Cybersecurity in the IT audit : A study among IT auditors on their judgment and decision making.
| dc.contributor.author | De Bie, Dennis | |
| dc.contributor.department | fi=Johtamisen ja yrittäjyyden laitos|en=Department of Management and Entrepreneurship| | |
| dc.contributor.faculty | fi=Turun kauppakorkeakoulu|en=Turku School of Economics| | |
| dc.contributor.studysubject | fi=Tietojärjestelmätiede|en=Information Systems Science| | |
| dc.date.accessioned | 2020-01-24T22:01:25Z | |
| dc.date.available | 2020-01-24T22:01:25Z | |
| dc.date.issued | 2019-08-23 | |
| dc.description.abstract | Information technology (IT) auditors use professional judgment to make decisions during their work. Their professional judgment and decision making is influenced by several factors. Additional-ly, society increasingly expects IT auditors to include cybersecurity in their work. This study identi-fies the factors that IT auditors rely on when making judgment and decisions on cybersecurity, as part of their IT auditing work. During interviews with IT auditors, it is determined which factors could be improved, which factors are considered most often, and what can be done to improve pro-fessional judgment and decision making when including cybersecurity in the IT auditor’s work. IT auditors are engaged in several types of assignments. This study focuses mainly on the IT audit en-gagement that occurs during the financial statement audit. This study uses design based research to construct a model that visualizes the IT audit process. Professional judgment and decision making factors that are being used in this process are linked to the model. This model is tested in interviews with IT auditors. Several iterations are constructed. The final model represents the IT audit process, and systematizes the professional judgment and decision making factors that are influence each step in this process. The study found that the professional judgment and decision making factors that have been iden-tified by prior research are not sufficient to explain the judgment and decision making that happens when cybersecurity is involved in the IT audit. When considering cybersecurity, IT auditors rely on two types of knowledge; client and technical. Furthermore, society expects IT auditors to include cybersecurity in their work, which affects their judgment and decision making. Another significant finding is that IT auditors consider it challenging to determine the norms that they should apply in their work. Since cybersecurity is relatively new to the IT audit, it is unclear to practitioners which level of assurance they should provide on cybersecurity controls. The study con-cludes with recommendations that help IT auditors when including cybersecurity in their work. | |
| dc.format.extent | 142 | |
| dc.identifier.olddbid | 165802 | |
| dc.identifier.oldhandle | 10024/148941 | |
| dc.identifier.uri | https://www.utupub.fi/handle/11111/20995 | |
| dc.identifier.urn | URN:NBN:fi-fe202001243285 | |
| dc.language.iso | eng | |
| dc.rights | fi=Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.|en=This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.| | |
| dc.rights.accessrights | suljettu | |
| dc.source.identifier | https://www.utupub.fi/handle/10024/148941 | |
| dc.subject | Cybersecurity, IT audit, professional judgment, decision making | |
| dc.title | Cybersecurity in the IT audit : A study among IT auditors on their judgment and decision making. | |
| dc.type.ontasot | fi=Pro gradu -tutkielma|en=Master's thesis| |
Tiedostot
1 - 1 / 1