IDEAS home Printed from https://ideas.repec.org/a/eee/ijoais/v13y2012i3p228-243.html

The relationship between internal audit and information security: An exploratory investigation

Author

Listed:
  • Steinbart, Paul John
  • Raschke, Robyn L.
  • Gal, Graham
  • Dilla, William N.

Abstract

The internal audit and information security functions should work together synergistically: the information security staff designs, implements, and operates various procedures and technologies to protect the organization's information resources, and internal audit provides periodic feedback concerning effectiveness of those activities along with suggestions for improvement. Anecdotal reports in the professional literature, however, suggest that the two functions do not always have a harmonious relationship. This paper presents the first stage of a research program designed to investigate the nature of the relationship between the information security and internal audit functions. It reports the results of a series of semi-structured interviews with both internal auditors and information systems professionals. We develop an exploratory model of the factors that influence the nature of the relationship between the internal audit and information security functions, describe the potential benefits organizations can derive from that relationship, and present propositions to guide future research.

Suggested Citation

  • Steinbart, Paul John & Raschke, Robyn L. & Gal, Graham & Dilla, William N., 2012. "The relationship between internal audit and information security: An exploratory investigation," International Journal of Accounting Information Systems, Elsevier, vol. 13(3), pages 228-243.
    • Handle: RePEc:eee:ijoais:v:13:y:2012:i:3:p:228-243
    DOI: 10.1016/j.accinf.2012.06.007
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1467089512000383
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.accinf.2012.06.007?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to

    for a different version of it.

    References listed on IDEAS

    as
    1. Sam Ransbotham & Sabyasachi Mitra, 2009. "Choice and Chance: A Conceptual Model of Paths to Information Security Compromise," Information Systems Research, INFORMS, vol. 20(1), pages 121-139, March.
    2. John D'Arcy & Anat Hovav & Dennis Galletta, 2009. "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research, INFORMS, vol. 20(1), pages 79-98, March.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Stéphane Lhuillery & Marion Tellechea & Stéphanie Thiery, 2021. "Open innovation in managerial innovation: the case of internal audit," Working Papers of BETA 2021-19, Bureau d'Economie Théorique et Appliquée, UDS, Strasbourg.
    2. Lhuillery, Stéphane & Tellechea, Marion & Thiéry, Stéphanie, 2023. "Innovation in lieu of compliance: Internal audit departments’ standardized and non-standardized knowledge sources," Technovation, Elsevier, vol. 123(C).
    3. Steinbart, Paul John & Raschke, Robyn L. & Gal, Graham & Dilla, William N., 2018. "The influence of a good relationship between the internal audit and information security functions on information security outcomes," Accounting, Organizations and Society, Elsevier, vol. 71(C), pages 15-29.
    4. Prastika Suwandi Tjeng & Rina Nopianti, 2021. "The Effect of Auditor's Technical Abilities on the Quality of Financial Statement Information," International Journal of Economics and Finance, Canadian Center of Science and Education, vol. 13(6), pages 129-129, June.
    5. Calvin, Christopher & Eulerich, Marc & Holt, Matthew, 2025. "Characteristics of cybersecurity and IT involvement by the IA activity," International Journal of Accounting Information Systems, Elsevier, vol. 56(C).
    6. Olayinka Adedayo Erin & Adebola Daniel Kolawole & Abdurafiu Olaiya Noah, 2020. "Risk governance and cybercrime: the hierarchical regression approach," Future Business Journal, Springer, vol. 6(1), pages 1-15, December.
    7. Stéphane Lhuillery & Marion Tellechea & Stéphanie Thiéry, 2023. "Innovation in lieu of compliance: Internal audit departments’ standardized and non-standardized knowledge sources," Post-Print hal-04056227, HAL.
    8. Kocsis, David, 2019. "A conceptual foundation of design and implementation research in accounting information systems," International Journal of Accounting Information Systems, Elsevier, vol. 34(C), pages 1-1.
    9. Victoria STANCIU, 2018. "Public internal audit – the awareness and necessity assumption. An investigation of the Romanian reality," The Audit Financiar journal, Chamber of Financial Auditors of Romania, vol. 16(152), pages 544-544.
    10. Sylvie Héroux & Anne Fortin, 2025. "How the three lines of defense can contribute to public firms’ cybersecurity effectiveness," International Journal of Disclosure and Governance, Palgrave Macmillan, vol. 22(2), pages 377-396, June.
    11. Rahimian, Firoozeh & Bajaj, Akhilesh & Bradley, Wray, 2016. "Estimation of deficiency risk and prioritization of information security controls: A data-centric approach," International Journal of Accounting Information Systems, Elsevier, vol. 20(C), pages 38-64.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Debabrata Dey & Abhijeet Ghoshal & Atanu Lahiri, 2022. "Circumventing Circumvention: An Economic Analysis of the Role of Education and Enforcement," Management Science, INFORMS, vol. 68(4), pages 2914-2931, April.
    2. Carol Hsu & Jae-Nam Lee & Detmar W. Straub, 2012. "Institutional Influences on Information Systems Security Innovations," Information Systems Research, INFORMS, vol. 23(3-part-2), pages 918-939, September.
    3. Paul Lowry & Clay Posey & Tom Roberts & Rebecca Bennett, 2014. "Is Your Banker Leaking Your Personal Information? The Roles of Ethics and Individual-Level Cultural Characteristics in Predicting Organizational Computer Abuse," Journal of Business Ethics, Springer, vol. 121(3), pages 385-401, May.
    4. Sabyasachi Mitra & Sam Ransbotham, 2015. "Information Disclosure and the Diffusion of Information Security Attacks," Information Systems Research, INFORMS, vol. 26(3), pages 565-584, September.
    5. Seung Hyun Kim & Juhee Kwon, 2019. "How Do EHRs and a Meaningful Use Initiative Affect Breaches of Patient Information?," Information Systems Research, INFORMS, vol. 30(4), pages 1184-1202, December.
    6. Kjell Hausken, 2017. "Information Sharing Among Cyber Hackers in Successive Attacks," International Game Theory Review (IGTR), World Scientific Publishing Co. Pte. Ltd., vol. 19(02), pages 1-33, June.
    7. Simon Trang & Benedikt Brendel, 2019. "A Meta-Analysis of Deterrence Theory in Information Security Policy Compliance Research," Information Systems Frontiers, Springer, vol. 21(6), pages 1265-1284, December.
    8. Dayangku Horiah Awang Gani & Assoc. Prof. Dr. Irwan Kamaruddin Abdul Kadir & Assoc. Prof Ts. Dr. Mohd Razilan Abdul Kadir, 2024. "Analyzing Rejected Hypotheses in Information System Effectiveness of Electronic Document Management System," International Journal of Research and Innovation in Social Science, International Journal of Research and Innovation in Social Science (IJRISS), vol. 8(12), pages 4101-4108, December.
    9. Hemin Jiang & Mikko Siponen & Zhenhui (Jack) Jiang & Aggeliki Tsohou, 2024. "The Impacts of Internet Monitoring on Employees’ Cyberloafing and Organizational Citizenship Behavior: A Longitudinal Field Quasi-Experiment," Information Systems Research, INFORMS, vol. 35(3), pages 1175-1194, September.
    10. Binglong Zheng & Daniel Tse & Jiajing Ma & Xuanyi Lang & Yinli Lu, 2023. "An Empirical Study of SETA Program Sustaining Educational Sector’s Information Security vs. Information Systems Misuse," Sustainability, MDPI, vol. 15(17), pages 1-17, August.
    11. Kumju Hwang & Hyemi Um, 2021. "Social Controls and Bonds of Public Information Consumer on Sustainable Utilization and Provision for Computing," Sustainability, MDPI, vol. 13(9), pages 1-20, May.
    12. Sanghyun Kim & Bora Kim & Minsoo Seo, 2020. "Impacts of Sustainable Information Technology Capabilities on Information Security Assimilation: The Moderating Effects of Policy—Technology Balance," Sustainability, MDPI, vol. 12(15), pages 1-24, July.
    13. Jae Kyu Lee & Younghoon Chang & Hun Yeong Kwon & Beopyeon Kim, 2020. "Reconciliation of Privacy with Preventive Cybersecurity: The Bright Internet Approach," Information Systems Frontiers, Springer, vol. 22(1), pages 45-57, February.
    14. Patricia L. Moravec & Antino Kim & Alan R. Dennis, 2020. "Appealing to Sense and Sensibility: System 1 and System 2 Interventions for Fake News on Social Media," Information Systems Research, INFORMS, vol. 31(3), pages 987-1006, September.
    15. Kjell Hausken, 2017. "Security Investment, Hacking, and Information Sharing between Firms and between Hackers," Games, MDPI, vol. 8(2), pages 1-23, May.
    16. Jeffrey D. Wall & Prashant Palvia & John D’Arcy, 2022. "Theorizing the Behavioral Effects of Control Complementarity in Security Control Portfolios," Information Systems Frontiers, Springer, vol. 24(2), pages 637-658, April.
    17. Alhassan Abdul-Wakeel Karakara & Evans S. Osabuohien, 2022. "Threshold effects of ICT access and usage in Burkinabe and Ghanaian households," Information Technology for Development, Taylor & Francis Journals, vol. 28(3), pages 511-531, July.
    18. Hwee-Joo Kam & Thomas Mattson & Sanjay Goel, 2020. "A Cross Industry Study of Institutional Pressures on Organizational Effort to Raise Information Security Awareness," Information Systems Frontiers, Springer, vol. 22(5), pages 1241-1264, October.
    19. A. J. Burns & Clay Posey & Tom L. Roberts, 2021. "Insiders’ Adaptations to Security-Based Demands in the Workplace: An Examination of Security Behavioral Complexity," Information Systems Frontiers, Springer, vol. 23(2), pages 343-360, April.
    20. Eric Jardine, 2020. "The Case against Commercial Antivirus Software: Risk Homeostasis and Information Problems in Cybersecurity," Risk Analysis, John Wiley & Sons, vol. 40(8), pages 1571-1588, August.

    More about this item

    Keywords

    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ijoais:v:13:y:2012:i:3:p:228-243. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-accounting-information-systems/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.