Title

The Influence of a Good Relationship between the Internal Audit and Information Security Functions on Information Security Outcomes

Document Type

Article

Publication Date

5-25-2018

Publication Title

Accounting, Organizations and Society

Volume

71

First page number:

15

Last page number:

29

Abstract

Given the increasing financial impact of cybercrime, it has become critical for companies to manage information security risk. The practitioner literature has long argued that the internal audit function (IAF) can play an important role both in providing assurance with respect to information security and in generating insights about how to improve the organization's information security. Nevertheless, there is scant empirical evidence to support this belief. Using a unique data set, this study examines how the quality of the relationship between the internal audit and the information security functions affects objective measures of the overall effectiveness of an organization's information security efforts. The quality of this relationship has a positive effect on the number of reported internal control weaknesses and incidents of noncompliance, as well as on the numbers of security incidents detected, both before and after they caused material harm to the organization. In addition, we find that higher levels of management support for information security and having the chief information security officer (CISO) report independently of the IT function have a positive effect on the quality of the relationship between the internal audit and information security functions.

Keywords

Information security; Internal audit; IT audit; Governance; Risk management; Security metrics

Disciplines

Accounting

Language

English

Find It

UNLV article access

Search your library

Share

COinS