Urton Anderson, CCEP Director of the Von Allmen School of Accountancy and Professor

1. Discussion: The Influence of IA on Information Security Effectiveness: Perceptions of Internal Auditors Urton Anderson, CCEP Director of the Von Allmen School of Accountancy and Professor The University of Kentucky

2. Agenda Contribution – Putting the Paper in a Larger Context • IA and its relationship to other assurance providers • 3 Lines of Defense Model • Reliance on assurance providers Some specific issues for discussion • Should incidents go down? • What is a finding? • What is the “quality of relationship”?

3. IA and its relationship to other assurance providers Who provides assurance in organizations?

4. Organization as a Web of Assurance

5. Assurance Network

6. 3 Lines of Defense

7. Reliance on assurance providers

8. COMBINED ASSURANCE King III Principle 3.5 The audit committee should ensure that a combined assurance model is applied to provide a coordinated approach to all assurance activities.

9. Risk Assurance Map – Starting Template • Assurance Gap • High Assurance • Medium Assurance • Low Assurance • Opportunity to Remove / • Refocus Effort • Maintain Current Status

10. Assurance Map (PWC)

11. Specific Issues What is a finding? Should incidents go down? What is the “quality of relationship”?

12. Relational Coordination Theory • Jody Hoffer Gittell- Brandeis University

13. Relational Coordination Theory • “New Directions for Relational Coordination Theory,” in The Oxford Handbook of Positive Organizational Scholarship, 2011 • The Southwest Airlines Way: Using the Power of Relationships to Achieve High Performance (McGraw-Hill, 2003) • High Performance Healthcare: Using the Power of Relationships to Achieve Quality, Efficiency and Resilience (McGraw-Hill, 2009)

14. Urton Anderson Von Allmen School of Accountancy The University of Kentucky (859)218-1788 urton.anderson@uky.edu