Abstract
Internal auditors and information security professionals both play important roles in protecting an organization's assets. Indeed, there are potential synergistic benefits if they work together. The relationship between the two functions, however, is not always supportive. This paper presents the results of a survey of information security professionals' perceptions about the nature of the relationship between the information security and internal audit functions in their organization. We find that information security professionals' perceptions about the level of technical expertise possessed by internal auditors and the extent of internal audit review of information security are positively related to their assessment about the quality of the relationship between the two functions. We also find that the quality of the relationship between the internal audit and information security functions is positively associated with perceptions about the value provided by internal audit and, most important, with measures of overall effectiveness of the organization's information security endeavors. We discuss the implications of our findings for both research and practice.
| Original language | English (US) |
|---|---|
| Pages (from-to) | 65-86 |
| Number of pages | 22 |
| Journal | Journal of Information Systems |
| Volume | 27 |
| Issue number | 2 |
| DOIs | |
| State | Published - Dec 2013 |
Fingerprint
Keywords
- Information security governance
- Information systems security
- Internal audit
- Perceptions
- Survey
ASJC Scopus subject areas
- Information Systems and Management
- Software
- Human-Computer Interaction
- Management of Technology and Innovation
- Management Information Systems
- Accounting
- Information Systems
Cite this
Information security professionals' perceptions about the relationship between the information security and internal audit functions. / Steinbart, Paul; Raschke, Robyn L.; Gal, Graham; Dilla, William N.
In: Journal of Information Systems, Vol. 27, No. 2, 12.2013, p. 65-86.Research output: Contribution to journal › Article
}
TY - JOUR
T1 - Information security professionals' perceptions about the relationship between the information security and internal audit functions
AU - Steinbart, Paul
AU - Raschke, Robyn L.
AU - Gal, Graham
AU - Dilla, William N.
PY - 2013/12
Y1 - 2013/12
N2 - Internal auditors and information security professionals both play important roles in protecting an organization's assets. Indeed, there are potential synergistic benefits if they work together. The relationship between the two functions, however, is not always supportive. This paper presents the results of a survey of information security professionals' perceptions about the nature of the relationship between the information security and internal audit functions in their organization. We find that information security professionals' perceptions about the level of technical expertise possessed by internal auditors and the extent of internal audit review of information security are positively related to their assessment about the quality of the relationship between the two functions. We also find that the quality of the relationship between the internal audit and information security functions is positively associated with perceptions about the value provided by internal audit and, most important, with measures of overall effectiveness of the organization's information security endeavors. We discuss the implications of our findings for both research and practice.
AB - Internal auditors and information security professionals both play important roles in protecting an organization's assets. Indeed, there are potential synergistic benefits if they work together. The relationship between the two functions, however, is not always supportive. This paper presents the results of a survey of information security professionals' perceptions about the nature of the relationship between the information security and internal audit functions in their organization. We find that information security professionals' perceptions about the level of technical expertise possessed by internal auditors and the extent of internal audit review of information security are positively related to their assessment about the quality of the relationship between the two functions. We also find that the quality of the relationship between the internal audit and information security functions is positively associated with perceptions about the value provided by internal audit and, most important, with measures of overall effectiveness of the organization's information security endeavors. We discuss the implications of our findings for both research and practice.
KW - Information security governance
KW - Information systems security
KW - Internal audit
KW - Perceptions
KW - Survey
UR - http://www.scopus.com/inward/record.url?scp=84889799860&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84889799860&partnerID=8YFLogxK
U2 - 10.2308/isys-50510
DO - 10.2308/isys-50510
M3 - Article
AN - SCOPUS:84889799860
VL - 27
SP - 65
EP - 86
JO - Journal of Information Systems
JF - Journal of Information Systems
SN - 0888-7985
IS - 2
ER -