Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Influence of Internal Audit on Information Security Effectiveness

Published byShinta Susanto Modified over 6 years ago

Similar presentations

Presentation on theme: "The Influence of Internal Audit on Information Security Effectiveness"— Presentation transcript:

1 The Influence of Internal Audit on Information Security Effectiveness
Perceptions of Internal Auditors Graham Gal With Paul Steinbart, Robyn Rascke, and Bill Dilla October 5, 2013

2 Outline Previous Work Method and Hypothesis Results Implications
University of Waterloo

3 Previous Work Impact of monitoring on information security
Monitoring of controls reduces risk (R & M 2009) Monitoring as an enabling process (ITGI 2012) Relationship between IFOSEC and IA Compliance with SOX (Wallace et al. 2011) Infosec perceptions of information security efforts (Steinbart et al. 2013) Frequency of interaction Knowledge of domain Incidents Findings

4 Method and Hypothesis Tested
Data Collection Web Based Survey Subjects -42 Certifications (98%) Work Experience (74% > 10 years) Type of firm For profit 82% Across industries 42% financial services 26% Health/Education/Professional Services

5 Hypothesis Tested H1: Internal auditors’ perceptions about the quality of the relationship between the internal audit and information security functions will be positively related to the number of audit findings related to information security. H2: Internal auditors’ perceptions about the quality of the relationship between the internal audit and information security functions will be negatively related to the frequency of security incidents. H3: The frequency of internal audit reviews of various aspects of their organization’s information security activities will be positively associated with internal auditors’ perceptions about the quality of the relationship between the internal audit and information security functions. H4: The frequency of internal audit reviews of various aspects of their organization’s information security activities will be positively associated the number of audit findings related to information security. H5: The frequency of internal audit reviews of various aspects of their organization’s information security activities will be negatively associated with the number and severity of security incidents.

6 Frequency of Internal Audit Review of Info Security
Quality of Relationship between IA and Infosec H3*** H1 & H2 H4 & H5 Outcomes (Findings and Security Incidents) Top Management Support ***

7 Frequency of Internal Audit Review Financial Items
H3a*** Quality of Relationship between IA and Infosec Frequency of Internal Audit Review Technical Items H4a*** H5a*** H1 Outcomes (Findings) Top Management Support ***

8 Frequency of Internal Audit Review Financial Items
H3b*** Quality of Relationship between IA and Infosec Frequency of Internal Audit Review Technical Items H4b H5b H1 Outcomes (Incidents) Top Management Support ***

9 Implications Frequency improved perceptions of quality of relationship
Similar to our previous work IA mean of overall frequency implies could be more involved Impact on outcomes Relationship is improved by frequency No mediated impact on outcomes (findings or incidents) Decomposed types of reviews “Softer People Oriented” and “Technical” reviews impact findings “Softer People Oriented” and “Technical” reviews do not impact incidents

Download ppt "The Influence of Internal Audit on Information Security Effectiveness"

Similar presentations

CONTROLLER/ BACK OFFICE Roles Qualifications Success Metrics 10-20 years working experience in similar positions CPA or equivalent Knowledge of BPO industry.

CONTROLLER/ BACK OFFICE Roles Qualifications Success Metrics years working experience in similar positions CPA or equivalent Knowledge of BPO industry.
ENGAGE IN A CAREER IN BUSINESS 8/2/2011. ENGAGE IN A CAREER IN BUSINESS Some Job Descriptions Include: Operations Technology Finance Investment Management.

ENGAGE IN A CAREER IN BUSINESS 8/2/2011. ENGAGE IN A CAREER IN BUSINESS Some Job Descriptions Include: Operations Technology Finance Investment Management.
The Influence of Internal Audit on Information Security Effectiveness October 5, 2013 Perceptions of Internal Auditors Graham Gal With Paul Steinbart,

The Influence of Internal Audit on Information Security Effectiveness October 5, 2013 Perceptions of Internal Auditors Graham Gal With Paul Steinbart,
Chapter 7 Consumers’ Evaluation of Service Chapter 7 slides for Marketing for Pharmacists, 2nd Edition.

Chapter 7 Consumers’ Evaluation of Service Chapter 7 slides for Marketing for Pharmacists, 2nd Edition.
Security and Personnel

Security and Personnel
Preparing for an External Quality Assessment of your Quality Assurance and Improvement Program Institute of Internal Auditors El Paso Chapter August 29,

Preparing for an External Quality Assessment of your Quality Assurance and Improvement Program Institute of Internal Auditors El Paso Chapter August 29,
School of Marketing Ehrenberg-Bass Institute for Marketing Science Sales management issues relating to cross-functional selling teams John Wilkinson.

School of Marketing Ehrenberg-Bass Institute for Marketing Science Sales management issues relating to cross-functional selling teams John Wilkinson.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
SOX and IT Audit Programs John R. Robles Thursday, May 31, 2007 Tel: 787-647-396.

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
Spreadsheet Management. Field Interviews with Senior Managers by Caulkins et. al. (2007) report that Spreadsheet errors are common and have been observed.

Spreadsheet Management. Field Interviews with Senior Managers by Caulkins et. al. (2007) report that Spreadsheet errors are common and have been observed.
Discussion of: “The Relationship between Internal Audit and Information Security: An Exploratory Investigation” Severin Grabski Michigan State University.

Discussion of: “The Relationship between Internal Audit and Information Security: An Exploratory Investigation” Severin Grabski Michigan State University.
Information Fusion in Continuous Assurance Discussed by Dr. Graham Gal University of Massachusetts at Amherst University of Waterloo Conference on Information.

Information Fusion in Continuous Assurance Discussed by Dr. Graham Gal University of Massachusetts at Amherst University of Waterloo Conference on Information.
IA Clinic. การเตรียมการตรวจสอบ แผนการ ตรวจสอบ แผนการ ปฏิบัติงาน ตรวจสอบ หารือ หน่วยรับตรวจ รายงานผล การตรวจสอบ ติดตามผล การตรวจสอบ ผลการประเมินความเสี่ยง.

IA Clinic. การเตรียมการตรวจสอบ แผนการ ตรวจสอบ แผนการ ปฏิบัติงาน ตรวจสอบ หารือ หน่วยรับตรวจ รายงานผล การตรวจสอบ ติดตามผล การตรวจสอบ ผลการประเมินความเสี่ยง.
The Value of Patient Education Kiosks Jackie A. Smith, Ph.D. April 12, 2000.

The Value of Patient Education Kiosks Jackie A. Smith, Ph.D. April 12, 2000.
© The HPO 2003 Overview of ‘on-line’ process auditing ‘ the future of auditing… …is here’

© The HPO 2003 Overview of ‘on-line’ process auditing ‘ the future of auditing… …is here’
The CPA Profession Chapter 2 By Arens et. al. Learning Objective 1 Describe the nature of CPA firms, what they do, and their structure.

The CPA Profession Chapter 2 By Arens et. al. Learning Objective 1 Describe the nature of CPA firms, what they do, and their structure.
The Sarbanes-Oxley Act of 2002 1 PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 What Companies Should Be Doing Now.

The Sarbanes-Oxley Act of PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 What Companies Should Be Doing Now.
Frequency Judgments in an Auditing-Related Task By: Jane Butt Presenter: Sara Aliabadi November 20, 2008 1.

Frequency Judgments in an Auditing-Related Task By: Jane Butt Presenter: Sara Aliabadi November 20,
CMGT400 Intro to Information Assurance and Security (University of Phoenix) Lecture, Week 5 Tom Olzak, MBA, CISSP.

CMGT400 Intro to Information Assurance and Security (University of Phoenix) Lecture, Week 5 Tom Olzak, MBA, CISSP.
Bruce Hallas Director Marmalade Box Ltd. UK Business Comparison of Information Security Incidents & Financial Impact Corporate UK SME UK 25% ↓ in number.

Bruce Hallas Director Marmalade Box Ltd. UK Business Comparison of Information Security Incidents & Financial Impact Corporate UK SME UK 25% ↓ in number.

Similar presentations

Ads by Google