Impact of the assertive and advisory role of internal auditing on proactive measures to enhance cybersecurity: evidence from GCC

Journal of Science and Technology Policy Management Pub Date : 2024-03-22 DOI:10.1108/jstpm-01-2023-0004

Hamada Elsaid Elmaasrawy, Omar Ikbal Tawfik

{"title":"Impact of the assertive and advisory role of internal auditing on proactive measures to enhance cybersecurity: evidence from GCC","authors":"Hamada Elsaid Elmaasrawy, Omar Ikbal Tawfik","doi":"10.1108/jstpm-01-2023-0004","DOIUrl":null,"url":null,"abstract":"Purpose\nThis paper aims to examine the impact of the assurance and advisory role of internal audit (ADRIA) on organisational, human and technical proactive measures to enhance cybersecurity (CS).\n\nDesign/methodology/approach\nThe questionnaire was used to collect data for 97 internal auditors (IAu) from the Gulf Cooperation Council countries. The authors used partial least squares (PLS) to test the hypotheses.\n\nFindings\nThe results show a positive effect of the ADRIA on each of the organisational proactive measures, human proactive measures and technical proactive measures to enhance CS. The study also found a positive effect of the confirmatory role of IA on both human proactive measures and technical proactive measures to enhance CS. No effect of the confirmatory role of IA on the organisational proactive measures is found.\n\nResearch limitations/implications\nThis study focused on only three proactive measures to enhance CS, and this study was limited to the opinions of IAu. In addition, the study was limited to using regression analysis according to the PLS method.\n\nPractical implications\nThe results of this study show that managers need to consider the influential role of IA as a value-adding activity in reducing CS risks and activating proactive measures. Also, IAu must expand its capabilities, skills and knowledge in CS auditing to provide a bold view of cyber threats. At the same time, the institutions responsible for preparing IA standards should develop standards and guidelines that help IAu to play assurance and advisory roles.\n\nOriginality/value\nTo the best of the authors’ knowledge, this is the first study of its kind that deals with the impact of the assurance and ADRIA on proactive measures to enhance CS. In addition, the study determines the nature of the advisory role and the assurance role of IA to strengthen CS.\n","PeriodicalId":507678,"journal":{"name":"Journal of Science and Technology Policy Management","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Science and Technology Policy Management","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1108/jstpm-01-2023-0004","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Purpose This paper aims to examine the impact of the assurance and advisory role of internal audit (ADRIA) on organisational, human and technical proactive measures to enhance cybersecurity (CS). Design/methodology/approach The questionnaire was used to collect data for 97 internal auditors (IAu) from the Gulf Cooperation Council countries. The authors used partial least squares (PLS) to test the hypotheses. Findings The results show a positive effect of the ADRIA on each of the organisational proactive measures, human proactive measures and technical proactive measures to enhance CS. The study also found a positive effect of the confirmatory role of IA on both human proactive measures and technical proactive measures to enhance CS. No effect of the confirmatory role of IA on the organisational proactive measures is found. Research limitations/implications This study focused on only three proactive measures to enhance CS, and this study was limited to the opinions of IAu. In addition, the study was limited to using regression analysis according to the PLS method. Practical implications The results of this study show that managers need to consider the influential role of IA as a value-adding activity in reducing CS risks and activating proactive measures. Also, IAu must expand its capabilities, skills and knowledge in CS auditing to provide a bold view of cyber threats. At the same time, the institutions responsible for preparing IA standards should develop standards and guidelines that help IAu to play assurance and advisory roles. Originality/value To the best of the authors’ knowledge, this is the first study of its kind that deals with the impact of the assurance and ADRIA on proactive measures to enhance CS. In addition, the study determines the nature of the advisory role and the assurance role of IA to strengthen CS.

查看原文本刊更多论文

内部审计的断言和咨询作用对采取主动措施加强网络安全的影响：来自海湾合作委员会的证据

目的本文旨在研究内部审计的保证和咨询作用（ADRIA）对组织、人力和技术积极措施的影响，以加强网络安全（CS）。作者使用偏最小二乘法（PLS）对假设进行了检验。研究结果研究结果表明，ADRIA 对组织主动措施、人力主动措施和技术主动措施都有积极影响。研究还发现，内部审计的确认作用对提高 CS 的人力主动措施和技术主动措施都有积极影响。研究的局限性/启示本研究只关注了增强 CS 的三项积极措施，而且本研究仅限于 IAu 的意见。实践意义本研究结果表明，管理者需要考虑内审作为一种增值活动，在降低 CS 风险和启动积极措施方面的影响作用。此外，内审机构必须扩展其在 CS 审计方面的能力、技能和知识，以提供对网络威胁的大胆看法。与此同时，负责制定内部审计标准的机构应制定有助于内部审计员发挥保证和咨询作用的标准和指南。此外，本研究还确定了内审在加强民间社会组织方面的咨询作用和保证作用的性质。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Science and Technology Policy Management

自引率

0.00%

发文量