The Influence of Internal Audit on Information System Effectiveness: Perceptions of Internal Auditors
43 Pages Posted: 5 Nov 2015
Date Written: November 3, 2015
Abstract
This paper presents the results of a survey of internal auditors’ perceptions about the nature of the relationship between the information security and the internal audit functions in their organization and the effect of that relationship on their organization’s information security efforts. Internal auditors perceive that increasing the frequency with which they review some information security activities improves the quality of the relationship between the two functions. Considering their role to be that of an advisor more than a policeman also improves the quality of that relationship. However, the quality of the relationship between the internal audit and information security functions does not affect either the number of security incidents or the number of audit findings related to information security issues. Furthermore, the frequency of audit reviews of information security affects the number of audit findings related to information security, but does not affect the number of security incidents. We discuss the implications of our findings for both research and practice.
Keywords: Internal audit, information systems security, information security governance, perceptions, survey
Suggested Citation: Suggested Citation