IDEAS home Printed from https://ideas.repec.org/a/eee/ijoais/v56y2025ics1467089525000028.html

Characteristics of cybersecurity and IT involvement by the IA activity

Author

Listed:
  • Calvin, Christopher
  • Eulerich, Marc
  • Holt, Matthew

Abstract

We provide the first, large scale, global study on the characteristics associated with an internal audit function’s involvement in IT and cybersecurity assurance. Using a unique dataset of 1,142 survey responses, we identify internal audit development (i.e., level of maturity) and two characteristics of internal audit knowledge availability (CAE IT certification and external sourcing) as being positively associated with the performance of IT assurance, cybersecurity assurance, or both. Our findings are informative to academia, laying the groundwork for further exploration of internal audit’s engagement in IT and cybersecurity assurance. They are also informative to practice, as they provide insight to standard setters, practitioners, management, and governance bodies about characteristics that can enhance internal audit’s ability to provide IT and cybersecurity assurance.

Suggested Citation

  • Calvin, Christopher & Eulerich, Marc & Holt, Matthew, 2025. "Characteristics of cybersecurity and IT involvement by the IA activity," International Journal of Accounting Information Systems, Elsevier, vol. 56(C).
  • Handle: RePEc:eee:ijoais:v:56:y:2025:i:c:s1467089525000028
    DOI: 10.1016/j.accinf.2025.100726
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1467089525000028
    Download Restriction: Full text for ScienceDirect subscribers only

    File URL: https://libkey.io/10.1016/j.accinf.2025.100726?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to

    for a different version of it.

    References listed on IDEAS

    as
    1. repec:eme:maj000:maj-02-2018-1804 is not listed on IDEAS
    2. Sezer Bozkus Kahyaoglu & Kiymet Caliyurt, 2018. "Cyber security assurance process from the internal audit perspective," Managerial Auditing Journal, Emerald Group Publishing Limited, vol. 33(4), pages 360-376, May.
    3. Lawrence J. Abbott & Brian Daugherty & Susan Parker & Gary F. Peters, 2016. "Internal Audit Quality and Financial Reporting Quality: The Joint Importance of Independence and Competence," Journal of Accounting Research, John Wiley & Sons, Ltd., vol. 54(1), pages 3-40, March.
    4. Paul Coram & Colin Ferguson & Robyn Moroney, 2008. "Internal audit, alternative internal audit structures and the level of misappropriation of assets fraud," Accounting and Finance, Accounting and Finance Association of Australia and New Zealand, vol. 48(4), pages 543-559, December.
    5. Steinbart, Paul John & Raschke, Robyn L. & Gal, Graham & Dilla, William N., 2012. "The relationship between internal audit and information security: An exploratory investigation," International Journal of Accounting Information Systems, Elsevier, vol. 13(3), pages 228-243.
    6. Steinbart, Paul John & Raschke, Robyn L. & Gal, Graham & Dilla, William N., 2018. "The influence of a good relationship between the internal audit and information security functions on information security outcomes," Accounting, Organizations and Society, Elsevier, vol. 71(C), pages 15-29.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Tang, Rui & Li, Mingyu, 2026. "Cybersecurity and corporate resilience –a study based on listed companies in China," Technology in Society, Elsevier, vol. 84(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Sylvie Héroux & Anne Fortin, 2025. "How the three lines of defense can contribute to public firms’ cybersecurity effectiveness," International Journal of Disclosure and Governance, Palgrave Macmillan, vol. 22(2), pages 377-396, June.
    2. Slapničar, Sergeja & Axelsen, Micheal & Bongiovanni, Ivano & Stockdale, David, 2023. "A pathway model to five lines of accountability in cybersecurity governance," International Journal of Accounting Information Systems, Elsevier, vol. 51(C).
    3. Chelsea Liu & Muhammad Ali Babar, 2026. "Corporate cybersecurity risk and data breaches: A systematic review of empirical research," Australian Journal of Management, Australian School of Business, vol. 51(1), pages 62-92, February.
    4. Wu, Tung-Hsien & Huang, Shaio Yan & Chiu, An-An & Yen, David C., 2024. "IT governance and IT controls: Analysis from an internal auditing perspective," International Journal of Accounting Information Systems, Elsevier, vol. 52(C).
    5. Slapničar, Sergeja & Vuko, Tina & Čular, Marko & Drašček, Matej, 2022. "Effectiveness of cybersecurity audit," International Journal of Accounting Information Systems, Elsevier, vol. 44(C).
    6. Yusheng Kong & Peter Yao Lartey & Fatoumata Binta Maci Bah & Nirmalya B. Biswas, 2018. "The Value of Public Sector Risk Management: An Empirical Assessment of Ghana," Administrative Sciences, MDPI, vol. 8(3), pages 1-18, July.
    7. Mélanie Roussy & Alexandre Perron, 2018. "New Perspectives in Internal Audit Research: A Structured Literature Review," Accounting Perspectives, John Wiley & Sons, vol. 17(3), pages 345-385, September.
    8. Wang, Pengmian & Liang, Shuguang, 2025. "Internal audit independence, legal person governance structure, and financial reporting quality," International Review of Economics & Finance, Elsevier, vol. 101(C).
    9. Nan Hu & Xingnan Xue & Ling Liu, 2022. "The impact of air pollution on financial reporting quality: evidence from China," Accounting and Finance, Accounting and Finance Association of Australia and New Zealand, vol. 62(3), pages 3609-3644, September.
    10. Isabel Z. Wang & Neil Fargher, 2017. "The effects of tone at the top and coordination with external auditors on internal auditors’ fraud risk assessments," Accounting and Finance, Accounting and Finance Association of Australia and New Zealand, vol. 57(4), pages 1177-1202, December.
    11. Kocsis, David, 2019. "A conceptual foundation of design and implementation research in accounting information systems," International Journal of Accounting Information Systems, Elsevier, vol. 34(C), pages 1-1.
    12. Monica Ramos Montesdeoca & Agustín J. Sánchez Medina & Felix Blázquez Santana, 2019. "Research Topics in Accounting Fraud in the 21st Century: A State of the Art," Sustainability, MDPI, vol. 11(6), pages 1-31, March.
    13. Habiba Al‐Shaer & Mahbub Zaman, 2018. "Credibility of sustainability reports: The contribution of audit committees," Business Strategy and the Environment, Wiley Blackwell, vol. 27(7), pages 973-986, November.
    14. Dan Amiram & Zahn Bozanic & James D. Cox & Quentin Dupont & Jonathan M. Karpoff & Richard Sloan, 2018. "Financial reporting fraud and other forms of misconduct: a multidisciplinary review of the literature," Review of Accounting Studies, Springer, vol. 23(2), pages 732-783, June.
    15. Chyz, James A. & Eulerich, Marc & Fligge, Benjamin & Romney, Miles A., 2023. "Codetermination and aggressive reporting: Audit committee employee representation, tax aggressiveness, and earnings management," Journal of International Accounting, Auditing and Taxation, Elsevier, vol. 51(C).
    16. Evren Dilek Sengur, 2012. "Auditors' Perception Of Fraud Prevention Measures: Evidence From Turkey," Annales Universitatis Apulensis Series Oeconomica, Faculty of Sciences, "1 Decembrie 1918" University, Alba Iulia, vol. 1(14), pages 1-11.
    17. Demirović Lejla & Isaković-Kaplan Ševala & Proho Mahir, 2021. "Internal Audit Risk Assessment in the Function of Fraud Detection," Journal of Forensic Accounting Profession, Sciendo, vol. 1(1), pages 35-49, June.
    18. Redhwan Ahmed Al-Dhamari & Bakr Al-Gamrh & Ku Nor Izah Ku Ismail & Samihah Saad Haji Ismail, 2018. "Related party transactions and audit fees: the role of the internal audit function," Journal of Management & Governance, Springer;Accademia Italiana di Economia Aziendale (AIDEA), vol. 22(1), pages 187-212, March.
    19. Christ, Margaret H. & Masli, Adi & Sharp, Nathan Y. & Wood, David A., 2015. "Rotational internal audit programs and financial reporting quality: Do compensating controls help?," Accounting, Organizations and Society, Elsevier, vol. 44(C), pages 37-59.
    20. Blessing Nyakumwa & Newman Wadesango & Lovemore Sitsha, 2023. "The Impact of Internal Audit Function on Corporate Governance: A Case of NSSA, Zimbabwe (2018-2022)," Journal of Economic and Social Development, Clinical Journals Press, vol. 10(02), pages 01-09.

    More about this item

    Keywords

    ;
    ;
    ;

    JEL classification:

    • M42 - Business Administration and Business Economics; Marketing; Accounting; Personnel Economics - - Accounting - - - Auditing
    • M15 - Business Administration and Business Economics; Marketing; Accounting; Personnel Economics - - Business Administration - - - IT Management
    • L86 - Industrial Organization - - Industry Studies: Services - - - Information and Internet Services; Computer Software

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ijoais:v:56:y:2025:i:c:s1467089525000028. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-accounting-information-systems/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.