Internal Audit Requirements to Enhance Cybersecurity in Economic Units in considering the Institute of Internal Auditors (IIA) Guidelines
Article Sidebar
Main Article Content
Abstract
The study aimed to identify a set of requirements that are supposed to be met in a way that enables the internal auditor to perform his role effectively as an independent guarantee provider for the Board of Directors for a set of controls and measures for cybersecurity and what can contribute to achieving its efficiency and effectiveness, through auditing the operations carried out by the first and second lines responsible for developing and implementing these controls, based on the instructions issued by the Institute of Internal Auditors (IIA), and the study found the need to meet a set of requirements It is to provide the internal auditor with advanced knowledge of information technology and work with high professional care and maintain his independence, and that the internal auditors receive sufficient support from the Board of Directors by allowing time, providing the necessary financial resources, supporting their participation in developing the cybersecurity strategy in economic units and granting them sufficient powers for that, updating the internal audit approach and planning for the cyber audit process on an annual and flexible basis and on a risk-based basis using an appropriate methodology, as well as strengthening the relationships between the internal audit function and technical functions. Information, cybersecurity, and work collaboratively to enhance cybersecurity in economic units.
Downloads
Article Details
References
اولاً. المصادر العربية:
أسعد طارش عبد الرضا، علي إبراهيم مشجل المعموري، 2020، الامن السيبراني ودوره في انتشار ظاهرة الارهاب في العراق بعد العام 2003، مجلة دراسات دولية، 80.
الهيئة السعودية للأمن السيبراني، 2018، الضوابط الاساسية للأمن السيبراني.
الموسوعة السياسية، 2019 على الموقع https://political-encyclopedia.org/dictionary/
تقرير الاتحاد الدولي للاتصالات،2011 (اتجاهات الإصلاح في الاتصالات للعام 2010-2011)
حنين جميل أبو حسين، 2021، الإطار القانوني لخدمات الامن السيبراني، رسالة ماجستير غير منشورة، جامعة الشــرق الأوسط.
ساعد بوقـــرص، (2022)، الأمن السيبراني: مخاطر وتهديدات وتحديات تتطلب ممارسات وتوصيات واستراتيجيات خاصة. مجلة أبحاث الحماية الاجتماعية، 3(1).
فارس محمد العمارات، إبراهيم الحمامضة، 2022، الأمن السيبراني (المفهوم وتحديات العصر)، الطبعة الاولى، دار الخليج للنشر والتوزيع، الاردن.
فاطمة يوسف المنتشري، رندة الحريري (2020)، درجة وعي معلمات المرحلة المتوسطة بالأمن السيبراني في المدارس العامة بمدينة جدة من وجهة نظر المعلمات، المجلة العربية للتربية النوعية 4(14).
مني عبدالله السمحان، 2020، متطلبات تحقيق الامن السيبراني لأنظمة المعلومات الادارية في جامعة الملك سعود، جامعة الملك سعود، المملكة العربية السعودية.
ناظم حسن رشيد،2022، الامن السيبراني منظور التدقيق الداخلي، الطبعة الاولى، دار ابن الاثير للطباعة والنشر في جامعة الموصل، العراق.
ثانياً. المصادر الأجنبية:
American Institute of Certified Public Accountants (AICPA), (2017), Security and Privacy.
Arishee, J., (2019), Information Security in the Arab World: Risks and Challenges. The International Journal of Informatics, Media and Communication Technology, 1(1).
Couto, J. C. P., (2018), Auditoria de Cibersegurança-Um Caso de Estudo Doctoral dissertation, Instituto Politecnico do Porto Portugal.
Deloitte, (2017), Cybersecurity and the Role of Internal Audit: An Urgent Call to Action, Deloitte.
Goutam, R. K., (2015), Importance of cyber security, International Journal of Computer Applications, 111(7).
Islam, S., Farah, N., and Stafford, T., (2018), Factors Associated with Security /Cybersecurity Audit by Internal Audit Function: An International Study. Managerial Auditing Journal, 33 (4)
International Professional Practices Framework IPPF, 2017, Available at: www.na.theiia.org .
Institute of Internal Auditors, (2020a), Cybersecurity Risk Assessment - The Three Lines Model
Institute of Internal Auditors (2020b), The International Professional.Practice Framework (IPPF), "Developing A Risk–Based Internal Audet Plan," IIA,
Institute of Internal Auditors, (2020c), The International Professional Practice Framework (IPPF), "IT Essentials for Internal
Auditors,"IIA, june, available at:
http://www.theiia.org/standards .
guidance/recommended-guidance/pages.
Institute of Internal Auditors IIA, (2022a): Providing senior management, boards of directors, and audit committees Issue 110 with concise information on governance-related topics.
Institute of Internal Auditors IIA, (2022b): Critical Partners — Internal Audit and the CISO.
Institute of Internal Auditors IIA, (2022C) Auditing cyber lncident Response and Recovery.
Information Systems Audit and Control Association ISACA (2016) , Cybersecurity Fundamentals Glossary.
International Professional Practices Framework IPPF, (2017), Available at: www.na.theiia.org.
Jamison,J., Morris,L.,& Wilkinson, C. (2018). The future of cyber security in internal audit. Disponibil online la www.crowe.com/-/media/Crowe/LLP/foliopdf/The-Future-of-Cybersecurity-in-IA-Risk-18000-k002A-update.
Kahyaoglu, S. B., & Caliyurt, K. (2018) Cyber security assurance process from the internal audit perspective, Managerial Auditing Journal.
Lois, P., Drogalas, G., Karagiorgos, A., & Tsikalakis, K., (2020), Internal audits in the digital era: opportunities risks and challenges. EuroMed Journal of Business.
Selimoglu, S., Altunel, M., 2019, Internal audit as abridge and catalyst in the protection of cybersecurity risks, denetisim,9,19.
Simić, N., (2022), The Internal Auditor's Role in Cybersecurity Governance: A qualitative study about the internal auditor's influence on the people factor of cybersecurity.
Shamsuddin, A., Adam, M. A., Adnan, S. A., & Yasin, Y. M.2018, the effectiveness of internal audit functions in managing cyber security in Malaysia's banking in stitutions.
Slapničar S., T. Vuko, M. Čular, M. Drašček,2022, Effectiveness of Cybersecurity Audit, International Journal of Accounting Information Systems.
Schatz, D., Bashroush, R., & Wall, J., (2017), Towards a more representative definition of cyber security. Journal of Digital Forensics, Security and Law, 12(2).