Auditoría de sistemas de información para la seguridad y eficiencia organizacional

Carlos V. Bruce

doi:10.56880/experior41.1

Authors

Carlos V. Bruce Universidad de Panamá Autor/a https://orcid.org/0009-0004-4223-0821

DOI:

https://doi.org/10.56880/experior41.1

Keywords:

cybercrime, computer crime, data protection, computer network protocols, computer data security

Abstract

The dependence on Information Technology (IT) is examined and how it has driven the need to perform information systems audits, which is a mechanism to assess and ensure security, efficiency and regulatory compliance. The study focuses on answering the research question: how does information systems auditing contribute to strengthening information governance and mitigating risks in organizations? To this end, the objective was to review audit processes in improving internal controls, protecting digital assets and generating strategic value for organizations. The methodology was based on a non-experimental, descriptive, documentary and cross-sectional study, with an inductive approach. 24 academic and professional sources were analyzed between 2000 and 2024, focusing on the areas of systems auditing, cybersecurity and corporate governance, presenting the information through tables and figures to facilitate the interpretation of the results. It was established that systems auditing strengthens internal controls by identifying vulnerabilities and promoting corrective measures, and that the protection of digital assets is achieved through strategies such as network segmentation, intrusion detection systems and multi-factor authentication. The conclusions highlight that the incorporation of advanced technologies and continuous training of auditors are necessary to increase their effectiveness, as well as improve transparency, accountability and risk management.

Downloads

Download data is not yet available.

References

Al Lawati, H., Sanad, Z. & Al Farsi, M. (2024). Unveiling the Influence of Big Data Disclosure on Audit Quality: Evidence from Omani Financial Firms. Administrative Sciences, 14, 216. https://doi.org/10.3390/admsci14090216

Ali, M.A.S., Elshaer, I.A., Montash, A.A., Metwally, A.B.M. (2024) The Role of Technological Readiness in Enhancing the Quality of Audit Work: Evidence from an Emerging Market. Journal of Risk and Financial Management, 17, 489. https://doi.org/10.3390/jrfm17110489

Auditool. (2024). Auditoría de TI. https://www.auditool.org/blog/auditoria-de-ti/siete-aspectos-basicos-a-tener-en-cuenta-en-una-auditoria-de-ciberseguridad

Chowdhury, E. K. (2021). Prospects and challenges of using artificial intelligence in the audit process. The Essentials of Machine Learning in Finance and Accounting, 139-156. https://doi.org/10.4324/9781003037903

Galliers, R. D., & Leidner, D. E. (2014). Strategic information management: challenges and strategies in managing information systems. Routledge.

Guzmán, C., Palacios, D., & Palacios, E. (2023). Incidencias de los ciberdelitos y sus regulaciones en la ciudad de Panamá. Revista Semilla Científica, (4), 524-539. https://doi.org/10.37594/sc.v1i4.1296

Heim, T. N. (2023). Global governance and regulation of cybersecurity: Towards coherence or fragmentation? (Doctoral Dissertation). University of Twente.

Ikhtiari, K. (2023). Best Practices and Innovations in Modern Financial Statement Audits. Advances in Managerial AuditingResearch, 1(3),2023.135 -145. https://doi.org/10.60079/amar.v1i3.277

Intelligent Networks. (2023). ¿Qué es una auditoría de sistemas de información y por qué es esencial para tu empresa? https://acortar.link/s9FzeH

ISACA. (2018). COBIT 2019. ISACA Buenos Aires Chapter.

ISO. (2022). ISO/IEC 27001:2022. Information security, cybersecurity and privacy protection — Information security management systems — Requirements. ISO. https://www.iso.org/es/contents/data/standard/08/28/82875.html

Josa Arbonés, N., García, E. R., i Díaz, L. M. C., & Vivas, M. P. (2023). Evaluación de riesgos en los Planes de Integridad versus su utilización en la planificación de las actuaciones de control financiero en las entidades locales. Auditoría pública: revista de los Órganos Autónomos de Control Externo, (81), 120-130. https://asocex.es/wp-content/uploads/2023/05/Articulo-9.pdf

Kaspersky. (2023). Nueva epidemia: el phishing se sextuplicó en América Latina con el reinicio de la actividad económica y el apoyo de la IA. https://latam.kaspersky.com/blog/panorama-amenazas-latam-2023/26586/

Kaspersky. (2024a). Kaspersky informa de un aumento de los ataques de ransomware y spyware en sistemas industriales. https://acortar.link/1BSNl0

Kaspersky. (2024b). Cyberthreat Live Map. https://cybermap.kaspersky.com/stats

Khraisat, A., Gondal, I., Vamplew, P., & Kamruzzaman, J. (2019). Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity, 2(1), 1-22. https://doi.org/10.1186/s42400-019-0038-7

Marques, R. P., Santos, C., & Inacio, H. (Eds.). (2019). Organizational Auditing and Assurance in the Digital Age. IGI Global.

Martin, C. (2022). An Integrated Approach to Security Audits. https://www.isaca.org/resources/news-and-trends/industry-news/2022/an-integrated-approach-to-security-audits

Moscove, S. A., Simkin, M. G., & Bagranoff, N. A. (2000). Core concepts of accounting information systems. John Wiley & Sons, Inc.

Ramírez Fernández del Castillo, A. (2017). Actualización COSO ERM 2017. Nuevos riesgos, nuevas estrategias. En PwC, PricewaterhouseCoopers. https://www.pwc.com/mx/es/coso-erm-framework.html

Ramírez-Patajalo, G. A. (2023). Seguridad en desarrollo web: mejores prácticas para proteger aplicaciones y datos. Domino de las Ciencias, 9(3), 2219-2229. https://doi.org/10.23857/dc.v9i3.3552

Romney, M., Steinbart, P., Mula, J., McNamara, R., & Tonkin, T. (2012). Accounting Information Systems Australasian Edition. Pearson Higher Education AU.

Slapničar, S., Vuko, T., Čular, M., & Drašček, M. (2022). Effectiveness of cybersecurity audit. International Journal of Accounting Information Systems, 44, 100548. https://doi.org/10.1016/j.accinf.2021.100548

Solms, S. V., & Solms, R. (2008). Information security governance. Springer Science & Business Media.

Texas Health and Human Services. (2022). La HIPAA y las leyes sobre la privacidad. https://acortar.link/jevI3p

Villora Divino, B. (2018). Evaluación y gestión de vulnerabilidades: Cómo sobrevivir en el mundo de los ciberataques. [Tesis de Grado]. Universitat Politècnica de València.