Abstract
Over the last few decades various regulations emerged and an auditor is the last line of defence against the risks of non compliance. Therefore, Information Technology (IT) Audit Management (AM) is a crucial process for most organizations. However, it is a complex process and current IT frameworks are not helping since they are seen as complex, overlapping each other, and hard to implement. The main contribution of this research is a formal and complete IT AM Process/architecture, useful and adaptable to all type of organizations, which is based on most relevant IT best practices frameworks, literature of the area and in practioners’ viewpoint. The research methodology used was the Design Science Research (DSR). To evaluate our proposal we interviewed IT audit experts in order to add practitioners’ perspective to it. We finish our research by providing the main contributions, limitations, and future work.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Tarantino, A.: Governance, Risk and Compliance Handbook: Technology, Finance, Environmental, and International Guidance and Best Practices. Wiley & Sons, Hoboken (2008)
Senft, S., Gallegos, F.: IT Control and Audit. Taylor & Francis Group, Boca Raton (2009)
Allen, D., Faff, R.: The Global Financial Crisis - some attributes and responses. Accounting and Finance 52, 1–7 (2012)
Mcdonough, A., Sackmann, S.: Compliance and Organization Value: How Markets React to Reported Lapses in Corporate Governance. In: Conference on Commerce and Enterprise Computing, pp. 239–244. IEEE Press, New York (2008)
Radovanovic, D., Radojevic, T., Lucix, D., Sarac, M.: IT audit in accordance with Cobit standard. In: 33rd International Convention on MIPR, pp. 1137–1141. IEEE, NY (2008)
Pai, P.F., Hsu, M.F., Wang, M.C.: Computer-Assisted Audit Techniques based on an Enhanced Rough Set Model. In: International Conference on Networked Computing and Advanced Information Management, pp. 207–212. IEEE Press, New York (2008)
Webster, J., Watson, R.T.: Analyzing the Past to Prepare for the Future: Writing a Literature Review. MISQ 26(2), xiii–xxiii (2002)
Grembergen, W.V., Haes, S.D.: Enterprise Governance of Information Technology: Achieving Strategic Alignment and Value. Springer, Heidelberg (2009)
Steinberg, R.M.: Governance, Risk Management, and Compliance: It Can’t happen To Us - Avoiding Corporate Disaster While Driving Success. John Wiley & Sons, Hoboken (2011)
Rosário, T., Pereira, R., Mira da Silva, M.: Formalization of the Audit Process Management. Accepted to 15th EDOC Workshops. IEEE (2012)
De Haes, S., Grembergen, W.: Analysing the Relationship between IT Governance and Business/IT Alignment Maturity. In: 41st HCISS, p. 428. IEEE Press, New York (2008)
Decker, G., Barros, A.: Interaction Modeling using BPMN. In: International Conference on Business Process Management, pp. 208–219. ACM Press, New York (2007)
Griffin, P.A., Lont, D.H.: An Analysis of Audit Fees Following the Passage of Sarbanes-Oxley. Asia-Pacific Journal of Accounting & Economics 14, 161–192 (2007)
Pereira, R., Mira da Silva, M.: A Maturity Model for Implementing ITIL v3. In: 6th World Congress on Services, pp. 399–406. IEEE Press, New York (2008)
Pereira, R., Mira da Silva, M.: A Maturity Model for Implementing ITIL V3 in Practice. In: 15th IEEE International Enterprise Distributed Object Computing Conference Workshops, pp. 259–268. IEEE Press, New York (2008)
Sahibudin, S., Sharifi, M., Ayat, M.: Combining ITIL, COBIT and ISO/IEC 27002 in Order to Design a Comprehensive IT Framework in Organizations. In: 2nd Asia International Conference on Modeling & Simulation, pp. 749–753. IEEE Press, New York (2008)
Nicewicz-Modrzewska, D., Stolarski, P.: ITIL implementation roadmap based on process governance. In: European University of Information Systems, paper 124 (2008)
Osterle, H., Becker, J., Frank, U., Hess, T., Karagiannis, D., Krcmar, H., et al.: Memorandum on design-oriented information systems research. EJIS 20, 7–10 (2011)
Hevner, A.R., March, S.T.: Design Science in Information Systems Research. MISQ 28(1), 75–105 (2004)
March, S.T., Smith, G.F.: Design and natural science research on information technology. Decision Support Systems 15, 251–266 (1995)
Pereira, R., Mira da Silva, M.: Towards an Integrated IT Governance and IT Management Framework. Accepted to 16th EDOC. IEEE (2012)
The Institute of Internal Auditors: International Standards For The Professional Practice of Internal Auditing (2010), https://na.theiia.org
International Standard Office: ISO 19011 - Guidelines for quality and/or environmental management systems auditing. Geneva (2002)
Thomson Reuters: Fundamental of GRC: The Connected Roles of Internal Audit & Compliance. White Paper (2011)
Carlin, A., Gallegos, F.: IT Audit: A Critical Business Process. Computer 40(7), 87–89 (2007)
Davis, C., Schiller, M., Wheler, K.: IT Auditing: Using Controls to Protect Information Assets. McGrawHil, New York (2011)
Information Technology Governance Institute: IT Governance Institute: COBIT 4,1 (2007), http://www.isaca.org
International Standard Office: ISO/IEC 38500 - Corporate governance of information technology. Geneva (2008)
Kamath, S.: Capabilities and Features: Linking Business and Aplication Architecture. In: Conference on Software Architecture, pp. 12–21. IEEE Press, New York (2008)
Watson, R.W.: An enterprise information architecture- a case study for decentralized organizations. In: 33rd HCISS, pp. 1–10. IEEE Press, New York (2008)
Lankhorst, M., et al.: Enterprise Architecture at Work - Modelling, Communication and Analysis. Springer, Heidelberg (2009)
Moody, D.L., Shanks, G.G.: Improving the quality of data models empirical validation of a quality management framework. Information Systems 28(6), 619–650 (2003)
Goeken, M., Alter, S.: Towards Conceptual Metamodeling of IT Governance Frameworks Approach – Use – Benefits. In: 42nd HCISS, pp. 1–10. IEEE Press, New York (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rosário, T., Pereira, R., da Silva, M.M. (2013). IT Audit Management Architecture and Process Model. In: Abramowicz, W. (eds) Business Information Systems. BIS 2013. Lecture Notes in Business Information Processing, vol 157. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38366-3_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-38366-3_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38365-6
Online ISBN: 978-3-642-38366-3
eBook Packages: Computer ScienceComputer Science (R0)