İç Denetimin Bilgi Güvenliğine Katkısı: Bir Alan Araştırması

Abstract

In this thesis study, firstly, the nature of the relationship between information security and internal audit functions in organizations, and the factors affecting the nature of the mentioned relationship, were examined. Then, the potential benefits of this relationship, the added value resulting from internal audit's information security audits, and how it affects the perception of the overall effectiveness of the organization's information security activities were evaluated. In this context, the perceptions of internal auditors regarding the nature of the relationship between internal audit and information security functions, which are two separate organizational functions aimed at adding value to the organization based on common goals, were investigated. For this purpose, the data collected from 272 internal audit personnel were analysed using modelling to examine the relationships between variables. In the study, five hypotheses were tested within the scope of two research questions. During the hypothesis testing stage, path coefficients, confidence intervals, t-statistics, and p-values analyses for direct and indirect effects between variable pairs in the current model were conducted. As a result of the study, it was observed that when internal auditors evaluate the internal audit function as a consultancy role rather than a regulator role, their perceptions of the relationship between internal audit and information security are more positive. Then, it was observed that internal auditors' perceptions of the nature of the relationship between internal audit and information security functions are positively associated with the frequency of information security audits conducted by internal audit and their perceptions of competence in information security. Following this, it was found that the nature of the relationship between internal audit and information security is positively associated with internal auditors' perceptions of the added value provided by the internal audit function to the organization, and finally, the perceived nature of the relationship between internal audit and information systems functions is positively associated with internal auditors' perceptions of information security effectiveness.