Cyber-attacks have been brought into the critical risk category with rising technology usage and emerging developments in digital transformation that have been dominating service sectors like banking. The assurance of the validity of the activities, which are being coordinated in cyber security governance mechanisms of the banks, is needed to ensure the financial transactions are being driven between acceptable risk levels. The control of risk management operations for cyber security processes should be performed with the support of audit units of the banks. Because of the forementioned reasons, the responsibility fields of internal audit teams in cyber security management processes are deeply examined through the Delphi technique in this chapter, which is derived from the doctoral thesis research study. On this basis, blockchain technology is going to be explored from the point of technical concepts and policy framework to propose a set of solutions for continuous audit methods in cyber security governance.
TopIntroduction
The banking operations have been involving high risks due to the common nature of the finance industry which heavily covers funding transactions to provide asset protection, relocation, and allocation operations of the institutional and retail investors. In this context, the account activities of the persons have been fundamentally being processed through technological tools, applications, and digitally connected networks for nearly the last four decades. Cyber attacks, which target to critical infrastructures of the nations, have been rising because of the tightening economic conditions in the globe and adversary goals of hackers for stealing critical information and knowledge assets, which are kept in databases and warehouses of the governmental authorities, public and private enterprises, are named as data theft operations also known as a class of cyber risks. Likewise, the threats in cyberspace, which have been advancing with the innovations in software and programming industries, have significant effects on banking processes that have been being functioned in this uncertain environment that is tried to be controlled through digital tools, applications, and connections. Especially, the banking industry, which is considered as a part of critical infrastructure, has been mostly being affected by cyber risks because of the monetary operations which are being performed in cyberspace through information systems that cover databases, computers, communication, and network systems. In this context, the conventional role of internal audit has been evolving with technology trends in terms of supporting risk management and control processes in information systems to assure effective cyber security governance in corporations specifically in banks where almost all of the business processes are being sustained through electronic and communication systems with information technology types of equipment and tools. According to these reasons, this article is designed to present the research methodology which was utilized in the doctoral thesis study to show the activities of internal auditors in cyber security governance processes of the banks in Turkey through the usage of the delphi technique. In connection with the research problem and goal, at first, the scholar intends to clarify the question marks about the fundamental terms that are related to the internal audit, cyber security, and blockchain in terms of setting the applicative part which is edited on the delphi technique and exploratory sequential mixed methods research design.
Fundamentally, an audit can be defined as a comprehensive and autonomous examination of the enterprise activities such as financing, marketing, producing, transporting, hiring, firing, and information technology processing which are performed through methodical ways with the contributions of the licensed experts who are recognized as auditors (Kumar & Sharma, 2013, p. 2). In general, audit activities can be categorized according to the way it’s made as internal and external. In this context, internal audit is defined as counseling activities that include systematic and scientific approaches for the evaluations and enhancement of validity and efficiency of control processes in risk management and governance-related operations through the own employees of the organizations with objective style (Gantz, 2014, p. 45). In practice, the interaction between risk assessment, internal control, and governance can be optimized in terms of determining the risk limitations, corporate management principles, and legislative framework with the supportive role of internal auditors (Pickett, 2011). The risk term is described as unanticipated throughputs of happenings that can either tolerably or intolerably affect the organizational objectives. As a result, the unsymmetrical behaviors of the expected outputs can be shown as representations for measuring the risk (ISACA, 2012). In accordance with the subject of the research project, risks in electronic and communication systems can be brought to tolerable levels through planning, acting, controlling, and taking precautions consistently with organizational culture, international standards, and regulatory environment (Olson & Wu, 2015).