The Influence of Internal Audit on Information Security Effectiveness

Slides:



Advertisements
Similar presentations
CONTROLLER/ BACK OFFICE Roles Qualifications Success Metrics years working experience in similar positions CPA or equivalent Knowledge of BPO industry.
Advertisements

ENGAGE IN A CAREER IN BUSINESS 8/2/2011. ENGAGE IN A CAREER IN BUSINESS Some Job Descriptions Include: Operations Technology Finance Investment Management.
The Influence of Internal Audit on Information Security Effectiveness October 5, 2013 Perceptions of Internal Auditors Graham Gal With Paul Steinbart,
Chapter 7 Consumers’ Evaluation of Service Chapter 7 slides for Marketing for Pharmacists, 2nd Edition.
Security and Personnel
Preparing for an External Quality Assessment of your Quality Assurance and Improvement Program Institute of Internal Auditors El Paso Chapter August 29,
School of Marketing Ehrenberg-Bass Institute for Marketing Science Sales management issues relating to cross-functional selling teams John Wilkinson.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
Spreadsheet Management. Field Interviews with Senior Managers by Caulkins et. al. (2007) report that Spreadsheet errors are common and have been observed.
Discussion of: “The Relationship between Internal Audit and Information Security: An Exploratory Investigation” Severin Grabski Michigan State University.
Information Fusion in Continuous Assurance Discussed by Dr. Graham Gal University of Massachusetts at Amherst University of Waterloo Conference on Information.
IA Clinic. การเตรียมการตรวจสอบ แผนการ ตรวจสอบ แผนการ ปฏิบัติงาน ตรวจสอบ หารือ หน่วยรับตรวจ รายงานผล การตรวจสอบ ติดตามผล การตรวจสอบ ผลการประเมินความเสี่ยง.
The Value of Patient Education Kiosks Jackie A. Smith, Ph.D. April 12, 2000.
© The HPO 2003 Overview of ‘on-line’ process auditing ‘ the future of auditing… …is here’
The CPA Profession Chapter 2 By Arens et. al. Learning Objective 1 Describe the nature of CPA firms, what they do, and their structure.
The Sarbanes-Oxley Act of PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 What Companies Should Be Doing Now.
Frequency Judgments in an Auditing-Related Task By: Jane Butt Presenter: Sara Aliabadi November 20,
CMGT400 Intro to Information Assurance and Security (University of Phoenix) Lecture, Week 5 Tom Olzak, MBA, CISSP.
Bruce Hallas Director Marmalade Box Ltd. UK Business Comparison of Information Security Incidents & Financial Impact Corporate UK SME UK 25% ↓ in number.
1 The Auditor’s Perspective Division of Sponsored Research Research Administration Training Series Presented by: Joe Cannella Audit Manager,
1 IT Control Weaknesses, IT Governance and Firm Performance Efrim Boritz Jee-Hae Lim University of Waterloo UWCISA: October 11-13, 2007, Toronto.
Audit Partner Disclosure: Potential Implications for Investor Reaction and Auditor Independence Tamara A. Lambert Benjamin L. Luippold Chad M. Stefaniak.
1 Report of the Controller and Auditor-General Civil Aviation Authority: Certification and Surveillance Functions CAA Progress Report To Select Committee.
Discussion of “ Comparing the Attitudes and Activities of Internal Auditors in Australia, Canada, and the United States Regarding Green IT,” by Glen Gray,
SME Security. Articulate the major security risks and legal compliance issues for an SME.Explain and justify approaches of investment on InfoSec controls,
1 Information Technology (IT) Auditing & Control Instructor: Dr. Princely Ifinedo Cape Breton University (CBU)
The Independent and Joint Effects of the Skill and Physical bases of Relatedness in Diversification Farjoun, 1998, Strategic Management Journal Presented.
Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
An Interactive Discussion: Contemporary Research on IS Auditors and Automated Controls Dr. Daniel Selby University Of Richmond ISACA VA January 20, 2011.
Examining the Potential Benefits of Internal Control Monitoring Technology Adi Masli, Gary Peters and Vernon Richardson Juan Manuel Sanchez Sam M. Walton.
19-April-02 The effects of auditor type and information system risk on the implementation of continuous monitoring of financial information systems. Richard.
Interfirm Trust, Dependence and Joint Action as Antecedents of Information Quality Paul Forster Information Systems & Management Hong Kong University of.
Thursday 4 October 2001 Paul Duffy - Bill McConnell - John Ryan Compliance Review GIRO / CAS Convention 2001.
Auditing of Performance A conceptual discussion. Auditing of performance To demonstrate and discuss the differences between auditing of performance information.
Continuous Monitoring and Gaining External Audit Reliance.
International Federation of Accountants Audit Quality Don Thomson IESBA Board Meeting New York, USA October 17-19, 2011.
The Impact of Presenting Financial Information in a Distorted Format on Investor Judgments Diane J. Janvrin April 19, 2010 Thanks to Bill Dilla and Robyn.
Changing IT Managing Networks in a New Reality Alex Bakman Founder and CEO Ecora Software.
Corporate Governance and Financial Reporting Research Discussion of “Fraud type and auditor litigation: An analysis of SEC accounting and auditing enforcement.
Page 1 MANAGING OFFSHORE OUTSOURCING OF SOFTWARE TESTING ROBIN POSTON, JUDITH SIMON, RADHIKA JAIN Workshop on Advances and Innovations in Systems Testing.
F8: Audit and Assurance. 2 Designed to give you knowledge and application of: Section A: Audit Framework and Regulation Section B: Internal audit Section.
Governance, Risk and Ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.
Dr. Ir. Yeffry Handoko Putra
MGMT 452 Corporate Social Responsibility
MGMT 452 Corporate Social Responsibility
NYSICA 2016Membership survey
Figure 2.1 The product life cycle.
Procurement: Use of Metrics
Corporate Governance and Financial Reporting Research
LEARNING OBJECTIVES AFTER READING THIS CHAPTER YOU SHOULD BE ABLE TO:
Ing. Athanasios Podaras, Ph.D 2017
Audit Quality Of Outsourced Information Technology Controls
Human resource issues in strategic operations management
ACC 599 Competitive Success-- snaptutorial.com
ACC 599 Education for Service-- snaptutorial.com
ACC 599 Education for Service/tutorialrank.com
ACC 599 Teaching Effectively-- snaptutorial.com
ACC 599 Inspiring Innovation-- snaptutorial.com
Other Assurance Services
CHAPTER 4- STRATEGIC SOURCING FOR SUCCESFUL SUPPLY CHAIN MANAGEMENT
Student Names School Name Teacher’s Name Date
An Interactive Discussion: Contemporary Research on IS Auditors and Automated Controls Dr. Daniel Selby University Of Richmond ISACA VA January 20, 2011.
Auditing & Risk Management Value Chain
Student Names School Name Teacher’s Name Date
USE OF PEMPAL KNOWLEDGE PRODUCTS
Traditional Meana (SD)
KEY INITIATIVE Internal Control and Technical Accounting
WELCOME TO MELSAFE. INTERNAL AUDIT SERVICES OUR INTERNAL AUDIT SERVICES HELP FIRMS DEVELOP A CLEAR PICTURE OF THE INTERNAL AUDIT'S STRATEGIC ROLE WITHIN.
Presentation transcript:

The Influence of Internal Audit on Information Security Effectiveness Perceptions of Internal Auditors Graham Gal With Paul Steinbart, Robyn Rascke, and Bill Dilla October 5, 2013

Outline Previous Work Method and Hypothesis Results Implications University of Waterloo

Previous Work Impact of monitoring on information security Monitoring of controls reduces risk (R & M 2009) Monitoring as an enabling process (ITGI 2012) Relationship between IFOSEC and IA Compliance with SOX (Wallace et al. 2011) Infosec perceptions of information security efforts (Steinbart et al. 2013) Frequency of interaction Knowledge of domain Incidents Findings

Method and Hypothesis Tested Data Collection Web Based Survey Subjects -42 Certifications (98%) Work Experience (74% > 10 years) Type of firm For profit 82% Across industries 42% financial services 26% Health/Education/Professional Services

Hypothesis Tested H1: Internal auditors’ perceptions about the quality of the relationship between the internal audit and information security functions will be positively related to the number of audit findings related to information security. H2: Internal auditors’ perceptions about the quality of the relationship between the internal audit and information security functions will be negatively related to the frequency of security incidents. H3: The frequency of internal audit reviews of various aspects of their organization’s information security activities will be positively associated with internal auditors’ perceptions about the quality of the relationship between the internal audit and information security functions. H4: The frequency of internal audit reviews of various aspects of their organization’s information security activities will be positively associated the number of audit findings related to information security. H5: The frequency of internal audit reviews of various aspects of their organization’s information security activities will be negatively associated with the number and severity of security incidents.

Frequency of Internal Audit Review of Info Security Quality of Relationship between IA and Infosec H3*** H1 & H2 H4 & H5 Outcomes (Findings and Security Incidents) Top Management Support ***

Frequency of Internal Audit Review Financial Items H3a*** Quality of Relationship between IA and Infosec Frequency of Internal Audit Review Technical Items H4a*** H5a*** H1 Outcomes (Findings) Top Management Support ***

Frequency of Internal Audit Review Financial Items H3b*** Quality of Relationship between IA and Infosec Frequency of Internal Audit Review Technical Items H4b H5b H1 Outcomes (Incidents) Top Management Support ***

Implications Frequency improved perceptions of quality of relationship Similar to our previous work IA mean of overall frequency implies could be more involved Impact on outcomes Relationship is improved by frequency No mediated impact on outcomes (findings or incidents) Decomposed types of reviews “Softer People Oriented” and “Technical” reviews impact findings “Softer People Oriented” and “Technical” reviews do not impact incidents

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.