Internal Auditing for Information Assurance

Sushma Mishra

doi:10.4018/978-1-59904-855-0.ch024

Special Offers
- IGI Global’s New Emerging Topic e-Book Collections
  Acquire highly focused and affordable Cutting-Edge Peer-Reviewed Research Content through a selection of 17 topic-focused e-Book Collections discounted up to 90%, compared to list prices. Collection topics include Artificial Intelligence, Data Science, Language Learning, Marketing and Customer Relations, Sustainability, and many more. Hosted on the InfoSci^® platform, these collections feature no DRM, no additional cost for multi-user licensing, no embargo of content, full-text PDF & HTML format, and more.
  Learn More
- Open Access Book (Free Access) - Encyclopedia of Information Science and Technology, Sixth Edition (ISBN: 9781668473665)
  The Encyclopedia of Information Science and Technology, Sixth Edition) continues the legacy set forth by the first five editions by providing comprehensive coverage and up-to-date definitions of the most important issues, concepts, and trends pertaining to technological advancements and information management within a variety of settings and industries. The entire book is being published under open access.
  Read Now
- Open Access Book (Free Access) - Food Sustainability, Environmental Awareness, and Adaptation and Mitigation Strategies for Developing Countries (ISBN: 9781668456293)
  Food Sustainability, Environmental Awareness, and Adaptation and Mitigation Strategies for Developing Countries provides information on the recent technology, mitigation, and environmental protection that must be applied for food sustainability in developing countries. This book is being published under Platinum Open Access through funding from Diponegoro University, Indonesia.
  Read Now
- Open Access Book (Free Access) - New Models of Higher Education: Unbundled, Rebundled, Customized, and DIY (ISBN: 9781668438091)
  The Walmart Corporation and the Lumina Foundation have provided funding to make New Models of Higher Education: Unbundled, Rebundled, Customized, and DIY fully open access, completely removing any paywall between scholars in education and the latest research on new models for the future of higher education.
  Read Now
- Open Access Book (Free Access) - Handbook of Research on the Global View of Open Access and Scholarly Communications (ISBN: 9781799898054)
  Through a collaboration between IGI Global and the University of North Texas, the Handbook of Research on the Global View of Open Access and Scholarly Communications has been published as fully open access, completely removing any paywall between researchers of any field, and the latest research on the equitable and inclusive nature of Open Access and all of its complications.
  Read Now
Books
- - Books by Subject
  - Business, Administration, & Management
  - Scientific, Technical, & Medical (STM)
  - Education
  - Books by Field
Journals
- - Journals
  - OnDemand Journal Articles
  - Journals by Subject
  - Business, Administration, & Management
  - Scientific, Technical, & Medical (STM)
  - Education
  - Journals by Field
e-Collections
Open Access
- View All Open Access Opportunities
  Search across all of IGI Global’s available open access publishing opportunities to unleash your research potential.
  Find an Open Access Journal for Your Next Manuscript
  Search across all of IGI Global’s available open access publishing opportunities to unleash your research potential.
  Submit an Open Access Book Proposal
  Learn more about open access book publishing and how it can propel your research forward in the field.
  Convert Your Work to Open Access
  Already published? You can convert your work to open access to increase its impact through IGI Global’s Restrospective Open Access Program.
  Utilize Open Access Collection Database
  Open up your research potential by utilizing our open access content or integrating the open access collection into your library
  Consider Open Access Agreements
  For Libraries: consider no-cost or investment-level open access agreements with IGI Global to support your faculty's research endeavors.
  Search Funding Resources
  Looking for additional funding resources to support your open accesss endeavors? View industry resources compiled by our open access team.
  Review Open Access Policies & Ethical Guidelines
  Considering IGI Global to publish your work under open access? Review IGI Global’s open access policies and ethical guidelines
Publish with Us
Resources
- - Instructors
  - Course Adoption
  - Teaching Cases
  - K-12 Online Learning Collection
  - Authors and Editors
  - eEditorial Discovery^® System
  - Peer Review Process
  - Ethics and Malpractice
  - COPE Membership
  - Fair Use Policy
  - Open Access Publishing
  - FAQ
Catalogs
About Us
Newsroom

Internal Auditing for Information Assurance

Sushma Mishra

Source Title: Handbook of Research on Information Security and Assurance

DOI: 10.4018/978-1-59904-855-0.ch024

OnDemand:

(Individual Chapters)

Available

$37.50

Current Special Offers

No Current Special Offers

Abstract

Internal auditing has become increasingly important in current business environments. In this era of the Sarbanes- Oxley Act and other similar legislations, regulatory compliance requires elaborate organizational planning. Auditing helps organizations in internal control assessment, change management, and better governance preparedness, thus enhancing information assurance. Various facets of internal auditing are discussed in this chapter and the role of internal auditing in information assurance is analyzed. Future issues and trends with internal auditing are also presented.

Chapter Preview

Top

Introduction

Regulations including the Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA), the USA Patriot Act, and a plethora of others have created an urgency among business organizations for rapid compliance with governmental standards. Internal auditors play an increasingly important role in today’s business scenario, and therefore, have become in great demand. This is clearly evident from the recent surge in the job satisfaction and salary of internal auditors (Oxner & Oxner, 2006). Businesses often use internal auditors as in-house consultants, relying on them for adding value to a wide range of initiatives including management controls, financial reporting, information systems design, and fraud detection. Auditing plays an important role in securing information systems within organizations by including functions such as internal control assessment, controls over financial reporting, designing and implementation of information systems, vulnerability management, risk analysis, segregation of duties, adequacy of business controls, and the physical security of assets.

Recent developments in the regulatory environment have brought significant changes to the organizational outlook regarding internal auditing. Internal auditors are aware of these increased responsibilities and concentrate on discovering new ways of assuring the public about the integrity of organizational reports (Verschoor, 1991). Today’s business environment requires an audit process that supports the continuous assessment of the goals and objectives of information assurance. Organizational strategic goals must be tactically executed with performance measuring capability. For information assurance purposes, there should be close coordination between the audit team, the security team, and the information technology operations (Bunker, 2003).

Information assurance (IA) can be viewed as an objective that involves all of the people, activities, and technologies employed to ensure that the fundamental properties of security—confidentiality, integrity, availability—are met throughout the lifecycle of a system (McEvilley, 2002). IA can be viewed as a process centric phenomenon that is comprehensive enough to include definition, implementation, and verification level operations. IA also includes day-to-day operations and the maintenance of the integrity of systems in such operational transactions. Assurance is subjective in nature and needs to be clearly explained to all involved in the security process.

Increasingly complex auditing functions require auditors to possess a deep knowledge about the organization and its business processes. Auditors should show an adequate understanding of the organizational culture, of the key players in the organization, and of the competitive environment in which the organization exists. Some audit practices that are becoming of heightened importance in today’s context include risk management and risk assessment. Recent research from the Institute of Internal Auditor’s Global Auditing Information Network (GAIN) indicates that given the various tools and techniques currently available to auditing teams, managing risks as well as consulting with management on aligning organizational goals within departments are considered extremely important. Audit functionality plays an important role in securing information systems in organizations by performing functions such as internal control assessment, risk analysis, segregation of duties, adequacy of business controls, and physical security of assets. Process and plan should have a clear statement of roles and responsibilities. An audit is also a means by which to ensure accountability from the management level of organizations. Accountability in management structures ensures better security management since governance objectives of securing informational assets can be reached in a systematic fashion. An accountability map provides security management programs with this critical component (Bunker, 2003).

Key Terms in this Chapter

Internal Control: Internal controls are a means to provide reasonable assurance that an organization will achieve its business objectives while avoiding undesired risks (ISACA, 2004). Internal controls are policies, procedures, practices, and organizational structures put in place to reduce business risks in organizations.

Role of Audit: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes (Institute of Internal Auditors, 2006).

IT Governance: IT governance can be defined as the structure of relationships and processes to direct and control the enterprise. IT governance helps the organization achieve its goal by adding value while balancing risk and return over IT and its processes (ISACA, 2004).

Information Systems Security: Information systems security is the process of protecting all information assets from misuse, harm or any other unintended result. This includes securing information in computers, maintaining integrity of business processes, retaining skilled knowledge workers with their implicit knowledge and also encouraging employees to claim ownership of their share of information assets (Dhillon, 2006).

Information Assurance (IA): A process centric phenomenon that is comprehensive enough to include definition, implementation, and verification level operations.

Complete Chapter List

Search this Book:

Reset

MLA

APA

Chicago

Export Reference

Internal Auditing for Information Assurance

Abstract

Introduction

Key Terms in this Chapter

Complete Chapter List