Documente Academic
Documente Profesional
Documente Cultură
Abstract
The objective of this paper is to research the significant perceived security threats of
computerized accounting information systems (CAIS) towards cyber-crimes in Sri Lanka. An
exact study utilizing a self-directed questionnaire has been used to accomplish this target. The
overview results uncovered that half of the reacted Sri Lankan associations have endured
money related misfortunes because of inward and outer CAIS security breaks.
The statistical outcomes also discovered that unauthorized access to the information by
external parties and introduction of computer viruses to CAIS are the important perceived
security threats to CAIS in Sri Lankan organizations. Thus, it is suggested to build up or
develop the security controls over the above stated weaken security extents and to increase
the responsiveness of CAIS security issues among employees and other related parties of Sri
Lankan organizations to ensure the security on CAIS.
Key Words: Perceived Security threat, Accounting Information systems, Empirical survey,
Information Technology.
Contents
CHAPTER 01:
1.1
1.2
1.3
CHAPTER 02:
LITERATURE REVIEW.......................................................................................................
2.1
2.2
2.3
Secondary Data..........................................................................................................................................
CHAPTER 03:
RESEARCH METHODS.....................................................................................................
3.1
3.2
Types of variables....................................................................................................................................
3.3
List of hypothesis.....................................................................................................................................
3.4
3.5
CHAPTER 04:
DATA ANALYSIS.................................................................................................................
4.1
Descriptive statistic..................................................................................................................................
4.2
Hypothesis testing....................................................................................................................................
CHAPTER 05:
CONCLUSION.....................................................................................................................
REFERENCES....................................................................................................................................................
APPENDIX..........................................................................................................................................................
CHAPTER 01:
1.1
Cybercrime has become a prominent issue around the world, which has affected for the Sri
Lankan context also by past few decades. Cybercrimes are Criminal activities carried out by
means of computers or the Internet. (Oxford Dictionary). These crimes are mainly because of
the rapid development of technology. With that, development organizations tend to make
their operations easier with Accounting Information Systems. Myrtle & Ogundeji (2013)
emphasized that Computerized Accounting Information Systems (CAIS) handle both
financial and non-financial transactions that directly affect the processing of financial
transactions. Musa (2005) stated that advanced technology has also created significant risks
related to ensuring the security and integrity of computerized accounting information systems
(CAIS). The technology, in many cases, has been developed faster than the advancement in
control practices and has not been combined with similar development of the employees
knowledge, skills, awareness, and compliance.
Furthermore, this identification of various types of threats would be leads to inaugurate
adequate measures to ensure the protection of information assets through effective policy,
controls, and standardized procedures and control testing. This would ensure the reduction in
threats to CAIS. Muhrtala & Ogundeji (2013)
1.2
To conduct the above mentioned evaluation the researcher has identified objectives of the
study as follows.
i.
ii.
1.3
There are certain limitations of the study. Since the dynamic nature of the business
environment and technological environment particular significant threats cannot be identified
3
faithfully, which leads to not recognising newest threats complying with new technology.
Therefore, findings of the research paper are relevant to Sri Lankan context in early stage of
21st century.
Further, Computerized Accounting Information System practices have become
divergent among the world. Adoption of different Accounting Standards, Security packages
and impact of various social aspects among countries makes the CAIS practices more
divergent. Hence, the dimensions considered in the research paper in order to measure the
level of threat might not be relevant to other countries or the significance of such selected
criteria might different from country to country.
CHAPTER 02:
LITERAT
URE REVIEW
1.4
There are few researches have been conducted regarding the threat of Computerized
Accounting Information Systems. Further there cannot be seen any researches in this regard
in Sri Lanka context. According to the Musa AA (2005) investigate the significant perceived
security threats of computerized accounting information systems (CAIS) in Sri Lankan
organizations. Self-administered questionnaire has been distributed to accomplish the
objective with the empirical survey. Outcomes of the study discovered that majority of the
responded in Sri Lankan organizations have incurred financial losses as a result of internal
and external CAIS security issues. The statistical results also revealed that accidental and
intentional entry of bad data; accidental destruction of data by employees; employees sharing
of passwords; introduction of computer viruses to CAIS; suppression and destruction of
output; unauthorized document visibility; and directing prints and distributed information to
people who are not allowed to obtain are the important perceived security threats to CAIS in
Sri Lankan context. Thus, it is recommended to strengthen the security controls over the
above weaken security areas and to enhance the awareness of CAIS security issues among Sri
Lankan organizations to achieve better protection to their CAIS.
However, the results reported that accidental and intentional entry of bad data by employees,
accidental destruction of data by employees, introduction of computer viruses to the system,
sharing passwords by passwords, suppression and destruction of output, unauthorized
document visibility, and misdirecting prints and distributing information to people not
entitled to receive them are the most perceived significant security threats to CAIS in the Sri
Lankan organizations. Accordingly, it is recommended to strength the implemented security
controls over the weak point to provide a better protection to CAIS against these perceived
security threats.
1.5
report them in helpful and exact structures (Lee, 1971). However, that recording was
straightforward and organized just for interior use in light of the fact that most organizations
were individual or family organizations.
One of the greatest studies in this extent was carried out by Loch et al. (1992). The specialists
directed an overview to investigate the impression of Management Information Systems
Executives with respect to the security dangers in microcomputer, centralized computer PC,
and system situations. The analysts added to a rundown of twelve security dangers and
observationally inspected. The outcomes demonstrated that common debacles; worker
unplanned activities (section of terrible information and demolition of information); deficient
control over media; and unapproved access to CAIS by programmers had been positioned
among the top security dangers. These outcomes affirmed the specialists' claims that the best
dangers originate from inside associations.
Since accounting data framework security has ended up one of the real attentiveness toward
data framework inspector, Davis (1996) tried to find the present status of the security issue by
and by. Davis led a review utilizing the questionnaire, Threats to Accounting Information
Systems Security Survey which was adjusted from Loch et al. (1992), in replication of their
work.
The consequences of Davis survey (1996) shown that data frameworks examiners perceived
that diverse processing situations have distinctive relative levels of security dangers. The
results of Davis (1996) study also described that employees accidental entry of bad data and
the accidental destruction of data, as well as the introduction of computer viruses, were
considered to be the three main threats in a microcomputer background. However,
unauthorized access to data and/or system by employees, accidental entry of bad data by
employees and poor segregation of information system duties were rated as the major threats
to the minicomputer background. Concerning the mainframe computer background,
accidental entry of bad data by employees and unauthorized access to data and/or system by
employees were perceived as the major threats, while unauthorized access to data and/or
system by both outsider (hackers) and insiders (employees), and technology advances faster
than control practice were said to be the most important threats in network computer
background.
Ryan and Bordoloi (1997) investigated how organizations moving from a centralized
computer to a customer/server environment assessed and took efforts to establish safety to
ensure against potential security threats. The consequences of Ryan and Bordolois (1997)
study uncovered that the most noteworthy security threats were accidental destruction of data
by employees, accidental entry of erroneous data by employees, intentional destruction of
data by employees, intentional entry of erroneous data by employees, loss due to inadequate
backups or log files, natural disaster: fire, flood, loss of power, etc. single purpose of
disappointment.
Henry (1997) led an overview to decide the way of the bookkeeping frameworks and
security being used. The aftereffects of Henry's overview demonstrated that 80.3 percent of
the organizations moved down their bookkeeping frameworks. 74.4 percent of the
organizations secured their bookkeeping framework with passwords, yet just 42.7 percent
used insurance from infections. Physical security and approval for changes to the framework
were utilized by under 40 percent of the respondents. The review comes about additionally
demonstrated that just 15 organizations utilized encryption for their bookkeeping
information, which was a shocking result, considering the quantity of organizations using
some type of correspondence equipment. Just about 45 percent of the specimen experienced
some kind of review of CAIS information.
In 1998, Hood and Yang examined the effect of keeping money data frameworks security on
managing an account in China in correlation to the UK. The review results uncovered that all
respondents trust that administration knew about security yet none trusted that their banks
had sufficiently made move to decrease the dangers and misfortunes. The most well-known
purpose behind this was the absence of money related and HR. Moreover, each of the four
banks overviewed asserted to have a security arrangement, however just in one was formally
expressed. Human security dangers were seen as the most critical security dangers in Chinese
managing an account area, particularly pernicious assault from untouchables.
Checking on the way of security breaks that happened in diverse parts of the world, Dhillon
(1999) contended that a large portion of the security misfortunes coming about because of PC
related extortion could be maintained a strategic distance from if associations received a more
practical methodology in managing such episodes and in addition embracing an adjusted
methodology of security controls which place square with accentuation on specialized, formal
and casual intercessions to their electronic frameworks..
The results of Dhillons study (1999) proposed that actualizing controls, as distinguished in a
security strategy, would in fact dissuade PC abuses. Submitting PC extortion by insiders is
perceived as a few issue which could be hard to counteract particularly when it mixes with
genuine exchanges.
Siponen (2000) presented a theoretical establishment for hierarchical data security
mindfulness project to minimize the end-client mistakes and to upgrade the viability of
executed security controls. Siponen (2000) contended that data security systems or strategies
would lose their genuine handiness on the off chance that they were abused; misjudged; not
utilized or not legitimately executed by end-clients.
Hermanson et al (2000) completed an exploratory review utilizing a poll to see how
associations are tending to their IT dangers and to look at assessments of IT dangers
performed by inward inspectors in their associations. The aftereffects of the study uncovered
that inward reviewers concentrate fundamentally on conventional IT dangers and controls, for
example, IT resource shielding, application handling, and information trustworthiness,
protection and security.
Coffin and Patilis (2001) concentrated on the part of inner reviewers in assessing the security
controls of ensuring delicate information in CAIS in budgetary organizations, for example,
Banks, securities firms, and protection. The specialists contended that interior inspecting
could altogether help associations in deciding and assessing the executed security controls
encompassing the gathering, utilize and access to client data and in addition consistence with
material regulations.
White and Pearson (2001) reviewed more than two hundred USA organizations to research
the security controls of individual utilization of PCs, controlling email records, and securing
organization information. The aftereffects of the study fortified the requirement for better
security control in the dominant part of studied organizations. The outcomes likewise
Secondary Data
As per the Sri Lanka Police, they have experienced some complaints as scams which can go
under the name of genuine lotteries like the UK National Lottery and the El Gordo Spanish
lottery. Unsolicited email or telephone calls tell people they are being entered or have already
been entered into a prize draw.
Further, Auction frauds (commonly called E-bay or Pay-Pal scams, after the two largest
venues) is a misrepresentation of a product advertised for sale through an Internet auction site
or the failure to deliver products purchased through an Internet auction site.
A part from that a victim receives an email that appears to be from a credible, real bank or
credit card company, with links to a website and a request to update account information. But
the website and email are fakes, made to look like the real website.
Receive a check in the mail - either from a lottery you "won" (without buying a ticket) or
from an E-Bay buyer or other source. It looks real. But after you try to cash it, you find out it
is a fake; and you're arrested for passing a counterfeit check.
CHAPTER 03:
RESEAR
CH METHODS
1.7
In the current study an empirical survey has been conducted to research the numerous
perceived CAIS security threats Sri Lankan surrounding. A self- administered questionnaire
(see: appendix 1) has been distributed to collect the information required for analysis and take
a look at the research hypotheses. The survey approach, employing a self-administered
questionnaire, looks to be the foremost acceptable approach for conducting this analysis. One
in all the most strengths of the survey approach is its ability to gather knowledge from an
oversized range of organizations, situated in a very unfold of locations. Moreover, this might
permit the scientist to implement measurement to check the analysis hypotheses and
additionally offers the potential chance to generalize the analysis findings.
Selecting a representative, correct and unbiased analysis sample is a vital step towards the
surveys success. Random choice of the individual observations of the analysis sample may
be an important way to acquire associate correct and a representative sample. within the
current study, hundreds questionnaires are randomly distributed to various organizations
(Manufacturing companies; Banks; Insurance companies; retail merchandising; Oil and Gas
companies; Services companies; Heath Care; Government units and others). Once the
subsequent up, fifty-two questionnaires - representing 52% initial response rate - had been
collected. However eight questionnaires of the collected questionnaires, wherever solely
manual accounting systems were used, are excluded type the analysis. Once excluding the
unfinished and invalid responses, the analysis over with 40 valid and usable questionnaires,
representing thirty 40% response rate. This response rate is taken into account as a high
response rate in such quite empirical surveys.
In the questionnaire, the respondents were asked to point the frequency of incidence of every
security threat by ticking one of 5 offered decisions (less than once a year; once a year to
monthly; once a month to weekly; one a week to daily; and more than once daily or more
frequently).
10
1.8
Types of variables
For a valued result of the research it has taken one Dependent variable and four Independent
variables as follows
Dependent Variable -
Independent Variables -
List of hypothesis
The current analysis makes an attempt to analyze below mentioned research hypotheses.
The collected information has been analyzed by the statistical package for social sciences
(SPSS) version twelve. Descriptive statistics (such as frequencies and percentages) of the
collected information had been administered to identify major characteristics of the analysis
variables.
1.11 Populations and Sample
In this research population was considered as all the companies in the Sri Lankan Companies
in Sri Lankan context. Among them researcher decided to have hundred companies as a
convenience sample with the time constrains of the related subject area.
11
CHAPTER 04:
ATA ANALYSIS
1.12 Descriptive statistic
Among valid questionnaires collected the descriptive analysis was conducted as follows.
From the sample, 32.5% of the respondents (organizations) represents the banking/finance
industry while 25 % comprise manufacturing sector, 20% represent the construction sector
and other rest of the 27.5% denotes few sectors such as insurance, health care, wholesale and
government etc. Further, there can be identified negative linear relationship between the
increase of financial losses of cyber activities and the industry in which they operate. (The
correlation coefficient is -0.013)
Considering the number of accounting professionals employed in the firm, 75% of the
respondents are from the firms, which have less than fifty accounting professionals, and the
rest 25% are between fifty to hundred accounting professionals. Further, there can be
identified negative linear relationship between the increase of financial losses of cyber
activities and number of accounting professionals employed. (Correlation coefficient is
-0.084)
Considering the number of system specialists are employed in the firm, 80% of the
organizations have system specialists less than five. In addition, 17.5% are employed between
five to ten system specialists in their organizations.
When concerning the accounting information system, all the respondent organizations have
combination of manual and computer process in accounting. There cannot be identified
purely manual or purely computerized accounting system within the sample, which has been
obtained.
In view of establishment of the organization, 75% of the companies are established within
recent ten years. However, there is a moderate negative linear relationship between average
increase of loss on cyber activities and the length of period that company has been
established.
12
With reference to the accounting information system in which the company is being used
currently, there can be realized a positive moderate linear relationship with the increase of
loss on cyber activities (Correlation coefficient is 0.332).Further analyzing the composition
of the CAIS reflect that 30% of the organizations use Oracle as their accounting information
system and another 30% use QuickBooks as their accounting information system.20% uses
sage and only 5% use SAP as their accounting information system while 15% of the
organizations use Tally and other in house built systems.
When comparing organizations by the annual income and the loss on cyber activities, there is
a negative weak relationship between two components. By analyzing respondents, it can
identify that 35% of the companies have been earned between 1 million to 1.5 million rupees
as their annual income for five years of period as below mentioned.
Table 1 - Average Annual Net Income of your company for past 5 years is within
(LKR).
Cumulative
Valid
Frequency
Percent
Valid Percent
Percent
Net loss
12.5
12.5
12.5
0-500000
20.0
20.0
32.5
500000-1000000
13
32.5
32.5
65.0
1000000-1500000
14
35.0
35.0
100.0
Total
40
100.0
100.0
Considering the ability to access to the system by the employees, it says that 42.5% of the
respondents granted access only for 50 or below employees. The graph gives further
clarification on it.
Table 2 - How many employees have been granted the access to the
system?
Cumulative
Frequency
Valid
Percent
Valid Percent
Percent
1-50
17
42.5
42.5
42.5
51-100
14
35.0
35.0
77.5
101-150
7.5
7.5
85.0
151-200
15.0
15.0
100.0
Total
40
100.0
100.0
13
Apart from that only 82.5% respondents are protected their system by using passwords. Rest
27.5% respondents accounting information systems was not restricted by the password.
1.13 Hypothesis testing
Research paper adopts deductive approach. Hence, it was developed several hypothesises and
test them in order to draw conclusions. Hypothesises developed by researches has been
provided below,
H0a-There is no significant relationship between increment of financial losses as a result of
cyber activities and the degree of employees security breaches.
H0b- There is no significant relationship between increment of financial losses as a result of
cyber activities and the degree of unauthorized access to the data by Password misuse.
H0c- There is no significant relationship between increment of financial losses as a result of
cyber activities and the degree of unauthorized access to the data by external parties.
H0d- There is no significant relationship between increment of financial losses as a result of
cyber activities and the degree of introduction of computer viruses to the system.
Hypothesis testing was carried out by calculating average degree for the independent
variables by using different attribute constructed for each and every variable.
Increment of financial losses as a result of cyber activities Vs. Employees security
breaches
Increment of financial losses as a result of cyber activities has been measured using
several variables such as degree of loss on cyber activity occurrence, maintenance expense
14
incurred for secure of Accounting Information Systems, number of customers lost because of
cyber activities, legal case filed against cyber activities, implementation of recovery
procedures.
Moreover, researchers have been constructed several attributes to measure the independent
variable of employees security breaches as degree of intentional entry of bad data by
employees, degree of accidental destruction of data by employees, degree of intentional
destruction of data by employees, degree of unauthorized access to the data and / or system
by employees, degree of accidental entry of bad data by employees and degree of
unauthorized copying of output by the employees.
Statistical analysis revealed that there is no significant relationship between increment of
financial losses as a result of cyber activities and the degree of employees security breaches
since the Significant value is higher than 5%, H0a was accepted.
ANOVAb
Model
1
Sum of Squares
Regression
Df
Mean Square
.275
.275
Residual
2.781
38
.073
Total
3.056
39
F
3.759
Sig.
.060a
Further the 9% of variance in the increment of financial losses as a result of cyber activities
which can be explained by the degree of employees security breaches. Refer below
mentioned table.
Model Summary
Model
1
R
.300a
R Square
.090
Adjusted R
Square
Estimate
.066
.27052
15
ANOVAb
Model
1
Sum of Squares
Df
Mean Square
Regression
1.161
1.161
Residual
1.895
38
.050
Total
3.056
39
F
23.291
Sig.
.000a
Further the 38% of variance in the increment of financial losses as a result of cyber activities
which can be explained by the degree of unauthorized access to the data by external parties.
Refer below mentioned table.
Model Summary
Model
1
R
.616a
R Square
.380
Adjusted R
Square
Estimate
.364
.22329
16
ANOVAb
Model
1
Sum of Squares
Regression
Df
Mean Square
.003
.003
Residual
3.053
38
.080
Total
3.056
39
Sig.
.042
.839a
Further the 0.1% of variance in the increment of financial losses as a result of cyber activities
which can be explained by the degree of unauthorized access to the data by password misuse.
Refer below mentioned table.
17
Model Summary
Model
R Square
.033a
Adjusted R
Square
Estimate
.001
-.025
.28343
ANOVAb
Model
1
Sum of Squares
Regression
Df
Mean Square
.422
.422
Residual
2.634
38
.069
Total
3.056
39
F
6.091
Sig.
.018a
Further the 13% of variance in the increment of financial losses as a result of cyber activities
which can be explained by the degree of introduction of computer viruses. Refer below
mentioned table.
18
Model Summary
Model
1
Adjusted R
Square
Estimate
R Square
.372a
.138
.115
.26327
CHAPTER 05:
ONCLUSION
19
The objective of this paper is to research the significant perceived security threats of
computerized accounting information systems (CAIS) towards cyber-crimes in Sri Lanka.
Several security threats were developed based on previous surveys (for instance, Abu-Musa
(2001), Loch et al. (1992), Davis (1996) and Henry (1997)).
The results revealed that the degree of unauthorized access to the data and / or system by
outsiders (hackers), degree of unauthorized access when coordinating operations between the
head office and its branches, degree of interception of data transmission from remote
locations, degree of frequency of electronic transactions, degree of loss of data because of
loss of power or network failures, degree of conducting awareness programs about computer
viruses, degree of conducting system audit, degree of occurrence of virus threat, degree of
virus guard renewal, degree of taking backups of the operations and degree of
implementation of new technology have been affected in a high degree rather than the other
aspects which the researchers have tested in the process of research.
On the other hand, further research could be embraced to augment and enhance this
exploration. The momentum examination planned to explore the security threats of CAIS in
Sri Lankan context. More research is needed proof from other creating nations. A similar
study could be done to research the critical contrasts in the middle of creating and created
nations with respect to the CAIS security issues examined.
References
1) Abu-Musa, A. (2006). Investigating the Perceived Threats of Computerized
Accounting Information Systems in Developing Countries: An Empirical Study on
20
Systems: A Survey of CISAs, IS Audit & Control Journal, (Vol. 3), pp. 38 - 41.
6) Dhillon, G. (1999). Managing and controlling computer misuse. Information
Management & Computer Security, 7(4), pp.171-175.
7) Henry, L 1997, A Study of the Nature and Security of Accounting Information
Systems: The Case of Hampton Roads, Virginia, the Mid- Atlantic Journal of
Business, Vol. 33, Iss.63, 1997, pp. 171-189
8) Hermanson, D., Hill, M. and Ivancevich, D. (2000). Information TechnologyRelated
Activities of Internal Auditors. Journal of Information Systems, 14(s-1), pp.39-53.
9) Hood, K. and Yang, J. (1998). Impact of Banking Information Systems Security on
Banking in China. Journal of Global Information Management, 6(3), pp.5-16.
10) Hornby, A., Cowie, A. and Lewis, J. (1974). Oxford Advanced Learners Dictionary
of current English. London: Oxford University Press.
11) Lee, TA (1971), the Historical Development of Internal Control from the Earliest
Times to the End of the Seventeenth Century, Journal of Accounting Research.
12) Loch, K., Carr, H. and Warkentin, M. (1992). Threats to Information Systems: Today's
Reality, Yesterday's Understanding. MIS Quarterly, 16(2), p.173.
13) Police.lk, (2015). SRI LANKA POLICE: [online] Available at: http://www.police.lk
[Accessed 2 Dec. 2015].
14) Muhrtala T, Ogundeji,M (2013), Computerized Accounting Information Systems and
Perceived Security Threats in Developing Economies: The Nigerian Case, Universal
Journal of Accounting and Finance.
15) Ryan, S. and Bordoloi, B. (1997). Evaluating security threats in mainframe and
client/server environments, Information & Management, 32(3), pp.137-146.
16) Siponen, M. (2000). A conceptual foundation for organizational information security
awareness. Information Management & Comp Security, 8(1), pp.31-41.
17) Webb White, G. and Pearson, S. (2001). Controlling corporate email, PC use and
computer security, Information Management & Comp Security, 9(2), pp.88-92.
21
Appendix
The Questionnaire Used in the Empirical Survey
Perceived threat of computerized accounting information systems
towards cyber-crimes in Sri Lanka.
Sir/Madam
I am undergraduate of Department of Accounting, USJP, and in the process of
conducting
a
research
project
under
the
subject
area
of Artificial Neural Network. The purpose of this research is to assess
22
23
1- 5
6-11
1-15
16-20
4.
What is your current job title?
Internal auditor
Staff accountant
Cost accountant
IT Controller
Accountant
Other - please list ______________________________
5.
How many years of experience do you have at your current
position?
1 5 Years
5 10 Years
10 15 Years
15 20 Years
Above 20 Years
6.
Your accounting system is: (Please, tick)
Manual, no computers are used.
a combination of manual and computer processed.
strongly computerized.
7.
When did your company established?
1 5 Years ago
5 10 Years ago
10 15 Years ago
15 20 Years ago
Above 20 Years ago
8.
What Accounting Information system are you using currently?
Account Mate
SAP
Oracle
Sage
QuickBooks
Other Please Specify .
How many followers/Branches/Subsidiaries do you have with this
system
24
1- 50
51-100
101-150
151-200
Average Annual Net Income of your company for past 5 years is
within (LKR).
Net loss
0 - 500,000
500,000 - 1000,000
1000,000 - 1500,000
Above 1500,000
14. How many employees have been granted the access to the
system?
1 10
10 20
20 50
50 100
Above 100
15. Are every users protected with passwords?
Yes
No
Please, indicate the frequencies of each threat by ticking the appropriate place
Accounting information systems threats
Less
than
once
a
year
Criteria
1
6 Loss on cyber activity occurred within
1
7
1
8
1
9
2
0
2
1
2
25
Once
a
year
to
mont
hly
Once
a
mont
h to
week
ly
Once
a
week
to
daily
Daily
or
more
freque
ntly
2 employees is
2 Intentional destruction of data by
3 employees is
2
4
2
5
3
1
3
2
3
3
3
4
3
5
3
6
3
7
3
8
3
9
4
0
4
1
4
2
26