The relationship between internal audit and information security: An exploratory investigation

Paul Steinbart, Robyn L. Raschke, Graham Gal, William N. Dilla

Research output: Contribution to journalArticlepeer-review

34 Scopus citations

Abstract

The internal audit and information security functions should work together synergistically: the information security staff designs, implements, and operates various procedures and technologies to protect the organization's information resources, and internal audit provides periodic feedback concerning effectiveness of those activities along with suggestions for improvement. Anecdotal reports in the professional literature, however, suggest that the two functions do not always have a harmonious relationship. This paper presents the first stage of a research program designed to investigate the nature of the relationship between the information security and internal audit functions. It reports the results of a series of semi-structured interviews with both internal auditors and information systems professionals. We develop an exploratory model of the factors that influence the nature of the relationship between the internal audit and information security functions, describe the potential benefits organizations can derive from that relationship, and present propositions to guide future research.

Original languageEnglish (US)
Pages (from-to)228-243
Number of pages16
JournalInternational Journal of Accounting Information Systems
Volume13
Issue number3
DOIs
StatePublished - Sep 1 2012

Keywords

  • Information systems security
  • Internal audit
  • Security behaviors

ASJC Scopus subject areas

  • Management Information Systems
  • Accounting
  • Finance
  • Information Systems and Management

Fingerprint Dive into the research topics of 'The relationship between internal audit and information security: An exploratory investigation'. Together they form a unique fingerprint.

Cite this