Internal audits play an important role in risk mitigation, security governance, and information assurance in an organization. This research presents a processual model to conceptualize the audit function in an organization by addressing three fundamental questions about internal audits: what, why and how? The proposed model suggests that internal audits are an integral part of overall security governance and thus of an information assurance program in an organization.
Mishra, Sushma, "Information Security Governance and Internal Audits: A Processual Model " (2007). SAIS 2007 Proceedings. 18.