Cybersecurity Audit and IT Risk Management
Keywords:
Cybersecurity Audit, IT Risk Management, NIST Framework, Leadership Influence, Cyberattack DisclosureAbstract
Cybersecurity and IT risk management have become paramount for organizations in the face of growing cyber threats. As digital technologies and interconnected systems evolve, organizations must implement robust frameworks to safeguard sensitive data and ensure business continuity. This systematic literature review (SLR) examines 14 scholarly articles published between 2019 and 2025, focusing on the role of cybersecurity audits, IT risk management frameworks, leadership influence, and the impact of prior cyberattack disclosures on cybersecurity practices. The review addresses three central research questions: (1) How do cybersecurity audit frameworks contribute to improving IT risk management practices across various sectors? (2) What is the role of leadership, such as CEO power and audit committees, in shaping cybersecurity audit and IT risk management strategies? (3) How does the disclosure of prior cyberattacks impact the effectiveness of cybersecurity audits and IT risk management reporting? The findings suggest that cybersecurity audit frameworks, such as NIST and blockchain-based models, play a critical role in identifying and managing cybersecurity risks. Leadership involvement, especially from CEOs and audit committees, significantly shapes the effectiveness of cybersecurity strategies. Furthermore, disclosing previous cyberattacks fosters transparency, enhances investor confidence, and improves cybersecurity audits and reporting. This review provides comprehensive insights into the evolving role of cybersecurity audit and IT risk management frameworks, offering theoretical and practical recommendations for organizations aiming to enhance their cybersecurity resilience.
References
Alamri, B., Crowley, K., & Richardson, I. (2022). Cybersecurity risk management framework for blockchain identity management systems in health IoT. Sensors, 23(1), 218.De Andrés, J., & Lorca, P. (2021). On the impact of smart contracts on auditing. International Journal of Digital Accounting Research, 21.
Chaudhuri, A., & Bozkus Kahyaoglu, S. (2023). Cybersecurity assurance in smart cities: A risk management perspective. Edpacs, 67(4), 1-22.
Frank, M. L., Grenier, J. H., & Pyzoha, J. S. (2019). How disclosing a prior cyberattack influences the efficacy of cybersecurity risk management reporting and independent assurance. Journal of Information Systems, 33(3), 183-200.
Yang, L., Lau, L., & Gan, H. (2020). Investors’ perceptions of the cybersecurity risk management reporting framework. International Journal of Accounting & Information Management, 28(1), 167-183.
Wertheim, S. (2019). Auditing for cybersecurity risk. The CPA Journal, 89(6), 68-71.
Antunes, M., Maximiano, M., & Gomes, R. (2022). A client-centered information security and cybersecurity auditing framework. Applied Sciences, 12(9), 4102.
Lois, P., Drogalas, G., Karagiorgos, A., Thrassou, A., & Vrontis, D. (2021). Internal auditing and cyber security: audit role and procedural contribution. International Journal of Managerial and Financial Accounting, 13(1), 25-47.
Sánchez-García, I. D., Gilabert, T. S. F., & Calvo-Manzano, J. A. (2023, November). CRAG: A Guideline to Perform a Cybersecurity Risk Audits. In International Congress of Telematics and Computing (pp. 517-532). Cham: Springer Nature Switzerland.
Usman, A., Ahmad, A. C., & Abdulmalik, S. O. (2023). The role of internal auditors characteristics in cybersecurity risk assessment in financial-based business organisations: A conceptual review. International Journal of Professional Business Review: Int. J. Prof. Bus. Rev., 8(8), 32.
Giuca, O., Popescu, T. M., Popescu, A. M., Prostean, G., & Popescu, D. E. (2021). A survey of cybersecurity risk management frameworks. In Soft Computing Applications: Proceedings of the 8th International Workshop Soft Computing Applications (SOFA 2018), Vol. I 8 (pp. 240-272). Springer International Publishing.
Ferreira, L. V. A., Alves, C. A. D. M., Peotta de Melo, L., & Nunes, R. R. (2025). Internal Audit Strategies for Assessing Cybersecurity Controls in the Brazilian Financial Institutions. Applied Sciences, 15(10), 5715.
Al-Shaer, H., Albitar, K., Derouiche, I., & Hussainey, K. (2025). The Role of CEO Power and Audit Committees in Cybersecurity Risk Management. The International Journal of Accounting, 2542004.
Frank, M. L., Grenier, J. H., Pyzoha, J. S., & Zielinski, N. B. (2023). Implications of enhanced cybersecurity risk management reporting and independent assurance. Current Issues in Auditing, 17(1), P11-P18.
Calderon, T. G., & Gao, L. (2021). Cybersecurity risks disclosure and implied audit risks: Evidence from audit fees. International Journal of Auditing, 25(1), 24-39.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Andreanov, Renny Maisyarah
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
International Conference On Islamic Community Studies, Education and Science, its website, and the articles published therein are licensed under a 
