The Influence Of Management Tone On Security Control Strength

This study uses archival information technology (IT) audit documentation from 60 auditees of a Big 4 firm to examine whether management’s security tone and activities affect security controls. The IT auditor’s assessment of the reliability of security controls surrounding a client’s information system is a vital component of the audit process. Findings in this study indicate a positive relationship between the strength of management tone surrounding information system security and the IT auditor’s assessment of security controls strength. The findings indicate the utilization of management security tone assessments during an IT audit, and thus, provide objective evidence on the importance of an organization's tone at the top