Skip to main content
SpringerLink
Log in

IT Audit Management Architecture and Process Model

  • Conference paper
Business Information Systems (BIS 2013)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 157))

Included in the following conference series:

Abstract

Over the last few decades various regulations emerged and an auditor is the last line of defence against the risks of non compliance. Therefore, Information Technology (IT) Audit Management (AM) is a crucial process for most organizations. However, it is a complex process and current IT frameworks are not helping since they are seen as complex, overlapping each other, and hard to implement. The main contribution of this research is a formal and complete IT AM Process/architecture, useful and adaptable to all type of organizations, which is based on most relevant IT best practices frameworks, literature of the area and in practioners’ viewpoint. The research methodology used was the Design Science Research (DSR). To evaluate our proposal we interviewed IT audit experts in order to add practitioners’ perspective to it. We finish our research by providing the main contributions, limitations, and future work.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 72.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Tarantino, A.: Governance, Risk and Compliance Handbook: Technology, Finance, Environmental, and International Guidance and Best Practices. Wiley & Sons, Hoboken (2008)

    Book  Google Scholar 

  2. Senft, S., Gallegos, F.: IT Control and Audit. Taylor & Francis Group, Boca Raton (2009)

    Google Scholar 

  3. Allen, D., Faff, R.: The Global Financial Crisis - some attributes and responses. Accounting and Finance 52, 1–7 (2012)

    Article  Google Scholar 

  4. Mcdonough, A., Sackmann, S.: Compliance and Organization Value: How Markets React to Reported Lapses in Corporate Governance. In: Conference on Commerce and Enterprise Computing, pp. 239–244. IEEE Press, New York (2008)

    Google Scholar 

  5. Radovanovic, D., Radojevic, T., Lucix, D., Sarac, M.: IT audit in accordance with Cobit standard. In: 33rd International Convention on MIPR, pp. 1137–1141. IEEE, NY (2008)

    Google Scholar 

  6. Pai, P.F., Hsu, M.F., Wang, M.C.: Computer-Assisted Audit Techniques based on an Enhanced Rough Set Model. In: International Conference on Networked Computing and Advanced Information Management, pp. 207–212. IEEE Press, New York (2008)

    Google Scholar 

  7. Webster, J., Watson, R.T.: Analyzing the Past to Prepare for the Future: Writing a Literature Review. MISQ 26(2), xiii–xxiii (2002)

    Google Scholar 

  8. Grembergen, W.V., Haes, S.D.: Enterprise Governance of Information Technology: Achieving Strategic Alignment and Value. Springer, Heidelberg (2009)

    Book  Google Scholar 

  9. Steinberg, R.M.: Governance, Risk Management, and Compliance: It Can’t happen To Us - Avoiding Corporate Disaster While Driving Success. John Wiley & Sons, Hoboken (2011)

    Book  Google Scholar 

  10. Rosário, T., Pereira, R., Mira da Silva, M.: Formalization of the Audit Process Management. Accepted to 15th EDOC Workshops. IEEE (2012)

    Google Scholar 

  11. De Haes, S., Grembergen, W.: Analysing the Relationship between IT Governance and Business/IT Alignment Maturity. In: 41st HCISS, p. 428. IEEE Press, New York (2008)

    Google Scholar 

  12. Decker, G., Barros, A.: Interaction Modeling using BPMN. In: International Conference on Business Process Management, pp. 208–219. ACM Press, New York (2007)

    Google Scholar 

  13. Griffin, P.A., Lont, D.H.: An Analysis of Audit Fees Following the Passage of Sarbanes-Oxley. Asia-Pacific Journal of Accounting & Economics 14, 161–192 (2007)

    Article  Google Scholar 

  14. Pereira, R., Mira da Silva, M.: A Maturity Model for Implementing ITIL v3. In: 6th World Congress on Services, pp. 399–406. IEEE Press, New York (2008)

    Google Scholar 

  15. Pereira, R., Mira da Silva, M.: A Maturity Model for Implementing ITIL V3 in Practice. In: 15th IEEE International Enterprise Distributed Object Computing Conference Workshops, pp. 259–268. IEEE Press, New York (2008)

    Google Scholar 

  16. Sahibudin, S., Sharifi, M., Ayat, M.: Combining ITIL, COBIT and ISO/IEC 27002 in Order to Design a Comprehensive IT Framework in Organizations. In: 2nd Asia International Conference on Modeling & Simulation, pp. 749–753. IEEE Press, New York (2008)

    Google Scholar 

  17. Nicewicz-Modrzewska, D., Stolarski, P.: ITIL implementation roadmap based on process governance. In: European University of Information Systems, paper 124 (2008)

    Google Scholar 

  18. Osterle, H., Becker, J., Frank, U., Hess, T., Karagiannis, D., Krcmar, H., et al.: Memorandum on design-oriented information systems research. EJIS 20, 7–10 (2011)

    Google Scholar 

  19. Hevner, A.R., March, S.T.: Design Science in Information Systems Research. MISQ 28(1), 75–105 (2004)

    Google Scholar 

  20. March, S.T., Smith, G.F.: Design and natural science research on information technology. Decision Support Systems 15, 251–266 (1995)

    Article  Google Scholar 

  21. Pereira, R., Mira da Silva, M.: Towards an Integrated IT Governance and IT Management Framework. Accepted to 16th EDOC. IEEE (2012)

    Google Scholar 

  22. The Institute of Internal Auditors: International Standards For The Professional Practice of Internal Auditing (2010), https://na.theiia.org

  23. International Standard Office: ISO 19011 - Guidelines for quality and/or environmental management systems auditing. Geneva (2002)

    Google Scholar 

  24. Thomson Reuters: Fundamental of GRC: The Connected Roles of Internal Audit & Compliance. White Paper (2011)

    Google Scholar 

  25. Carlin, A., Gallegos, F.: IT Audit: A Critical Business Process. Computer 40(7), 87–89 (2007)

    Article  Google Scholar 

  26. Davis, C., Schiller, M., Wheler, K.: IT Auditing: Using Controls to Protect Information Assets. McGrawHil, New York (2011)

    Google Scholar 

  27. Information Technology Governance Institute: IT Governance Institute: COBIT 4,1 (2007), http://www.isaca.org

  28. International Standard Office: ISO/IEC 38500 - Corporate governance of information technology. Geneva (2008)

    Google Scholar 

  29. Kamath, S.: Capabilities and Features: Linking Business and Aplication Architecture. In: Conference on Software Architecture, pp. 12–21. IEEE Press, New York (2008)

    Google Scholar 

  30. Watson, R.W.: An enterprise information architecture- a case study for decentralized organizations. In: 33rd HCISS, pp. 1–10. IEEE Press, New York (2008)

    Google Scholar 

  31. Lankhorst, M., et al.: Enterprise Architecture at Work - Modelling, Communication and Analysis. Springer, Heidelberg (2009)

    Book  Google Scholar 

  32. Moody, D.L., Shanks, G.G.: Improving the quality of data models empirical validation of a quality management framework. Information Systems 28(6), 619–650 (2003)

    Article  Google Scholar 

  33. Goeken, M., Alter, S.: Towards Conceptual Metamodeling of IT Governance Frameworks Approach – Use – Benefits. In: 42nd HCISS, pp. 1–10. IEEE Press, New York (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Instituto Superior Técnico, Lisbon, Portugal

    Tiago Rosário, Rúben Pereira & Miguel Mira da Silva

Authors
  1. Tiago Rosário
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rúben Pereira
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Miguel Mira da Silva
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information Systems, Poznań University of Economics, Poznań, Poland

    Witold Abramowicz

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Rosário, T., Pereira, R., da Silva, M.M. (2013). IT Audit Management Architecture and Process Model. In: Abramowicz, W. (eds) Business Information Systems. BIS 2013. Lecture Notes in Business Information Processing, vol 157. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38366-3_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38366-3_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38365-6

  • Online ISBN: 978-3-642-38366-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation