A New Approach to Information Security Auditing in Public Administration

doi: 10.32567/hm.2022.3.8


Due to the rapid pace of globalisation and digitalisation and the better usage of ICT technology, cybercrime is also rising. Hence, the secure operation of controlling and auditing information systems is fundamental in both the private and public sectors. It is generally accepted in the private sector that companies seek an independent third-party’s assistance to carry out information security audits.  However, how do information security audits work in public administration? The article aims to characterise and assess information security auditing in public administration and define a new solution for conducting such audits. The article is considered a theoretical research paper. Theoretical research explains the basic terms related to auditing and defines conditions for efficient and effective information security auditing. Additionally, the research aims to answer whether the internal (bureaucratic, within the public administration organisational system) or external (third-party) audits prove more effective. 


information systems security auditing public administration audit principles internal and external auditing

Hogyan kell idézni

Edegbeme-Beláz, A., & Kerti, A. (2022). A New Approach to Information Security Auditing in Public Administration. Hadmérnök, 17(3), 109–131. https://doi.org/10.32567/hm.2022.3.8


Ahmad, Zaini – Dennis Taylor: Commitment to Independence by Internal Auditors: The Effects of Role Ambiguity and Role Conflict. Managerial Auditing Journal, 24, no. 9 (2009). 899–925. Online: https://doi.org/10.1108/02686900910994827

Appelbaum, Deniz A. – Alex Kogan – Miklos A. Vasarhelyi: Analytical Procedures in External Auditing: A Comprehensive Literature Survey and Framework for External Audit Analytics. Journal of Accounting Literature, 40 (2018). 83–101. Online: https://doi.org/10.1016/j.acclit.2018.01.001

Beláz, Annamária: A közigazgatás információbiztonsága: megjósolhatók az incidensek? Hadtudomány, 29, no. 3 (2019). 92–104. Online: https://doi.org/10.17047/HADTUD.2019.29.3.92

Bellman, Beryl: Defacement: Public Secrecy and the Labor of the Negative. American Anthropologist, 103, no. 3 (2001). 878–879. Online: https://doi.org/10.1525/aa.2001.103.3.878

Dittenhofer, Mortimer A. – R. Luke Evans – Sridhar Ramamoorti – Douglas E. Ziegenfuss: Behavioral Dimensions of Internal Auditing. A Practical Guide to Professional Relationships in Internal Auditing. Altamonte Springs, Florida, The Institute of Internal Auditors Research Foundation (IIARF), 2010.

Drljača, Dalibor – Branko Latinović: Audit in Public Administration’s Information Systems – External or Internal? IOP Conference Series: Materials Science and Engineering, 200, no. 1 (2017). 1–7. Online: https://doi.org/10.1088/1757-899X/200/1/012026

Dwamena, Richard Ofosu: Investigating the Relationship Exist Between Internal Auditors and Management. Finance and Management Engineering Journal of Africa, 3, no. 9 (2021). 23–35. Online: https://doi.org/10.15557/FMEJA/2021/VOL3/ISS9/SEPT002

Dwamena, Richard Ofosu – Nicholas Yaw Ofori: The Roles and Status of Internal Auditors in Public Sector Organizations. Finance and Management Engineering Journal of Africa, 3, no. 9 (2021). 1–22. Online: https://doi.org/10.15557/FMEJA/2021/VOL3/ISS9/SEPT001

Gábri, Máté: Biztonsági komplexumok az információs korban. Hadmérnök, 5, no. 4 (2010). 110–121.

Gantz, Stephen D.: Chapter 1. IT Audit Fundamentals. In Stephen D. Gantz (ed.): The Basics of IT Audit. Boston, Syngress, 2014a. Online: https://doi.org/10.1016/B978-0-12-417159-6.00001-8

Gantz, Stephen D.: Chapter 4. External Auditing. In Stephen D. Gantz (ed.): The Basics of IT Audit. Boston, Syngress, 2014b. 63–82. Online: https://doi.org/10.1016/B978-0-12-417159-6.00004-3

Gantz, Stephen D.: Chapter 5. Types of Audits. In Stephen D. Gantz (ed.): The Basics of IT Audit. Boston, Syngress, 2014c. 83–104. Online https://doi.org/10.1016/B978-0-12-417159-6.00005-5

Gaosong, Qiu – Yuan Leping: Measurement of Internal Audit Effectiveness: Construction of Index System and Empirical Analysis. Microprocessors and Microsystems, (2021). Online: https://doi.org/10.1016/j.micpro.2021.104046

Giroux, Gary – Rowan Jones: Measuring Audit Quality of Local Governments in England and Wales. Research in Accounting Regulation, 23, no. 1 (2011). 60–66. Online: https://doi.org/10.1016/j.racreg.2011.03.002

Hampson, Fen Osler: Review: Barry Buzan – Ole Waever – Jaap de Wilde: Security: A New Framework for Analysis. International Journal, 53, no. 4 (1998). 798–799. Online: https://doi.org/10.2307/40203739

Hegazy, Karim – Anne Stafford: Internal and External Auditors Responsibilities and Relationships with Audit Committees in Two English Public Sector Settings. Corporate Ownership and Control, 18, no. 3 special issue (2021). 395–409. Online: https://doi.org/10.22495/cocv18i3siart13

Jamaluddin, Masruddin – Indra Basir – Rahma Masdar – Lucyani Meldawati: Role Ambiguity, Role Conflict, Auditor Competence on Audit Quality: The Mediating Effects of Auditing Planning and Independence. Universal Journal of Accounting and Finance, 9, no. 6 (2021). 1551–1557. Online: https://doi.org/10.13189/ujaf.2021.090632 ; DOI: https://doi.org/10.13189/ujaf.2021.090632

Kanellou, Alexandra – Charalambos Spathis: Auditing in Enterprise System Environment: A Synthesis. Journal of Enterprise Information Management, 24, no. 6 (2011). 494–519. Online: https://doi.org/10.1108/17410391111166549

Knapp, Kenneth J. – Gary D. Denney – Mark E. Barner: Key ssues in Data Center Security: An Investigation of Government Audit Reports. Government Information Quarterly, 28, no. 4 (2011). 533–541. Online: https://doi.org/10.1016/j.giq.2010.10.008

Kő, Andrea – Balázs Molnár: Az információrendszerek auditálása. Az informatika és az információrendszerek ellenőrzési és irányítási módszerei. Budapest, Corvinno Technology Transfer Kft., 2009. Online: https://doi.org/978-963-06-7254-2

Le, Thi Tam – Thi Mai Anh Nguyen – Van Quang Do – Thi Hai Chau Ngo: Risk-Based Approach and Quality of Independent Audit Using Structure Equation Modeling – Evidence from Vietnam. European Research on Management and Business Economics, 28, no. 3 (2022). Online: https://doi.org/10.1016/j.iedeen.2022.100196

Lisic, Ling Lei – Jeffrey Pittman – Timothy A. Seidel – Aleksandra B. Zimmerman: You Can’t Get There from Here: The Influence of an Audit Partner’s Prior Non- Public Accounting Experience on Audit Outcomes. Accounting, Organizations and Society, 100 (2021). Online: https://doi.org/10.1016/j.aos.2021.101331

Mattei, Giorgia – Giuseppe Grossi – James Guthrie A.M: Exploring Past, Present and Future Trends in Public Sector Auditing Research: A Literature Review. Meditari Accountancy Research, 29, no. 7 (2021). 94–134. Online: https://doi.org/10.1108/MEDAR-09-2020-1008

Michener, Gregory – Jonas Coelho – Davi Moreira: Are Governments Complying with Transparency? Findings from 15 Years of Evaluation. Government Information Quarterly, 38, no. 2 (2021). Online: https://doi.org/10.1016/j.giq.2021.101565

Mironeasa, Costel – Georgiana Gabriela Codină: A New Approach of Audit Functions and Principles. Journal of Cleaner Production, 43 (2013). 27–36. Online: https://doi.org/10.1016/j.jclepro.2012.12.018

Mironeasa, Costel – Silvia Mironeasa: The Process Approach and the Generated Value at the Process Level. Metalurgia International, 14, no. 6 (2009). 89–93.

Nyikes, Zoltán – András Kerti: Proposals for Amending the Regulation of the Administrative System. Journal of Emerging Research and Solutions in ICT, 1, no. 1 (2016). 68–74. Online: https://doi.org/10.20544/ERSICT.01.16.P07

Radcliffe, Vaughan S.: Public Secrecy in Auditing: What Government Auditors Cannot Know. Critical Perspectives on Accounting, 19, no. 1 (2008). 99–126. Online: https://doi.org/10.1016/j.cpa.2006.07.004

Samagaio, António – Teresa Felício: The Influence of the Auditor’s Personality in Audit Quality. Journal of Business Research, 141 (2022). 794–807. Online: https://doi.org/10.1016/j.jbusres.2021.11.082

Samelson, Donald – Suzanne Lowensohn – Laurence E. Johnson: The Determinants of Perceived Audit Quality and Auditee Satisfaction in Local Government. Journal of Public Budgeting, Accounting and Financial Management, 18, no. 2 (2006). 139–166. Online: https://doi.org/10.1108/JPBAFM-18-02-2006-B001

Simon, Herbert A.: Decision-Making and Administrative Organization. Public Administration Review, 4, no. 1 (1944). 16–30. Online: https://doi.org/10.2307/972435

Steinbart, Paul John – Robyn L. Raschke – Graham Gal – William N. Dilla: The Influence of a Good Relationship between the Internal Audit and Information Security Functions on Information Security Outcomes. Accounting, Organizations and Society, 71 (2018). 15–29. Online: https://doi.org/10.1016/j.aos.2018.04.005

Steinbart, Paul John – Robyn L. Raschke – Graham Gal – William N. Dilla: The Relationship between Internal Audit and Information Security: An Exploratory Investigation. International Journal of Accounting Information Systems, 13, no. 3 (2012). 228–243. Online: https://doi.org/10.1016/j.accinf.2012.06.007

Stensaker, Bjørn: External Quality Auditing: Strengths and Shortcomings in the Audit Process. External Quality Audit: Has It Improved Quality Assurance in Universities? Woodhead Publishing Limited, 2013. Online: https://doi.org/10.1016/B978-1-84334-676-0.50013-3

Suduc, Ana-Maria – Mihai Bîzoi – Florin Gheorghe Filip: Audit for Information Systems Security. Informatica Economică, 14, no. 1 (2010). 43–48.

Szczepaniuk, Edyta Karolina – Hubert Szczepaniuk – Tomasz Rokicki – Bogdan Klepacki: Information Security Assessment in Public Administration. Computers and Security, 90 (2020). 1–11. Online: https://doi.org/10.1016/j.cose.2019.101709

Tõnurist, Piret – Angela Hanson: Anticipatory Innovation Governance: Shaping the Future through Proactive Policy Making. OECD Working Papers on Public Governance, no. 44 (2020). Online: https://doi.org/10.1787/cce14d80-en