Internal Audit of Information Systems in Morocco: A Synergy for Cybersecurity

Abstract

Internal auditing of information systems has a significant importance for organizations. The synergy between internal audit and information systems has created opportunities for more informed decision-making, improved risk assessment and, ultimately, better alignment with organizational objectives. Indeed, beyond its traditional functions, internal auditing has expanded to ensure compliance, security and efficiency of information systems within an organization, while reinforcing the resilience of information systems. The aim of our article is to draw on existing literature to demonstrate the impact of the internal audit function on the control of information systems security risks. To do this, we will first define the concept of internal audit and the evolution of its functions, present the background to the reinforcement of information systems security in Morocco, demonstrate how Computer-Aided Audit Tools and Techniques (CAATTs) support audit processes, and highlight the complementarity between internal and external audit in a continuous audit logic.  We will then highlight a series of aspects linked to the development of the internal audit function's remit, and relate internal audit to the Information Security Management System, which helps the organization to manage well the risks linked to the security of information systems.

Keywords: (3-5 Words) : Système de Management de la sécurité de l’information, audit interne, cyber-securité, Outils et Techniques d'Audit Assistées par Ordinateur.

JEL Classification : H83, M42, M4.

Paper type: article théorique