Big Data in Auditing: A Value-Focused Approach to Cybersecurity Management
Full text | |||
Source | Journal of Information Systems Security Volume 15, Number 2 (2019)
Pages 77–100
ISSN 1551-0123 (Print)ISSN 1551-0808 (Online) |
||
Authors | David L. Coss — Deloitte, USA
Kane Smith — UNC Greensboro, USA
Jackson Foster — Ernst & Young, USA
Simran Dhillon — ISEG, Universidade de Lisboa, Portugal
|
||
Publisher | Information Institute Publishing, Washington DC, USA |
Abstract
The use of Big Data in Auditing represents significant challenges in terms of data privacy and security in the modern era as institutions and governments struggle to manage varying auditing-related concerns. Hence, it is important to understand how key stakeholders in this context feel about the problem to learn how it can be managed with respect to cybersecurity. In this paper, 100 individuals were interviewed to elicit their implicit values with regard to consumer data privacy and security, which are then transformed into actionable objectives that can be used for developing context-specific policy. To accomplish this goal, Keeney’s (1999) value focused thinking approach is used to convert individual stakeholder values into objectives, which can then form the basis for cybersecurity policy planning, specific to the context of Big Data and organizational audits. Having a defined set of objectives allows both institutions and governments to allocate finite resources in a more prudent and effective manner using policy that takes advantage of these objectives during the decision making process of their creation.
Keywords
Cybersecurity Management, Stakeholder Values, Big Data, Auditing
References
Alles, M. G. (2015). Drivers of the Use and Facilitators and Obstacles of the Evolution of Big Data by the Audit Profession. Accounting Horizons, 29(2), 439-449.
Alles, M., and Gray, G. L. (2016). Incorporating big data in audits: Identifying inhibitors and a research agenda to address those inhibitors. International Journal of Accounting Information Systems, 22, 44-59.
Alles, M., Vasarhelyi, M., and Issa, H. (2013). Rethinking the Practice and Value Added of External Audits: The AICPA's Audit Data Standards (ADS) Initiative. Working paper, Rutgers, The State University of New Jersey.
Brown-Liburd, H., Issa, H., and Lombardi, D. (2015). Behavioral implications of Big Data's impact on audit judgment and decision making and future research directions. Accounting Horizons, 29(2), 451-468.
Byrnes, P., Criste, T., Stewart, T., and Vasarhelyi, M (2014). Reimagining Auditing in a Wired World. Rep. AICPA.
Cao, M., Chychyla, R., and Stewart, T. (2015). Big Data analytics in financial statement audits. Accounting Horizons, 29(2), 423-429.
Cavoukian, A., and Jonas, J. (2012). Privacy by design in the age of big data (pp. 1-17). Information and Privacy Commissioner of Ontario, Canada.
Crawford, K., and Schultz, J. (2014). Big data and due process: Toward a framework to redress predictive privacy harms. BCL Rev., 55, 93-128.
Demchenko, Y., Grosso, P., De Laat, C., and Membrey, P. (2013, May). Addressing big data issues in scientific data infrastructure. In Collaboration Technologies and Systems (CTS), 2013 International Conference on (pp. 48-55). IEEE.
Dhillon, G., and Smith, K. J. (2019). Defining objectives for preventing cyberstalking. Journal of Business Ethics, 157(1), 137-158.
Dhillon, G., Oliveira, T., and Syed, R. (2018). Value-based information privacy objectives for Internet Commerce. Computers in Human Behavior, 87, 292-307.
Graves, J. T., Acquisti, A., and Christin, N. (2016). Big data and bad data: on the sensitivity of security policy to imperfect information. The University of Chicago Law Review, 117-137.
Keeney, R. L. (1996). Value-focused thinking: Identifying decision opportunities and creating alternatives. European Journal of operational research, 92(3), 537-549.
Krahel, J. P., and Titera, W. R. (2015). Consequences of Big Data and formalization on accounting and auditing standards. Accounting Horizons, 29(2), 409-422.
Kshetri, N. (2014). Big data ׳ s impact on privacy, security and consumer welfare.
Telecommunications Policy, 38(11), 1134-1145.
Miltgen, C. L., and Smith, H. J. (2015). Exploring information privacy regulation, risks, trust, and behavior. Information & Management, 52(6), 741-759.
Schwartz, P. M. (2009). Preemption and privacy. The Yale Law Journal, 902-947.
SEC Retention of Records Relevant to Audits and Reviews, 17 CFR 210.2-06 (2003).
Smith, H. J., Milberg, S. J., and Burke, S. J. (1996). Information privacy: measuring individuals' concerns about organizational practices. MIS quarterly, 167-196.
Syed, R., Dhillon, G., and Merrick, J. (2019). The Identity Management Value Model: A Design Science Approach to Assess Value Gaps on Social Media. Decision Sciences, 50(3), 498-536.
Vasarhelyi, M. A., Kogan, A., and Tuttle, B. M. (2015). Big data in accounting: An overview. Accounting Horizons, 29(2), 381-396.
Ye, H., Cheng, X., Yuan, M., Xu, L., Gao, J., and Cheng, C. (2016, September). A survey of security and privacy in big data. In Communications and Information Technologies (ISCIT), 2016 16th International Symposium on (pp. 268-272). IEEE.
Warren Jr, J. D., Moffitt, K. C., and Byrnes, P. (2015). How big data will change accounting. Accounting Horizons, 29(2), 397-407.
Whithouse, T. (2014). Auditing in the era of big data. Compliance Week, 1I (126), 28-67.
Yoon, K., Hoogduin, L., and Zhang, L. (2015). Big data as complementary audit evidence. Accounting Horizons, 29(2), 431-438.
Zhang, J., Yang, X., and Appelbaum, D. (2015). Toward effective Big Data analysis in continuous auditing. Accounting Horizons, 29(2), 469-476.
Zhang, L., Pawlicki, A. R., McQuilken, D., and Titera, W. R. (2012). The AICPA assurance services executive committee emerging assurance technologies task force: The audit data standards (ADS) initiative. Journal of Information Systems, 26(1), 199-205.