Key drivers of cybersecurity audit effectiveness: A neo‐institutional perspective

IF 2.1 4区 管理学 Q2 BUSINESS, FINANCE
Tina Vuko, Sergeja Slapničar, Marko Čular, Matej Drašček
{"title":"Key drivers of cybersecurity audit effectiveness: A neo‐institutional perspective","authors":"Tina Vuko, Sergeja Slapničar, Marko Čular, Matej Drašček","doi":"10.1111/ijau.12365","DOIUrl":null,"url":null,"abstract":"The aim of this paper is to analyse which factors explain the effectiveness of internal audit in providing assurance about cybersecurity risk management. On the basis of neo‐institutional theory, we hypothesize that coercive (cybersecurity regulation), normative (professionalization of internal auditors and Boards) and mimetic forces (outsourcing of cyber security assurance services) positively contribute to cybersecurity audit (CSA) effectiveness. As these forces do not come about in an interest free model, we study the role of and the interaction with other actors who shape the CSA practices—Boards and security experts. We hypothesize that Board's support to CSA and the level of internal auditors' cooperation with the first and the second line of defence positively affect CSA effectiveness. To test our hypothesis, we conducted a survey involving IT auditors and Chief Audit Executives from various industries, organizations of different sizes and countries. We examined the hypothesized relationships in a series of regression analyses. We find that normative forces (professionalization of the internal auditors and Boards' competences), Board's support to CSA and cooperation between the internal audit function (IAF) and the first two line of defence significantly explain the CSA effectiveness. We find no support for the effect of regulation as a coercive force and outsourcing as a mimetic force. We discuss potential reasons for our findings and their implications. The paper is an original analysis that advances our understanding of key drivers of CSA effectiveness and their relationships.","PeriodicalId":47092,"journal":{"name":"International Journal of Auditing","volume":"75 1","pages":""},"PeriodicalIF":2.1000,"publicationDate":"2024-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Auditing","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.1111/ijau.12365","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"BUSINESS, FINANCE","Score":null,"Total":0}
引用次数: 0

Abstract

The aim of this paper is to analyse which factors explain the effectiveness of internal audit in providing assurance about cybersecurity risk management. On the basis of neo‐institutional theory, we hypothesize that coercive (cybersecurity regulation), normative (professionalization of internal auditors and Boards) and mimetic forces (outsourcing of cyber security assurance services) positively contribute to cybersecurity audit (CSA) effectiveness. As these forces do not come about in an interest free model, we study the role of and the interaction with other actors who shape the CSA practices—Boards and security experts. We hypothesize that Board's support to CSA and the level of internal auditors' cooperation with the first and the second line of defence positively affect CSA effectiveness. To test our hypothesis, we conducted a survey involving IT auditors and Chief Audit Executives from various industries, organizations of different sizes and countries. We examined the hypothesized relationships in a series of regression analyses. We find that normative forces (professionalization of the internal auditors and Boards' competences), Board's support to CSA and cooperation between the internal audit function (IAF) and the first two line of defence significantly explain the CSA effectiveness. We find no support for the effect of regulation as a coercive force and outsourcing as a mimetic force. We discuss potential reasons for our findings and their implications. The paper is an original analysis that advances our understanding of key drivers of CSA effectiveness and their relationships.
网络安全审计有效性的关键驱动因素:新制度视角
本文旨在分析哪些因素可以解释内部审计在提供网络安全风险管理保证方面的有效性。根据新制度理论,我们假设强制力(网络安全法规)、规范力(内部审计师和董事会的专业化)和模仿力(网络安全保证服务的外包)对网络安全审计(CSA)的有效性有积极的促进作用。由于这些力量并不是在无利益的模式下产生的,因此我们研究了影响 CSA 实践的其他参与者--董事会和安全专家--的作用以及与他们之间的互动。我们假设,董事会对 CSA 的支持以及内部审计师与第一道和第二道防线的合作水平会对 CSA 的有效性产生积极影响。为了验证我们的假设,我们对来自不同行业、不同规模和不同国家组织的 IT 审计师和首席审计执行官进行了调查。我们在一系列回归分析中检验了假设的关系。我们发现,规范性力量(内部审计师的专业化和董事会的能力)、董事会对 CSA 的支持以及内部审计职能(IAF)与前两道防线之间的合作在很大程度上解释了 CSA 的有效性。我们发现,作为强制力的监管和作为模仿力的外包的效果均不成立。我们讨论了我们的发现的潜在原因及其影响。本文是一项原创性分析,加深了我们对 CSA 有效性关键驱动因素及其关系的理解。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
CiteScore
3.70
自引率
15.00%
发文量
43
期刊介绍: In addition to communicating the results of original auditing research, the International Journal of Auditing also aims to advance knowledge in auditing by publishing critiques, thought leadership papers and literature reviews on specific aspects of auditing. The journal seeks to publish articles that have international appeal either due to the topic transcending national frontiers or due to the clear potential for readers to apply the results or ideas in their local environments. While articles must be methodologically and theoretically sound, any research orientation is acceptable. This means that papers may have an analytical and statistical, behavioural, economic and financial (including agency), sociological, critical, or historical basis. The editors consider articles for publication which fit into one or more of the following subject categories: • Financial statement audits • Public sector/governmental auditing • Internal auditing • Audit education and methods of teaching auditing (including case studies) • Audit aspects of corporate governance, including audit committees • Audit quality • Audit fees and related issues • Environmental, social and sustainability audits • Audit related ethical issues • Audit regulation • Independence issues • Legal liability and other legal issues • Auditing history • New and emerging audit and assurance issues
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信