The internal audit role in assessing a firm’s cybersecurity

Please use this identifier to cite or link to this item: https://www.um.edu.mt/library/oar/handle/123456789/13050

Full metadata record

DC Field	Value	Language
dc.date.accessioned	2016-10-17T14:53:23Z
dc.date.available	2016-10-17T14:53:23Z
dc.date.issued	2016
dc.identifier.uri	https://www.um.edu.mt/library/oar//handle/123456789/13050
dc.description	M.ACCTY.	en_GB
dc.description.abstract	Purpose: As yet, there has been no study which researched local internal audit units from a cybersecurity point of view. Therefore, this study set out to discover the attitudes of Maltese internal audit functions towards assessing cybersecurity, to identify any barriers which might hinder internal audit functions from carrying out such assessments effectively and efficiently, and to recommend how improvements may be made in this area. Design: In order to achieve these objectives, semi-structured interviews were carried out with internal auditors working at public limited companies. A wider perspective was obtained by also interviewing internal audit service managers from the ‘Big Four’ audit firms, providing outsourced internal audit services to their clients. Findings: The findings revealed that all companies have a good level of controls in place. However, the attitude towards cybersecurity varies across companies. For some companies assessments are carried out continuously, whilst for others this is a one-time exercise. This study also found that the main barrier for internal auditors working at public limited companies is the lack of knowledge and skill which are necessary in carrying out such exercises. The main barrier faced by outsourced internal auditors, on the other hand, was the lack of support and involvement shown by the clients’ senior management. Conclusions: Despite the fact that local internal audit units touch upon some elements related to cybersecurity, cybersecurity assessments are not so prominent in the work of the local internal auditor. The main reasons for this are the lack of knowledge about cybersecurity and the lack of support given by senior management. Value: The study suggests some areas for improvement which, it is hoped, will encourage higher levels of security over the use of information technology. To this effect, recommendations include implementing an organisation-wide cybersecurity framework, providing more training and education to internal auditors and senior management about cybersecurity as well as considering the option to outsource cybersecurity assessments.	en_GB
dc.language.iso	en	en_GB
dc.rights	info:eu-repo/semantics/restrictedAccess	en_GB
dc.subject	Auditing, Internal -- Malta	en_GB
dc.subject	Computer security -- Malta	en_GB
dc.subject	Information technology -- Security measures	en_GB
dc.subject	Accounting firms -- Malta	en_GB
dc.title	The internal audit role in assessing a firm’s cybersecurity	en_GB
dc.type	masterThesis	en_GB
dc.rights.holder	The copyright of this work belongs to the author(s)/publisher. The rights of this work are as defined by the appropriate Copyright Legislation or as modified by any successive legislation. Users may access this work and can make use of the information contained in accordance with the Copyright Legislation provided that the author must be properly acknowledged. Further distribution or reproduction in any format is prohibited without the prior permission of the copyright holder.	en_GB
dc.publisher.institution	University of Malta	en_GB
dc.publisher.department	Faculty of Economics, Management and Accountancy. Department of Accountancy	en_GB
dc.description.reviewed	N/A	en_GB
dc.contributor.creator	Farrugia, May Louise
Appears in Collections:	Dissertations - FacEma - 2016 Dissertations - FacEMAAcc - 2016

Files in This Item:

File	Description	Size	Format
16MACC038.pdf Restricted Access		2.12 MB	Adobe PDF	View/Open Request a copy

Show simple item record Statistics