Insight into how cyber forensic accounting enhances the integrated reporting quality in small and medium enterprises

Abstract

The objective of this current research is to examine the influence of cyber forensic accounting on the quality of integrated reporting. The current investigation employed a mixed-methods approach. As a result, the objective of examining the qualitative viewpoints expressed in the expert interviews was to ascertain the practical implementation of the constructs and gain a more comprehensive understanding of several concerns associated with the proposed model. The proposed model, which was verified using AMOS 28.0 software and structural equation modeling, was empirically supported by the examination of statistical data collected from surveys administered to accountants employed in small and medium-sized businesses. The outcome analyses that were performed identified positive and statistically significant relationships between the hypothesized constructs in terms of effect magnitude. More concretely, among the components of cyber forensic accounting that impacted the quality of integrated reporting, zero trust governance and management control systems exhibited the highest path coefficient, followed by cyber anti-fraud policies. Conversely, digitally designed forensic procedures demonstrated the lowest path coefficient. Furthermore, aside from providing a solid foundation for future investigations, the refined insights presented in this work can also assist policy-makers and practitioners in recognizing and capitalizing on prospects to improve and expand quality of integrated reporting. This can be achieved through the implementation of efficient and effective rules and policies related to cyber forensic accounting management.

Keywords:

• Cybersecurity
• integrated reporting
• forensic accounting
• SME

REVIEWING EDITOR:

• Sandra Alves, Higher Institute of Accounting and Administration, University of Aveiro, Portugal

SUBJECTS:

• Economics
• Business, Management and Accounting
• Computing & IT Security
• Robotics & Cybernetics

1. Introduction and context

Stakeholders are progressively seeking more comprehensive and ample information regarding the company’s processes, resources, relationship quality, and management. This is done to enable them to evaluate the company’s potential for long-term value generation (Lawal & Yahaya, 2024). Hence, the International Integrated Reporting Council (IIRC), established in August 2010 under the name International Committee on Integrated Reporting, introduced the International Integrated Reporting Framework (International Integrated Reporting Council (IIRC), 2013). Subsequently, the framework underwent revisions to facilitate improved reporting (International Integrated Reporting Council (IIRC), 2021).

Integrated reporting can significantly contribute to improving the disclosure of Sustainable Development Goals (SDGs) by offering the necessary framework, strategy, and resources to transform these goals into quantifiable business initiatives (Curtó-Pagès et al., 2021). The notion of integrated reporting has attracted considerable attention from researchers, practitioners, and policymakers worldwide (Velte & Stawinoga, 2017; Dumay et al., 2016; Rinaldi et al., 2018). The current surge in interest in integrated reporting is indicative of a larger pattern in which businesses are increasingly incorporating non-financial information into their corporate reports. This shift acknowledges the need for greater transparency in operations (De Villiers et al., 2014; Deegan, 2020; Malafronte & Pereira, 2021). De Villiers and Dimes (2023) proposed that integrated reporting has the potential to reconcile the differences between investor-focused reporting and environmental reporting, which primarily caters to environmentalists. Furthermore, research has shown that integrated reporting can improve existing sustainability reporting and management methods (Hsiao et al., 2022; Montecalvo et al., 2018). Integrated reporting may be attractive to managers as a means of effectively conveying and consolidating business communications regarding sustainability strategies, both within the organization and to external stakeholders (De Villiers & Dimes, 2023).

The scholarly literature has demonstrated the progression of integrated reporting as a means of implementing its regulatory policy. However, it has been demonstrated that the motivation behind integrated reporting disclosures is not commitment and engagement, but rather compliance and conformity (Veltri & Silvestri, 2020; Vitolla et al., 2019a). This suggests that the disclosures in integrated reporting do not provide the pertinent informational value that various stakeholders seek. Pertaining to this matter, the significance of integrated reporting quality surpasses that of its ordinary implementation (AbuRaya, 2023). Ensuring the quality of integrated reporting prevents its exploitation as a means of greenwashing by management in order to present redundant and excessively detailed data (Velte, 2022). While it is more important to disclose high-quality data rather than large quantities (Songini et al., 2020), the number of academic papers that specifically address this aspect is limited (Pistoni et al., 2018).

More remarkably, certain organizations have a tendency to partake in unethical practices such as misappropriating assets, maximizing bonuses, overstating revenues, capitalizing expenses, understating liabilities, and evading taxes in order to satisfy the expectations of their stakeholders (Al Shehab, 2022). When integrated reporting is dishonest, it presents an inaccurate image of the company, leading investors and other users to form erroneous judgments about it. Therefore, it is consistently a formidable undertaking to deliver a report that is precise, open, and succinct (Devarapalli et al., 2024).

The present circumstances necessitate the urgent employment of a forensic accountant, whose expertise enhances the reliability of financial statements (Al Shehab, 2022) as well as integrated reporting. Management of fraud risk is the focus of forensic accounting (Akinbowale et al., 2023). In other words, it enables the evaluation of every potential danger linked to an institution, such as the risk of fraudulent activities (Chih-Hao & Kuen-Chang, 2020). Furthermore, it guarantees the management of potential obstacles that may impede the achievement of an organization’s objectives (Shah et al., 2011). By applying the principle of cause and effect, forensic accounting can aid in the comprehension of the overall circumstances that facilitate the commission of fraud (Santos Filho et al., 2017).

The utilization of Industry 4.0-specific usage tools and the digital transformation of economic entities delineate a novel outlook for the reporting environment (Rowbottom et al., 2021). Therefore, the quality of reporting is significantly and positively impacted by the implementation of an information system based on contemporary technologies (Bhatti & Akram, 2020; Bordeleau et al., 2019). The corporate reporting system experiences enhanced transparency and security in its performance and quality due to the influence of information technology. However, the continuous evolution of technology poses a challenge to the integrity and quality of reporting information (Raewf & Jasim, 2021). Accordingly, digitalization and digital transformation present small and medium-sized enterprises (SMEs) with numerous challenges as well as new opportunities.

SME participation in socioeconomic development is crucial (Ismail, 2022), especially in developing nations (Costa et al., 2024). It has been suggested that businesses, particularly SMEs, invest inadequately in prevention and have inadequate awareness of cyber hazards (Mijnhardt et al., 2016). Insiders inflict substantial damage on small businesses more frequently than they do on larger organizations (Bunn et al., 2019; Kennedy, 2018). On the other hand, the likelihood that the media will expose fraud in SMEs is lower due to the media’s tendency to concentrate on larger corporations that are enduring enormous financial losses (Kramer, 2015).

The emergence of cyber forensic accounting is propelled by technical advancements, alterations in company procedures, regulatory revisions, and shifts in the global economic landscape (Hossain, 2023). Cyber forensic accounting is a recent advancement that focuses on investigating and preventing online financial fraud activities, such as identity theft, hacking, and phishing (Akinbowale et al., 2020).

There is a growing interest in the enhancement and improvement of integrated reporting quality, which has emerged as a significant research question in academic literature. Policymakers and scholars alike are now urged to engage in deliberate investigation and develop a meaningful understanding of this matter. Scholars have put forth various solutions pertaining to integrated reporting, including the following: the involvement of the board of directors (Olagunji et al., 2023); the involvement of the audit committee (Yahaya & Onyabe, 2022); the significance of managerial ownership in integrated reporting (Abdulfatah et al., 2023); the involvement of auditors (Yakubu & Yahaya, 2023); and the involvement of the chief executive officer (Onyabe et al., 2023).

Although several scholarly studies have examined how forensic accounting contributes to and enhances the standard of financial reporting (e.g. Enofe et al. (2016); Oyedokun et al. (2018); Metwaly et al. (2023); Osaloni and Ige (2023)), the untapped potential of cyber forensic accounting in improving quality of integrated reporting remains largely unexplored.

This has prompted the need to reconsider and build a comprehensive understanding of a novel technique known as cyber forensic accounting as well as its components to harness greater potential and ensure quality of integrated reporting. Considering the lack of an established academic background on this subject, the main motivation for this research was to analyze how cyber forensic accounting could improve and enhance quality of integrated reporting. This analysis aimed to identify the theoretical and practical contributions in this area. Furthermore, this theoretical gap has served as a catalyst for the formulation of the thought-provoking research questions presented below.

RQ1. What are the components of cyber forensic accounting?

RQ2. To what extent does each component impact quality of integrated reporting?

Considering the context of a developing nation, the current manuscript that is now being done is groundbreaking from a theoretical perspective. By bridging the gaps in the literature, which has been dominated by developed country-based literature to this point, the current research was innovative because it expressly positioned itself to enrich the state-of-the-art research on integrated reporting. Indeed, despite its significance and the growing attention it receives from practitioners, academics, and institutions in the process of enhancing our comprehension of the value implications of integrated reporting practice, the empirical investigation is still restricted to developed countries (i.e. Busco et al. (2019); García‐Sánchez et al. (2019); Garcia-Sanchez et al. (2020); Vitolla et al. (2019b); Raimo et al. (2020); Chouaibi and Hichri (2020)), with a lesser amount of focus being placed on developing and emerging markets (i.e. Suttipun and Bomlai (2019); Al Amosh and Mansor (2020); Salwa et al. (2020); Ahmed et al. (2021); Cooray, Senaratne, et al. (2020); Cooray et al. (2021)). The current body of research on integrated reporting is predominantly focused on developed nations that possess robust stock markets (i.e. Arora et al., 2022; Ackers and Adebayo, 2022). The examination of the integrated reporting framework and its application within large organizations has been the subject of literature only recently (i.e. Lai et al., 2017; Silvestri et al., 2017). However, empirical research on the specific extent to which SMEs in various countries have adopted integrated reporting is extremely scarce, particularly in regards to unlisted SMEs (Del Baldo, 2015, 2019).

According to AbuRaya (2023), integrated reporting refers to the amalgamation of financial and nonfinancial data into a unified report, with the aim of effectively conveying an organization’s performance in generating value for its stakeholders. This study presents novel characteristics for evaluating the quality of integrated reporting for SMEs in response to the recommendations put forth by Permatasari and Tjahjadi (2023). These characteristics are based on the integration of various criteria for evaluating the quality of financial reporting and sustainability reporting, which have been previously published by professional associations and researchers.

Within the realm of accounting literature, integrated reporting is a research subject that is constantly evolving (Grassmann, 2021). Although academics have been advocating for the use and purpose of integrated reporting for a long time (De Villiers, Venter, et al., 2017), there is still a lack of empirical studies on the factors that influence the acceptance of integrated reporting and its supposed virtues (Reimsbach et al., 2018; Rinaldi et al., 2018; De Villiers, Hsiao, et al., 2017). The current research pioneers research on the interconnection between cyber forensic accounting and quality of integrated reporting within SMEs in developing country. In doing so, the current research enriches the burgeoning body of literature on digital forensic accounting (i.e. Awodiran et al. (2023); Pham and Vu (2024)). Admittedly, to take advantage of new technologies, several companies have been digitally transforming their accounting processes in recent years (Goh & Yong, 2024). The primary source of novelty and value lies in providing academics and professionals with a comprehensive perspective on various elements that must be considered when engaging in cyber forensic accounting. These elements include cyber anti-fraud policies, zero trust governance, digitally designed forensic procedures, and management control systems. As such, this could be beneficial for academics and aspiring professionals interested in expanding their knowledge in these areas.

Extensive analysis of the results would be helpful for practitioners since it would show them how to detect and take advantage of growth opportunities made possible by digital technology. Specifically, increasing the level of recognition and comprehension regarding the quality of integrated reporting would empower practitioners to promote the adoption of such reporting systems. Because it would solidly leverage the more holistic solution implementation, the major comment also noted that practitioners should prioritize increasing their focus on cyber forensic accounting implementation, which would allow SMEs to achieve integrated reporting adoption. Furthermore, prior to making considerable investments in the implementation of cyber forensic accounting, senior executives in SMEs can greatly benefit from determining the critical components of cyber forensic accounting and comprehending the interrelationships between these components and the quality of integrated reporting. Strikingly, this study is an innovative attempt to provide advice to managers and operations as well as policymakers at the national and industrial levels on how to apply cyber forensic accounting. Therefore, it was recommended that government officials prioritize innovative features and create an environment conducive to deploying innovations. This could be achieved by implementing policies that support the use of digital technologies and encourage the advancement of cyber forensic accounting through their implementation.

The remainder of this paper is organized as follows. The theoretical background is presented in Section 2. The research methodology employed in this study is elaborated upon in Section 3, encompassing the elucidation of the qualitative phase, the formulation of the study’s hypotheses, and the proposed development of a model based on the findings of the qualitative phase. Additionally, a quantitative phase was conducted to validate all the constructs proposed in the hypothesized model. A more in-depth examination and discussion of the findings are presented in the second and last sections. The conclusion and potential avenues for further study are highlighted in the final section.

2. Literature review and theoretical basis

2.1. Theorical background

2.1.1. Contingency theory

Contingency theory was initially developed by scholars at Ohio State University in 1950 (Nohria & Khurana, 2010). This theory was established in organizational studies based on its extensive incorporation into many definitions within the organizational literature (Sauser et al., 2009). The term ‘contingency’ refers to something that exists only under specific conditions (Chenhall, 2003). This term has also been influenced by the fact that the effects of one construct on another depend on a third construct. From a theoretical perspective, it is widely accepted that the ideal structure of an organization depends on several factors, including the characteristics of its workforce, the technologies it uses, and the conditions of the market (Nasrallah & Qawasmeh, 2009). Expanding on this principle, organizations function as open systems that consistently interact with their environment and adjust to various external stimuli. Therefore, organizational peculiarities depend on the surrounding conditions, market, and adopted cutting-edge technologies. Contingency theory has emerged as the prevailing theory that has garnered significant attention from researchers in the fields of accounting and auditing (Abushaiba & Zainuddin, 2012; Badara, 2015; Badara & Saidin, 2014; Ninlaphay & Ngamtampong, 2013). Consequently, contingency theory has the potential to be a suitable framework for shedding light on forensic accounting research. In their study, Pham and Vu (2024) utilized this theory to elucidate the interrelationships among digital forensic accounting, circular metaverse business model innovation, and accelerated internationalization. Expanding upon the viewpoint of contingency theory, there is a pressing need for an efficient method that allows SMEs to achieve a high standard of integrated reporting. One potential solution could be the implementation of cyber forensic accounting. Therefore, the efficiency and effectiveness of cyber forensic accounting are contingent upon the efficient and successful performance of each of its constituent components.

According to Velte and Stawinoga (2017), numerous ideas have been cited in empirical studies on integrated reporting and sustainability. Several theories have been studied in the past, such as legitimacy and stakeholder theories (Zhang et al., 2020).

2.1.2. Legitimacy theory

Legitimacy theory posits that companies have implicit social agreements with the communities in which they conduct their operations. The social contracts proposed by Shocker and Sethi (1973) aim to incentivize senior managers to adhere to society’s particular values, conventions, and limitations, as outlined by Dowling and Pfeffer (1975). The long-term survival of a company is contingent upon its capacity to fulfill its sustainability objectives. Companies must use particular tactics to address gaps in legitimacy (Fernando & Lawrence, 2014). Legitimacy theory also suggests that a high standard of sustainability and integrated reporting results in enhanced corporate reputation and confidence among stakeholders (Dowling & Pfeffer, 1975). Given the growing expectations of stakeholders and the evolving landscape, in accordance with legitimacy theory, an organization’s management will address the potential loss of credibility caused by public unease regarding its social and environmental impacts by enhancing its integrated reporting practices (Orobia et al., 2023). This could augment social legitimacy and enhance corporate reputation (Zhang et al., 2020). As conventional financial reporting is inadequate to meet the intricate information requirements of diverse stakeholders, voluntary integrated report adoption might be considered an effective approach to reduce the legitimacy gap. Integrating sustainability reporting as a separate entity from financial reports is a significant measure for achieving credibility and acceptance (Fernando & Lawrence, 2014) as environmental and social considerations should be accorded equal priority as economic information. Corporations that use effective reporting techniques gain both financial and non-financial advantages, thereby enhancing their firm’s value (Breijer & Orij, 2022). According to Wendai et al. (2022), sustainability and integrated reporting help narrow the difference between balanced equity and company value. As stated by Busco et al. (2019), organizations with appropriate integrated reporting can effectively maximize their financial advantages over time, leading to enhanced stakeholder reputation and social legitimacy.

2.1.3. Stakeholder theory

Stakeholder theory aids in comprehending the many types of pressure exerted by stakeholders on a company’s actions and the corresponding responses of the company to these demands (Freeman, 1984; Vitolla et al., 2019c; Speziale, 2019). Stakeholder theory asserts that firms must consider the concerns of not only their shareholders as well as other stakeholders (Freeman, 1984). Stakeholder theory focuses on disclosing information to investors and shareholders (Vitolla et al., 2019b; Vitolla et al., 2019c). It encompasses the interests of all parties involved in the company and contributes to enhancing the creation of long-term value and establishing credibility (Godos-Díez et al.). The stakeholder theory is commonly employed in the literature on integrated reporting disclosure, as demonstrated by several studies (e.g. Vitolla et al., 2019b; Vitolla et al., 2019c; Gerwanski et al., 2019; Speziale, 2019). Girella et al. (2019) proposed that the disclosure of information related to integrated reporting enables organizations to alleviate stakeholder pressure by establishing a comprehensive connection between many aspects, such as company strategy and performance. Nicolò et al. (2021) contend that integrated reporting is an indispensable instrument capable of satisfying the information requirements of significant stakeholders and garnering their endorsement. Consequently, the distribution of reliable and valuable integrated reporting information serves as a reaction to the requirements of stakeholders and as a method for establishing their confidence in the company (Vitolla et al., 2019b).

As posited by legitimacy theory, when the public becomes uneasy about the social and environmental impacts of an organization, its management will endeavor to regain credibility through the improvement of integrated reporting practices (Orobia et al., 2023). The dissemination of dependable and valuable integrated reporting information is a response to the demands of stakeholders and a means of establishing their trust in the organization, according to the stakeholder theory (Vitolla et al., 2019b). Essentially, organizations prioritize high-quality integrated reporting as their primary objective. Therefore, it is crucial to establish a new set of criteria for evaluating the quality of integrated reporting.

2.2. Conceptual framework

2.2.1. Cyber forensic accounting

The demand for forensic accountants has witnessed tremendous growth in recent years due to the rise in financial fraud and white-collar crimes in recent years (Atmaja & Sukartha, 2021; Alshurafat et al., 2020). Forensic accounting is the use of accounting and auditing methods to address legal matters (Al Shbail et al., 2022). As defined by Afriyie et al. (2023), forensic accounting is the application of accounting expertise to scrutinize instances of fraud, embezzlement, and other forms of financial misconduct. Additionally, it involves the collection of non-financial information pertaining to an organization. Cybercriminals exploit massive amounts of data, which makes it difficult to extract relevant information and identify patterns. According to Hossain (2023), a wide variety of cybercrimes can occur including hacking, cyberstalking, phishing, and identity theft. Data analytics, digital forensics, and financial investigations are methods used to identify the origins of cyberattacks and retrieve stolen money. According to Hossain (2023), cyber forensic accounting is the process of investigating and preventing cybercrimes through the application of forensic accounting concepts. The utilization of forensic accounting services has consistently demonstrated its ability to improve fraud investigation, provide legal support, assess corporate value, and detect cybercrime. More concretely, Alshira’h et al. (2024) identified a clear inverse relationship between tax sanctions, detection probability, tax ethics, tax justice, forensic accounting, government spending, and the efficiency of value added tax evasion. In the same vein, Rehman and Hashim (2021) suggested that the utilization of forensic accounting has the potential to strengthen and optimize sustainable corporate governance. Furthermore, Awodiran et al. (2023) posited that the implementation of digital forensic accounting can contribute to the mitigation of cyber fraud. Remarkably, Darwazeh et al. (2024) conducted a study on the impact of forensic accounting on firm performance in the Jordanian insurance sector. They found that each component of forensic accounting, including trend analysis, data mining, financial ratios, and reasonableness testing, had a significant influence on firm performance. Besides, Pham and Vu (2024) put forth a conceptual framework for digital forensic accounting that encompasses four key components: anti-fraud policies, governance, fraud detection, and internal controls. This framework aims to explore the interplay between digital forensic accounting, circular metaverse business model innovation, and accelerated internationalization. The concept of cyber security forensic accounting was initially introduced by Hossain (2023). However, this study primarily focused on providing an introduction to the definition and significance of cyber security forensic accounting, without delving into a comprehensive analysis of its components, principles, and activities.

2.2.2. Integrated reporting

Integrated reporting has been actively promoted by both local and global agencies for over ten years, following its initial implementation 20 years ago (De Villiers & Maroun, 2018). According to Adams (2015) and Hamad et al. (2023), integrated reporting is a relatively new type of corporate reporting that centers on the value-creation process and how it benefits both shareholders and society with societal considerations. The dual reporting and thinking process of integrated reporting could be instrumental in promoting fresh perspectives on reporting and decision making (Adams, 2015; Eccles, 2014). Izzo et al. (2020) argue that integrated reporting is a useful tool for companies to integrate SDGs into their reporting and thinking by sharing their journey towards attaining the SDGs. Organizations that have participated in Global Reporting Initiative (GRI) reporting are more inclined to willingly embrace the integrated reporting framework, which is seen by some as an evolution of sustainability reporting (Hsiao et al., 2022). Effectively incorporating integrated reporting into company models allows organizations to contribute to the SDGs (Benedek et al., 2021). Integrated reporting is a style of business reporting that aims to combine financial and non-financial data to provide a unified picture of an organization’s value creation, maintenance, and destruction processes to a variety of interested parties (De Villiers et al., 2020). Additionally, Curtó-Pagès et al. (2021) argued that integrated reporting provides more accurate data than annual reports and is better able to provide information related to SDGs. Furthermore, Elalfy et al. (2021) find that SDGs disclosure is better in high-quality integrated reporting with external assurance. Thus, businesses might help bring about SDG alignment by achieving them through integrated thinking and reporting.

Academic research in the field of integrated reporting has been expanding, as evidenced by the work of de Villiers et al. (2014), Dumay et al. (2016), and Rinaldi et al. (2018). In recent years, there has been an increasing focus on specific aspects of integrated reporting. These include examining the connection between integrated reporting and other methods of disclosing information, assessing the quality of integrated reporting and its verification, critically analyzing the framework and principles of integrated reporting, and identifying challenges in adopting integrated reporting (Songini et al., 2023). These studies have conducted comprehensive assessments at both the macro and micro levels, which have contributed to a deeper understanding of the evolution and dissemination of integrated reporting. Macro-level research has examined the social structures and institutions involved in the emergence of the IIRC (Rowbottom & Locke, 2016). Other studies have focused on the political factors and influences that shape the conceptual and framework development of integrated reporting (Flower, 2015; Reuter & Messner, 2015). Additionally, research has explored the strategies, mechanisms, and interactions employed by the IIRC to establish integrated reporting. At the microscopic level, research on integrated reporting has given significant attention to the adoption and implementation of integrated reporting, specifically examining how it has been comprehended and put into practice within individual entities (Rinaldi et al., 2018). With the increasing prevalence and development of integrated reporting practices in the private sector, scholarly research has emerged to examine the specific dynamics and effects of integrated reporting implementation on organizational actors and practices. For example, Gibassier et al. (2018) and McNally and Maroun (2018) offer detailed analyses at the micro-level, shedding light on the intricate interactions within organizations. These studies demonstrate divergent paths due to various reasons or motivations for adoption (i.e. García-Sánchez & Noguera-Gámez, 2018; McNally et al., 2017), different interpretations of integrated reporting (Gibassier et al., 2018), and its alignment with an organization’s fundamental socioeconomic vision (McNally & Maroun, 2018). Therefore, it is important to elucidate the peculiarities of integrated reporting implementation when various entities embrace it.

Building on the perspectives of Vitolla et al. (2019a), report quality is defined as the accuracy and completeness of a company’s disclosures in a report. Accordingly, the evaluator’s subjective assessment of the reporting entity’s information’s reliability, comparability, and usefulness was deemed to be disclosure quality. Put simply, the data’s relative usefulness is what disclosure quality refers to. Notably, researchers often make the mistake of equating the amount of information disclosed with the concept of disclosure quality, according to Vitolla et al. (2019a). The concept of integrated reporting quality has been defined by Zhou et al. (2017) and Pistoni et al. (2018) as the degree to which integrated reporting aligns with the relevant framework. A strong correlation between alignment and high-quality integrated reporting can be inferred, and conversely. Although Rivera-Arrubla et al. (2017) utilized integrated reporting alignment on two content items namely business model and governance and two integrated reporting principles namely connectivity and materiality, this was all. In order to find out if integrated reporting is actually useful or just empty rhetoric, Ahmed Haji and Hossain (2016) used a linguistic perspective to evaluate the quality of integrated reporting. They brought attention to the fact that integrated reporting discloses the six forms of capital that contribute to value development. In addition, Malola and Maroun (2019) delved into the content components in connection to the total amount of information given to stakeholders, focusing on the integrated reporting quality of the amount of information reported to stakeholders. This encompassed both quantitative and qualitative disclosures, whether the disclosure was symbolic or substantial, and how easy it was for stakeholders to understand the information. A different definition was provided by Gerwanski et al. (2019) and Cooray, Gunarathne, et al. (2020), though. In their study, Gerwanski et al. (2019) highlighted the importance of materiality considerations when developing integrated reporting that is in line with the relevant framework. On the other hand, Cooray, Gunarathne, et al. (2020) presented the strategic features of integrated reporting that define corporate value generation with a greater emphasis on qualitative qualities. This study finds that the number of disclosures is not the only criterion for defining integrated reporting quality, based on the literature on the topic. Additionally, according to Zhou et al. (2017) and Pistoni et al. (2018), the quality of integrated reporting is determined by how well a company’s reports adhere to the standards outlined in the applicable framework and provide the necessary information for report users. While the dimensions proposed by Zhou et al. (2017) and Pistoni et al. (2018) have been extensively studied and used to form integrated reporting quality, there is still plenty of room for future research to redevelop these dimensions (Permatasari & Tjahjadi, 2023). For instance, researchers could combine one or more dimensions from different definitions of integrated reporting to create a new set of measurements (Permatasari & Tjahjadi, 2023).

3. Materials and method

3.1. Research design

The utilization of a mixed-methods technique enables researchers to effectively investigate both exploratory and validation research inquiries, hence making valuable contributions to the advancement of novel theoretical frameworks (Cheng et al., 2022). Qualitative research serves as an efficacious approach for undertaking exploratory research, facilitating the development of novel theoretical insights, identifying and describing intricate mechanisms, and constructing propositions that contribute to a more profound comprehension of a given phenomenon (Hua et al., 2019). Conversely, quantitative research can assist in the verification of hypotheses and the establishment of causal relationships (Hua et al., 2019).

There is a lack of a comprehensive plan to learn about and clarify how cyber forensic accounting affects the quality of integrated reporting. Qualitative or quantitative methods are currently inadequate to address the research inquiries of this investigation. Therefore, for the purpose of development, a mixed-methods design was selected to employ in the current research in which the research design for the quantitative phase was informed by the findings obtained during the qualitative phase. Initially, a qualitative investigation was undertaken (Phase 1) to examine various elements of forensic accounting and standards for the quality of integrated reporting via in-depth interviews. The findings were integrated into the formulation of the theoretical framework and hypotheses. Subsequently, a quantitative study (Phase 2) was undertaken to empirically examine the impact of various cyber forensic accounting components on the quality of integrated reporting.

3.2. Qualitative phase

In accordance with the suggestions put forth by several qualitative academics, this research utilized a purposive sampling technique to identify informants who were not only suitable for the subject under examination but also capable of effectively communicating it (Creswell & Poth, 2018). This method allowed scientists to obtain expert opinions of superior quality while requiring minimal financial investment, time, and personnel (Karmaker et al., 2023). However, its subjectivity imposed substantial limitations. As a result, the present study utilized the purposive sampling technique to ascertain the most valuable sources of information from academicians, working professionals, and individuals employed by SMEs in the relevant field. Drawing upon the viewpoints of contemporary qualitative scholars, the sample size was established by the subjective evaluations of researchers, who also possessed the knowledge of when saturation was achieved with respect to the qualitative sampling size (Creswell & Poth, 2018). Put simply, Creswell and Poth (2018) advocated that research could be terminated once an exhaustive examination of the material has been conducted and no additional themes have emerged.

Determining the most effective approach has involved undertaking semi-structured interviews with domain experts. By employing this methodology, structured data could be collected within the study’s predetermined parameters. Additionally, it enabled the discovery of insights that would have been unattainable through interview-based methods and provided an opportunity for additional discourse. In order to obtain insights and perspectives from scholars and practitioners who have conducted extensive research on cyber forensic accounting and quality of integrated reporting, semi-structured interviews were conducted. The interview procedure ceased when the data input became redundant or when no further information emerged. This research was concluded with the completion of fourteen interviews, as no further information could be gleaned. Table 1 presented the demographic information of the council of experts.

Table 1. Profile of panel of expert.

Item	Frequency	Valid (%)	Item	Frequency	Valid (%)
Gender			Career
Female	6	42.86	SMEs’ managers	5	35.71
Male	8	57.14	University Lecturer in accounting faculty	9	64.29
Experience (Years)			Education
10- under 15	11	78.57	Undergraduate	3	21.43
15 - under 20	3	21.43	Postgraduate	11	78.57

Phone interviews with semi-structured questions were conducted with participants at mutually convenient times. Based on the workload and shifting work hours, the interviews were scheduled from February to June 2023. Twenty-five to thirty minutes was the average duration of each interview. The primary investigator interviewed everyone for the sake of consistency. Each interview was described in length in the notes, which have had all identifying information removed for the sake of analysis. The cases that would show honesty in reporting were chosen when the subjects were determined. Table 2 showed the convergent joint, which incorporates both quantitative and qualitative data.

Table 2. Summary of convergent joint presentation of quantitative and qualitative outcomes.

Qualitative results		Meta-inference	Quantitative results
Sources	Exemplar quotation		Dimension
(P03, Private university’s lecturer)	…Digitally designed forensic procedures should radically be used throughout the processes of integrated reporting preparation…to guarantee verifiability of the information in integrated reporting….	Convergence: Digitally designed forensic procedures significantly and positively impact the verifiability of information in integrated reporting	Digitally designed forensic procedures
(P04, SMEs’ manager)	…Protection against complicated attacks throughout workflow …to detect and prevent frauds during integrated reporting preparation and presentation… so that the quality and materiality of information can be guaranteed…	Convergence: Zero trust governance significantly and positively impact the reliability of information in integrated reporting	Zero trust governance
(P09, SMEs’ manager)	…Cyber anti-fraud policies should be cautiously established…and implemented in the entire reporting preparation process…to monitor individuals is primarily responsible for preparing the report…and the reporting process…to ensure all information in integrated reporting…can be accurate and detailed …so that stakeholders can evaluate the overall performance of the company…	Convergence: Cyber anti-fraud policies significantly and positively impact the accuracy of information in integrated reporting	Cyber anti-fraud policies
(P06, SMEs’ manager)	…An efficient and effective management control system can communicate …all the goals of the company on the achievement of qualitative characteristics of integrated reporting… precisely and clearly…to all its staff…	Convergence: Management control system significantly and positively impact the quality of integrated reporting	Management control systems
(P08, Public university’s lecturer)	…Applications should be available …over public networks with constantly authorized access …to ensure that internal and external stakeholders can check …and thus help …integrated reporting to obtain neutrality…	Convergence: Zero trust governance significantly and positively impact the neutrality of information in integrated reporting.	Zero trust governance
(P10, Public university’s lecturer)	…Implementing management control system effectively can facilitate to collect related data and provide information to management to govern…so that all operations relevant to integrated reporting preparation …can perform effectively to provide timely information for external stakeholders…	Convergence: Management control system significantly and positively impact the timeliness of information in integrated reporting	Management control systems

The data analysis approach employed in this study was thematic analysis. The qualitative data was painstakingly documented by the researchers through the meticulous entry of observational notes and interview data sets into Microsoft Word files. To ensure the confidentiality of the participants, they were designated as P1, P2,…, P7. The construct dimensions of the recommended model underwent a round of expert consensus. Table 3 displayed the sociodemographic statistics pertaining to the expert panel.

Table 3. Profile of panel of expert.

Item	Frequency	Valid (%)	Item	Frequency	Valid (%)
Gender			Career
Female	4	57.14	SMEs’ manager	2	28.57
Male	3	42.86	SMEs’ chief accountant	2	28.57
Experience (Years)			University Lecturer in accounting faculty	3	42.86
Under 15	4	57.14	Education
15 – under 25	3	42.86	Master’s degree	4	57.14
			PhD degree	3	42.86

In accordance with the expert panel’s responses, the information regarding the constructs and dimensions of each construct in the proposed model is presented in Table 4.

Table 4. Summary of dimensions extracted.

Construct	Experts							Total experts	Valid (%)
	P1	P2	P3	P4	P5	P6	P7
Cyber forensic accounting	√	√	√	√	√	√	√	7	100
Cyber anti-fraud policies	√	√	√	x	√	√	√	7	85.71
Zero trust governance	√	√	√	√	√	√	√	7	100
Digitally designed forensic procedures	√	√	√	√	√	√	x	7	85.71
Management control systems	√	√	√	√	√	√	√	7	100
Quality of integrated reporting	√	√	√	√	√	√	√	7	100
Relevance	√	√	√	√	x	√	√	7	85.71
Predictive value	√	√	√	√	√	√	√	7	100
Confirmatory value	√	√	√	√	√	√	√	7	100
Faithful representation	√	√	√	√	√	√	√	7	100
Clarity	√	√	√	√	√	√	√	7	100
Neutral	√	√	√	√	√	√	√	7	100
Accuracy	√	√	√	√	√	√	√	7	100
Enhancing qualitative characteristics	√	√	√	√	√	√	√	7	100
Comparability	√	x	√	√	√	√	√	7	85.71
Verifiability	√	√	√	√	x	√	√	7	85.71
Timeliness	√	√	√	√	√	√	√	7	100

Note: “√”: agree; “x”: disagree.

3.3. Hypothesis development

The advent of digitalization and digital transformation presents both promising prospects and significant hurdles for SMEs. These hazards arise because of the constrained financial, human resources, and information technology capabilities of SMEs. In addition, these organizations are more prone to having insufficient internal controls and inadequate risk management practices, since they prioritize operational aspects while neglecting to provide resources to information technology security personnel or workers with expertise in regulatory compliance (Chakabva et al., 2021). The rapid implementation of information and communication technologies during the COVID-19 crisis has led to an increase in the number of threats. This is because of vulnerabilities in the implementation process, which simplifies the attacks. This situation has resulted in a substantial surge in cyber-fraud, money fraud, and identity theft (Buil-Gil et al., 2020). Despite being a highly safeguarded and legally regulated domain, accounting is frequently targeted by fraudsters (Trierweiler & Krumay, 2023). Cyber anti-fraud policies are significant for preventing fraudulent activities. These policies serve as enablers to evaluate risks and reduce instances of financial fraud in SMEs while also being adapted to address current economic conditions. The implementation of this norm will ensure the professional skepticism and independence of accountants. Additionally, it guarantees that financial institutions uphold adherence to reporting and internal management protocols, which are essential for combating financial fraud. In light of this, the first hypothesis guiding the present investigation is as follows.

Hypothesis 1 (H1). Cyber anti-fraud policies illustrate an impact on quality of integrated reporting in a significant and positive manner.

From the perspective of Yeoh et al. (2023), zero-trust cybersecurity shifts its emphasis from physical places to data in order to improve security controls among humans, systems, data, and assets that may vary over time. The zero-trust approach lacks a universally accepted definition (Shore et al., 2021). The zero-trust model is a strategic cybersecurity approach that seeks to safeguard organizations by removing implicit trust and consistently verifying each level of their digital interactions (Paul & Rao, 2022). The zero-trust paradigm runs on the premise that all devices, users, and apps have the potential to carry out unauthorized attacks on an organization’s information systems. Therefore, organizations should not automatically trust them (He et al., 2022). The zero-trust paradigm comprises several key components, namely zero-trust network access, multi-factor authentication, real-time monitoring, micro-segmentation, trust zones, and default access controls.

Corporate governance encompasses a framework of rules, norms, and protocols that regulate the management and oversight of a company’s operations and decision-making processes (Alzoubi, 2023). The company’s purpose is to ensure ethical, responsible, and accountable operations, while generating long-term value for all stakeholders (Rehman & Hashim, 2021; Wahyuni-TD et al., 2021). Zero-trust corporate governance encompasses a collection of principles, protocols, and processes that regulate the direction and management of a firm, particularly in relation to zero-trust security. This entails ensuring that the organization adheres to ethical and responsible procedures and fulfils all commitments to stakeholders. In light of this, the second hypothesis that guides the present investigation is as follows:

Hypothesis 2 (H2). Zero trust governance illustrates an impact on quality of integrated reporting in a significant and positive manner.

Cyberspace is a digital realm that can be accessed by anybody with Internet connectivity without the need for physical interaction. While utilizing cyberspace, individuals are susceptible to becoming targets of cybercriminals. Forensic accounting is widely recognized as a crucial tool for investigating many forms of fraud (Anuolam et al., 2016; Dada et al., 2013). According to Okpala (2019), forensic accounting is a potent strategy in the fight against financial crimes. Similarly, Okoye et al. (2020) argued that it has the potential to improve accountability and tackle mismanagement. Digital forensic procedures aim to gather, examine, and safeguard digital evidence. A digitally designed forensic procedure consists of multiple steps to guarantee the integrity of digital forensic evidence and to maintain a clear chain of custody during administrative, disciplinary, and judicial actions (Ogundele et al., 2023). Edori (2018) and Enofe et al. (2016) find a strong negative correlation between the use of forensic accounting procedures and instances of financial fraud. Adebisi et al. (2016) and Oyebisi et al. (2018) have shown that forensic accounting and fraud investigations have beneficial effects in preventing fraudulent activities. The study conducted by El Okoye et al. (2019) demonstrated that the implementation of forensic accounting may effectively identify and mitigate electronic crimes. In the same vein, the study carried out by Onwubik et al. (2019) found a favorable and statistically significant correlation between fraud reduction, detection, and prevention facilitated by forensic accounting and effective managerial responsibilities. Therefore, the third hypothesis that will guide the present investigation is as follows.

Hypothesis 3 (H3). Digitally designed forensic procedures illustrate an impact on quality of integrated reporting in a significant and positive manner.

Management control systems refer to a set of control processes and mechanisms employed by management to achieve the predetermined objectives and goals of their organizations (Malmi & Brown, 2008). MCSs foster social order and cohesion, regardless of the level of formalization in their design and utilization (Chenhall et al., 2017; Kraus et al., 2017). Management control systems generate and perpetuate the values and social norms within an organization, which in turn form a work ethos and are subject to ongoing change (Ahrens, 2018). Similarly, it incorporates both managerial and leadership tasks (Bassani et al., 2021).

Building on the perspectives of Uyar and Kuzey (2016) and Rehman et al. (2019), Management control systems implementation has a substantial and beneficial impact on corporate performance. Bezuidenhout et al. (2023) demonstrated a comprehensive examination of the production process for an integrated report outlining the involvement of Management control systems at each stage. The study’s evidence suggests that having well-defined organizational roles, a collaborative work environment, and frequent strategic discussions with stakeholders helped create an integrated report. This, in turn, allows for the integration of reporting to become deeply ingrained and established throughout the organization. Additional evidence suggests that strategic planning meetings can serve as both strategic and operational performance controls when preparing an integrated reporting. In light of this, the fourth hypothesis that guides the present investigation is as follows:

Hypothesis 4 (H4). Management control systems illustrate an impact on quality of integrated reporting in a significant and positive manner.

Hence, all above assumptions and variables are demonstrated as the Figure 1 as follow:

Figure 1. Hypothesized proffered model.

3.4. Quantitative phase

3.4.1. Operationalization of research variables

This study used survey methodology to collect data from participants (Maelah & Yadzid, 2018). Experts in the language field checked the questionnaire for readability, acceptability, and correctness once it was developed in English (Rastegar et al., 2021). To create and analyze the dataset, it was translated into Vietnamese by native speakers. Other native speakers of the target language back-translated it (Streiner et al., 2015). The two English versions of the questionnaire were cross-checked (Brislin, 1970). Before the main survey was distributed to a large number of people, a pilot research and pre-test were conducted to ensure the validity of the construct assessment and the quality of the questionnaire improvement (Cao et al., 2011). Multiple experts participated in the pilot study by checking the questionnaire for clarity, organization, readability, and ambiguity (Dubey et al., 2019). Subsequently, as suggested by Kothari (2004), a pilot study with 30 participants was conducted to validate the questionnaire and assessment tools. The instrument’s reliability was assessed by determining the Cronbach’s α value (Hernaus et al., 2012). The reliability and consistency of the questionnaire answers were confirmed when Cronbach’s alpha exceeded 0.7 (Hair et al., 2011). The results showed that reliability was sufficient because Cronbach’s α values were higher than the standard recommendations for exploratory research. Therefore, the final form was used for the primary survey.

3.4.2. Cyber forensic accounting

The first-order construct for assessing cyber forensic accounting comprises the following four second-order constructs: cyber anti-fraud policies, zero-trust governance, digitally designed forensic procedures, and management control systems. More specifically, the measurement scale for cyber anti-fraud policies is based on the criteria derived from the findings of Lloyd Bierstaker (2009) and Hossain (2023). The measurement scale for zero-trust governance is based on the criteria derived from the findings of Al-Zwyalif (2013), Vugec et al. (2017), and Al-Taee and Flayyih (2023). The measurement scale for digitally designed forensic procedures is based on the criteria derived by Ogundele et al. (2023). The management control systems measurement scale is based on the criteria derived from the findings of Akinbowale et al. (2021) and Almbaidin (2014).

3.4.3. Quality of integrated reporting

The development and enforcement of financial reporting standards for publicly-held firms are undertaken by the International Accounting Standards Board (IASB) and the Financial Accounting Standards Board (FASB), both of which are autonomous entities operating within the private sector. The main basis for measuring quality of financial reporting using the direct method is the qualitative features published by the FASB and IASB (Pham et al., 2023). Even though the FASB and IASB released an updated Conceptual Framework for Financial Reporting in April 2018, there was no modification to the qualitative aspects (IASB, 2018). According to the FASB and IASB (2010), quality of financial reporting is a third-order construct that uses three second-order constructs: relevance, faithful representation, and enhancing qualitative characteristics. Relevance has two first-order components, predictive value and confirmatory value, while faithful representation has three first-order components: complete, neutral, and error-free. The enhancement of qualitative characteristics has four first-order components: comparability, verifiability, timeliness, and understandability. Timeliness, comparability, satisfaction, clarity, and accuracy are the pillars around which Sebrina et al. (2023) construct sustainability reporting quality. Three second-order quality of integrated reporting constructs—Relevance, Faithful representation, and enhancing qualitative characteristics—reflect the first-order quality of integrated reporting construct. These constructs are based on a combination of the perspectives of FASB and IASB (2010) which was validated in the research of Pham et al. (2023) and the findings of Sebrina et al. (2023). Predictive value and confirmatory value are the two primary components of relevance, to put it more precisely. Accuracy, neutrality, and clarity are the pillars of faithful representations. Timeliness, comparability, and verifiability are the three pillars through which qualitative characteristics can be enhanced.

The summary of constructs with corresponding indicators in the proposed model was depicted in detail in Table 5.

Table 5. Summary of constructs with corresponding indicators.

Construct			Indicator
Cyber anti-fraud policies
			CAFP1: Our company establishes the regulations and policies pertaining to ownership, authorization, and control.
			CAFP2: The procedures and policies pertaining to risk management and the implementation of efficient cybersecurity controls.
			CAFP3: The procedures and policies pertaining to educating personnel about cyber threats and how to identify and respond to attacks.
			CAFP4: The policies and procedures designed to enhance and improve the moral conduct of employees
Zero trust governance
			ZTG1: Integration of identity across the entire organization
			ZTG2: The evaluation of resources relies on the analysis of real-time device data.
			ZTG3: Incorporates optimal strategies for enhancing cryptographic flexibility
			ZTG4: Enterprise-wide implementation of automated data categorization and labelling
Digitally designed forensic procedures
			DDFP1: Digitally designed forensic methodologies are advantageous in the process of identifying and obtaining digital evidence pertaining to cyber fraud.
			DDFP2: Digital forensic processes have proven to be beneficial in the gathering and examination of digital evidence pertaining to cyber fraud.
			DDFP3: Our company can include digitally designed forensic techniques into their online platforms to effectively prevent cyber fraud.
			DDFP4: Our companies can incorporate digitally designed forensic techniques into their online platforms to effectively prevent various forms of internet fraud.
Management control systems
			MCS1: Utilizing the available cyber forensic accounting, the firm’s management oversees the implementation of strategy and activity plans throughout all business phases.
			MCS2: By providing surveillance reports on management performance, cyber forensic accounting practices enable management to make decisions and implement corrective measures.
			MCS3: The monitoring standards and indicators provided by the firm’s cyber forensic accounting practices enable management to identify deviations, determine their causes, and implement corrective measures.
			MCS4: The monitoring of plan implementation through the utilization of cyber forensic accounting practices is regarded by the firm’s management as a critical instrument for completing tasks and attaining objectives.
Quality of integrated reporting
	Relevance
		Predictive value
			PV1: Our firms’ integrated reporting data is sufficiently dependable to assist investors in making aid decisions.
			PV2: Our firms’ integrated reporting data is sufficiently dependable to forecast forthcoming outcomes.
		Confirmatory value
			CV1: The information pertaining to integrated reporting is sufficiently dependable to evaluate the firm’s plan implementation.
			CV2: The data presented in integrated reporting is sufficiently dependable to evaluate the firm’s performance.
			CV3: The information presented in integrated reporting accurately represents the firm’s current economic and financial condition.
			CV4: Fairness characterizes the preparation and presentation of integrated reports.
			CV5: The firm’s accountant possesses sufficient independence to effectively process and present integrated reporting.
	Faithful representation
		Clarity
			CL1: Information in reports is comprehensible, easily accessible, and utilitarian for the various stakeholders of the organization.
			CL2: Detailed explanations of accounting principles and methodologies can be found in the integrated reporting.
			CL3: Information regarding integrated reporting is comprehensive of all firms’ activities.
			CL4: Integrated reporting information is interpreted and exhaustively described in terms of both nature and statistics.
		Neutral
			NEU1: Information of integrated reporting is free from personal judgments
			NEU2: Information of integrated reporting is fair and impartial.
		Accuracy
			ACC1: Information presented in integrated reporting is accurate and unbiased.
			ACC2: Integrated reporting information is devoid of any significant errors.
			ACC3: Integrated reporting provides sufficient detail and precision for stakeholders to assess the performance of the organization.
	Enhancing qualitative characteristics
		Comparability
			CO1: Information in integrated reporting allows stakeholders to gain a comprehensive understanding of the performance in relation to the goals and outcomes attained in previous years over a period of time.
			CO2: Information in integrated reporting facilitates the analysis of changes in the organization’s performance over time
			CO3: Information in integrated reporting facilitates cross-organizational comparisons.
		Verifiability
			VE1: Accounting documents and other related documents are preserved and retained in accordance with legal requirements.
			VE2: The data and procedures employed in the creation of integrated reporting are gathered, documented, consolidated, examined, and disclosed in order to verify their accuracy and assess the significance and relevance of the information.
			VE3: The information and data inputted into the integrated reporting system are substantiated by internal controls or documents that can be subject to inspection by individuals other than the report creator.
			VE4: Furthermore, the organization has the ability to identify reliable facts that can substantiate intricate assumptions or calculations.
		Timeliness
			TI1: Integrated reporting is routinely processed and promptly made available for explanation by stakeholders.
			TI2: Integrated reporting is consistently generated and delivered in a timely manner to enable stakeholders to provide input on decisions.
			TI3: Information pertaining to our firm’s integrated reporting is consistently documented and promptly updated to reflect all firm operations.
			TI4: The information presented in integrated reporting for our firm is consistently insightful and user-friendly.
			TI5: The information of our organization is succinctly and lucidly presented in integrated reporting.

The five-point Likert scale varying from 1 = ‘strongly disagree’ to 5 = ‘strongly agree’ was applied for all of the measurement scales in the current research due to its advantages (Eutsler & Lang, 2015). This was because it would increase the probability and quality of response and minimize the confusion of the respondents (Pantouvakis, 2010).

3.5. Target population and sampling procedure

Based on current regulations in Vietnam, a small business is an enterprise with an average number of employees participating in social insurance of no more than 50 people and a total annual revenue of no more than 100 billion or total capital of no more than 50 billion. Meanwhile, a medium-sized enterprise is an enterprise with an average annual number of employees participating in social insurance of no more than 100 people and a total revenue of the year of no more than 300 billion or total capital of no more than 100 billion. The majority of SMEs in Vietnam have, in fact, started to take into consideration the adoption of digital technologies and environmentally friendly practices, and the researcher made use of this development in order to compile a research report. The engagement of accountants and the accounting profession has been prompted by the increasing prevalence of divulging information regarding social and environmental performance (Guthrie & Parker, 2016). Rinaldi et al. (2018) advocated for further investigation into the involvement of accountants in the adoption of integrated reporting, building upon the argument put forth by Humphrey et al. (2017) that the effectiveness of integrated reporting is contingent upon the professional groupings and specializations participating in this process. According to Arora et al. (2023), the research revealed that accountants played a critical role in the integrated reporting process due to their expertise and proficiency in corporate reporting. On the other hand, to take advantage of new technologies, several companies have been digitally transforming their accounting processes in recent years (Goh & Yong, 2024). Two sampling units were used to collect data. Employees of organizations serve as secondary sample units, with organizations serving as the fundamental sampling unit. This study focuses on SMEs in the Southern Vietnam. Several prior studies on innovation implementation (e.g. Nguyen and Wongsurawat, 2012; Hoang and Otake, 2014) usually selected these firms because the southern areas of Vietnam are thought to be the most dynamic. According to Ha et al. (2022), SMEs in Southern Vietnam are more likely to adopt innovation implementation than SMEs in other parts of the country. Accountants working for SMEs were chosen as the study’s target informants.

Prior to inviting employees to participate in the study, the researchers sought authorization from the senior management of those firms to collect their contact information. Following the acquisition of informed consent from the participants, the researchers proceeded to give the questionnaires in person to the participants. By doing this, researchers would have the opportunity to educate participants on the correct procedure for completing questionnaires, reduce the common method variance, and provide them with information regarding the anonymity and confidentiality of the study’s results. All participants were assured of confidentiality and anonymity, and they were given the freedom to resign from the study at any point and for any reason. Furthermore, to ensure that participants possessed sufficient comprehension to successfully fill out the survey, they were required to answer questions regarding their knowledge of digital technologies, cyber security, financial reporting, sustainability reporting, and integrated reporting in a corporate setting. Put simply, all questions pertaining to this issue must be answered by responders. Therefore, the dataset did not include respondents who were unable to fulfill these requirements. Cross-sectional data were collected using non-probability snowball sampling and convenience sampling.

Despite the benefits of a large sample size for demonstrating significant outcomes, such as a more precise effect estimate and ease of reaching sample representativeness and generalizing the results (Biau et al., 2008), a moderate sample size was maintained (Kothari, 2016). When discussing structural equation modeling, there are many different opinions on what constitutes an adequate sample size (Singh & Srivastava, 2019). According to Sivo et al. (2006) and Hoelter (1983), a ‘critical sample size’ of 200 was recommended. Wolf et al. (2013) suggested a range of 30–460, and Urbach and Ahlemann (2010) suggested a sample size of 200-800 responses for a covariance-based structural equation modeling technique. The questionnaires were distributed between August 2023 and January 2024. The final total was 483 completed responses (79.18% of the total). Hence, the sample was considered to be representative of the target population.

A single questionnaire approach for data collection could lead to common method variance, depending on the research setting and features. In this regard, Harman’s single-factor test could uncover common method variance. The most significant factor explained 12.722% of the variation in exploratory factor analysis. Thus, it appeared that common method bias was not a factor in this investigation.

Building on the viewpoints of Alraja et al. (2021), SMEs are crucial contributors to the economy, particularly in the realm of sustainability (Betti et al., 2018), as they exert a fundamental influence on numerous sustainable development objectives. SMEs in Vietnam are engaged in several sectors, including manufacturing and service industries. The function of SMEs in the economy is anticipated to be crucial. As the current study centered on SMEs across several industries, a diverse sample of SMEs were selected in order to get information from a broad spectrum of organizations and individuals inside them. Figure 2 depicts the characteristics of the specific organizations being targeted. Based on the socio-demographic profile of the sample, it was determined that males comprised the plurality of the participants, comprising 62.53 percent, while females constituted 37.47 percent. Regarding the age of the participants, 58.59 percent of the entire sample belonged to the ‘40-50’ age group, followed by the ‘over 50’ and ‘30-40’ age groups, comprising approximately 25.47 percent and 14.29 percent, respectively. In contrast, the ‘20-30’ group comprised an inconsequential 1.65 percent, placing it at the bottom of the indicated groups. With respect to their academic capabilities, the vast majority of the participants possessed at least a graduate degree. The respondents in this study have accumulated over ten years of experience in the field of accounting. The completed questionnaires utilized a range of statistical methods and techniques available in the Statistical Package for Social Sciences (SPSS) version 29.0. Subsequently, the Analysis of Moment Structure (AMOS) version 28.0, was utilized to analyze both the measurement and structural models.

Figure 2. Demographic data.

4. Inferential statistics

4.1. Assessment on measurement model

4.1.1. Construct reliability and Convergent validity

The appropriateness of the measurement model was assessed through reliability and validity tests (Hair et al., 2011; Barata & Coelho, 2021). Reliability was assessed using both composite reliability (CR) and Cronbach’s alpha, which are often explained similarly manner (Hair et al., 2014). Cronbach’s alpha coefficients and CRs were above the threshold of 0.7, indicating a strong internal consistency of the questionnaires (Streiner et al., 2015). Convergent validity refers to agreement between several methods for evaluating the same construct (Guo et al., 2008). The indicator loadings represent the extent to which the individual indicator variables and associated construct share variance. This is important for maintaining the indicator reliability (Saari et al., 2021). All the indicator loadings in the measurement models surpassed the critical threshold of 0.6. These models demonstrated satisfactory indicator reliability (Mustafa et al., 2020). Convergent validity was assessed using average variance extracted (AVE) as proposed by Fornell and Larcker (1981). The AVE values for all constructs meet the minimum threshold of 0.5, as suggested by Hair et al. (2014). The appropriate detail of reliability and convergent validity are tabulated in Table 6 highlighted that the current research obtain the reliability and robustness of the measurement model.

Table 6. Results summary of measurement model assessment.

Construct	Item acronyms	Convergent validity		Construct reliability		Inference
		Factor Loadings Ranges	AVE	Cronbach’s Alpha	Composite Reliability
Cyber forensic accounting	CFAC
Cyber anti-fraud policies	CAFP	0.710 - 0.824	0.622	0.864	0.867	Retained
Zero trust governance	ZTG	0.682 - 0.749	0.509	0.805	0.805	Retained
Digitally designed forensic procedures	DDFP	0.713 - 0.796	0.579	0.842	0.846	Retained
Management control system	MCS	0.672 - 0.792	0.565	0.836	0.838	Retained
Quality of integrated reporting	QOIR
Relevance	REL
Predictive value	PV	0.772 - 0.804	0.650	0.788	0.788	Retained
Confirmatory value	CV	0.641 - 0.773	0.522	0.844	0.845	Retained
Faithful representation	FR
Clarity	CL	0.719 - 0.790	0.591	0.852	0.852	Retained
Neutral	NEU	0.707 - 0.866	0.633	0.771	0.775	Retained
Accuracy	ACC	0.657 - 0.737	0.511	0.757	0.758	Retained
Enhancing qualitative characteristics	EQC
Comparability	CO	0.665 - 0.783	0.568	0.792	0.796	Retained
Verifiability	VE	0.660 - 0.823	0.567	0.838	0.839	Retained
Timeliness	TI	0.665 - 0.770	0.509	0.837	0.838	Retained

4.1.2. Correlations and discriminant validity

Discriminant validity evaluation has been widely accepted as a necessary step before investigating the relationships between latent variables, as suggested by Henseler et al. (2014). It would be impossible to determine if the results supporting hypothetical casual routes were real or just the result of statistical differences without discriminant validity (Farrell, 2010). Assessing the square root of AVE for a certain postulated concept and the correlations between them might theoretically resolve discriminant validity assessment (Ratnam et al., 2014). Therefore, to establish discriminant validity based on the Fornell-Larcker criterion, the square root of AVE should be greater than the greatest correlation of the constructs with the others (Ali et al., 2018; Hair et al., 2017). According to Phillips and Bagozzi (1986), intercorrelations are expected to differ significantly from 1.0. There was discriminant validity for the empirical data for all constructs in the proposed model because the correlation matrix in Table 7 fulfilled these requirements.

Table 7. Results summary for discriminant validity on Fornell–Larker criterion.

	CV	TI	CAFP	CL	DDFP	VE	MCS	ZTG	CO	ACC	NEU	PV
CV	1
TI	0.209	1
CAFP	0.093	0.239	1
CL	0.193	0.181	0.146	1
DDFP	0.137	0.145	0.138	0.067	1
VE	0.238	0.184	0.094	0.146	0.071	1
MCS	0.179	0.306	0.103	0.123	0.126	0.154	1
ZTG	0.243	0.258	0.144	0.187	0.114	0.124	0.215	1
CO	0.261	0.320	0.016	0.138	0.040	0.264	0.140	0.039	1
ACC	0.100	0.036	0.161	0.371	0.099	0.055	0.109	0.122	0.062	1
NEU	0.310	0.063	0.146	0.341	0.062	0.050	0.103	0.099	0.034	0.212	1
PV	0.375	0.275	0.140	0.362	0.110	0.124	0.062	0.134	0.417	0.222	0.102	1

Based on the perspectives of Abdulai et al. (2024), it was recommended that Heterotrait-monotrait (HTMT) values below 0.9 be used to indicate the presence of separate constructs. Table 8 demonstrated that all HTMT ratios fell below the threshold of 0.9. This finding in Table 8 suggested that each construct in the model represents unique phenomena that were not encompassed by other constructs (Kline, 2016).

Table 8. Results summary for discriminant validity on Heterotrait–Monotrait ratio.

	CV	TI	CAFP	CL	DDFP	VE	MCS	ZTG	CO	ACC	NEU	PV
CV
TI	0.174
CAFP	0.076	0.198
CL	0.162	0.150	0.121
DDFP	0.113	0.121	0.120	0.061
VE	0.204	0.152	0.084	0.115	0.057
MCS	0.152	0.255	0.092	0.108	0.107	0.135
ZTG	0.202	0.209	0.117	0.154	0.088	0.095	0.180
CO	0.216	0.266	0.008	0.105	0.026	0.214	0.121	0.040
ACC	0.080	0.031	0.119	0.303	0.084	0.045	0.087	0.097	0.046
NEU	0.261	0.054	0.114	0.274	0.061	0.042	0.081	0.086	0.027	0.162
PV	0.309	0.223	0.116	0.294	0.091	0.102	0.051	0.103	0.323	0.170	0.087

In Structural Equation Modeling (SEM) on AMOS 28, the model hypotheses are either confirmed or rejected using the maximum likelihood process. Model fit is assessed using the following fit indices: chi-square/degree of freedom (df), root mean square error of approximation (RMSEA), comparative fit index (CFI), Tucker-Lewis index (TLI), and goodness-of-fit index (GFI), expanding on the work of Lintumäki and Koll (2023). The goodness-of-fit indices of the hypothetical model were considered valid only if they fulfilled these criteria. That is, according to Hair et al. (2014), the chi-square/df value cannot be higher than 3.0. Second, CFI and TLI should be greater than 0.90 (Tiglao et al., 2020). However, according to Motawa and Oladokun (2015), the GFI may range from 0.774 to 0.923. Third, the RMSEA should not be more than 0.06 (Xia & Yang, 2018) state otherwise. Based on the results shown in Table 9, it appears that the measurement and structural models are well-suited to the recorded data. This is because all the recorded indices seemed to fulfill the cut-off requirements proposed in previous studies.

Table 9. The outcomes of measurement and structural model analysis.

Model Fitting Index	Model Fitting Values	Standard Values of Measurement model	Standard Values of Structural model	Result Judgment
Chi-square/df	< 3	1.536	1.620	Satisfied
TLI	≥ 0.9	0.940	0.930	Satisfied
CFI	≥ 0.9	0.947	0.935	Satisfied
GFI	0.774 ≤ x ≤ 0.923	0.895	0.884	Satisfied
RMSEA	< 0.06	0.033	0.036	Satisfied

4.2. Full structural equation modeling and hypotheses testing

To verify the importance of each component in the proposed model, standardized path coefficients were compared. Statistical significance was considered when the p-value was less than 0.05, and non-significant when it was greater than 0.05 (Andrade, 2019). The results of the path analysis of SEM in Table 10 highlight that MCS (Hypothesis 4 (H4); β = 0.236, p = 0.000) has the greatest positive significant impact on QOIR, followed by ZTG (Hypothesis 2 (H2); β = 0.264, p = 0.000) and CAFP (Hypothesis 1 (H1); β = 0.197, p = 0.002). Meanwhile, DDFP had the least significant positive impact on QIR (Hypothesis 3 (H3); β = 0.136, p = 0.033). Thus, H1-H4 were accepted.

Table 10. Results summary of hypotheses acceptance.

Hypothesis No	Hypothesized path			Standardized coefficients Beta	S.E	C.R	P	Status
H1	CAFP	→	QOIR	0.197	3.873	3.037	0.002	Accepted
H2	ZTG	→	QOIR	0.264	3.748	3.734	0.000	Accepted
H3	DDFP	→	QOIR	0.136	4.399	2.136	0.033	Accepted
H4	MCS	→	QOIR	0.236	3.972	3.488	0.000	Accepted

After the study extracted the image of Structural model as Figure 3 above, the Robust Analysis will be conducted next. To the Robust analysis, Bootstrapping technique in question has gained significant traction in SEM due to its capacity to analyze determinants, estimate structure coefficients, and evaluate outcome invariance across samples (Nevitt & Hancock, 2001). This can allow scholars to direct their attention towards statistical analysis as opposed to individuals from whose sample distributions were theoretically derived. One advantage of employing this methodology was that it could give rise to a sampling distribution derived empirically; such a distribution can subsequently be utilized for inferential, descriptive, or both objectives (Zientek & Thompson, 2007). The implementation of the bootstrapping method yielded a model that was more accurate and reliable as a result of the diminished variability in its results (Razak et al., 2018). The current investigation implemented a bootstrapping methodology, utilizing 2,000 arbitrary observations, in order to develop a bootstrapping strategy that accounted for selection bias. With 95% confidence intervals, the hypothesized model was estimated utilizing this method. In order to evaluate the stability of standardized coefficients beta, the standard errors (SEs), the ratio of the average bootstrap results to the SEs, and a comparison between the sample statistics and the average bootstrap results were utilized (Zientek & Thompson, 2007). The findings presented in Table 11 validated the hypothesized model put forth in this study, establishing its reputation for precision, accuracy, and reliability.

Figure 3. Structural model.

Table 11. Results of bootstrapping estimation.

Hypothesis no	Hypothesized route of path			Standardized coefficients beta	Bootstrap estimation		Discrepancy
					Mean	SE	SE (SE)	Bias	SE (Bias)	CR
H1	CAFP	→	QOIR	0.197	0.198	0.077	0.001	0.001	0.002	0.50
H2	ZTG	→	QOIR	0.264	0.260	0.076	0.001	−0.004	0.002	2.00
H3	DDFP	→	QOIR	0.136	0.135	0.068	0.001	−0.001	0.002	0.50
H4	MCS	→	QOIR	0.236	0.239	0.090	0.001	0.003	0.002	1.50

4.3. Discussion and implication

4.3.1. Theoretical implications

The level of faith in integrated reporting is contingent on the quality and dependability of this type of report. The significance of integrated reporting lies not only in its internal applications but also in its exterior applications. These two components serve as the foundation for the quality of integrated reporting. The first pertains to the quality of the report generated by the management of the firms, while the second concerns the expertise exhibited by auditors and other gatekeepers in fulfilling their legal obligations. The primary objective of forensic accounting practice is to enhance these two circumstances. Forensic accounting is a specialized area that involves the use of information as evidence, particularly for legal purposes (Metwaly et al., 2023). Forensic accounting primarily concerns the identification and analysis of evidence related to economic activities and the corresponding financial reporting inside an accounting system (Oyedokun et al., 2018). The objective of this current research is to examine the influence of cyber forensic accounting on the quality of integrated reporting. The current investigation employed a mixed-methods approach. Through the qualitative research phase, four components that make up cyber forensic accounting have been identified, including cyber anti-fraud policies, zero trust governance, digitally designed forensic procedures, and management control systems. During this phase, criteria for evaluating the qualitative characteristics of integrated reporting are also established. Subsequently, the statistical outcomes in the quantitative phase were performed identified positive and statistically significant relationships between the hypothesized constructs in terms of effect magnitude. Particularly, among the components of cyber forensic accounting that impacted the quality of integrated reporting, zero trust governance and management control systems exhibited the highest path coefficient, followed by cyber anti-fraud policies. Conversely, digitally designed forensic procedures demonstrated the lowest path coefficient.

Based on the evidence gathered, it is corroborated that management control systems have the most significant effect on quality of integrated reporting. In other words, this is a leading important component in cyber forensic accounting that induces the considerable influence on quality of integrated reporting. These statistical data corroborated and expanded upon the findings of Bezuidenhout et al. (2023) regarding the importance of management control systems in facilitating organizations to achieve quality of integrated reporting. According to Jamil and Mohamed (2011), management control systems are of utmost significance for the development of an organization. It provides upper management with assurance that they need to reduce their focus on processes that are capable of controlling by exception and providing crucial information (Jamil & Mohamed, 2011). Practically, management control systems have the potential to contribute to the development of a sustainability strategy at the corporate level (Riccaboni & Luisa Leone, 2010). This can be accomplished through the implementation of innovative organizational practices and the management of risks and opportunities (Arjaliès & Mundy, 2013).

As anticipated by researchers, zero trust governance has a substantial and favorable influence on quality of integrated reporting. Put simply, this represents the subsequent critical element of cyber forensic accounting to enable the high quality of integrated reporting. Companies’ disclosure of cybersecurity risks and incidents are considered indications of weaknesses in internal control for financial reporting (Benaroch et al., 2012; Chernobai et al., 2011). Consequently, they can pose significant risks to the accuracy and reliability of financial reporting found in companies’ annual reports (Lawrence et al., 2018). Furthermore, empirical data indicate that cybersecurity breaches might lead to an increased probability of financial restatements in the same year as intrusion (Lawrence et al., 2018). Zero trust is regarded as a promising approach for enhancing network security within an organization. The installation of zero trust enhances security by safeguarding access to a company’s resources and fortifying the overall digital attack surface (Bertino, 2021). The concept of zero trust is built on the principles of the complete absence of assumed confidence, a trust approach heavily rested on risk assessment, and ongoing verification of trust, drawing from Wylde’s (2021) perspectives. This imposes particular limitations on each subject’s capacity to access the complete network (Bertino, 2021). The ability to respond promptly to any hostile attack is improved by reducing lateral movement.

As anticipated by researchers, cyber anti-fraud policies have a substantial and favorable influence on quality of integrated reporting. Thus, this constitutes an additional critical element in cyber forensic accounting that results in the substantial influence on quality of integrated reporting. Within SMEs, cyber anti-fraud rules have been established to serve as operational guidelines for internal procedures. Businesses can implement cyber anti-fraud policies to reduce the likelihood of fraud and foster a culture that seriously takes prevention measures. To make these institutions’ financial operations more transparent, corporate policies are developed in accordance with regulatory measures implemented by law enforcement authorities and corporate governance.

Eventually, digitally designed forensic procedures is committed to exerting a significant impact on the quality of integrated reporting. Consequently, this leads to the final element of cyber forensic accounting to allow the high quality of integrated reporting. A significant obstacle is the identification of cybercriminals, who frequently carry out their activities in remote regions with anonymity (Cavusoglu et al., 2004). Moreover, the vast volume of data linked to cybercrime poses challenges in extracting pertinent information and identifying individuals involved. Cyber anti-fraud policies utilize forensic accounting principles to examine and deter cybercrime. Cyber forensic accounting is crucial for examining cybercrime and identifying the individuals responsible. Cyber forensic accounting employs a range of methods, including data analytics, digital forensics, and financial inquiry, to detect the origins of cyber-attacks and retrieve pilfered assets (Hossain, 2023). Cyber forensic accounting plays a crucial role in averting future cyber-attacks by detecting vulnerabilities in an organization’s cybersecurity protocols and establishing suitable safeguards (Moid, 2018). Although many studies have examined the effectiveness of forensic procedures in detecting and preventing fraud (Olukowade & Balogun, 2015; Ogundana et al., 2015), few have specifically investigated the use of digitally created forensic procedures to combat cyber fraud in emerging countries (Ogundele et al., 2023).

4.3.2. Practical implication

The results offer a plethora of practical insights based on managerial perspectives. According to Nicolò et al. (2022), integrated reporting is an essential instrument that can provide influential stakeholders with the knowledge they need and win support. Therefore, meeting the needs of stakeholders and earning their trust through high-quality integrated reporting information is a company’s goal (Vitolla et al., 2020). To keep integrated reporting going, senior managers in SMEs should advocate and highlight how they can satisfy the demands of many groups. To advocate for the internal and external advantages of integrated reporting, SMEs’ managers must be knowledgeable about this concept. In this regard, top brass should speak up and do their part to foster an efficient and effective management control. The development of a cyber forensic accounting strategy for the organization is the responsibility of senior managers in SMEs. To achieve predetermined objectives and goals, senior managers should select and implement a collection of control processes and mechanisms comprising the management control system. In addition, it is imperative for managers to establish unambiguous channels of communication within the organization so that both internal and external stakeholders are cognizant of the management control system and their respective responsibilities therein. With respect to zero-trust governance, it is paramount that all managers in SMEs augment their managerial cognitive abilities and prioritize this facet. To ensure the seamless progression of zero trust governance, SME leaders should allocate tangible resources, including infrastructure and digital platforms, along with other critical resources required for the execution of this endeavor. Furthermore, it is imperative that all managers within SMEs prioritize the enhancement of their staff’s expertise by means of specialized training programs that ensure they remain current with the latest programming systems. The findings also highlighted the importance of digitally designed forensic procedures in detecting and preventing different types of fraud. Therefore, it is imperative for organizations to adopt digitally designed forensic methods in order to mitigate the recurring incidence of cyber fraud. Similarly, policymakers and top management in SMEs should prioritize cyber anti-fraud policies related to data analytics, digital forensics, and other digital technology applications in forensic accounting to ensure the reliability and accuracy of the investigation results. Hence, lawmakers and government influencers should draft and publish data analytics standards, cyber forensic accounting cybersecurity protocols, and forensic accounting regulations pertaining to digital technology use. Legislators and governmental forces should stress the importance of adhering to protocols set up to prevent cyber fraud and similar forms of fraud (Ogundele et al., 2023). Practitioners and legislators must work together to develop standards and best practices for forensic accounting if emerging trends are to be utilized.

More importantly, professional skepticism, adherence to ethical standards and processes, and management of possible conflicts of interest are necessary for forensic accountants. They must also ensure that digital evidence is secure, uncompromised, and private. Cyber hazards and attack vectors are constantly evolving and becoming more complex, making it difficult for forensic accountants to stay up with the most recent methods and tools used by hackers (Wong & Venkatraman, 2015). To gather, examine, and understand digital evidence from a variety of sources, including computer systems, networks, and electronic devices, cyber forensic accountants require specialized technical abilities (Akinbowale et al., 2021). In order to stay abreast of the latest developments in their profession, forensic accountants need regularly refresh their knowledge and acquire new abilities.

Hardware and software developers as well as retailers also requested endeavors to gain a more comprehensive understanding of the challenges and benefits of modern information technologies in order to develop more advanced systems that cater to the unique characteristics of SMEs.

5. Final deliberations

Building on the perspectives of Qaderi et al. (2024), integrated reporting has been considered as an innovative instrument for reporting. The advent of integrated reporting has effectively addressed the issue of fragmented and disjointed information shown in distinct reports (Kim Vu et al., 2024). Integrated reporting stands out from other conventional types of corporate reporting due to its comprehensive approach and emphasis on generating sustainable value for the future (De Villiers & Dimes, 2023). Nevertheless, it is consistently a formidable undertaking to deliver a report that is precise, open, and succinct (Devarapalli et al., 2024). Accordingly, the continuous evolution of technology poses a challenge to the integrity and quality of reporting information (Raewf & Jasim, 2021). Organizations of all sizes and global locations are susceptible to cyber threats. Despite regular updates in security measures, data and information related to technology remain vulnerable to cyberattacks. If a network is compromised, hackers have the ability to gain access to any data (Kassem & Ionescu, 2019). In the absence of cyberthreat security, numerous firms face the risk of losing critical and sensitive data, which can have detrimental effects on their brand. The emergence of cyber forensic accounting is propelled by technical advancements, alterations in company procedures, regulatory revisions, and shifts in the global economic landscape (Hossain, 2023). Cyber forensic accounting is a recent advancement that focuses on investigating and preventing online financial fraud activities, such as identity theft, hacking, and phishing (Akinbowale et al., 2020). Against this backdrop, an investigation into how cyber forensic accounting can improve and enhance the quality of integrated reporting is considered a worthwhile effort. The conducted outcome analyses revealed substantial and positive associations between each component of cyber forensic accounting and quality of integrated reporting in terms of the magnitude of their effects. In terms of impact on the quality of integrated reporting, it was found that zero trust governance and management control systems had the highest path coefficient among the various components of cyber forensic accounting. This was followed by cyber anti-fraud policies. In contrast, digitally designed forensic procedures exhibited the lowest path coefficient. In addition, in addition to establishing a strong basis for future inquiries, the enhanced perspectives offered in this study can also aid policymakers and practitioners in identifying and leveraging opportunities to enhance and broaden the scope of integrated reporting. Efficient and effective regulations and procedures pertaining to the management of cyber forensic accounting can facilitate the attainment of this objective.

It is crucial to have a clear understanding of the limitations as they will form the basis for future academic endeavors. The primary hindrance to drawing conclusive conclusions when assessing results is the use of cross-sectional data. Hence, it is recommended that future research incorporate rigorous longitudinal analysis, employ secondary data sources, and utilize contemporary statistical approaches. Furthermore, it is important to exercise caution when making generalizations, as the specific characteristics of the study setting may impose limitations on the inferences that can be derived from the data. Given that all of the samples were obtained exclusively from Vietnam, it is imperative to do further cross-regional research in order to validate the findings prior to their generalizability. The statistical data utilized in this study mostly depends on a self-report methodology. Consequently, each SME was provided with survey forms by a single individual. The potential bias in survey replies from individual participants may arise due to the inclination of those with more positive ideas about cyber forensic accounting to complete and submit their survey forms. Hence, it is recommended that future research endeavors consider the inclusion of perspectives from other relevant stakeholders within this particular setting. The convenience and snowball sampling methods constitute the fourth limitation and could potentially affect the generalizability of the study. In order to enhance the representativeness and scientific rigor of the findings, it is recommended that forthcoming investigations employ the quota sampling technique for the purpose of gathering sample data. The sixth restriction of this study pertains to its relatively limited sample size, hence necessitating further investigation. Hence, it would be advantageous to encompass a broader geographical range. Last but not least, there is a pressing need for numerous comprehensive investigations to expand upon the interconnected concepts and use them to develop a more resilient and rigorous understanding of cyber forensic accounting.

Author contributions

Conceptualization, P.Q.H.; methodology, P.Q.H.; software, P.Q.H. and V.K.P.; validation, P.Q.H. and V.K.P.; formal analysis, P.Q.H. and V.K.P.; investigation, P.Q.H.; writing—original draft preparation, P.Q.H.; writing—review and editing, P.Q.H.; offering final approval of the version to publish, P.Q.H. All authors have read and agreed to the published version of the manuscript.

Ethics approval

The study was approved by Ethics committee of University of Economics Ho Chi Minh City (UEH).

Informed consent

The written consent was obtained for the study.

Acknowledgements

This research was funded by University of Economics Ho Chi Minh City (UEH).

Disclosure statement

The authors declare no conflicts of interest.

Data availability statement

The author confirms that all data generated or analyzed during this study are included in this published article. In addition, no data were included in this study.

Additional information

Funding

This research was funded by University of Economics Ho Chi Minh City (UEH) in Vietnam.

Notes on contributors

Quang Huy Pham

Quang Huy Pham is an Advanced Lecturer in Public Sector Accounting at the School of Accounting, University of Economics Ho Chi Minh City, Vietnam. He has authored several chapters for books, contributed to a multitude of scholarly journals, and delivered speeches at conferences both domestically and internationally.

Kien Phuc Vu

Kien Phuc Vu is a lecturer at University of Economics Ho Chi Minh City, Vinh Long Campus in Vietnam, where she isaffiliated with Faculty of Accounting. Her primary research interests lie in the accounting and management fields. She published a number of articles and conducted paper for international conferences.