Internal auditing and cyber security: Audit role and procedural contribution

Abstract

Businesses operate in a dynamic environment that is constantly changing and in which they are undermined by various risks. One in particular, is that of cyber security. Internal auditors, through their multifaceted role, can contribute to the reduction of the information systems' violation. Extant works, nevertheless, on the connection between internal audit and cyber security worldwide, are scant, and practically non-existent for the case of Greece. Thus, the purpose of this paper is to examine the variables that influence cyber security and which, at the same time, are relevant to internal audit. In this context, methodologically, a questionnaire was distributed to companies listed on the Athens Stock Exchange and addressed to their internal auditors. The findings of the survey identified key factors impacting cyber security, including the degree and nature of cooperation between IT staff and auditors, and training regarding information technology.