期刊名称:Communications of the Association for Information Systems
印刷版ISSN:1529-3181
出版年度:2008
卷号:23
期号:1
页码:26
出版社:Association for Information Systems
摘要:Information systems provide both the means for organizations to transact business and the ability to report the financial results of their operations. Information technology auditing is an integral part of corporate governance. However, information technology auditing is often looked upon as a “necessary evil” or is overlooked entirely by IT management We argue that IT audit activities can provide additional value beyond the primary objective of assurance, assuming the organization embraces IT governance partnerships between IT management and the audit function. We also analyze factors developed from field study research that suggest IT audits are special projects requiring a quality audit process and sound project management principles. These success factors, if managed properly, can lead to high-quality IT audit products (i.e., engagements) that could conceivably free audit resources for more value-added projects and enterprise oversight. We close with a discussion of future research directions.
关键词:Sarbanes-Oxley; COBIT; IT Governance Institute; risk management; internal controls
