This study applies the Technology-Organization-Environment (TOE) framework to examine factors affecting Accounting Information Security (AISe) in Vietnamese enterprises during the ongoing digital transformation. The research model integrates four independent variables — Senior Management Support (TMS), Information Security Culture (SC), Quality of Accounting Information Systems (QAIS), and Cybersecurity Readiness (CSR) — and constructs the dependent variable AISe as a second-order formative construct encompassing three dimensions of the CIA triad: Confidentiality (CISe), Integrity (IISe), and Availability (AvISe). Using Partial Least Squares Structural Equation Modeling (PLS-SEM) with SmartPLS 4.0, the study analyzed data collected from 228 respondents across Vietnamese enterprises. Results show that QAIS exerts the strongest positive influence on AISe (β = 0.570, p < 0.001), followed by SC (β = 0.152, p = 0.047) and CSR (β = 0.151, p = 0.046). TMS does not directly affect AISe but exerts a strong indirect effect through SC (β = 0.777, p < 0.001). The model explains 69.4% of variance in AISe (R2 = 0.694). These findings offer empirical evidence supporting the integrated role of technological and organizational factors in securing accounting information within Vietnam's developing digital economy. Recent developments in AI governance, including Resolution No. 57-NQ/TW (2024) and Vietnam's national AI transformation strategy (2025-2026), further underscore the urgency of these findings for policy and practice.
| Published in | Economics (Volume 15, Issue 3) |
| DOI | 10.11648/j.eco.20261503.11 |
| Page(s) | 58-69 |
| Creative Commons |
This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited. |
| Copyright |
Copyright © The Author(s), 2026. Published by Science Publishing Group |
Artificial Intelligence, Accounting Information Security, Intelligent Accounting, Audit Automation, Emerging Economies, Vietnamese Enterprises, TOE Framework, Cybersecurity
No. | Factor | Abbreviation | Source |
|---|---|---|---|
1 | Information Security Culture | SC | Hamdan (2017); TOE Framework |
2 | Senior Management Support | TMS | Knapp et al. (2006); TOE Framework |
3 | Quality of Accounting Information Systems | QAIS / AIS | Papiorek & Hiebl (2023); TOE Framework |
4 | Cybersecurity Readiness | CSR | Berlilana et al. (2021); TOE Framework |
Classification | Frequency | Percentage (%) |
|---|---|---|
Type of Enterprise | 228 | |
State-owned enterprise | 130 | 57% |
Private enterprise | 17 | 7% |
Limited liability company | 44 | 19% |
Joint stock company | 26 | 11% |
Foreign-invested enterprise (FDI) | 11 | 5% |
Enterprise Size | 228 | |
Micro (fewer than 10 employees) | 9 | 4% |
Small (10-100 employees) | 99 | 43% |
Medium (100-200 employees) | 41 | 18% |
Large (more than 200 employees) | 79 | 35% |
Digital Transformation Status | 228 | |
Partially applying digital technology | 163 | 71% |
Comprehensive digital transformation | 65 | 29% |
Construct | Cronbach's Alpha | CR (rho_a) | CR (rho_c) | AVE |
|---|---|---|---|---|
AvISe | 0.865 | 0.866 | 0.908 | 0.712 |
CISe | 0.928 | 0.928 | 0.945 | 0.776 |
IISe | 0.941 | 0.941 | 0.953 | 0.773 |
Variable | Cronbach's Alpha | CR (rho_a) | CR (rho_c) | AVE |
|---|---|---|---|---|
AIS (QAIS) | 0.942 | 0.943 | 0.954 | 0.775 |
CSR | 0.968 | 0.969 | 0.973 | 0.799 |
SC | 0.944 | 0.945 | 0.954 | 0.749 |
TMS | 0.951 | 0.951 | 0.960 | 0.802 |
Hypothesis / Path | β (Original) | β (Mean) | SD | T-stat | T-value |
|---|---|---|---|---|---|
H4: AIS → AISe | 0.570 | 0.571 | 0.067 | 8.539 | 0.000 *** |
H5: CSR → AISe | 0.151 | 0.151 | 0.076 | 1.994 | 0.046 * |
H3: SC → AISe | 0.152 | 0.152 | 0.076 | 1.989 | 0.047 * |
H1: TMS → AISe | 0.087 | 0.086 | 0.081 | 1.070 | 0.285 (ns) |
H2: TMS → SC | 0.777 | 0.776 | 0.048 | 16.255 | 0.000 *** |
AI | Artificial Intelligence |
AICPA | American Institute of Certified Public Accountants |
AIS | Accounting Information System(s) |
AISe | Accounting Information Security |
AvISe | Availability of Accounting Information Security |
CIA | Confidentiality, Integrity, and Availability |
CISe | Confidentiality of Accounting Information Security |
CSR | Cybersecurity Readiness |
ERP | Enterprise Resource Planning |
IISe | Integrity of Accounting Information Security |
IoT | Internet of Things |
LLM | Large Language Model |
PLS-SEM | Partial Least Squares Structural Equation Modeling |
QAIS | Quality of Accounting Information Systems |
SC | Information Security Culture |
TMS | Senior Management Support (Top Management Support) |
TOE | Technology-Organization-Environment (Framework) |
VIF | Variance Inflation Factor |
| [1] | Abu Afifa, M. M., Nguyen, T. H., Le, M. T. T., Nguyen, L., & Tran, T. T. H. (2025). Accounting going digital: A Vietnamese experimental study on artificial intelligence in accounting. VINE Journal of Information and Knowledge Management Systems. |
| [2] |
Accenture. (2025). State of cybersecurity resilience 2025. Accenture Research.
https://www.accenture.com/us-en/insights/security/state-cybersecurity-2025 |
| [3] | Abutaber, T. (2023). The impact of accounting information systems on enhancing financial information security in Jordanian banks. International Journal of Data and Network Science, 7(5), 1067-1076. |
| [4] | Ahmad, A., Maynard, S. B., & Park, S. (2014). Information security strategies: Towards an organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2), 357-370. |
| [5] | Alhassan, M. M., & Adjei-Quaye, A. (2017). Information security in an organization. International Journal of Computer (IJC), 24(1), 100-116. |
| [6] | Alnatheer, M., Chan, T., & Nelson, K. (2012). Understanding and measuring information security culture. In Proceedings of the 10th Australian Information Security Management Conference (pp. 1-11). Edith Cowan University. |
| [7] | AlGhamdi, S., Win, K. T., & Vlahu-Gjorgievska, E. (2020). Information security governance challenges and critical success factors: Systematic review. Computers & Security, 99, 102030. |
| [8] | Alshaikh, M., & Adamson, G. (2021). From policy to practice: Towards a process for managing cybersecurity behaviour in the workplace. International Journal of Information Security, 21, 1413-1425. |
| [9] | Baker, J. (2012). The technology-organization-environment framework. In Y. K. Dwivedi et al. (Eds.), Information systems theory: Explaining and predicting our digital society (Vol. 1, pp. 231-246). Springer. |
| [10] | Barney, J. (1991). Firm resources and sustained competitive advantage. Journal of Management, 17(1), 99-120. |
| [11] | Berlilana, B., Hariguna, T., Sari, R. N. P., Tarihoran, N., & Purwati, A. A. (2021). Understanding cybersecurity readiness: Integrating TOE and information security culture. International Journal of Safety and Security Engineering, 11(5), 565-575. |
| [12] | Bhimani, A., & Willcocks, L. (2014). Digitisation, 'Big Data' and the transformation of accounting information. Accounting and Business Research, 44(4), 469-490. |
| [13] | Bishop, M. (2019). Computer security: Art and science (2nd ed.). Pearson Education. |
| [14] | Boss, S. R., Kirsch, L. J., Angermeier, I., Shingler, R. A., & Boss, R. W. (2009). If someone is watching, I'll do what I'm asked: Mandatoriness, control, and information security. European Journal of Information Systems, 18(2), 151-164. |
| [15] | Bradford, M., Earp, J. B., & Grabski, S. (2014). Centralized end-to-end identity and access management and ERP systems: A multi-case study of enterprise software users. International Journal of Accounting Information Systems, 15(2), 179-195. |
| [16] | Busulwa, R., & Evans, N. (2022). Digital disruption and digital transformation of accounting. In R. Busulwa & N. Evans (Eds.), Digital transformation in accounting (pp. 43-51). Routledge. |
| [17] | Cameron, K. S., & Quinn, R. E. (2011). Diagnosing and changing organizational culture: Based on the competing values framework (3rd ed.). Jossey-Bass. |
| [18] | Chang, S. E., & Lin, C. S. (2007). Exploring organizational culture for information security management. Industrial Management & Data Systems, 107(3), 438-458. |
| [19] | Cram, W. A., D'Arcy, J., & Proudfoot, J. G. (2021). Seeing the forest and the trees: A meta-analysis of the antecedents to information security policy compliance. MIS Quarterly, 45(1), 525-554. |
| [20] | Daud, N. M., Rasiah, R. T. R., Abidin, F. Z., & Hashim, H. (2018). A study of cybersecurity readiness among internet users in Malaysia. Jurnal Teknologi, 80(1), 11-20. |
| [21] | Dong Quang Chung. (2023). The impact of information technology risks on the quality of accounting information in enterprises in Vietnam. University of Economics Ho Chi Minh City. |
| [22] | Dutta, A., & McCrohan, K. F. (2002). Management's role in information security in a cyber economy. California Management Review, 45(1), 67-87. |
| [23] | Gable, G. G., Sedera, D., & Chan, T. (2008). Re-conceptualizing information system success: The IS-impact measurement model. Journal of the Association for Information Systems, 9(7), 377-408. |
| [24] | Gorla, N., Somers, T. M., & Wong, B. (2010). Organizational impact of system quality, information quality, and service quality. Journal of Strategic Information Systems, 19(3), 207-228. |
| [25] | Government of the Socialist Republic of Vietnam. (2007). Decree No. 64/2007/ND-CP on application of information technology in state agency activities. |
| [26] | Government of the Socialist Republic of Vietnam. (2015). Law on Network Information Security No. 86/2015/QH13. |
| [27] | Guo, K. H., Yuan, Y., Archer, N. P., & Connelly, C. E. (2011). Understanding nonmalicious security violations in the workplace: A composite behavior model. Journal of Management Information Systems, 28(2), 203-236. |
| [28] | Haapamäki, E., & Sihvonen, J. (2019). Cybersecurity in accounting research. Managerial Auditing Journal, 34(7), 808-834. |
| [29] | Hair, J. F., Risher, J. J., Sarstedt, M., & Ringle, C. M. (2017). When to use and how to report results of PLS-SEM. European Business Review, 31(1), 2-24. |
| [30] | Hair, J. F., Sarstedt, M., Ringle, C. M., & Gudergan, S. P. (2022). Advanced issues in partial least squares structural equation modeling (2nd ed.). SAGE Publications. |
| [31] | Hamdan, A., Hamdan, R., & Razzaque, A. (2017). Accounting information security culture: Auditors' perceptions in Bahraini firms. Journal of Financial Regulation and Compliance, 25(4), 413-428. |
| [32] | Hasan, S., Ali, M., Kurnia, S., & Thurasamy, R. (2021). Evaluating the cyber security readiness of organizations and its influence on performance. Journal of Information Security and Applications, 58, 102726. |
| [33] | Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), 69-79. |
| [34] | International Organization for Standardization. (2022). ISO/IEC 27001: 2022 - Information security, cybersecurity and privacy protection - Information security management systems. ISO. |
| [35] | Izzo, M. F., Fasan, M., & Tiscini, R. (2021). Accounting for the digital transformation: An empirical analysis. Accounting in Europe, 18(3), 336-360. |
| [36] | Kaur, J., & Mustafa, N. (2013). Examining the effects of knowledge, attitude and behaviour on information security awareness: A case on SME. In Proceedings of the 3rd International Conference on Research and Innovation in Information Systems (ICRIIS'13). IEEE. |
| [37] | Kayworth, T., & Whitten, D. (2010). Effective information security requires a balance of social and technology factors. MIS Quarterly Executive, 9(3), 163-175. |
| [38] | Kim, Y., & Kim, B. (2021). The effective factors on continuity of corporate information security management: Based on TOE framework. Information, 12(11), 446. |
| [39] | Knapp, K. J., Marshall, T. E., Rainer, R. K., & Ford, F. N. (2006). Information security: Management's effect on culture and policy. Information Management & Computer Security, 14(1), 24-36. |
| [40] | Knapp, K. J., Marshall, T. E., Rainer, R. K., & Morrow, D. W. (2007). The top information security issues facing organizations: What can government do to help? Information Systems Security, 16(1), 51-58. |
| [41] | Knauer, T., Sommer, F., & Wohrmann, A. (2020). Success factors of forward-looking performance measurement systems: Evidence from the field. Journal of Accounting & Organizational Change, 16(4), 575-602. |
| [42] | Kraemer, S., Carayon, P., & Clem, J. (2009). Human and organizational factors in computer and information security: Pathways to vulnerabilities. Computers & Security, 28(7), 509-520. |
| [43] | Marei, A. (2024). An empirical study on the impact of TOE factors on E-accounting adoption: The moderating role of cybersecurity. Journal of System and Management Sciences, 14(3), 266-292. |
| [44] | Meraghni, S., Bendiabdellah, A., Terrissa, L. S., Marzak, H., & Zerhouni, N. (2021). Challenges of data collection in developing countries. In Proceedings of the 2021 International Conference on Applied Automation and Industrial Diagnostics (ICAAID). IEEE. |
| [45] | Ministry of Information and Communications. (2023). Report on digital transformation of Vietnamese enterprises in 2023. SMEdx Program. |
| [46] | National Assembly of the Socialist Republic of Vietnam. (2015). Accounting Law No. 8/2015/QH13. |
| [47] | National Institute of Standards and Technology (NIST). (2017). An Introduction to Information Security (NIST Special Publication 800-12 Revision 1). U.S. Department of Commerce. |
| [48] | Nguyen, O. K. T., & Vo, T. H. V. (2025). The relationship between management accounting information systems, competitive advantage and performance: The moderating role of digital transformation. International Journal of Innovative Research and Scientific Studies, 8(3), 4593-4601. |
| [49] | Oliveira, T., & Martins, M. F. (2011). Literature review of information technology adoption models at firm level. The Electronic Journal Information Systems Evaluation, 14(1), 110-121. |
| [50] | Papiorek, K., & Hiebl, M. R. W. (2023). Information systems quality in management accounting and management control effectiveness. Journal of Accounting & Organizational Change, 19(1), 1-24. |
| [51] | Peltier, T. R. (2016). Information security policies, procedures, and standards: Guidelines for effective information security management. Auerbach Publications. |
| [52] | Pham Tra Lam. (2024). Information security culture model in accounting information systems: An empirical study in Vietnam. University of Economics Ho Chi Minh City. |
| [53] | Posthumus, S., & von Solms, R. (2004). A framework for the governance of information security. Computers & Security, 23(8), 638-646. |
| [54] | Rehberger, J. (2024). Trust no AI: Prompt injection along the CIA security triad. arXiv preprint arXiv: 2412.06090. |
| [55] | Rehm, S.-V. (2022). Accounting information systems and how to prepare for digital transformation. In M. G. Quinn, E. Strauss, & F. J. Martin (Eds.), The Routledge Companion to Accounting Information Systems (pp. 69-79). Routledge. |
| [56] | Solomon, G., & Brown, I. (2021). The influence of organisational culture and information security culture on employee compliance behaviour. Journal of Enterprise Information Management, 34(1), 1-26. |
| [57] | Spears, J. L., & Barki, H. (2010). User participation in information systems security risk management. MIS Quarterly, 34(3), 503-522. |
| [58] | Steinbart, P. J., Raschke, R. L., Gal, G., & Dilla, W. N. (2012). SECURQUAL: An instrument for evaluating the effectiveness of enterprise information security programs. Journal of Information Systems, 26(1), 93-116. |
| [59] | Steinbart, P. J., Raschke, R. L., Gal, G., & Dilla, W. N. (2018). The influence of a good relationship between the internal audit and information security functions on information security outcomes. Accounting, Organizations and Society, 71, 15-29. |
| [60] | Tang, M. (2021). Digital transformation: The essentials of e-business leadership. McGraw-Hill. |
| [61] | Tornatzky, L. G., & Fleischer, M. (1990). The processes of technological innovation. Lexington Books. |
| [62] | Tran Nu Hoai Nhu. (2024). Research on the impacts of information technology risks on the quality of accounting information in enterprises in Vietnam. University of Economics Ho Chi Minh City. |
| [63] | Tu, Z., Turel, O., Yuan, Y., & Archer, N. (2018). Learning to cope with information security risks regarding mobile device loss or theft: An empirical examination. Information & Management, 55(2), 189-204. |
| [64] | Van Niekerk, J. F., & Von Solms, R. (2010). Information security culture: A management perspective. Computers & Security, 29(4), 476-486. |
| [65] | Vial, G. (2019). Understanding digital transformation: A review and a research agenda. Journal of Strategic Information Systems, 28(2), 118-144. |
| [66] | Viettel Cyber Security. (2023). Cyber Security Report for the first half of 2023. Military Industry and Telecommunications Group (Viettel). |
| [67] | Vietnam Digital Transformation Program. (2025). National AI Transformation Strategy (AIX) 2025-2030. Ministry of Information and Communications. |
| [68] | Vietnam National Cyber Security Technology Joint Stock Company. (2023). Vietnam Cyber Security Summary Report 2023. |
| [69] | VNISA - Vietnam Information Security Association. (2024). Survey report on the current state of cybersecurity in Vietnam in 2024. Hanoi: VNISA. |
| [70] | Von Solms, R., & Von Solms, S. H. (2006). Information security governance: A model based on the Direct-Control Cycle. Computers & Security, 25(5), 408-412. |
| [71] | Wernerfelt, B. (1984). A resource-based view of the firm. Strategic Management Journal, 5(2), 171-180. |
| [72] | Whitman, M. E., & Mattord, H. J. (2018). Management of information security (6th ed.). Cengage Learning. |
| [73] | World Economic Forum. (2025). Global cybersecurity outlook 2025. WEF. |
APA Style
Mai, H. N. T. (2026). Cybersecurity Challenges in AI - Integrated Accounting and Auditing Systems: Empirical Evidence from Vietnam. Economics, 15(3), 58-69. https://doi.org/10.11648/j.eco.20261503.11
ACS Style
Mai, H. N. T. Cybersecurity Challenges in AI - Integrated Accounting and Auditing Systems: Empirical Evidence from Vietnam. Economics. 2026, 15(3), 58-69. doi: 10.11648/j.eco.20261503.11
@article{10.11648/j.eco.20261503.11,
author = {Huong Nguyen Thi Mai},
title = {Cybersecurity Challenges in AI - Integrated Accounting and Auditing Systems: Empirical Evidence from Vietnam},
journal = {Economics},
volume = {15},
number = {3},
pages = {58-69},
doi = {10.11648/j.eco.20261503.11},
url = {https://doi.org/10.11648/j.eco.20261503.11},
eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.eco.20261503.11},
abstract = {The rapid proliferation of artificial intelligence (AI) and digital transformation technologies in the Vietnamese business environment has profoundly altered the landscape of accounting and auditing, simultaneously introducing new and complex information security challenges. This study applies the Technology-Organization-Environment (TOE) framework to examine factors affecting Accounting Information Security (AISe) in Vietnamese enterprises during the ongoing digital transformation. The research model integrates four independent variables — Senior Management Support (TMS), Information Security Culture (SC), Quality of Accounting Information Systems (QAIS), and Cybersecurity Readiness (CSR) — and constructs the dependent variable AISe as a second-order formative construct encompassing three dimensions of the CIA triad: Confidentiality (CISe), Integrity (IISe), and Availability (AvISe). Using Partial Least Squares Structural Equation Modeling (PLS-SEM) with SmartPLS 4.0, the study analyzed data collected from 228 respondents across Vietnamese enterprises. Results show that QAIS exerts the strongest positive influence on AISe (β = 0.570, p 2 = 0.694). These findings offer empirical evidence supporting the integrated role of technological and organizational factors in securing accounting information within Vietnam's developing digital economy. Recent developments in AI governance, including Resolution No. 57-NQ/TW (2024) and Vietnam's national AI transformation strategy (2025-2026), further underscore the urgency of these findings for policy and practice.},
year = {2026}
}
TY - JOUR T1 - Cybersecurity Challenges in AI - Integrated Accounting and Auditing Systems: Empirical Evidence from Vietnam AU - Huong Nguyen Thi Mai Y1 - 2026/07/08 PY - 2026 N1 - https://doi.org/10.11648/j.eco.20261503.11 DO - 10.11648/j.eco.20261503.11 T2 - Economics JF - Economics JO - Economics SP - 58 EP - 69 PB - Science Publishing Group SN - 2376-6603 UR - https://doi.org/10.11648/j.eco.20261503.11 AB - The rapid proliferation of artificial intelligence (AI) and digital transformation technologies in the Vietnamese business environment has profoundly altered the landscape of accounting and auditing, simultaneously introducing new and complex information security challenges. This study applies the Technology-Organization-Environment (TOE) framework to examine factors affecting Accounting Information Security (AISe) in Vietnamese enterprises during the ongoing digital transformation. The research model integrates four independent variables — Senior Management Support (TMS), Information Security Culture (SC), Quality of Accounting Information Systems (QAIS), and Cybersecurity Readiness (CSR) — and constructs the dependent variable AISe as a second-order formative construct encompassing three dimensions of the CIA triad: Confidentiality (CISe), Integrity (IISe), and Availability (AvISe). Using Partial Least Squares Structural Equation Modeling (PLS-SEM) with SmartPLS 4.0, the study analyzed data collected from 228 respondents across Vietnamese enterprises. Results show that QAIS exerts the strongest positive influence on AISe (β = 0.570, p 2 = 0.694). These findings offer empirical evidence supporting the integrated role of technological and organizational factors in securing accounting information within Vietnam's developing digital economy. Recent developments in AI governance, including Resolution No. 57-NQ/TW (2024) and Vietnam's national AI transformation strategy (2025-2026), further underscore the urgency of these findings for policy and practice. VL - 15 IS - 3 ER -