Search results

The purpose of the study is to explore the factors associated with the extent of security/cybersecurity audit by the internal audit function (IAF) of the firm. Specifically, the authors focused on whether IAF/CAE (certified audit executive [CAE]) characteristics, board involvement related to governance, role of the audit committee (or equivalent) and the chief risk officer (CRO) and IAF tasked with enterprise risk management (ERM) are associated with the extent to which the firm engages in security/cybersecurity audit.

For analysis, the paper uses responses of 970 CAEs as compiled in the Common Body of Knowledge database (CBOK, 2015) developed by the Institute of Internal Auditors Research Foundation (IIARF).

The results of the study suggest that the extent of security/cybersecurity audit by IAF is significantly and positively associated with IAF competence related to governance, risk and control. Board support regarding governance is also significant and positive. However, the Audit Committee (AC) or equivalent and the CRO role are not significant across the regions studied. Comprehensive risk assessment done by IAF and IAF quality have a significant and positive effect on security/cybersecurity audit. Unexpectedly, CAEs with security certification and IAFs tasked with ERM do not have a significant effect on security/cybersecurity audit; however, other certifications such as CISA or CPA have a marginal or mixed effect on the extent of security/cybersecurity audit.

This study is the first to describe IAF involvement in security/cybersecurity audit. It provides insights into the specific IAF/CAE characteristics and corporate governance characteristics that can lead IAF to contribute significantly to security/cybersecurity audit. The findings add to the results of prior studies on the IAF involvement in different IT-related aspects such as IT audit and XBRL implementation and on the role of the board and the audit committee (or its equivalent) in ERM and the detection and correction of security breaches.

The purpose of the study is to investigate the role of information security policy compliance and the role of information systems auditing in identifying non-compliance in the workplace, with specific focus on the role of non-malicious insiders who unknowingly or innocuously thwart corporate information security (IS) directives by engaging in unsafe computing practices. The ameliorative effects of auditor-identified training and motivational programs to emphasize pro-security behaviors are explored.

This study applies qualitative case analysis of technology user security perceptions combined with interpretive analysis of depth interviews with auditors to examine and explain the rubrics of non-malicious technology user behaviors in violation of cybersecurity directives, to determine the ways in which auditors can best assist management in overcoming the problems associated with security complacency among users.

Enterprise risk management benefits from audits that identify technology users who either feel invulnerable to cyber threats and exploits or feel that workplace exigencies augur for expedient workarounds of formal cybersecurity policies.

Implications for consideration of CyberComplacency and Cybersecurity Loafing expand the insider threat perspective beyond the traditional malicious insider perspective.

Implications for consideration of CyberComplacency and Cybersecurity Loafing include broadened perspectives for the consultative role of IS audit in the firm.

CyberComplacency is a practice that has great potential for harm in all walks of life. A better understanding of these potential harms is beneficial.

This study is the first to characterize CyberComplacency as computer users who feel they operate invulnerable platforms and are subsequently motivated to engage in less cybersecurity diligence than the company would desire. This study is also the first to characterize the notion of Cybersecurity Loafing to describe technically competent workers who take unauthorized but expedient steps around certain security polices in the name of workgroup efficiency.

The benefits of data analytics in the internal audit function (IAF) are clear; less is known about IAF adoption of analytics. The purpose of this study is to examine the factors driving IAF adoption of analytics.

The Common Body of Knowledge of Internal Auditing Database (IIA, 2015) provides auditor responses on key variables of analysis.

The results of this study indicate the most critical adoption factor is data-specific IT knowledge in the IAF. Critical thinking skills and business knowledge of chief audit executive (CAEs) also contribute to adoption. IAFs with fraud risk detection responsibly are more likely to adopt. IAFs in technologically advanced cultures are more likely to adopt analytics.

The results of this study document the critical factors driving adoption of audit analytics, benefitting both industry and research.

The purpose of this study is to investigate the potentials of blockchain technologies (BC) for supply chain collaboration (SCC).

Building on a narrative literature review and analysis of seminal SCC research, BC characteristics are integrated into a conceptual framework consisting of seven key dimensions: information sharing, resource sharing, decision synchronization, goal congruence, incentive alignment, collaborative communication and joint knowledge creation. The relevance of each category is briefly assessed.

BC technologies can impact collaboration between transaction partners in modern supply chains (SCs) by streamlining information sharing processes, by supporting decision and reward models and by strengthening communicative relationships with SC partners. BC promises important future capabilities in SCs by facilitating auditability, improving accountability, enhancing data and information transparency and improving trust in B2B relationships. The technology also promises to strengthen collaboration and to overcome vulnerabilities related to moral hazard and shortcomings found in legacy technologies.

The paper is mainly focused on the potentials of BC technologies on SCC as envisioned in the current academic literature. Hence, there is a need to validate the theoretical inferences with other approaches such as expert interviews and empirical tests. This study is of use to practitioners and decision-makers seeking to engage in BC-collaborative SC models.

The value of this paper lies in its call for an increased focus on the possibilities of BC technologies to support SCC. This study also contributes to the literature by filling the knowledge gap of how BC potentially impacts SC management.

There are many anecdotal accounts about industrial buyers’ perceptions of sellers, but little research exists empirically to determine these perceptions. This research generates a profile of industrial buyer perceptions of salespeople developed from a perceptual inventory gathered from a national sample of purchasing professionals. Both positive and negative profiles are identified, but means analysis generally supports the contention that industrial buyers have largely positive perceptions of salespeople. These profiles can be useful to both researchers and industry professionals in assessing the effects of buyer perceptions in industrial, business‐to‐business, and relationship marketing situations.

The insurance industry has placed increased emphasis on service quality and customer satisfaction as companies seek to compete with generally undifferentiated products. This attention to customer service dictates that insurers understand exactly what elements individuals use to assess their providers’ performance. This study examines the most significant dimensions of service quality and customer satisfaction across four large companies in the auto casualty industry, using the familiar SERVQUAL instrument. Results indicate that reliability is consistently the most important determinant of both perceived service quality and feelings of satisfaction among customers engaged in auto insurance claims. Implications for auto insurance providers are discussed.

The increase in sophistication of aircraft has led to considerable escalation in the complexity of their alarm (i.e. warning and caution) systems in recent years. Each individual alarm requires careful design in human engineering terms to ensure its validity in the environment of the aircraft flight‐deck.

It has been suggested that much of the potential inefficiencies associated with supply chain management (SCM) costs can be traced to wasteful practices such as inefficient, unnecessary, or redundant stocking practices, or inefficient transportation. The purpose of this paper is to develop a model which reconciles many of these inefficiencies by integrating production factors, purchasing, inventory, and trucking decisions for optimizing supply chain costs between first‐, and second‐tier suppliers and subsequent OEM customers.

The modeling technique is mathematical programming tested in a simulation model. In an effort to determine the significance of the transportation component of the proffered model, the fully developed model is differentially tested, including standard production variables varying transportation costs, paired with similar instances of the model in which the transportation costs are fixed.

Significant differences are found in the predictive abilities of the respective models, and this supplies pragmatic evidence of the important role that transportation issues play in the consideration of integrated SCM costs.

The key limitation to this finding lies in the validation process. As suggested by Sargent, Monte‐Carlo studies are useful for validation purposes, and the supply chain optimization model (MHSCM) is certainly confirmed through this particular simulation.

The managerial focus on transportation management and cost control in SCM can be highlighted as a critical implication of the study.

The structure of the MHSCM is robust, and may be useful for cost‐control planning purposes in a dynamic environment, subject to certain limitations accruing to the methodology.