Abstract:

In increasing share of IT in the public finance sector institutions’ activity makes the assurance of information security by the institutions one of the most important challenges. One of the tools aimed at ensuring the meeting of the information security requirements in public finance sector institutions is the information security auditing.

The main purpose of the paper is to define, systematise and operationalise the principles of internal information auditing in public finance sector institutions in Poland as well as to determine the methodology of conducting it.

An analysis of the current normative acts on internal auditing allowed for the statement that the Polish legislator developed a formalised internal auditing procedure constituting the bases for isolating a multi-stage information security auditing methodology in public finance sector institutions, which due to their strategic importance for the state require applying special measures on broadly understood safety.