Overview
Background
Sergeja Slapničar is Associate Professor of Accounting and Co-lead of Digital Finance Research Hub. Her research is at the intersection of auditing, risk management, cyber security, and AI governance. She investigates how organisations financially quantify and audit cyber risk, coordinate the lines of defence in cyber security, and manage cyber and AI risks effectively. Sergeja disseminates her research findings to professional and regulatory audiences through policy engagement, practitioner journals, and by presenting at national and international industry events. She is a member of the Editorial Boards of Journal of Management Control, International Journal of Auditing, and Behavioral Research in Accounting. Sergeja is a passionate educator whose work-integrated approach, connecting students with real startups, has earned multiple awards, including faculty, university, and national citations for outstanding contribution to student learning.
She has extensive Board experience by having served as a non-executive Director in a systemic bank in Eurozone; in a multinational pharmaceutical corporation, on the Board of the Slovenian Agency for Public Oversight of Auditing, as a Chair of the settlement committee in owners' disputes (Slovenia) and as an independent member in audit and remuneration committees of various public interest entities (the Slovenian Bad Bank among others). She has trained over 1,000 executive and non-executive directors in accounting, finance and cyber security risk management at the Slovenian Directors Association, and advised organisations on risk management. Prior to her employment at the UQ Business School, Sergeja was a Professor at the University of Ljubljana, Slovenia. She is a member of ISACA; serves on the Education Committee of the Institute of Internal Auditors Australia and on the Auditing, Assurance, and Ethics Standards Committee at the European Accounting Association.
Availability
- Associate Professor Sergeja Slapnicar is:
- Available for supervision
Qualifications
- Member, Accounting and Finance Association of Australia and New Zealand, Accounting and Finance Association of Australia and New Zealand
- Member, European Accounting Association, European Accounting Association
- Member, ISACA, ISACA
- Member, Institute of Internal Auditors Australia, Institute of Internal Auditors Australia
Research interests
-
Governance and risk management of cyber security
-
Governance and risk management of Artificial Intelligence
-
Internal auditing and assurance
Works
Search Professor Sergeja Slapnicar’s works on UQ eSpace
2026
Journal Article
The FABRICS framework: a Bayesian approach to financial quantification of cyber risk
Slapničar, Sergeja and Joshi, Chaitanya (2026). The FABRICS framework: a Bayesian approach to financial quantification of cyber risk. Computers and Security, 167 104900, 1-18. doi: 10.1016/j.cose.2026.104900
2026
Journal Article
Collaborating across boundaries: toward an integrated cyber risk assessment by internal auditors and cybersecurity professionals
Slapničar, Sergeja, Vuko, Tina, Čular, Marko and Drašček, Matej (2026). Collaborating across boundaries: toward an integrated cyber risk assessment by internal auditors and cybersecurity professionals. Contemporary Accounting Research 1911-3846.70052. doi: 10.1111/1911-3846.70052
2025
Journal Article
The effect of organizational cyber resilience on cyber incident outcomes
Tsen, Elinor, Ko, Ryan K. L. and Slapnicar, Sergeja (2025). The effect of organizational cyber resilience on cyber incident outcomes. Journal of Cybersecurity, 11 (1) tyaf040, 1-15. doi: 10.1093/cybsec/tyaf040
2025
Journal Article
Cyber risk management: an illusion of a risk-based approach
Slapničar, Sergeja, Axelsen, Micheal and Eulerich, Marc (2025). Cyber risk management: an illusion of a risk-based approach. Journal of Management Control. doi: 10.1007/s00187-025-00401-z
2025
Journal Article
Optimizing supplier cyberrisk assessment
Slapnicar, Sergeja and Vidmar, Tim (2025). Optimizing supplier cyberrisk assessment. ISACA journal, 5 (2025).
2025
Journal Article
Process Theory of Supplier Cyber Risk Assessment
Slapnicar, Sergeja, Vidmar, Tim and Tsen, Elinor (2025). Process Theory of Supplier Cyber Risk Assessment. Australasian Journal of Information Systems, 29 (2), 1-33. doi: 10.3127/ajis.v29.5323
2025
Journal Article
Contrasting the optimal resource allocation to cybersecurity controls and cyber insurance using prospect theory versus expected utility theory
Joshi, Chaitanya, Slapničar, Sergeja, Yang, Jinming and Ko, Ryan (2025). Contrasting the optimal resource allocation to cybersecurity controls and cyber insurance using prospect theory versus expected utility theory. Computers and Security, 154 104450, 1-14. doi: 10.1016/j.cose.2025.104450
2025
Conference Publication
Divergent cyber risk assessment by information security managers and internal auditors: Irreconcilable differences or complementary layers?
Slapnicar, Sergeja, Vuko, Tina, Cular, Marko and Drascek, Matej (2025). Divergent cyber risk assessment by information security managers and internal auditors: Irreconcilable differences or complementary layers?. European Accounting Association Congress, Rome, Italy, 28-30 May 2025. European Accounting Association.
2025
Conference Publication
Divergent cyber risk assessment by information security managers and internal auditors: Irreconcilable differences or complementary layers?
Slapničar, S., Vuko, T., Čular, M. and Drašček, M. (2025). Divergent cyber risk assessment by information security managers and internal auditors: Irreconcilable differences or complementary layers?. European Accounting Association Congress, Rome, Italy, 28-30 May 2025. European Accounting Association.
2024
Journal Article
Cybersecurity assurance
Drašček, Matej, Slapničar, Sergeja, Vuko, Tina and Čular, Marko (2024). Cybersecurity assurance. Internal Auditor, 20-22.
2024
Journal Article
Key drivers of cybersecurity audit effectiveness: A neo-institutional perspective
Vuko Tina, Slapničar Sergeja, Čular Marko and Matej Drašček (2024). Key drivers of cybersecurity audit effectiveness: A neo-institutional perspective. International Journal of Auditing, 29 (1), 188-206. doi: 10.1111/ijau.12365
2024
Journal Article
The three lines model in cybersecurity governance and risk management
Bongiovanni, Ivano, Slapničar, Sergeja, Axelsen, Micheal and Stockdale, David (2024). The three lines model in cybersecurity governance and risk management. ISACA Journal, 1 (2024).
2023
Journal Article
A pathway model to five lines of accountability in cybersecurity governance
Slapničar, Sergeja, Axelsen, Micheal, Bongiovanni, Ivano and Stockdale, David (2023). A pathway model to five lines of accountability in cybersecurity governance. International Journal of Accounting Information Systems, 51 100642, 100642. doi: 10.1016/j.accinf.2023.100642
2023
Conference Publication
Measuring cyber risk: integrating methodological, behavioral, and organizational perspectives
Slapnicar, Sergeja, Axelsen, Micheal and Eulerich, Marc (2023). Measuring cyber risk: integrating methodological, behavioral, and organizational perspectives. Accounting and Finance Association of Australia and New Zealand, Gold Coast, QLD Australia, 2-4 July 2023.
2023
Conference Publication
Measuring and managing cyber risk
Slapnicar, Sergeja, Axelsen, Micheal and Eulerich, Marc (2023). Measuring and managing cyber risk. European Accounting Association Congress, Helsinki, Finland, 24-26 May 2023.
2023
Other Outputs
Discussion Paper: 2023-2030 Australian Cyber Security Strategy
Abeysooriya, Sasenka, Akhlaghpour, Saeed, Bongiovanni, Ivano, Dowsett, Dallas, Grotowski, Joseph, Holm, Mike, Kim, Dan, Ko, Ryan, Phillips, Andelka M., Slapnicar, Sergeja, Stockdale, David, Swinson, John, Thonon, Geoffroy, Utting, Mark, Walker-Munro, Brendan and Willoughby, Shannon (2023). Discussion Paper: 2023-2030 Australian Cyber Security Strategy. UQ CYBER and AUSCERT.
2023
Journal Article
Designing a financial quantification model for cyber risk: a case study in a bank
Pollmeier, Santiago, Bongiovanni, Ivano and Slapničar, Sergeja (2023). Designing a financial quantification model for cyber risk: a case study in a bank. Safety Science, 159 106022, 106022. doi: 10.1016/j.ssci.2022.106022
2022
Journal Article
Governing cybersecurity from the boardroom: challenges, drivers, and ways ahead
Gale, Megan, Bongiovanni, Ivano and Slapnicar, Sergeja (2022). Governing cybersecurity from the boardroom: challenges, drivers, and ways ahead. Computers and Security, 121 102840, 102840. doi: 10.1016/j.cose.2022.102840
2022
Journal Article
How Effective Is Your Cybersecurity Audit?
Drašček, Matej, Slapničar, Sergeja, Vuko, Tina and Čular, Marko (2022). How Effective Is Your Cybersecurity Audit?. ISACA Journal, 3.
2022
Journal Article
An exploratory study of organizational cyber resilience, its precursors and outcomes
Tsen, Elinor, Ko, Ryan K. L. and Slapnicar, Sergeja (2022). An exploratory study of organizational cyber resilience, its precursors and outcomes. Journal of Organizational Computing and Electronic Commerce, 32 (2), 1-22. doi: 10.1080/10919392.2022.2068906
Supervision
Availability
- Associate Professor Sergeja Slapnicar is:
- Available for supervision
Looking for a supervisor? Read our advice on how to choose a supervisor.
Supervision history
Current supervision
-
Doctor Philosophy
Integrating Business Intelligence in Exploring Decision Biases in Competitor Analysis within Strategic Management Accounting
Associate Advisor
Other advisors: Dr Michael Turner
Completed supervision
-
2025
Doctor Philosophy
The effects of contingency-shaped cybersecurity risk management on the occurrence and impact of cyber incident: Insights from China
Principal Advisor
-
2023
Doctor Philosophy
Investigating the components of a contextual cyber resilience for organisations
Principal Advisor
Other advisors: Professor Ryan Ko
Media
Enquiries
For media enquiries about Associate Professor Sergeja Slapnicar's areas of expertise, story ideas and help finding experts, contact our Media team: