Export Citation
Export Citation
Alzeban, A, Al-Hajaya, K, Sawan, N 
ORCID: 0000-0003-2522-1216, Chammaa, H and Foster, S ORCID: 0000-0001-8659-963X
(2025)
The quality of cybersecurity audits: do synergies among the chief audit executive, IT governance and internal audit functions matter?
Managerial Auditing Journal.
pp. 1-27.
ISSN 0268-6902
Preview |
Text
The Quality of Cybersecurity Audits Do Synergies among the Chief Audit Executive IT Governance and Internal Audit Functions Matter.pdf - Accepted Version Available under License Creative Commons Attribution. Download (547kB) | Preview |
Abstract
Purpose
This study aims to investigate how the internal audit function helps boost an organisation’s cybersecurity quality. The authors focus on the key roles played by the chief audit executive (CAE) competencies in terms of their IT expertise, qualifications and tenure, their interaction with the audit committee (AC), the organisation’s IT governance structure and the role of internal audit (IA) in overseeing cybersecurity.
Design/methodology/approach
Data were collected via a survey questionnaire distributed to internal auditors and audit committee members in UK-listed companies, supplemented by relevant archival data where appropriate.
Findings
Panel regression findings, validated across both CEAs and AC members, reveal that CAE IT expertise, private CAE-AC meetings and robust IT governance significantly improve cybersecurity quality. Crucially, each additional year of IT audit expertise increases perceived cybersecurity quality by approximately 0.30 units, confirming the high value of deep IT audit expertise. Additionally, IA’s role in policy review, regulatory compliance and risk assessment strengthens cyber resilience.
Practical implications
The findings carry important practical implications for organisations, regulators and society. Strengthening IT competencies within internal audit, fostering private dialogue between CAEs and audit committees and embedding cybersecurity into corporate governance frameworks can significantly improve resilience. Beyond organisational benefits, enhanced cybersecurity audit quality supports consumer protection, safeguards privacy and reinforces public trust in digital infrastructures such as health care, banking and government services, aligning with global standards like the General Data Protection Regulation (GDPR) and the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
Originality/value
The study makes an original contribution to the literature by examining how synergies among the CAE’s IT competencies, interaction with the audit committee, IT governance and internal audit functions shape the quality of cybersecurity audits.
| Item Type: | Article |
|---|---|
| Uncontrolled Keywords: | 1501 Accounting, Auditing and Accountability; Accounting; 3501 Accounting, auditing and accountability |
| Subjects: | H Social Sciences > HF Commerce > HF5001 Business Q Science > QA Mathematics > QA75 Electronic computers. Computer science T Technology > T Technology (General) > T58.5 Information Technology |
| Divisions: | Liverpool Business School |
| Publisher: | Emerald |
| Date of acceptance: | 6 November 2025 |
| Date of first compliant Open Access: | 4 December 2025 |
| Date Deposited: | 04 Dec 2025 14:55 |
| Last Modified: | 04 Dec 2025 14:55 |
| DOI or ID number: | 10.1108/maj-05-2025-4825 |
| URI: | https://researchonline.ljmu.ac.uk/id/eprint/27668 |
 |
View Item |