IDEAS home Printed from https://ideas.repec.org/a/eme/majpps/maj-07-2017-1595.html
   My bibliography  Save this article

Factors associated with security/cybersecurity audit by internal audit function

Author

Listed:
  • Md. Shariful Islam
  • Nusrat Farah
  • Thomas F. Stafford

Abstract

Purpose - The purpose of the study is to explore the factors associated with the extent of security/cybersecurity audit by the internal audit function (IAF) of the firm. Specifically, the authors focused on whether IAF/CAE (certified audit executive [CAE]) characteristics, board involvement related to governance, role of the audit committee (or equivalent) and the chief risk officer (CRO) and IAF tasked with enterprise risk management (ERM) are associated with the extent to which the firm engages in security/cybersecurity audit. Design/methodology/approach - For analysis, the paper uses responses of 970 CAEs as compiled in the Common Body of Knowledge database (CBOK, 2015) developed by the Institute of Internal Auditors Research Foundation (IIARF). Findings - The results of the study suggest that the extent of security/cybersecurity audit by IAF is significantly and positively associated with IAF competence related to governance, risk and control. Board support regarding governance is also significant and positive. However, the Audit Committee (AC) or equivalent and the CRO role are not significant across the regions studied. Comprehensive risk assessment done by IAF and IAF quality have a significant and positive effect on security/cybersecurity audit. Unexpectedly, CAEs with security certification and IAFs tasked with ERM do not have a significant effect on security/cybersecurity audit; however, other certifications such as CISA or CPA have a marginal or mixed effect on the extent of security/cybersecurity audit. Originality/value - This study is the first to describe IAF involvement in security/cybersecurity audit. It provides insights into the specific IAF/CAE characteristics and corporate governance characteristics that can lead IAF to contribute significantly to security/cybersecurity audit. The findings add to the results of prior studies on the IAF involvement in different IT-related aspects such as IT audit and XBRL implementation and on the role of the board and the audit committee (or its equivalent) in ERM and the detection and correction of security breaches.

Suggested Citation

  • Md. Shariful Islam & Nusrat Farah & Thomas F. Stafford, 2018. "Factors associated with security/cybersecurity audit by internal audit function," Managerial Auditing Journal, Emerald Group Publishing Limited, vol. 33(4), pages 377-409, April.
    • Handle: RePEc:eme:majpps:maj-07-2017-1595
    DOI: 10.1108/MAJ-07-2017-1595
    as

    Download full text from publisher

    File URL: https://www.emerald.com/insight/content/doi/10.1108/MAJ-07-2017-1595/full/html?utm_source=repec&utm_medium=feed&utm_campaign=repec
    Download Restriction: Access to full text is restricted to subscribers
    File URL: https://www.emerald.com/insight/content/doi/10.1108/MAJ-07-2017-1595/full/pdf?utm_source=repec&utm_medium=feed&utm_campaign=repec
    Download Restriction: Access to full text is restricted to subscribers
    File URL: https://libkey.io/10.1108/MAJ-07-2017-1595?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Stéphane Lhuillery & Marion Tellechea & Stéphanie Thiery, 2021. "Open innovation in managerial innovation: the case of internal audit," Working Papers of BETA 2021-19, Bureau d'Economie Théorique et Appliquée, UDS, Strasbourg.
    2. Rakipi, Romina & De Santis, Federica & D'Onza, Giuseppe, 2021. "Correlates of the internal audit function’s use of data analytics in the big data era: Global evidence," Journal of International Accounting, Auditing and Taxation, Elsevier, vol. 42(C).
    3. Slapničar, Sergeja & Vuko, Tina & Čular, Marko & Drašček, Matej, 2022. "Effectiveness of cybersecurity audit," International Journal of Accounting Information Systems, Elsevier, vol. 44(C).
    4. Ya-Fang Wang & Yu-Chu Hsieh, 2023. "Credit Rating and Board Evaluation of Family Firms," International Journal of Business and Economic Sciences Applied Research (IJBESAR), International Hellenic University (IHU), Kavala Campus, Greece (formerly Eastern Macedonia and Thrace Institute of Technology - EMaTTech), vol. 16(1), pages 7-18, October.
    5. Masoud, Najeb & Al-Utaibi, Ghassan, 2022. "The determinants of cybersecurity risk disclosure in firms’ financial reporting: Empirical evidence," Research in Economics, Elsevier, vol. 76(2), pages 131-140.

    More about this item

    Keywords

    Internal audit; Cybersecurity; Board governance; M42;
    All these keywords.

    JEL classification:

    • M42 - Business Administration and Business Economics; Marketing; Accounting; Personnel Economics - - Accounting - - - Auditing

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eme:majpps:maj-07-2017-1595. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Emerald Support (email available below). General contact details of provider: .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.