Search results

The purpose of this paper is to analyze how the COBIT framework, integrated within the internal control framework, enables improvement in the quality of financial reporting while helping to reduce or eliminate the material weaknesses (MWs) of internal control over financial reporting (ICFR). The Control Objectives for Information and Related Technology (COBIT) model is a framework for information technology (IT) management and IT governance. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. Preliminarily, the analysis in this paper illustrates how the Committee of Sponsoring Organizations (COSO) framework impacts on the MWs, highlighting strengths and weaknesses. This paper shows how these limits can be overcome with the use of the COBIT framework.

This is a conceptual paper that aims to highlight the relationship between COBIT and COSO, by illustrating how the IT processes reduce or eliminate the main MW categories.

The analysis indicates that the implementation of the COBIT framework, or more generally the adoption of effective IT controls, provides important benefits to the entire company or organization. IT control objectives have a direct impact on the IT control weaknesses and indirectly on the other categories of material weaknesses.

The adoption of the framework allows managers to implement effective ICFR. In particular, the COBIT approach provides managers with a more evolved tool in terms of compliance with the Sarbanes–Oxley Act requirements. This framework also improves the reliability of financial reporting in relation to the requirements of Public Company Accounting Oversight Board’s Auditing Standards No. 2 and 5.

The analysis provides an interdisciplinary approach, connecting accounting and information systems themes, and suggest solutions and tools than can help managers to address the internal control weaknesses. This paper addresses an area of relevance to both practitioners and academics and expands existing accounting literature.

The purpose of this paper was to develop a comprehensive best practices checklist that can be used by governing bodies to identify and evaluate an enterprise’s risk exposure around cognitive systems (CSs) and formulate mitigating internal controls that can address these risks.

COBIT 5 was scrutinised to identify the processes which are necessary for the effective governance of CSs. The applicable processes were used to identify significant risks relating to cognitive computing (CC), as well as to develop a best practices control checklist.

The research output developed was a best practices checklist and executive summary that would assist enterprises in evaluating their CC risk exposure and assess the adequacy of existing controls. The first checklist highlights the incremental risk exposure which needs to be addressed. To evaluate the effectiveness of the cognitive computing control structure, a best practices checklist was developed that can be used by internal auditors and risk and audit committees. An executive summary was developed to highlight the key focus areas that governing bodies need to consider.

The checklist provides a tool to assess the enterprises’ risk exposure, evaluate the existing CC control mechanisms and identify areas that require management attention.

The checklists and executive summary developed provides enterprises with a comprehensive checklist that can be used, while at the same time allowing them to discharge their responsibility in terms of King IV.

Risk management is an under-explored topic in information systems (IS) research that involves complex and interrelated activities. Consequently, the authors explore the importance of interrelated activities by examining how the maturity of one type of information technology risk management (ITRM) practice is influenced by the maturity of other types of ITRM practices. The purpose of this paper is to explore these relationships, the authors develop a model based on organizational strategy implementation theory and the COBIT framework. The model identifies four types of ITRM practices, namely, IT governance (ITG); communications; operations; and monitoring.

The authors use a survey methodology to collect data on senior information technology (IT) executives' perceptions on ITRM practices. The authors use an exploratory factor analysis (EFA) to identify four dimensions of ITR M practices and conduct a structural equation model to observe the associations.

The survey of senior IT executives' perceptions suggests that the maturity of ITRM practices related to ITG, communications and monitoring positively influence the maturity of operations-related ITRM practices. Further, the maturity of communications-related ITRM practices mediates the relationship between ITG and operations-related ITRM practices. The aggregate results demonstrate the inter-relatedness of ITRM practices and highlight the importance of taking a holistic view of ITRM.

Given the content and complexity of the study, it is difficult to obtain senior executives’ responses in large firms. Therefore, this study did not use a separate sample to conduct the EFA to obtain the underlying four constructs. Also, the ITRM practices identified are perceptions. Even though the authors consider this to be a limitation, it also communicates the pressing areas that senior IT professionals are expected to focus given various external and internal pressures. This study focuses on large firms, hence, small to midsize firms are not well represented.

Given the demanding regulatory and financial reporting requirements and the complexity of IT, there is an increasing possibility that the accounting profession will require IT professionals to focus on operations-related ITRM practices, such as security, availability and confidentially of data and IS are closely related to internal controls. However, as this study demonstrates, the maturity of operations-related ITRM practices cannot be achieved by focusing solely on operations-related IT risks. Therefore, IT practitioners can use this study to raise awareness of the complex interrelationships among ITRM practices among managers to improve the overall ITRM practices in a firm.

The study also shows the importance of establishing proper communication channels among various business functions with regard to ITRM. Extant IT research identifies the importance of the firm’s communication structure on various firm performance measures. For example, Krotov (2015) mentions the importance of communication in improving trust between the Chief Executive Officer and Chief Financial Officer. Firms with established communication channels have the necessary medium to educate and involve other departments with regard to the security of data. Thus, such firms are more likely to have mature risk management practices because of increased awareness of risks and preventive techniques.

The study contributes to ITG and risk management literature by identifying the role of monitoring-related ITRM practices on improving other areas of risk management. The study also extends the existing ITRM literature by providing an organizational strategy perspective to ITRM practices and showing how ITRM practices follow organizational strategy implementation. Further, the authors identify four underlying ITRM categories. Consequently, researchers could choose between two factors (Vincent et al., 2017) or four factors based on the level of detail required for the particular study.

The purpose of this paper is to obtain a list of recommendations addressed by the information technology (IT) governance enablers in relation to IoT implementation. The reason behind this it is the lack of information about these instances which could the organizations to be more effective when implementing IoT.

The objectives will be obtained using the methodology – systematic literature review.

During the research, a list of recommendations was created on each IT governance enabler in relation to IoT implementation, showing the flaws that exist at the literature level for each enabler.

The state of art of this research is a creation of a list of recommendations according to IT governance enablers to be applied on an IoT implementation.

This paper aims to explore the evolution of a trend in which countries are developing or adopting cybersecurity implementation frameworks that are intended to be used nationally. This paper contrasts the cybersecurity frameworks that have been developed in three countries, namely, Australia, UK and USA.

The paper uses literature review and qualitative document analysis for the study. The paper developed and used an assessment matrix as its coding protocol. The contents of the three cybersecurity frameworks were then scored to capture the degree to which they covered the themes/items of the cybersecurity assessment matrix.

The analysis found that the three cybersecurity frameworks are oriented toward the risk management approach. However, the frameworks also had notable differences with regard to the security domains that they cover. For example, one of the frameworks did not offer guidelines with regard to what to do to respond to attacks or to plan for recovery.

The results of this study are beneficial to policymakers in the three countries targeted, as they are able to gain insights about how their cybersecurity frameworks compares to those of the other two countries. Such knowledge would be useful as decision-makers take steps to improve their existing frameworks. The results of this study are also beneficial to executives who have branches in all three countries. In such cases, security professionals could deploy the most comprehensive framework across all three countries and then extend the deployment in each location to meet country-specific requirements.

The assessment of COBIT process maturity levels is fraught with a number of problems regarding the objectivity of the assessment results. Unlike ISO/IEC 15504, COBIT does not define an assessment model. The purpose of this paper is to align the behavioural aspects of the six COBIT process attributes with achievement results defined for the nine process attributes associated with the ISO/IEC 15504‐2 measurement scale. The authors believe that this alignment permits a translation of the ISO/IEC 15504 assessment data into an objective COBIT process maturity rating.

The tables presented in the paper identify the COBIT process attributes, the applicable ISO/IEC 15504 process attribute achievement results and the aggregated rating that pertains to the selected achievement results. A final table lists the derived COBIT process maturity level in terms of the ratings for the ISO/IEC 15504 process attribute achievement results for an assessed process.

The objectivity of the aggregated result (COBIT process maturity level) appeals strongly to end‐users of this measurement result, particularly where contractual obligations must be satisfied.

The method is useful where measurement rigour must be demonstrated in the computation of the COBIT process maturity levels.

This assessment and computational method was developed and trialled in the second half of 2010 in the context of the assessment of 13 information technology (IT) service management processes at two different customer sites. The material is of special value to service managers in companies that have outsourced IT service management processes to external IT service providers.

An area of information technology (IT) in organizations is required to manage resources efficiently. For this, IT certifications are adopted by companies and sought by professionals. However, these have many requirements and to identify which are paramount to the performance of their activities and/or are much more important to IT managers is not a trivial task. The purpose of this study is to identify how the processes of the Information Technology Infrastructure Library (ITIL) v3 and Control Objectives for Information and Related Technology (CobiT) 5 certifications are analyzed by IT managers. Regarding the knowledge of professionals about the processes, which are more important, less important or indifferent in the manager’s view.

A survey is carried out with IT managers using questions elaborated according to the Kano model in which the processes of the analyzed certifications are related to classify according to the proposed model.

Of the 64 analyzed processes, 20 CobiT processes and 13 ITIL processes were classified as must-be requirements. Another 17 CobiT processes and 9 ITIL processes were classified as one-dimensional and 5 ITIL processes are present in more than one relationship with CobiT processes and, depending on the relationship, they were classified as must-be or one-dimensional requirements.

It is concluded that this study contributes in the discussion of the importance of the ITIL and CobiT implementations and analyzes the relevance of ITIL and CobiT certification processes in the view of IT managers, providing useful information for the professionals in terms of prioritization of the processes expected by the managers.

The purpose of this paper is to explore the importance and implementation of the Control Objectives for Information and Related Technology (COBIT) processes in Saudi organizations.

An empirical survey, using a self‐administered questionnaire, was conducted to achieve this purpose. A total of 500 questionnaires were distributed to a selected sample of organizations in Saudi Arabia. Of these, 127 valid questionnaires – representing 25.4 percent response rate – were collected and analyzed using the Statistical Package for Social Sciences (SPSS) version 16.

The results of this paper reveal that the majority of respondents perceive the importance of the COBIT processes and domains, but a lower percentage believe that such processes are adequately implemented in their organizations. It is observed that banks, financial institutions, and service organizations show more concern and application of COBIT processes compared with other organizations. The results also reveal that IT specialists, internal auditors, and executive managers perceive and appreciate the importance of COBIT processes more than the others.

The results of this paper will enable Saudi organizations to better understand, implement, evaluate, and manage information technology governance (ITG) for their businesses success. The paper provides useful information for executive managers, IT managers, accountants, auditors, and academics to understand the implementation phase and impact of COBIT on ITG in Saudi organizations.

The paper provides useful information for executive managers, IT managers, accountants, auditors, and academics, to understand the implementation phase and impact of COBIT on ITG in Saudi organizations.

The purpose of this paper is to illustrate how information technology (IT) governance supports the process of enterprise risk management (ERM). In particular, the paper illustrates how the Control Objectives for Information and related Technology (COBIT) framework helps a company reach its objectives by integrating and supporting the Enterprise Risk Management by the Committee of Sponsoring Organizations (COSO ERM) framework.

This paper explains how the integration between the two frameworks (COSO ERM and COBIT 5) can represent, for any organization, a good way to achieve the objectives of internal control and risk management and, more generally, corporate governance.

The paper identifies some gaps in the COSO ERM and illustrates how the COBIT framework facilitates the implementation of an adequate system of internal control.

The originality of the work presented here is in analyzing the COBIT 5 together with the COSO ERM framework. This paper highlights that is not enough to apply only an internal control framework for achieving the risk management and internal control system objectives. An IT governance framework, such as COBIT 5 is proposed as a tool that support risk management in order to develop an adequate system of internal control.

The purpose of this paper is to analyze how an IT governance framework [Control Objectives for Information and related Technology (COBIT)] influences the control environment and the internal control system. In particular, it aims to illustrate how the COBIT’s structure and processes impact on the seven categories of factors that compose the control environment.

This paper aims to highlight how an IT governance framework with its processes enables to improve the control environment assessment and implementation.

The analysis indicates that the implementation of the COBIT framework provides some indications for managers and auditors, which must implement or assess internal control system.

The adoption of the framework allows managers to focus effectively on integrating, aligning and linking processes. This improves the understanding of the key aspects connected to the control environment. In addition, the adoption of the framework allows overcoming some limitations regarding the Committee of Sponsoring Organizations framework.

This paper addresses an area of relevance to both practitioners and academics. This analysis focuses on Accounting Information Systems themes and, through the examination of an IT governance framework, suggests solutions and tools than can help managers and auditors to address the control environment assessment.