The Vital Role of Internal Auditing in Combating Cyber Crime

Introduction

In the era of Industry 4.0, the swift and dynamic evolution of technology has reshaped the business landscape, enabling them to streamline operations, enhance efficiency, and compete globally through the strategic adoption of Information Technology (IT). Consequently, individuals are increasingly involved in financial transactions and commercial activities within the realm of IT, marking the emergence of what is commonly referred to as the digital economy (Ozkaya & Aslaner, 2019). However, amidst this whirlwind of progress, a formidable and insidious adversary has emerged in the form of cybercrime. This clandestine underworld is rapidly expanding, posing a significant threat to businesses and even their survival. In this context, auditors find themselves on the frontlines of the digital battlefield, facing the dual challenge of comprehending the intricate cyber threat landscape and unwaveringly upholding internal audit standards without compromise.

Cyber Crime

The use of the term "cyber" first emerged in military terminology, referring to the anticipation of future forms of warfare. "Cyberwar" is a knowledge-based war involving the gathering of secret information. The term "cybercrime" can be defined as criminal behavior involving the use of computer equipment (Norman Mugarura, 2020). Perpetrators of such crimes are referred to as "computer criminals" (Naci Akdemir, 2020).

The threat of cybercrime to society is not only evident in its various forms but also because some conventional criminal actions, such as fraud, abuse of power, or theft, become more dangerous when using computer technology (Bayraktar, 2017).

Cybercrime Regulated in Indonesia

Criminal actions in cybercrime are regulated by Law Number 11 of 2008 concerning Electronic Information and Transactions (ITE). This law governs various aspects related to cybercrimes, including regulations on illegal actions such as the dissemination of insulting or hate speech, electronic fraud, data theft, and other criminal activities conducted through electronic media.

Audit And Its Role in Combating Cyber Crime

Internal auditors play a vital role in improving an organisation’s cybersecurity. Internal audit plays a critical role by :

1. Assurance and verification : Internal auditors ensure that cybersecurity controls and measures are effectively implemented and consistent with industry standards and organizational policies

2. Risk assessment and mitigation : They assess and identify cybersecurity risks, vulnerabilities, and threats and help organizations mitigate these risks proactively through the recommended security measures

3. Compliance and regulatory alignment : Internal Audits ensure compliance with relevant cybersecurity regulations and standards, reducing legal and regulatory risks.

4. Security Awareness : Promote a culture of cybersecurity awareness among employees and educate them on the importance of protecting sensitive information and data

5. Incident Response and Recovery : Internal Audits assist the development and testing of incident response and recovery plans to minimize the impact of security violations or cyber attacks

6. Continuous Improvement : Auditors help organizations continuously improve their cybersecurity posture by identifying weaknesses and suggesting improvements.

7. Independence and Objectivity : As independent assessors, internal auditors provide impartial assessment of cybersecurity controls, ensuring objectivity in risk assessment and compliance

8. Communication with stakeholders : They facilitate communication between the Board, management and other stakeholders to ensure transparency in cybersecurity issues.

Conclusion

As technology continues to advance and integrate, companies must adapt and transition from traditional to information technology with the goal of maximizing efficiency to maximize profits. However, the use of technology by companies presents a significant opportunity for attacks from anonymous entities that can have a detrimental impact on the company's critical data, finances, and reputation. Therefore, a third party is needed to help companies anticipate cyberattacks, namely auditors. Internal audit plays a crucial role in supporting organizations in combating today's cyber threats by providing an independent assessment of existing and necessary controls and helping the audit committee and board of directors understand and manage various digital world risks.