A New Approach to Information Security Auditing in Public Administration
Copyright (c) 2022 Edegbeme-Beláz Annamária, Kerti András
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Absztrakt
Due to the rapid pace of globalisation and digitalisation and the better usage of ICT technology, cybercrime is also rising. Hence, the secure operation of controlling and auditing information systems is fundamental in both the private and public sectors. It is generally accepted in the private sector that companies seek an independent third-party’s assistance to carry out information security audits. However, how do information security audits work in public administration? The article aims to characterise and assess information security auditing in public administration and define a new solution for conducting such audits. The article is considered a theoretical research paper. Theoretical research explains the basic terms related to auditing and defines conditions for efficient and effective information security auditing. Additionally, the research aims to answer whether the internal (bureaucratic, within the public administration organisational system) or external (third-party) audits prove more effective.
Kulcsszavak:
Hogyan kell idézni
Hivatkozások
Ahmad, Zaini – Dennis Taylor: Commitment to Independence by Internal Auditors: The Effects of Role Ambiguity and Role Conflict. Managerial Auditing Journal, 24, no. 9 (2009). 899–925. Online: https://doi.org/10.1108/02686900910994827
Appelbaum, Deniz A. – Alex Kogan – Miklos A. Vasarhelyi: Analytical Procedures in External Auditing: A Comprehensive Literature Survey and Framework for External Audit Analytics. Journal of Accounting Literature, 40 (2018). 83–101. Online: https://doi.org/10.1016/j.acclit.2018.01.001
Beláz, Annamária: A közigazgatás információbiztonsága: megjósolhatók az incidensek? Hadtudomány, 29, no. 3 (2019). 92–104. Online: https://doi.org/10.17047/HADTUD.2019.29.3.92
Bellman, Beryl: Defacement: Public Secrecy and the Labor of the Negative. American Anthropologist, 103, no. 3 (2001). 878–879. Online: https://doi.org/10.1525/aa.2001.103.3.878
Dittenhofer, Mortimer A. – R. Luke Evans – Sridhar Ramamoorti – Douglas E. Ziegenfuss: Behavioral Dimensions of Internal Auditing. A Practical Guide to Professional Relationships in Internal Auditing. Altamonte Springs, Florida, The Institute of Internal Auditors Research Foundation (IIARF), 2010.
Drljača, Dalibor – Branko Latinović: Audit in Public Administration’s Information Systems – External or Internal? IOP Conference Series: Materials Science and Engineering, 200, no. 1 (2017). 1–7. Online: https://doi.org/10.1088/1757-899X/200/1/012026
Dwamena, Richard Ofosu: Investigating the Relationship Exist Between Internal Auditors and Management. Finance and Management Engineering Journal of Africa, 3, no. 9 (2021). 23–35. Online: https://doi.org/10.15557/FMEJA/2021/VOL3/ISS9/SEPT002
Dwamena, Richard Ofosu – Nicholas Yaw Ofori: The Roles and Status of Internal Auditors in Public Sector Organizations. Finance and Management Engineering Journal of Africa, 3, no. 9 (2021). 1–22. Online: https://doi.org/10.15557/FMEJA/2021/VOL3/ISS9/SEPT001
Gábri, Máté: Biztonsági komplexumok az információs korban. Hadmérnök, 5, no. 4 (2010). 110–121.
Gantz, Stephen D.: Chapter 1. IT Audit Fundamentals. In Stephen D. Gantz (ed.): The Basics of IT Audit. Boston, Syngress, 2014a. Online: https://doi.org/10.1016/B978-0-12-417159-6.00001-8
Gantz, Stephen D.: Chapter 4. External Auditing. In Stephen D. Gantz (ed.): The Basics of IT Audit. Boston, Syngress, 2014b. 63–82. Online: https://doi.org/10.1016/B978-0-12-417159-6.00004-3
Gantz, Stephen D.: Chapter 5. Types of Audits. In Stephen D. Gantz (ed.): The Basics of IT Audit. Boston, Syngress, 2014c. 83–104. Online https://doi.org/10.1016/B978-0-12-417159-6.00005-5
Gaosong, Qiu – Yuan Leping: Measurement of Internal Audit Effectiveness: Construction of Index System and Empirical Analysis. Microprocessors and Microsystems, (2021). Online: https://doi.org/10.1016/j.micpro.2021.104046
Giroux, Gary – Rowan Jones: Measuring Audit Quality of Local Governments in England and Wales. Research in Accounting Regulation, 23, no. 1 (2011). 60–66. Online: https://doi.org/10.1016/j.racreg.2011.03.002
Hampson, Fen Osler: Review: Barry Buzan – Ole Waever – Jaap de Wilde: Security: A New Framework for Analysis. International Journal, 53, no. 4 (1998). 798–799. Online: https://doi.org/10.2307/40203739
Hegazy, Karim – Anne Stafford: Internal and External Auditors Responsibilities and Relationships with Audit Committees in Two English Public Sector Settings. Corporate Ownership and Control, 18, no. 3 special issue (2021). 395–409. Online: https://doi.org/10.22495/cocv18i3siart13
Jamaluddin, Masruddin – Indra Basir – Rahma Masdar – Lucyani Meldawati: Role Ambiguity, Role Conflict, Auditor Competence on Audit Quality: The Mediating Effects of Auditing Planning and Independence. Universal Journal of Accounting and Finance, 9, no. 6 (2021). 1551–1557. Online: https://doi.org/10.13189/ujaf.2021.090632 ; DOI: https://doi.org/10.13189/ujaf.2021.090632
Kanellou, Alexandra – Charalambos Spathis: Auditing in Enterprise System Environment: A Synthesis. Journal of Enterprise Information Management, 24, no. 6 (2011). 494–519. Online: https://doi.org/10.1108/17410391111166549
Knapp, Kenneth J. – Gary D. Denney – Mark E. Barner: Key ssues in Data Center Security: An Investigation of Government Audit Reports. Government Information Quarterly, 28, no. 4 (2011). 533–541. Online: https://doi.org/10.1016/j.giq.2010.10.008
Kő, Andrea – Balázs Molnár: Az információrendszerek auditálása. Az informatika és az információrendszerek ellenőrzési és irányítási módszerei. Budapest, Corvinno Technology Transfer Kft., 2009. Online: https://doi.org/978-963-06-7254-2
Le, Thi Tam – Thi Mai Anh Nguyen – Van Quang Do – Thi Hai Chau Ngo: Risk-Based Approach and Quality of Independent Audit Using Structure Equation Modeling – Evidence from Vietnam. European Research on Management and Business Economics, 28, no. 3 (2022). Online: https://doi.org/10.1016/j.iedeen.2022.100196
Lisic, Ling Lei – Jeffrey Pittman – Timothy A. Seidel – Aleksandra B. Zimmerman: You Can’t Get There from Here: The Influence of an Audit Partner’s Prior Non- Public Accounting Experience on Audit Outcomes. Accounting, Organizations and Society, 100 (2021). Online: https://doi.org/10.1016/j.aos.2021.101331
Mattei, Giorgia – Giuseppe Grossi – James Guthrie A.M: Exploring Past, Present and Future Trends in Public Sector Auditing Research: A Literature Review. Meditari Accountancy Research, 29, no. 7 (2021). 94–134. Online: https://doi.org/10.1108/MEDAR-09-2020-1008
Michener, Gregory – Jonas Coelho – Davi Moreira: Are Governments Complying with Transparency? Findings from 15 Years of Evaluation. Government Information Quarterly, 38, no. 2 (2021). Online: https://doi.org/10.1016/j.giq.2021.101565
Mironeasa, Costel – Georgiana Gabriela Codină: A New Approach of Audit Functions and Principles. Journal of Cleaner Production, 43 (2013). 27–36. Online: https://doi.org/10.1016/j.jclepro.2012.12.018
Mironeasa, Costel – Silvia Mironeasa: The Process Approach and the Generated Value at the Process Level. Metalurgia International, 14, no. 6 (2009). 89–93.
Nyikes, Zoltán – András Kerti: Proposals for Amending the Regulation of the Administrative System. Journal of Emerging Research and Solutions in ICT, 1, no. 1 (2016). 68–74. Online: https://doi.org/10.20544/ERSICT.01.16.P07
Radcliffe, Vaughan S.: Public Secrecy in Auditing: What Government Auditors Cannot Know. Critical Perspectives on Accounting, 19, no. 1 (2008). 99–126. Online: https://doi.org/10.1016/j.cpa.2006.07.004
Samagaio, António – Teresa Felício: The Influence of the Auditor’s Personality in Audit Quality. Journal of Business Research, 141 (2022). 794–807. Online: https://doi.org/10.1016/j.jbusres.2021.11.082
Samelson, Donald – Suzanne Lowensohn – Laurence E. Johnson: The Determinants of Perceived Audit Quality and Auditee Satisfaction in Local Government. Journal of Public Budgeting, Accounting and Financial Management, 18, no. 2 (2006). 139–166. Online: https://doi.org/10.1108/JPBAFM-18-02-2006-B001
Simon, Herbert A.: Decision-Making and Administrative Organization. Public Administration Review, 4, no. 1 (1944). 16–30. Online: https://doi.org/10.2307/972435
Steinbart, Paul John – Robyn L. Raschke – Graham Gal – William N. Dilla: The Influence of a Good Relationship between the Internal Audit and Information Security Functions on Information Security Outcomes. Accounting, Organizations and Society, 71 (2018). 15–29. Online: https://doi.org/10.1016/j.aos.2018.04.005
Steinbart, Paul John – Robyn L. Raschke – Graham Gal – William N. Dilla: The Relationship between Internal Audit and Information Security: An Exploratory Investigation. International Journal of Accounting Information Systems, 13, no. 3 (2012). 228–243. Online: https://doi.org/10.1016/j.accinf.2012.06.007
Stensaker, Bjørn: External Quality Auditing: Strengths and Shortcomings in the Audit Process. External Quality Audit: Has It Improved Quality Assurance in Universities? Woodhead Publishing Limited, 2013. Online: https://doi.org/10.1016/B978-1-84334-676-0.50013-3
Suduc, Ana-Maria – Mihai Bîzoi – Florin Gheorghe Filip: Audit for Information Systems Security. Informatica Economică, 14, no. 1 (2010). 43–48.
Szczepaniuk, Edyta Karolina – Hubert Szczepaniuk – Tomasz Rokicki – Bogdan Klepacki: Information Security Assessment in Public Administration. Computers and Security, 90 (2020). 1–11. Online: https://doi.org/10.1016/j.cose.2019.101709
Tõnurist, Piret – Angela Hanson: Anticipatory Innovation Governance: Shaping the Future through Proactive Policy Making. OECD Working Papers on Public Governance, no. 44 (2020). Online: https://doi.org/10.1787/cce14d80-en