Information security professionals' perceptions about the relationship between the information security and internal audit functions

Paul Steinbart, Robyn L. Raschke, Graham Gal, William N. Dilla

Research output: Contribution to journalArticle

15 Citations (Scopus)

Abstract

Internal auditors and information security professionals both play important roles in protecting an organization's assets. Indeed, there are potential synergistic benefits if they work together. The relationship between the two functions, however, is not always supportive. This paper presents the results of a survey of information security professionals' perceptions about the nature of the relationship between the information security and internal audit functions in their organization. We find that information security professionals' perceptions about the level of technical expertise possessed by internal auditors and the extent of internal audit review of information security are positively related to their assessment about the quality of the relationship between the two functions. We also find that the quality of the relationship between the internal audit and information security functions is positively associated with perceptions about the value provided by internal audit and, most important, with measures of overall effectiveness of the organization's information security endeavors. We discuss the implications of our findings for both research and practice.

Original languageEnglish (US)
Pages (from-to)65-86
Number of pages22
JournalJournal of Information Systems
Volume27
Issue number2
DOIs
StatePublished - Dec 2013

Fingerprint

Security of data
Information security
Internal audit function
Internal audit

Keywords

  • Information security governance
  • Information systems security
  • Internal audit
  • Perceptions
  • Survey

ASJC Scopus subject areas

  • Information Systems and Management
  • Software
  • Human-Computer Interaction
  • Management of Technology and Innovation
  • Management Information Systems
  • Accounting
  • Information Systems

Cite this

Information security professionals' perceptions about the relationship between the information security and internal audit functions. / Steinbart, Paul; Raschke, Robyn L.; Gal, Graham; Dilla, William N.

In: Journal of Information Systems, Vol. 27, No. 2, 12.2013, p. 65-86.

Research output: Contribution to journalArticle

Steinbart, Paul ; Raschke, Robyn L. ; Gal, Graham ; Dilla, William N. / Information security professionals' perceptions about the relationship between the information security and internal audit functions. In: Journal of Information Systems. 2013 ; Vol. 27, No. 2. pp. 65-86.
@article{40de90bc3fc94a94a4ab5b816156c1a4,
title = "Information security professionals' perceptions about the relationship between the information security and internal audit functions",
abstract = "Internal auditors and information security professionals both play important roles in protecting an organization's assets. Indeed, there are potential synergistic benefits if they work together. The relationship between the two functions, however, is not always supportive. This paper presents the results of a survey of information security professionals' perceptions about the nature of the relationship between the information security and internal audit functions in their organization. We find that information security professionals' perceptions about the level of technical expertise possessed by internal auditors and the extent of internal audit review of information security are positively related to their assessment about the quality of the relationship between the two functions. We also find that the quality of the relationship between the internal audit and information security functions is positively associated with perceptions about the value provided by internal audit and, most important, with measures of overall effectiveness of the organization's information security endeavors. We discuss the implications of our findings for both research and practice.",
keywords = "Information security governance, Information systems security, Internal audit, Perceptions, Survey",
author = "Paul Steinbart and Raschke, {Robyn L.} and Graham Gal and Dilla, {William N.}",
year = "2013",
month = "12",
doi = "10.2308/isys-50510",
language = "English (US)",
volume = "27",
pages = "65--86",
journal = "Journal of Information Systems",
issn = "0888-7985",
publisher = "American Accounting Association",
number = "2",

}

TY - JOUR

T1 - Information security professionals' perceptions about the relationship between the information security and internal audit functions

AU - Steinbart, Paul

AU - Raschke, Robyn L.

AU - Gal, Graham

AU - Dilla, William N.

PY - 2013/12

Y1 - 2013/12

N2 - Internal auditors and information security professionals both play important roles in protecting an organization's assets. Indeed, there are potential synergistic benefits if they work together. The relationship between the two functions, however, is not always supportive. This paper presents the results of a survey of information security professionals' perceptions about the nature of the relationship between the information security and internal audit functions in their organization. We find that information security professionals' perceptions about the level of technical expertise possessed by internal auditors and the extent of internal audit review of information security are positively related to their assessment about the quality of the relationship between the two functions. We also find that the quality of the relationship between the internal audit and information security functions is positively associated with perceptions about the value provided by internal audit and, most important, with measures of overall effectiveness of the organization's information security endeavors. We discuss the implications of our findings for both research and practice.

AB - Internal auditors and information security professionals both play important roles in protecting an organization's assets. Indeed, there are potential synergistic benefits if they work together. The relationship between the two functions, however, is not always supportive. This paper presents the results of a survey of information security professionals' perceptions about the nature of the relationship between the information security and internal audit functions in their organization. We find that information security professionals' perceptions about the level of technical expertise possessed by internal auditors and the extent of internal audit review of information security are positively related to their assessment about the quality of the relationship between the two functions. We also find that the quality of the relationship between the internal audit and information security functions is positively associated with perceptions about the value provided by internal audit and, most important, with measures of overall effectiveness of the organization's information security endeavors. We discuss the implications of our findings for both research and practice.

KW - Information security governance

KW - Information systems security

KW - Internal audit

KW - Perceptions

KW - Survey

UR - http://www.scopus.com/inward/record.url?scp=84889799860&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84889799860&partnerID=8YFLogxK

U2 - 10.2308/isys-50510

DO - 10.2308/isys-50510

M3 - Article

AN - SCOPUS:84889799860

VL - 27

SP - 65

EP - 86

JO - Journal of Information Systems

JF - Journal of Information Systems

SN - 0888-7985

IS - 2

ER -