THE ROLE OF INTERNAL AUDIT IN THE FIGHT AGAINST CYBER CRIME

Authors

  • Zdravko Todorović Full professor; Faculty of Economics, University of Banja Luka
  • Boris Todorović Assistant Professor, Axelyos, Banja Luka
  • Darko Tomaš Assistant Professor, Faculty of Economics, University of Banja Luka

DOI:

https://doi.org/10.7251/EMC2002514T

Abstract

The internet is constantly changing the way we live and conduct business. Global business surroundings impose all organizations across to have a secure digital infrastructure for fighting against cybercrime. Cyber crime is on the raise in this decade. Cyber crime is a criminal activity that is focused against compromising security of information systems in enterprises, in order to acquire certain profits, or to incur damage, theft or loss. Types of cyber crime include theft, evasion, or using information in order to unlawfully obtain profits from them. This paper will present certain information about cyber crime and most common types of it. According to international standards for internal audits, internal auditors are authorized for fight against fraud, which means authorization for fight against cyber crime. Main purpose of this paper is to find model for organizing internal audit for purpose of fighting cyber crime. Therefore, it is necessary to determine: internal audit standards that your organization must adhere to in fight against cybercrime, identify security requirements for standards, determine the goals, risks and security policy of the organization, raise employee awareness of the dangers of cybercrime, involve top management in the orbit against cybercrime, conduct employee training on data security and the like. Cyber security is basically about managing future risk, and requires insight into current and future vulnerabilities and how to prevent or reduce them, the likelihood of threats and costs associated with potential outcomes, and how to mitigate them. Internal auditors must be aware of impending regulatory changes based on IIA standards (The International Standards for the Professional Practice of Internal Auditing) related to computer security. Internal auditors should understand the impact of cyber threats on the organization. In particular, they should include this in their internal audit plan based on the risk of cybercrime. Internal auditors should have a strong partnership with the CIO (Chief Information Officer) and CISO (Chief Information Security Officer), for the sake of a trusted advisor in the fight against cybercrime. Internal auditors should provide an independent overview of the cyber security strategy. Modal will be based on COSO (The Committee of Sponsoring Organizations of the Treadway Commission’s) Internal Control — Integrated Framework and will feature five core principles: 1) creating control environment for fighting against cyber crime, 2) risk assessment for cyber crime, 3) projecting and implementing activities for fighting against cyber crime, and 5) monitoring activities. Research results will show new scientific facts and knowledge about methods for fighting cyber crime worldwide. Managers and internal auditors will have practical benefit from research results for implementing cyber crime prevention programs.

Author Biographies

Zdravko Todorović, Full professor; Faculty of Economics, University of Banja Luka

Full professor; Faculty of Economics, University of Banja Luka

Boris Todorović, Assistant Professor, Axelyos, Banja Luka

Assistant Professor, Axelyos, Banja Luka

Darko Tomaš, Assistant Professor, Faculty of Economics, University of Banja Luka

Assistant Professor, Faculty of Economics, University of Banja Luka

Downloads

Published

2020-12-18