\
 

Start Date

16-8-2018 12:00 AM

Description

Internal Audit Functions (IAFs) are expected to play a critical role in cybersecurity risk management as they play critical role in enterprise risk management. In this emergent research forum, we proposed a research model, based on auditors’ risk assessment that explains how different types of IAFs competencies -1) Information Technology (IT), 2) Governance, Risk, and Compliance (GRC) and 3) Communication competencies- can play a role in information security audit. Since cybersecurity risk management demands concerted effort on the part of different stakeholders including boards, audit committee and so on, the research will shed light on the critical role of IAFs to address cybersecurity risk management. This research contributes to the information system auditing literature by highlighting the importance of auditor competencies in security audit. Furthermore, the findings of the research will help practitioners (external auditors) evaluate control activities when they assess higher security risks in organizations’ information systems. \ \

Share

COinS
 
Aug 16th, 12:00 AM

Internal Audit Function (IAF)’s Competencies and Cybersecurity Audit

Internal Audit Functions (IAFs) are expected to play a critical role in cybersecurity risk management as they play critical role in enterprise risk management. In this emergent research forum, we proposed a research model, based on auditors’ risk assessment that explains how different types of IAFs competencies -1) Information Technology (IT), 2) Governance, Risk, and Compliance (GRC) and 3) Communication competencies- can play a role in information security audit. Since cybersecurity risk management demands concerted effort on the part of different stakeholders including boards, audit committee and so on, the research will shed light on the critical role of IAFs to address cybersecurity risk management. This research contributes to the information system auditing literature by highlighting the importance of auditor competencies in security audit. Furthermore, the findings of the research will help practitioners (external auditors) evaluate control activities when they assess higher security risks in organizations’ information systems. \ \