Information and Communications Technologies as a Driver of Effective Internal Communication

Internal communication is considered to be fundamental process for organization. The information and communication technology (ICT) has been a strong trigger of organizational change in every aspect, as well as in internal communication. This paper investigates ICT tools usage effects on internal communication. Three research hypothesis were set up: (i) employees’ perceived importance of internal communication has a relationship with their ICT usage, (ii) employees’ perceived quality of internal communication has a relationship with their ICT usage, and (iii) ICT tools usage contributes to the perceived impact of IT on informing, motivation, productivity, loyalty, organizational development understanding, reducing rumors within organization of employees, willingness to change and overall satisfaction of employees. In order to test hypothesis, data were collected via an online survey conducted among Croatian public relations experts. Data mining was applied in data analysis: including both, descriptive (distributions) and predictive models (Bayesian networks). Sensitivity analysis of Bayesian networks identified significant factors of successful internal communication. Results showed that Skype usage mostly contributed to the quality of internal communication, whereas social network usage mostly contributed to the perceived importance of internal communication. Bayesian network model identified e-mail usage as a predictor of employees informing and chat usage as predictor for productivity of employees. Organizations’ management should embrace opportunities that new technologies have brought to the field of internal communications and use it as a tool for improvement. Abstract There are some similarities between Financial Statement Audit (FSA) and Information System Audit (ISA). FSA is an examination of the reliability and integrity of financial statement records whereas ISA is a review and evaluation of the controls, risks, and system development within an Information system infrastructure to determine if the information systems are safeguards to protect against abuse, safeguards assets, maintains data integrity, and operates effectively to achieve the organization's going concern objective. Decision makers need to ensure that the process of collecting and evaluating evidence of an organization's information systems, practices, and operations are reliable. Data manipulation can be caused by external or internal threat. Internal manipulation threat is the most dangerous one because it is committed by authorized personnel which make it very difficult to be detected. In particular, the framework introduces an anomaly detection technique, one of the data mining methods, to determine the suspected transactions arise from both internal and external threat. Once the suspected transactions are identified, procedures and monitoring control will be in place to minimize each threat. The proposed framework is expected to help both universities and ministry of higher education managers at all levels to make a vital decision based on reliable and accurate information in East Africa.


Literature review and research hypothesis
Recent papers indicated the need for this kind of research. Firstly, Karanges et al. (2015) emphasized importance of internal communication by finding strong relationship between internal communication and employee engagement. In the study, King and Lee (2016) proposed a conceptual framework of effective internal communication for the hospitality industry. The focus of their study were social media and they explored suitability of social media as an augmentation to traditional internal communication channels. Results highlighted how social media can augment current internal communication practices in a hospitality organization. Solomon (2015) examined the relationship between internal communication and organizational performance in terms of quality. His study conducted among pharmaceutical firms found out that, internal communication strategies are facilitating the progress in the pharmaceutical industries. The results suggested that the management or the board of directors should focus on internal communication tools because they are drivers of prosperity (Solomon, 2015).
Harmainen (2014) investigated internal communication and employee commitment in start-up companies. Results indicated statistically significant relationship between internal communication and employee commitment. Sjöberg and Madsen (2014) also proved significance of internal communication on all businesses. Fenech (2013) investigated the employees' needs and preferences of internal communication channels in companies and their with employee commitment. "The main implication of this study was the recommendation that companies invest resources in internal strategy corporate communication (ISCC), because it was preferred by the employees at the case company, it corresponded to their needs and it contributed to their affective commitment" (Ibid., 2013). When discussing current issues in internal communication, Tkalac Vercic, Vercic and Srirames (2012) research pointed out new digital media as emerging field with high level of influence on the way employees communicate within organization. It is important to Open Journal for Information Technology, 2020, 3(2), 39-52. ______________________________________________________________________________________________ 41 investigate internal communication with respect to ICT tools usage. No study in this area has been empirically investigated this relationship.
Based on this reasoning, three hypothesis were set up:

H1: Employees' perceived importance of internal communication has a relationship with their ICT usage.
H2: Employees' perceived quality of internal communication has a relationship with their ICT usage.
H3: ICT tools usage contributes to the perceived impact of IT on informing, motivation, productivity, loyalty, organizational development understanding, reducing rumors within organization of employees, willingness to change and overall satisfaction of employees.

Data and methodology
A quantitative research approach was used. The survey was developed and data were collected from a random sample of users. Croatian Public Relations Association (CPRA) database was used. CPRA is a professional association and brings together officials involved in activities related to public relations in order to improve profession and to protect their interests through a variety of activities provided by the Statute of the association (CPRA). Members of association are people who are directly concerned with public relations. So, study included only professionals in the field with the aim to collect their experiences in public relations, with special emphasis on internal communication and ICT in the implementation of internal communication. Association Secretary sent questionnaire to all members with a detailed explanation and request to fill it in order to examine the situation of internal communication in organizations. Given the fact that this study was focused on Croatian companies, for this study, a total population of 200 participants was targeted, professionals in the field of public relations which are members of CPRA. The study included a diverse structure of organizations: small businesses, non-profit institutions, public administrations, educational institutions and nongovernmental organizations.
Collected data were analysed by applying descriptive and predictive modelling. To achieve first objective of the research, distributions were performed. To address second objective, Bayesian networks were created. In the following section, a general introduction to Bayesian networks is presented Bayesian networks are one of the most popular data analysis methods. The basic concept of Bayesian networks is based on conditional probabilities (Delen, 2015). Bayesian networks are composed of two main elements: (i) direct acyclic graph in which each node represents a random variable, and each link probabilistic dependence, and (ii) tables of conditional probability for each variable. The main characteristic of Bayesian networks is the ability to learn based on probabilistic, directly from sample data. The analyst is responsible for creating a transparent model, which will cover all relevant variables and their relationships. One of the main benefits of Bayesian network is the fact that they are able to predict the likelihood in the absence of specific information.
In this research, sensitivity analysis performed on the Bayesian network models will answer on the questions: whether and to what extent ICT tools contribute to the internal communication.

Research findings
The obtained results revealed interesting insights explaining internal communication in the organization and relationship with ICT usage. First, we give profile of the respondents and profile of the organizations they work for, followed by their perception of internal communication in organizations and ICT usage in internal communication. Table 1 gives basic characteristics of the respondents: age, gender, level of education and Years of experience in public relations. Descriptive statistics provided following results. More than half of respondents are aged 31-40 years. Due to the fact that field of public relations only recently started to gain attention in Croatian organizations and mostly young people were employed, this results are expected. Second question in the survey was related to gender. As seen in Table 1, 68% of respondents are females and 32% were males. Public relations are known among the profession as female dominated field and this study confirmed such state in the Croatian companies. Similar ratio of two thirds to one third in favour of females is also present among all the members of the CPRA. Following question is related to the qualifications of the respondents. According to the results on this sample, the profession of public relations is characterized by a high level of education experts. There are no respondents with only secondary education, and even a third experts in public relations have completed a master's degree or a PhD. In comparison with related industries, this are very competitive results. Furthermore, more than half of respondents have work experience in public relations between 6 and 10 years. Those are professionals who are already well aware of the matter and have enough experience to be relevant subjects. There is an interesting correlation of this variable with the variable age. It is notable that 55% of respondents are aged 31-40 years, almost as the same with percentage of professionals with 6 to 10 years of experience in public relations. This indicates that area of public relations, for the majority of respondents, is first employment and they do not change the job.

Profile of the organizations
This section describes of the organization whose employees where involved in the study. Table 2 gives profile of organizations. Participants of this study are heterogenous group working in diverse organizations, which is one of the advantages of the study -to gain as much as possible different views from different sectors on issues of internal communication. However, most of the respondents (36%) work in organizations engaged in the service sector (banks, retailers, insurance, tourism sector ...). These organizations are primarily focused on providing services to the final customer and the public image is very important for them, so they have established public relations within the organization, often with ten or more employees. This sample consists of experts for public relations of different organizations by size or number of employees. Majority of the respondents are from the largest organizations with more than 500 employees. However, it is certainly interesting to note that even in smaller organizations with 50 employees public relations are developed, and in these smaller organizations is present awareness for the need to communicate. In the next question participants were asked does the organization they work for have a separate department for public relations. More than a half respondents work in organizations that have separate departments for public relations as part of the organizational structure within the organization. This is quite a high percentage, especially in the light of the fact that 42% of respondents are employed in the organizations with fewer than 100 employees. Above mentioned have opened two questions, depending on whether the response was positive or negative. If it was positive (53%), open sub-question is how much employees is in the department for public relations. If answer was negative (47%), open sub-question is in which organizational unit are they situated. Most of organizations that have public relations have only a few employees in public relations department, ranging from 1 to 5. Total of up to 10 employees have three-quarters of organizations. Only the largest organizations have more than 10 employees. Such number of employees actually makes considerable competitive advantage and great resource for the organization. Organizations without public relations as a separate department have mainly two solutions within the organization to accommodate public relations: in marketing or in the Board Office. In fact, it is widely accepted that the larger organizations often combine marketing and public relations. Twenty years ago public relations were part of marketing, not a separate organizational unit. Board Office, which is dominated by 44% as an alternative solution for public, have mainly organizations that have spokesman and maybe one more person employed for this purpose. This is not enough for a particular department, but those employees have an extremely important role and they are leaning on the Board, usually the CEO.
Less than a quarter of organizations have internal communication as sub-unit within the department for public relations, while in other organizations internal communication takes place as the part of the overall communication activities. Organizations that have internal communication as a separate organizational subunit are those that have the highest volume of jobs and highest number of employees. This issue was related to the number of employees in the organization whose only assignment is internal communication. This response complements the previous question. Total of 83% organizations have no or one person who specializes in internal communication. Thus, for the vast majority of respondents internal communication is smaller or larger segment of the scope of work, but not the only one. Again, the correlation with the size of the organization is noticeable.

Perception of internal communication in organization
Respondents evaluated the importance of internal communication in the organization. They were asked to score importance in the range from 1 (without impact) to 5 (Extremely large impact). Furthermore, participants were asked to evaluate their satisfaction with internal communication (in the range from 1 -not satisfied to 5 -extremely satisfied). Results suggest that nearly half of respondents is moderately satisfied and there is evidently place for the improvement. Almost a third of the respondents are dissatisfied or very little satisfied, pointing to the fact that internal communication is neglected, even from the perspective of internal communicators. One third of respondents are dissatisfied, half is moderately satisfied, while only a quarter is satisfied with the quality of internal communication in the organization. There are no respondents which are extremely satisfied. All of the respondents consider quality of internal communication as a driver of quality of their work and the overall working atmosphere in the organization. This sort of acclamation only confirms very high level of awareness for the importance of internal communication among professionals in public relations. This also entitles the Department of Public Relations and Human Resources to initiate and promote projects that improve internal communication in organizations.
When asked what do they considered the most important for the quality of internal communication within organization, most of the respondents pointed out top management role. More than half of respondents consider top management as a key for good internal communication, followed by human resources. This is expected given that the salaries and other material rights are in their domain, and those are issues of extreme importance for the employees. Those results are in line with previous research results which equate top management and human resources in importance. Public Relations are considered the most important for 10% of respondents. It is very interesting that only 7% of respondents believe that employees themselves are most important for the good internal communication.

ICT usage in internal communication
More than 90% of participants believe that the use of information technology can influence the improvement of internal communication. Information technology has an extremely high potential to impact on internal communication, mainly as a tool to perform communication. Respondents evaluated the frequency of use of various ICT tools for internal communication within their organizations. Grades were in the range from 1 (lowest frequency) to 5 (highest frequency). According to the results, there are two key information technologies that are used for formal internal communication: e-mail as the most dominant information technology and intranet with an average grade of 3.3. All other tools are used less frequently: respondents use it, but not frequently (average score is usually between 2 and 2.5). It is to be noted that respondents were asked to express their experiences with formal internal communication that takes place in the organization they work for. They do use social networks in a large extent for communication, but not for the formal organizational purposes, mostly for private individual communication. 23% of participants do not have intranet, and those are mostly organizations with less than 100 employees, while 77% of respondents use their organization's intranet as a channel for internal communication. Less than half of those respondents, add or remove content on a daily basis. On the other hand more than 40% of respondents changes intranet content less than once a week. Such intranet it is used as a tool for business processes, but in terms of communication, is out of date. According to the experiences of respondents, the biggest advantage of the intranet as a channel of communication is its speed. This is in line with previous research results. Some of the respondents emphasized low costs (particularly in relation to the printed channels), or the unavailability of intranet for people outside the organization as biggest benefit of intranet. Half of the respondents see users themselves as the biggest flaw of intranet. They believe employees do not have enough time to read the content. On the other hand, 30% of respondents indicates outdated content as the main problem which often rejects employees to use it. Two dominant responses are in conflict: while first response indicates that the problem is in the user, the second response indicates that the problem is the one who creates and provides content. It is interesting that about 10% see unavailability of intranet for people outside the organization as flaw.
Further, respondents were asked to evaluate impact of ICT tools on their achievement in terms of various segments.
Open Journal for Information Technology, 2020, 3(2), 39-52. ______________________________________________________________________________________________ 47 Figure 3. ICT impact on employees informing According to the answers, ICT has an impact on the informing of employees. While the answers vary in the amount of this influence, the dominant response is that they have a large or moderate impact. About the same number of respondents, 15%, believes that the impact is small or extremely large.
The next question concerned the impact of ICT on the motivation. Results are in the  While identifying impact of information technology on the motivation, the answer is more uniform. 63% of respondents considers ICT has moderate impact on motivation. If we take a deeper look at this results, we can see ICT impacts motivation, but not as key factor. Crucial influences are usually salary or working atmosphere.
Respondents evaluation of ICT impact on productivity presents figure 5. Regarding the effect of IT on productivity, respondents gave answers in a very wide range: some argue that IT have no influence, whereas others see extremely large impact. However, the dominant response is that IT has a moderate impact on productivity.
Participants also expressed perception of ICT impact on loyalty.

Figure 6. ICT impact on employees' loyalty
The question of relations between ICT and loyalty invoked the most concerns among the respondents. There are no dominant thinking, because all of the options received a similar percentage of votes. Loyalty to the organization means that employee is committed and disseminator of positive thinking about organization and the best "ambassador" of the organization inside and especially outside the organization. However, not even the experts in the field of public relations did not agree that the internal communication is one that has a crucial impact on loyalty. There is a certain amount of influence, but other factors within the organization must be included.
Can ICT influence understanding organizational development was following question.  (Figure 7). In organizations with internal communication based on ICT impact is high, but in production companies for instance, situation is different. Understanding organizational development for employees is important, regardless of media transfers. Figure 8 shows distribution of answers regarding ICT usage influence on reducing rumours within organization.
Open Journal for Information Technology, 2020, 3(2), 39-52. ______________________________________________________________________________________________ 49 Figure 8. Impact of ICT on reducing rumors within organization Rumours are often a problem within the organization as they form informal internal communication which can be potentially dangerous to the functioning of the organization. Therefore, the essence of every good internal communication is to suppress their impact that with transparency and promptness. In this survey, concept of rumour applies only to those facts concerning the organization itself. The vast majority of respondents considers ICT can have a very high impact on the suppression of rumours, and thus indirectly to better internal communication based on facts and controlled information. Another question explores ICT impact on willingness to change. The tendency of members of the organization to change usually can be stressful. In fact, people naturally do not like change, they do not like the change of working conditions, the environment. However, no organization must not stand still, but must constantly strive for something better. For all it takes is a single agreement with the members of the organization, requires their being informed as it can affect the propensity to change. For them being informed, ICT is crucial, as a channel for achieving quality and timely information. Last question examined ICT impact on overall satisfaction. Figure 10. Impact of ICT on overall satisfaction Overall satisfaction of members of the organization implies opinion of members of the organization and the totality of the pleasures that the member has in the organization of working conditions, work atmosphere, the substantive rights to future prospects. On top of that, a third of respondents believe that internal communication based on information technology has little or no impact, and about the same number of answers is to have a modest impact, and have a great or very great impact.

ICT usage impact on internal communication
A Bayesian methodology was developed in this paper for hypothesis testing. Figure 11. First Bayesian model First Bayesian model tests relationship between various ICT tools usage (e-mail, Intranet, chat, Skype, web 2.0 tools, forum, blog, personal web page, social networks) and perceived importance and quality of internal communication (see Figure 11).

Figure 12. Second Bayesian model
Second Bayesian model tests relationship between various ICT tools usage (e-mail, Intranet, chat, Skype, web 2.0 tools, forum, blog, personal web page, social networks) and perceived impact of ICT on informing, motivation, productivity, loyalty, organizational development, reducing rumors, willingness to change and overall satisfaction of employees (see figure 11).
Useful information can be extracted from the Bayesian model so as to help understand internal communication patterns and optimize IT tools usage in order to improve internal communication. Examining Bayesian model by performing sensitivity analysis, the significant factors that determine quality of internal communication can be identified. In particular, the column contribution of the first model can be analyzed as follows: variables Intranet usage and Skype usage contributed the most to quality of internal communication. This indicates that Intranet and Skype usage are the most important determinants of internal communication quality of all these ICT tools. Then, for clarity, as the significant factors for the perceived importance of internal communication are identified web 2.0 tools and social networks. Thus, hypothesis H1 and H2 are confirmed: some of the ICT tools significantly contribute to the quality and importance of internal communication.
Second research model emphasized e-mail usage as a predictor of employees informing and chat usage as predictor for productivity of employees. This confirms hypothesis H3.

Conclusion
In today's turbulent environment, organizations cannot be competitive without effective internal communication. This paper strives to help organizations improve internal communication by identifying ICT tools that might improve internal communication. Descriptive modeling with distributions and Bayesian methodology was developed in this paper for model prediction. Conducted research among public relations experts in the Croatian organizations provided insight into current state of the internal communications, the use of information technologies for their enforcement, and give guidelines for improvement of internal communication. Research is based on the answers of public relations experts, and, as such, very valuable. Results provide typical profile of the PR experts in Croatia: highly educated female, age 31-40 working in the organization with separate PR department of 1 to 5 employees. However, internal communications are separate department only in the largest organizations.
Bayesian network analysis was used to empirically test the relationship between internal communication and ICT tools usage. In the first research model involving perceived quality and importance of internal communication (H1 and H2) a significant and positive association between Intranet and Skype usage with quality of internal communication was found, and web 2.0 tools and social networks usage and importance on internal communication. E-mail usage accounted for most of the variance in informing of employees, whereas chat usage contributed to the perceived impact of ICT on productivity of employees (H3).
This study makes valuable contribution to understanding the role of ICT in internal communication. However, several limitations need to be acknowledged. Random sample was used and this fact reduces the ability to generalize the results to the wider population. This study should mainly serve as a pilot study of research on ICT usage and internal communication effectiveness. Future research should explore the same hypothesis but using panel data to provide reliable conclusions.

Introduction
Most of the organizations and firms worldwide have replaced their manual system with a computerized one in the form of information systems. These changes require a close monitoring and auditing of the data generated by such systems.
Currently higher education institutions such as universities and colleges are facing numerous challenges, for example their information systems transactions have grown in volume and complexity. These institutions exist in a highly regulated environments. Therefore, there is a convincing need for controlling and monitoring mechanisms to evaluate and validate these transactions.
The data stored in information systems in higher education institutions is of a paramount importance for both institutions as well as body represented by the ministry of higher education. For higher education institutions, they have to make sure of the integrity of the data which means the data were not tampered with whether from external sources or internal sources.
Unlike auditing in financial accounting which is concerned with the systematic verification of a company or government unit books of account transaction that is conducted by external auditors. The ISA has to ensure that the data generated and stored by information system is safeguards to protect against abuse, safeguards assets maintains data integrity and allows the firms to continue successfully. Information systems auditing (ISA) is more complex than financial auditing, because the threats can come from either internal or external sources.
Authorities in the ministry of higher education have greater role regarding the monitoring and overseeing the activities of universities. They have to ensure that the generated data by IS which are related to student marks, records, and others are accurate and not tampered with. Based on these requirements there is strong need for ISA to guarantee the accuracy of the data provided by universities to the ministry of higher education.
There are many researches provided definition for what constitute information systems auditing. For example, Lope et al. (2015) defined ISA as the assessment of various controls, risk, and system development within IS infrastructures.
The auditing process has moved from a manual one to a computer-based one. Recently the notion of continuous auditing (CA) has been introduced as part of ISA. CA can be defined as a comprehensive electronic audit process that enables auditors to provide some degree of assurance on continuous information simultaneously with, or shortly after, the disclosure of the information The authors' belief that data mining, specifically outlier analysis, could be a viable approach to facilitate auditing in information system by highlighting the suspected transactions.
The main purpose of this paper is to introduce a framework for auditing information systems in the higher education. The framework aim to provide the ministry of higher education with a system that allows it to evaluate, monitor and validate university registration system transactions in a non-intrusive way. The proposed model is expected to help both university management and the ministry of higher education to systematically verify the validity of the stored information related to students. Intrusive

Review of literature
Non-traditional auditing tools has long being used in the audit of information systems. For instance, the use of expert system to facilitate the auditing process in information system is documented in the work of Wattiau and Akoka (1996) in which an audit expert system was developed to logistic information systems auditing.
It is understandable that most auditor professionals are lacking IT expertise which allow them to implement generalized audit software. To bridge the gap between information systems and auditors professional Shing- Han (2007) proposed a systematic analysis approach that provides a framework for auditors to effectively understand business process and data flow/data structures of information systems.
With the vast proliferation of data stored in an electronic form, there is compelling need to ensure the validity and reliability of such data. ISA is a necessity for most organizations seeking to compete in the market. In recent years there is extensive research in ISA area with the aim of finding suitable means to ensure the reliability of the stored data. For example, Kim et al. (2015) propose a model aimed to bridge the gap between contemporary auditing practices and information system audits. The proposed model of information system audit satisfaction that includes auditor expertise and auditor role clarity as antecedent variables that affect audit responsiveness and audit reliability which in turn affect audit satisfaction.
For higher education institutions, the issues of continuous auditing (CA) and continuous monitoring (CM) of data is an important characteristic which is likely improve the reliability of the stored data and hence the credibility of the institution. Moreover, such auditing complies with the external regulations set up by the ministry of higher education. A similar work related to the continuous assurance services in information system that aim to improve the reliability of the business is presented by Marques et al. (2015). They have developed a prototype and consequent results analysis using real data which allowed them to ensure the feasibility and effective use of the proposal.
Research in CA and CM in information system remains a hot research topic. For instance, Hardy and Laslett (2015) described a case study about how CA and CM has been interpreted and implemented in a wholesale distribution and marketing company in Australia. They have obtained interesting results in which over 100 automated tests performed daily, a fully integrated exception management system, advancement from data to predictive analytics, and the use of visualization technologies for enhancing reporting.
A similar to data audit in information system is the process auditing which is a mechanism frequently used by many organizations to ensure the quality of their process. To improve the quality of audit recommendations, Kurniati et al. (2015) suggest the use of process mining in auditing business processes based on data from event logs stored in information system. Continuous monitoring (CM) of information system data from external and internal threats is of a paramount importance for top management. Many methods have been proposed to detect external intruders from accessing and hence tampering with the data. An excellent work that intends to detect external intruders is presented by (Peiying et al., 2018). They have proposed an alarm intrusion detection algorithm feature selection, weight, and parameter optimization of support vector machine (FWP-SVM-GA) based on the genetic algorithm (GA) and support vector machine (SVM) algorithm for use in a human centered smart IDS.
Internal threats can cause a huge damage for organization due to the fact that insiders have a legitimate data access. Liu et al. (2018) identified number of possible reasons which can cause enormous loss such as (1) the existing solutions do not pay enough attention on the early indications of an arising malicious insider, most of which do not raise alerts until damaging behaviors have occurred; (2) most of the solutions rely only on an individual audit data source, diminishing insights into the threats; and (3) conventional data analytics counts too much on domain knowledge in extracting features or establishing rules, resulting in a limited capability against evolving threats. Some universities might opt for storing their data using cloud storage system. Using such approach require more rigorous auditing in order to ensure the integrity of the data. Different schemes have been proposed to address such problem, for example, Wang et al. (2018) proposed an identity-based data outsourcing (IBDO) scheme equipped with desirable features advantageous over existing proposals in securing outsourced data.

Information systems in institutions of higher education
In United Arab Emirates, currently there are 68 accredited universities and colleges, the majority are private institutions (www.mohesr.gov.ae). All these institutions use information systems to handle varieties of things among them the academic information related to the students. For the management of these institutions, the reliability of the generated data by these systems represent a critical issue. They have to deal with both internal and external threats. The management needs to apply close monitoring and thorough auditing of their information system to ensure the trustworthiness of their academic data. The higher education institutions specially the private one exist in a very tough competitive regulated environment which necessitate maintaining their reputation in the academic field. The ministry of higher education requires from all accredited universities and colleges to adhere to the rules and regulations set by the ministry. For the ministry of higher education there is a desperate need for mechanisms to monitor, audit, and ensure the integrity of the academic data generated by these systems.
Information system in higher education institutions has peculiar characteristics compared with other type of information systems. For example, the pattern of transactions, there are heavy transactions in certain period of time such as during student registration, student admission, and mark entries. To close the research gap, the proposed model could easily detect and highlight fraudulent suspected transactions and facilitate the decision process.

Methodology
Information audit relates only to the components of the information system. Because of this, information audit cannot be included within other types of audit. Information audit seeks specific objectives, has specific procedures and uses specific tools (Rus, 2012). Objectives, processes, procedures, components and international regulations regarding this process are defined by the US non-profit association ISACA (Information System Audit and Control Association). The American Standard which establishes IT governance rules is called COBIT (Control Objectives for Information and Related Technology) Information system is composed of hardware, software, user, and data. Auditing in information system is totally different from other type of audit. In this, the auditing process will be confined to the auditing of the data or information. Ioan Rus (2015), identified and presented tools and techniques for auditing databases. For the purpose of this framework, information has seven important characteristics, these are: Availability -the information must be available at any time during the decision process; Integrity -the content and accuracy of the data must be in accordance with the rules and expectations of the organization; Compliance -the logical structure of information and its concrete values must reflect the actual level of processes it characterizes; Reliability -the information must relate to the specific decision-making process that is served; Efficiency -the information must be provided with the lowest consumption of resources; Effectiveness -the information must be relevant, accurate and timely provided for decision making; Confidentiality -the information must be provided only to users whom they are intended to be delivered.
Open Journal for Information Technology, 2020, 3(2), 53-62.  Figure 1 above shows the proposed framework processes that uses data mining techniques to audit and detect the suspected fraudulent transactions that can be referred to the management of the higher education institution and the ministry of higher education.
The proposed framework indicates that there are five phases which are:

Data Extraction Phase
This phase uses information system log file to perform data extraction and preparation and the extraction of valuable features in detecting suspected fraudulent transactions.

Data Pre-processing Phase
The step accomplishes data pre-processing which may include data cleaning, normalization, transformation and feature selection to prepare the data for analysis.

Detection Process Phase
The phase, as shown in Figure 1, includes two processes:  Mining: This phases uses a suitable outlier analysis algorithm to detect the fraudulent suspected transactions.  Post processing: This phases intends to evaluate the generated patterns after the mining process.

Generating fraudulent suspected Transactions Phase
This phase uses the tested pattern to generate the fraudulent suspected transactions. This phase is the actual experimental work. The result will be delivered to the institution management for further investigations.
These steps or phases will further be detailed when the actual data is prepared and the model will be tested. Figure 2 shows the conceptual design of the proposed framework. The proposed design consists of the following services/components: User Interface Service/Component: helps the users to navigate the different services including the Naming and location service/components, Detection service/Component Reporting Service/Component, Data Sources and Suspicious Transactions Database.

Conceptual Design of the Proposed Framework:
Naming and Location Service/Component: this service stores information about the names and locations of the registered services. This service can be implemented as a centralized or distributed service.
Detection Service/Component: This service can be implemented as an extensible class that can be extend by the developer to add a new detection service such as detection service for the academic institution and another one for the regulatory institution.
Reporting Service/Component: this service is used to store suspicious transaction in a special database that can be accessed and investigated by different users through the user interface service.
Data Sources: these are the Databases and files that includes information about the academic regulations, registration information, policies, processes/procedures, student information and regulatory rules and any other data that is relevant to the purpose of audit.
Suspicious Transactions Database: this database stores only the suspicious transaction detected by the detection service. This database can be implemented as a centralized or distributed database as required. Internationally, universities recognize the importance of university registration systems, one of the categories of information systems. These systems store huge amount of data related to students, courses, grades, etc. Maintaining the integrity of such data is of a paramount important for both universities and ministry of higher education. One of the responsibilities of the ministry of higher education is to oversee and monitor the activities of universities and has to guarantee the accuracy of the data stored by such systems.
Information system audit represents a challenging issue for most organizations specially higher education institutions in which the good reputation of such institution plays an important role in improving the market share for these organizations. Maintaining data integrity is an important characteristic sought by most organizations operating in a very competitive environment. The audit framework aims to establish whether university registration systems are safeguarding corporate assets, maintaining the integrity of stored and communicated data, supporting university objectives effectively, and operating efficiently. To achieve such uphill task, the framework algorithm first extracts the transactions from the university registration system and then utilizes outlier analysis (Han et al., 2012), one of the data mining techniques, in order to identify the possible fraudulent transactions. The algorithm takes into consideration the different types of events, stages, and relationship that constitute the essence of each university registration system transaction.
It is recognized that university registration systems have peak period time during which there are heavy transactions that can be generated. For example, during registration at the beginning of the semester and at the end of the semester where students marks and grades will be recorded by the instructors and employees of the registration office. The framework uses different factors to identify the suspected fraudulent transactions. One of the most important factor is the timing of the transactions. In university registration system, some transactions can only be generated during certain period of time. For example, transactions related to student marks and grades, such type of transactions should only occur at the end of the semester or within certain period of time and should be performed by certain types of users. If the auditing system detects that such transactions were generated outside these times, immediately the system flags these transactions as suspected fake transactions, and hence should be inserted into the file of the suspected fraudulent transactions for further investigation.
Factors other than the timing that should be taken into consideration by the framework in the auditing process is the transactions that violate university or ministry of higher education rules and regulations. Such types of transactions should be marked as suspected deceitful transactions and hence should be inserted in the file of the fraudulent transactions.
Another important factor that can contribute in the identification of improper transaction is related to the location from which the transactions were executed. Most universities allow the execution of transactions related to student marks and grades from certain locations. Any transactions carried out by individuals outside these locations should be flagged by the auditing system as being suspected fake transactions and hence should be inserted into the file of the suspected fraudulent transactions for further investigation.
The framework also aims to address issues related to transactions which appear as if they are legal, but in reality, they are fake one. For example, transactions performed by authorized personnel from the right place, from the right machine, and at the right time, but nevertheless they might be fraudulent. This is an example of internal threat. Then how the framework addresses such type of threat. The framework can respond to a threat of this kind by using the concept of transaction consistency. In such scenario, transactions can be grouped based on certain characteristics. For example, an instructor completed entering the marks of the students for certain course section, if the auditing system discovers that some transactions were updated by another user other than the instructor, these transactions will be highlighted by the system as being suspected fake transactions and will be recorded into the file of the suspected fraudulent transactions for further investigation.

Conclusions and future research
Prior research in continuous auditing (CA) and continuous monitoring (CM) of data demonstrates the existence of solid connection between contemporary auditing practices and information system audit. With the objective of ensuring the validity and reliability of all data stored in an electronic form, the information system audit will remain a controversial research topic. This paper highlights the theoretical aspects of a framework that will be used to detect and identify fraudulent suspected transactions in an information system for higher educations. Based on the literature that we have reviewed, we found that this is the first attempt to propose the use of viable technique, outlier analysis algorithm, to improve the auditing of information system.
In this paper, we have just proposed a theoretical framework to support information system audit in higher education. The findings of our research contribute to the previous literature in various ways. First, the consequences of this research contribute over-all support to the recommendation that all else remain constant, the higher the quality of the data, the better the performance of all organization. Identifying fraudulent suspected transactions in an information system for higher education help both university and ministry of higher education senior excusive to make a complex diction in using resources more efficiently and effectively and ensure education quality.
We have to acknowledge at this point that there is a need for further investigation to discuss how to implement this framework using real data that should be collected from university's information system. Moreover, the outlier analysis, the proposed data mining technique, employs different type of techniques to detect the outlier objects. Among the techniques that employed by outlier analysis clustering-based techniques, nearest-neighbor classification techniques, and statistical methods. There is a convincing need for future research to decide which is the best outlier analysis technique that can be chosen for improving the auditing of information systems.
The OJIT provides a platform for the manuscripts from different areas of research, which may rest on the full spectrum of established methodologies, including theoretical discussions and empirical investigations. The manuscripts may represent a variety of theoretical perspectives and different methodological approaches.
The authors of articles accepted for publishing in the OJIT should get the ORCID number (www.orcid.org), and Thomson-Reuters' Researcher ID (www.researcherid.com).
The journal is now publishing 2 times a year.

PEER REVIEW POLICY
All manuscripts submitted for publishing in the OJIT are expected to be free from language errors and must be written and formatted strictly according to the latest edition of the APA style. Manuscripts that are not entirely written according to APA style and/or do not reflect an expert use of the English language will not be considered for publication and will not be sent to the journal reviewers for evaluation. It is completely the author's responsibility to comply with the rules. We highly recommend that non-native speakers of English have manuscripts proofread by a copy editor before submission. However, proof of copy editing does not guarantee acceptance of a manuscript for publication in the OJIT.
The OJIT operates a double-blind peer reviewing process. The manuscript should not include authors' names, institutional affiliations, contact information. Also, authors' own works need to be blinded in the references (see the APA style). All submitted manuscripts are reviewed by the editors, and only those meeting the aims and scope of the journal will be sent for outside review. Each manuscript is reviewed by at least two reviewers.
The editors are doing their best to reduce the time that elapses between a paper's submission and publication in a regular issue. It is expected that the review and publication processes will be completed in about 2-3 months after submission depending on reviewers' feedback and the editors' final decision. If revisions are requested some changing and corrections then publication time becomes longer. At the end of the review process, accepted papers will be published on the journal's website.

OPEN ACCESS POLICY
The OJIT is an open access journal which means that all content is freely available without charge to the user or his/her institution. Users are allowed to read, download, copy, distribute, print, search, or link to the full texts of the articles, or use them for any other lawful purpose, without asking prior permission from the publisher or the author. This is in accordance with the BOAI definition of open access.
All articles published in the OJIT are licensed under a Creative Commons Attribution 4.0 International License.
Authors hold the copyrights of their own articles by acknowledging that their articles are originally published in the OJIT.
Center for Open Access in Science