Hyppää sisältöön
    • Suomeksi
    • In English
  • Suomeksi
  • In English
  • Kirjaudu
Näytä aineisto 
  •   Etusivu
  • 1. Kirjat ja opinnäytteet
  • Pro gradu -tutkielmat ja diplomityöt sekä syventävien opintojen opinnäytetyöt (rajattu näkyvyys)
  • Näytä aineisto
  •   Etusivu
  • 1. Kirjat ja opinnäytteet
  • Pro gradu -tutkielmat ja diplomityöt sekä syventävien opintojen opinnäytetyöt (rajattu näkyvyys)
  • Näytä aineisto
JavaScript is disabled for your browser. Some features of this site may not work without it.

Cybersecurity in the IT audit : A study among IT auditors on their judgment and decision making.

De Bie, Dennis (2019-08-23)

Cybersecurity in the IT audit : A study among IT auditors on their judgment and decision making.

De Bie, Dennis
(23.08.2019)
Katso/Avaa
Dennis_de_Bie_thesis.pdf (4.096Mb)
Lataukset: 

Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
suljettu
Näytä kaikki kuvailutiedot
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe202001243285
Tiivistelmä
Information technology (IT) auditors use professional judgment to make decisions during their work. Their professional judgment and decision making is influenced by several factors. Additional-ly, society increasingly expects IT auditors to include cybersecurity in their work. This study identi-fies the factors that IT auditors rely on when making judgment and decisions on cybersecurity, as part of their IT auditing work. During interviews with IT auditors, it is determined which factors could be improved, which factors are considered most often, and what can be done to improve pro-fessional judgment and decision making when including cybersecurity in the IT auditor’s work. IT auditors are engaged in several types of assignments. This study focuses mainly on the IT audit en-gagement that occurs during the financial statement audit.
This study uses design based research to construct a model that visualizes the IT audit process. Professional judgment and decision making factors that are being used in this process are linked to the model. This model is tested in interviews with IT auditors. Several iterations are constructed. The final model represents the IT audit process, and systematizes the professional judgment and decision making factors that are influence each step in this process.
The study found that the professional judgment and decision making factors that have been iden-tified by prior research are not sufficient to explain the judgment and decision making that happens when cybersecurity is involved in the IT audit. When considering cybersecurity, IT auditors rely on two types of knowledge; client and technical. Furthermore, society expects IT auditors to include cybersecurity in their work, which affects their judgment and decision making.
Another significant finding is that IT auditors consider it challenging to determine the norms that they should apply in their work. Since cybersecurity is relatively new to the IT audit, it is unclear to practitioners which level of assurance they should provide on cybersecurity controls. The study con-cludes with recommendations that help IT auditors when including cybersecurity in their work.
Kokoelmat
  • Pro gradu -tutkielmat ja diplomityöt sekä syventävien opintojen opinnäytetyöt (rajattu näkyvyys) [4830]

Turun yliopiston kirjasto | Turun yliopisto
julkaisut@utu.fi | Tietosuoja | Saavutettavuusseloste
 

 

Tämä kokoelma

JulkaisuajatTekijätNimekkeetAsiasanatTiedekuntaLaitosOppiaineYhteisöt ja kokoelmat

Omat tiedot

Kirjaudu sisäänRekisteröidy

Turun yliopiston kirjasto | Turun yliopisto
julkaisut@utu.fi | Tietosuoja | Saavutettavuusseloste