网络安全审计有效性的关键驱动因素:新制度视角

IF 2.1 4区 管理学 Q2 BUSINESS, FINANCE International Journal of Auditing Pub Date : 2024-07-23 DOI:10.1111/ijau.12365
Tina Vuko, Sergeja Slapničar, Marko Čular, Matej Drašček
{"title":"网络安全审计有效性的关键驱动因素:新制度视角","authors":"Tina Vuko, Sergeja Slapničar, Marko Čular, Matej Drašček","doi":"10.1111/ijau.12365","DOIUrl":null,"url":null,"abstract":"The aim of this paper is to analyse which factors explain the effectiveness of internal audit in providing assurance about cybersecurity risk management. On the basis of neo‐institutional theory, we hypothesize that coercive (cybersecurity regulation), normative (professionalization of internal auditors and Boards) and mimetic forces (outsourcing of cyber security assurance services) positively contribute to cybersecurity audit (CSA) effectiveness. As these forces do not come about in an interest free model, we study the role of and the interaction with other actors who shape the CSA practices—Boards and security experts. We hypothesize that Board's support to CSA and the level of internal auditors' cooperation with the first and the second line of defence positively affect CSA effectiveness. To test our hypothesis, we conducted a survey involving IT auditors and Chief Audit Executives from various industries, organizations of different sizes and countries. We examined the hypothesized relationships in a series of regression analyses. We find that normative forces (professionalization of the internal auditors and Boards' competences), Board's support to CSA and cooperation between the internal audit function (IAF) and the first two line of defence significantly explain the CSA effectiveness. We find no support for the effect of regulation as a coercive force and outsourcing as a mimetic force. We discuss potential reasons for our findings and their implications. The paper is an original analysis that advances our understanding of key drivers of CSA effectiveness and their relationships.","PeriodicalId":47092,"journal":{"name":"International Journal of Auditing","volume":"75 1","pages":""},"PeriodicalIF":2.1000,"publicationDate":"2024-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Key drivers of cybersecurity audit effectiveness: A neo‐institutional perspective\",\"authors\":\"Tina Vuko, Sergeja Slapničar, Marko Čular, Matej Drašček\",\"doi\":\"10.1111/ijau.12365\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The aim of this paper is to analyse which factors explain the effectiveness of internal audit in providing assurance about cybersecurity risk management. On the basis of neo‐institutional theory, we hypothesize that coercive (cybersecurity regulation), normative (professionalization of internal auditors and Boards) and mimetic forces (outsourcing of cyber security assurance services) positively contribute to cybersecurity audit (CSA) effectiveness. As these forces do not come about in an interest free model, we study the role of and the interaction with other actors who shape the CSA practices—Boards and security experts. We hypothesize that Board's support to CSA and the level of internal auditors' cooperation with the first and the second line of defence positively affect CSA effectiveness. To test our hypothesis, we conducted a survey involving IT auditors and Chief Audit Executives from various industries, organizations of different sizes and countries. We examined the hypothesized relationships in a series of regression analyses. We find that normative forces (professionalization of the internal auditors and Boards' competences), Board's support to CSA and cooperation between the internal audit function (IAF) and the first two line of defence significantly explain the CSA effectiveness. We find no support for the effect of regulation as a coercive force and outsourcing as a mimetic force. We discuss potential reasons for our findings and their implications. The paper is an original analysis that advances our understanding of key drivers of CSA effectiveness and their relationships.\",\"PeriodicalId\":47092,\"journal\":{\"name\":\"International Journal of Auditing\",\"volume\":\"75 1\",\"pages\":\"\"},\"PeriodicalIF\":2.1000,\"publicationDate\":\"2024-07-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Auditing\",\"FirstCategoryId\":\"91\",\"ListUrlMain\":\"https://doi.org/10.1111/ijau.12365\",\"RegionNum\":4,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"BUSINESS, FINANCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Auditing","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.1111/ijau.12365","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"BUSINESS, FINANCE","Score":null,"Total":0}
引用次数: 0

摘要

本文旨在分析哪些因素可以解释内部审计在提供网络安全风险管理保证方面的有效性。根据新制度理论,我们假设强制力(网络安全法规)、规范力(内部审计师和董事会的专业化)和模仿力(网络安全保证服务的外包)对网络安全审计(CSA)的有效性有积极的促进作用。由于这些力量并不是在无利益的模式下产生的,因此我们研究了影响 CSA 实践的其他参与者--董事会和安全专家--的作用以及与他们之间的互动。我们假设,董事会对 CSA 的支持以及内部审计师与第一道和第二道防线的合作水平会对 CSA 的有效性产生积极影响。为了验证我们的假设,我们对来自不同行业、不同规模和不同国家组织的 IT 审计师和首席审计执行官进行了调查。我们在一系列回归分析中检验了假设的关系。我们发现,规范性力量(内部审计师的专业化和董事会的能力)、董事会对 CSA 的支持以及内部审计职能(IAF)与前两道防线之间的合作在很大程度上解释了 CSA 的有效性。我们发现,作为强制力的监管和作为模仿力的外包的效果均不成立。我们讨论了我们的发现的潜在原因及其影响。本文是一项原创性分析,加深了我们对 CSA 有效性关键驱动因素及其关系的理解。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Key drivers of cybersecurity audit effectiveness: A neo‐institutional perspective
The aim of this paper is to analyse which factors explain the effectiveness of internal audit in providing assurance about cybersecurity risk management. On the basis of neo‐institutional theory, we hypothesize that coercive (cybersecurity regulation), normative (professionalization of internal auditors and Boards) and mimetic forces (outsourcing of cyber security assurance services) positively contribute to cybersecurity audit (CSA) effectiveness. As these forces do not come about in an interest free model, we study the role of and the interaction with other actors who shape the CSA practices—Boards and security experts. We hypothesize that Board's support to CSA and the level of internal auditors' cooperation with the first and the second line of defence positively affect CSA effectiveness. To test our hypothesis, we conducted a survey involving IT auditors and Chief Audit Executives from various industries, organizations of different sizes and countries. We examined the hypothesized relationships in a series of regression analyses. We find that normative forces (professionalization of the internal auditors and Boards' competences), Board's support to CSA and cooperation between the internal audit function (IAF) and the first two line of defence significantly explain the CSA effectiveness. We find no support for the effect of regulation as a coercive force and outsourcing as a mimetic force. We discuss potential reasons for our findings and their implications. The paper is an original analysis that advances our understanding of key drivers of CSA effectiveness and their relationships.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
CiteScore
3.70
自引率
15.00%
发文量
43
期刊介绍: In addition to communicating the results of original auditing research, the International Journal of Auditing also aims to advance knowledge in auditing by publishing critiques, thought leadership papers and literature reviews on specific aspects of auditing. The journal seeks to publish articles that have international appeal either due to the topic transcending national frontiers or due to the clear potential for readers to apply the results or ideas in their local environments. While articles must be methodologically and theoretically sound, any research orientation is acceptable. This means that papers may have an analytical and statistical, behavioural, economic and financial (including agency), sociological, critical, or historical basis. The editors consider articles for publication which fit into one or more of the following subject categories: • Financial statement audits • Public sector/governmental auditing • Internal auditing • Audit education and methods of teaching auditing (including case studies) • Audit aspects of corporate governance, including audit committees • Audit quality • Audit fees and related issues • Environmental, social and sustainability audits • Audit related ethical issues • Audit regulation • Independence issues • Legal liability and other legal issues • Auditing history • New and emerging audit and assurance issues
期刊最新文献
Issue Information Key drivers of cybersecurity audit effectiveness: A neo‐institutional perspective Fresh‐look effect of audit firm and audit partner rotations? Evidence from European key audit matters The Big 4 effect for new audit services: The case of the Danish COVID‐19 fixed‐cost business‐support scheme Are there audit fee premiums for client portfolio management?
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1