Abstract
Internal auditors and information security professionals both play important roles in protecting an organization's assets. Indeed, there are potential synergistic benefits if they work together. The relationship between the two functions, however, is not always supportive. This paper presents the results of a survey of information security professionals' perceptions about the nature of the relationship between the information security and internal audit functions in their organization. We find that information security professionals' perceptions about the level of technical expertise possessed by internal auditors and the extent of internal audit review of information security are positively related to their assessment about the quality of the relationship between the two functions. We also find that the quality of the relationship between the internal audit and information security functions is positively associated with perceptions about the value provided by internal audit and, most important, with measures of overall effectiveness of the organization's information security endeavors. We discuss the implications of our findings for both research and practice.
| Original language | English (US) |
|---|---|
| Pages (from-to) | 65-86 |
| Number of pages | 22 |
| Journal | Journal of Information Systems |
| Volume | 27 |
| Issue number | 2 |
| DOIs | |
| State | Published - Dec 1 2013 |
Keywords
- Information security governance
- Information systems security
- Internal audit
- Perceptions
- Survey
ASJC Scopus subject areas
- Management Information Systems
- Software
- Information Systems
- Accounting
- Human-Computer Interaction
- Information Systems and Management
- Management of Technology and Innovation