Information security professionals' perceptions about the relationship between the information security and internal audit functions

Paul Steinbart, Robyn L. Raschke, Graham Gal, William N. Dilla

Research output: Contribution to journalArticlepeer-review

18 Scopus citations

Abstract

Internal auditors and information security professionals both play important roles in protecting an organization's assets. Indeed, there are potential synergistic benefits if they work together. The relationship between the two functions, however, is not always supportive. This paper presents the results of a survey of information security professionals' perceptions about the nature of the relationship between the information security and internal audit functions in their organization. We find that information security professionals' perceptions about the level of technical expertise possessed by internal auditors and the extent of internal audit review of information security are positively related to their assessment about the quality of the relationship between the two functions. We also find that the quality of the relationship between the internal audit and information security functions is positively associated with perceptions about the value provided by internal audit and, most important, with measures of overall effectiveness of the organization's information security endeavors. We discuss the implications of our findings for both research and practice.

Original languageEnglish (US)
Pages (from-to)65-86
Number of pages22
JournalJournal of Information Systems
Volume27
Issue number2
DOIs
StatePublished - Dec 1 2013

Keywords

  • Information security governance
  • Information systems security
  • Internal audit
  • Perceptions
  • Survey

ASJC Scopus subject areas

  • Management Information Systems
  • Software
  • Information Systems
  • Accounting
  • Human-Computer Interaction
  • Information Systems and Management
  • Management of Technology and Innovation

Fingerprint Dive into the research topics of 'Information security professionals' perceptions about the relationship between the information security and internal audit functions'. Together they form a unique fingerprint.

Cite this