Start Date
16-8-2018 12:00 AM
Description
Internal Audit Functions (IAFs) are expected to play a critical role in cybersecurity risk management as they play critical role in enterprise risk management. In this emergent research forum, we proposed a research model, based on auditors’ risk assessment that explains how different types of IAFs competencies -1) Information Technology (IT), 2) Governance, Risk, and Compliance (GRC) and 3) Communication competencies- can play a role in information security audit. Since cybersecurity risk management demands concerted effort on the part of different stakeholders including boards, audit committee and so on, the research will shed light on the critical role of IAFs to address cybersecurity risk management. This research contributes to the information system auditing literature by highlighting the importance of auditor competencies in security audit. Furthermore, the findings of the research will help practitioners (external auditors) evaluate control activities when they assess higher security risks in organizations’ information systems. \ \
Recommended Citation
ISLAM, MD. SHARIFUL and LEE, JAEUNG, "Internal Audit Function (IAF)’s Competencies and Cybersecurity Audit" (2018). AMCIS 2018 Proceedings. 7.
https://aisel.aisnet.org/amcis2018/AccountingIS/Presentations/7
Internal Audit Function (IAF)’s Competencies and Cybersecurity Audit
Internal Audit Functions (IAFs) are expected to play a critical role in cybersecurity risk management as they play critical role in enterprise risk management. In this emergent research forum, we proposed a research model, based on auditors’ risk assessment that explains how different types of IAFs competencies -1) Information Technology (IT), 2) Governance, Risk, and Compliance (GRC) and 3) Communication competencies- can play a role in information security audit. Since cybersecurity risk management demands concerted effort on the part of different stakeholders including boards, audit committee and so on, the research will shed light on the critical role of IAFs to address cybersecurity risk management. This research contributes to the information system auditing literature by highlighting the importance of auditor competencies in security audit. Furthermore, the findings of the research will help practitioners (external auditors) evaluate control activities when they assess higher security risks in organizations’ information systems. \ \