IDEAS home Printed from https://ideas.repec.org/a/eme/majpps/maj-02-2018-1804.html
   My bibliography  Save this article

Cyber security assurance process from the internal audit perspective

Author

Listed:
  • Sezer Bozkus Kahyaoglu
  • Kiymet Caliyurt

Abstract

Purpose - The purpose of this study is to analyze the cybersecurity assurance approaches to determine the key issues and weaknesses within the internal audit and risk management perspective. Organizations increasingly rely on digital data to drive their growth and they are interconnected in a complex web to a multitude of stakeholders. Design/methodology/approach - In this paper, cybersecurity is defined, and cybersecurity assurance model is explained based on the relevant literature. In addition, the role of internal auditing is introduced within this new business landscape. Finally, recommendations are made to provide best practices for stakeholders. Findings - There are four major cyber-focused standards and frameworks in the current literature, namely, Control Objectives for Information and Related Technology, International Organization for Standardization, The American Institute of Certified Public Accountants and National Institute of Standards and Technology. In addition, there are many mechanisms in existence and operation currently which support cybersecurity assurance to prevent major threats. These include risk assessment, risk treatment, risk management, security assurance and auditing. Research limitations/implications - Cyber risk is not something that can be avoided; instead, it must be managed. Hence, it is very important to maintain formal documentation on related cyber controls. Internal audit should be an integral part of cybersecurity assurance process, as internal audit have a unique position to look across organizations. The contribution of internal audit also provides comfort to the Board and Audit Committee. Practical implications - A model is introduced how the internal audit and information security functions could work together to support organizations accomplish a cost-effective level of information security. The key issues and approaches are explained for how to become a trusted cybersecurity advisor and a sample cybersecurity awareness program checklist is provided atAppendix 1. Social implications - Considering cybersecurity threats grow with speed, complexity, and impact, organizations are no longer satisfied with an answer to a question like “are we secure?” instead, they need the answer for such a question like “how to give a reasonable assurance that our business will be secure enough?”. In that respect, the role of internal audit is discussed based on the relevant literature and the current condition of the business environment. Originality/value - A model is introduced how the internal audit and information security functions could work together to support organizations accomplish a cost-effective level of information security. The key issues and approaches are explained for how to become a trusted cybersecurity advisor and a sample cybersecurity awareness program checklist is provided atAppendix 1.

Suggested Citation

  • Sezer Bozkus Kahyaoglu & Kiymet Caliyurt, 2018. "Cyber security assurance process from the internal audit perspective," Managerial Auditing Journal, Emerald Group Publishing Limited, vol. 33(4), pages 360-376, May.
  • Handle: RePEc:eme:majpps:maj-02-2018-1804
    DOI: 10.1108/MAJ-02-2018-1804
    as

    Download full text from publisher

    File URL: https://www.emerald.com/insight/content/doi/10.1108/MAJ-02-2018-1804/full/html?utm_source=repec&utm_medium=feed&utm_campaign=repec
    Download Restriction: Access to full text is restricted to subscribers

    File URL: https://www.emerald.com/insight/content/doi/10.1108/MAJ-02-2018-1804/full/pdf?utm_source=repec&utm_medium=feed&utm_campaign=repec
    Download Restriction: Access to full text is restricted to subscribers

    File URL: https://libkey.io/10.1108/MAJ-02-2018-1804?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Slapničar, Sergeja & Axelsen, Micheal & Bongiovanni, Ivano & Stockdale, David, 2023. "A pathway model to five lines of accountability in cybersecurity governance," International Journal of Accounting Information Systems, Elsevier, vol. 51(C).
    2. Asaad Mohammed Ali Wahhab & Baneen Hassoun Jawad & Emad Hamza Abd Alajeli, 2022. "Auditing cybersecurity risks considering the information renaissance and its impact on the continuity of companies," Technium Social Sciences Journal, Technium Science, vol. 35(1), pages 18-28, September.
    3. Slapničar, Sergeja & Vuko, Tina & Čular, Marko & Drašček, Matej, 2022. "Effectiveness of cybersecurity audit," International Journal of Accounting Information Systems, Elsevier, vol. 44(C).
    4. Pizzi, Simone & Venturelli, Andrea & Variale, Michele & Macario, Giuseppe Pio, 2021. "Assessing the impacts of digital transformation on internal auditing: A bibliometric analysis," Technology in Society, Elsevier, vol. 67(C).
    5. Abdulwahab Mujalli, 2024. "Factors Affecting the Implementation of Risk-Based Internal Auditing," JRFM, MDPI, vol. 17(5), pages 1-20, May.
    6. Petar Radanliev & David De Roure, 2021. "Epistemological and Bibliometric Analysis of Ethics and Shared Responsibility—Health Policy and IoT Systems," Sustainability, MDPI, vol. 13(15), pages 1-20, July.
    7. Rajan, Rishabh & Rana, Nripendra P. & Parameswar, Nakul & Dhir, Sanjay & Sushil, & Dwivedi, Yogesh K., 2021. "Developing a modified total interpretive structural model (M-TISM) for organizational strategic cybersecurity management," Technological Forecasting and Social Change, Elsevier, vol. 170(C).
    8. Nathanael Betti & Steven DeSimone & Joy Gray, 2022. "The impacts of the use of data analytics and the performance of consulting activities on perceived internal audit quality," Working Papers 2202, College of the Holy Cross, Department of Economics.

    More about this item

    Keywords

    Cybersecurity; Assurance; Internal auditing; Cyber risk; G3; D8; M14;
    All these keywords.

    JEL classification:

    • G3 - Financial Economics - - Corporate Finance and Governance
    • D8 - Microeconomics - - Information, Knowledge, and Uncertainty
    • M14 - Business Administration and Business Economics; Marketing; Accounting; Personnel Economics - - Business Administration - - - Corporate Culture; Diversity; Social Responsibility

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eme:majpps:maj-02-2018-1804. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Emerald Support (email available below). General contact details of provider: .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.