Characteristics of cybersecurity and IT involvement by the IA activity
Christopher G. Calvin et al.
Abstract
• Internal audit maturity is positively associated with IT and cybersecurity assurance. • IT knowledge increases internal audit’s role in IT and cybersecurity assurance. • Internal audit can effectively outsource its IT and cybersecurity knowledge. We provide the first, large scale, global study on the characteristics associated with an internal audit function’s involvement in IT and cybersecurity assurance. Using a unique dataset of 1,142 survey responses, we identify internal audit development (i.e., level of maturity) and two characteristics of internal audit knowledge availability (CAE IT certification and external sourcing) as being positively associated with the performance of IT assurance, cybersecurity assurance, or both. Our findings are informative to academia, laying the groundwork for further exploration of internal audit’s engagement in IT and cybersecurity assurance. They are also informative to practice, as they provide insight to standard setters, practitioners, management, and governance bodies about characteristics that can enhance internal audit’s ability to provide IT and cybersecurity assurance.
6 citations
Evidence weight
Balanced mode · F 0.40 / M 0.15 / V 0.05 / R 0.40
| F · citation impact | 0.44 × 0.4 = 0.18 |
| M · momentum | 0.65 × 0.15 = 0.10 |
| V · venue signal | 0.50 × 0.05 = 0.03 |
| R · text relevance † | 0.50 × 0.4 = 0.20 |
† Text relevance is estimated at 0.50 on the detail page — for your query’s actual relevance score, open this paper from a search result.