urton anderson, ccep director of the von allmen school of accountancy and professor

Discussion: The Influence of IA on Information Security Effectiveness: Perceptions of Internal

Auditors

Urton Anderson, CCEP Director of the Von Allmen School of Accountancy and Professor

The University of Kentucky

AgendaContribution – Putting the Paper in a Larger Context IA and its relationship to other assurance

providers 3 Lines of Defense Model Reliance on assurance providers

Some specific issues for discussion Should incidents go down? What is a finding? What is the “quality of relationship”?

IA and its relationship to other assurance providers

Who provides assurance in organizations?

Organization as a Web of Assurance

Assurance Network

3 Lines of Defense

Reliance on assurance providers

COMBINED ASSURANCE

King III

Principle 3.5

The audit committee should ensure that a combined assurance model is

applied to provide a coordinated approach to all assurance activities.

2/22/20128

Performance Provider

Management1st Line

Assurance Provider

Functional Oversight2nd Line

Independent3rd Line

RegulatoryOversight4th Line

Results

Corrective Action

Finance

Human

Resources

Treasury

Operations

IT

Procurement

Legal

Commercial

Planning

Communications

Risk Manageme

ntProcesses

Compliance

Performance Revie

wMeetin

g

Safety Review Board

Environment

alManageme

nt Group

Network

Developme

nt Forum

SOX

IT Steering

Group

Internal Audit

External Audit

Quality Audit

\ Compliance

Investigations -

Proactive Safety

Monitoring

Regulators

Assurance Provision

Obtain Independen

tAssurance

Review

Other Assurance

Providers

Remove

Duplicate

Assurance Activit

y

Asset Safeguarding                                                         

Business Continuity                                                         

Crisis Management                                                         

Competitive Environment                                                         

Economic Environment                                                         

Hedging/Liquidity Management                                                         

Financial Reporting                                                         

Finance Processing                                                         

International Operations                                                         

Information Technology                                                         

Labor Relations/Staff                                                         

Legal                                                         

Operations                                                         

Regulator & Stakeholders                                                         

Revenue & Reputation                                                         

Environment                                                         

Suppliers & Key Relationships                                                         

Provider Assessment Overall Provision

Opportunity to Remove /Refocus Effort

Low Assura

nce

Medium Assurance

High Assurance

Assurance Gap

Risk Assurance Map – Starting Template

Maintain Current Status

Assurance Map (PWC)

Specific IssuesWhat is a finding?

Should incidents go down?

What is the “quality of relationship”?

Relational Coordination Theory

Jody Hoffer Gittell - Brandeis University

Relational Coordination Theory “New Directions for Relational Coordination

Theory,” in The Oxford Handbook of Positive Organizational Scholarship, 2011

The Southwest Airlines Way: Using the Power of Relationships to Achieve High Performance (McGraw-Hill, 2003)

High Performance Healthcare: Using the Power of Relationships to Achieve Quality, Efficiency and Resilience (McGraw-Hill, 2009)

Urton AndersonVon Allmen School of Accountancy

The University of Kentucky(859)218-1788

urton.anderson@uky.edu