EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Factors associated with security/cybersecurity audit by internal audit function

Md. Shariful Islam, Nusrat Farah and Thomas F. Stafford

Managerial Auditing Journal, 2018, vol. 33, issue 4, 377-409

Abstract: Purpose - The purpose of the study is to explore the factors associated with the extent of security/cybersecurity audit by the internal audit function (IAF) of the firm. Specifically, the authors focused on whether IAF/CAE (certified audit executive [CAE]) characteristics, board involvement related to governance, role of the audit committee (or equivalent) and the chief risk officer (CRO) and IAF tasked with enterprise risk management (ERM) are associated with the extent to which the firm engages in security/cybersecurity audit. Design/methodology/approach - For analysis, the paper uses responses of 970 CAEs as compiled in the Common Body of Knowledge database (CBOK, 2015) developed by the Institute of Internal Auditors Research Foundation (IIARF). Findings - The results of the study suggest that the extent of security/cybersecurity audit by IAF is significantly and positively associated with IAF competence related to governance, risk and control. Board support regarding governance is also significant and positive. However, the Audit Committee (AC) or equivalent and the CRO role are not significant across the regions studied. Comprehensive risk assessment done by IAF and IAF quality have a significant and positive effect on security/cybersecurity audit. Unexpectedly, CAEs with security certification and IAFs tasked with ERM do not have a significant effect on security/cybersecurity audit; however, other certifications such as CISA or CPA have a marginal or mixed effect on the extent of security/cybersecurity audit. Originality/value - This study is the first to describe IAF involvement in security/cybersecurity audit. It provides insights into the specific IAF/CAE characteristics and corporate governance characteristics that can lead IAF to contribute significantly to security/cybersecurity audit. The findings add to the results of prior studies on the IAF involvement in different IT-related aspects such as IT audit and XBRL implementation and on the role of the board and the audit committee (or its equivalent) in ERM and the detection and correction of security breaches.

Keywords: Internal audit; Cybersecurity; Board governance; M42 (search for similar items in EconPapers)
Date: 2018
References: Add references at CitEc
Citations: View citations in EconPapers (6)

Downloads: (external link)
https://www.emerald.com/insight/content/doi/10.110 ... d&utm_campaign=repec (text/html)
https://www.emerald.com/insight/content/doi/10.110 ... d&utm_campaign=repec (application/pdf)
Access to full text is restricted to subscribers

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:eme:majpps:maj-07-2017-1595

DOI: 10.1108/MAJ-07-2017-1595

Access Statistics for this article

Managerial Auditing Journal is currently edited by Professor Jie Zhou

More articles in Managerial Auditing Journal from Emerald Group Publishing Limited
Bibliographic data for series maintained by Emerald Support ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:eme:majpps:maj-07-2017-1595