THE IMPACT OF THE INTERNAL AUDIT DEPARTMENT IN EVALUATING AND MANAGING CYBER SECURITY RISKS AND THE MEDIATING ROLE OF INSTITUTIONAL CULTURE IN BANKS OPERATING IN JORDAN

Abstract

The study aimed to demonstrate the impact of the internal audit department in assessing and managing cyber security risks in Jordanian commercial banks and the mediating role of institutional culture. The study relied on the descriptive method in analyzing the data. To achieve the objectives of the study, a questionnaire was prepared, 140 of which were distributed to commercial banks operating in Jordan, and 120 questionnaires were retrieved. To measure the variables of the study, a five-point Likert scale was used, and to test mediation, the Baron & Kenny model was used. After testing the hypotheses, it was found that the internal audit department has a direct impact on the institutional culture and on cyber security risk assessment and management in the regression model. It was also found that there is an effect of institutional culture on risk assessment. “Cyber security and its management,” but when mediated by institutional culture, the internal audit department does not predict the assessment of cyber security risks and their management, and this is considered an indirect effect. Therefore, the study recommends that internal audit departments acquire the skills that enable them to carry out internal audit operations using methods based on modern technology in light of Cyber ​​security threats