Discuss About The Articles Related The Information Governance?
Information governance is a structure to direct a control the enterprise for achieving the enterprise’s aims and goals. It also adds value while balancing the risk and return over information and its process. It has multiple dimensions with an ultimate objective to handle information in confidential and secure manner (Kooper, Maes and Lindgreen 2011). The articles that are compared in the essay are based on information auditing and the work will be carried out by analyzing, comparing and criticizing the articles. A conclusion is provided at the end of the essay summarizing the key point that has been discussed.
Both the article under study focuses on the IT Governance Audit. It helps in evaluating the company’s strategic and operational alignment with its business strategy to ensure the company’s goals measuring the performance and transparently reporting the results. The articles are ‘Author’s Guide to IT auditing, + Software Demo’ and ‘Network Security Auditing’.
In the first article (Cascarino 2012), the author clarifies the auditor’s job by stating that it is their job to if the system is functioning properly with accordance to the intention with integrity, accuracy and completeness.
First, the relation of Audit is established with technology. The author found it critical for IT and Audit have a lingual transparency and the importance for the auditor to have a proper understanding of technological jargon. Where and what is two essential question the auditor should resolve before starting the auditing process for which Control Strategy Assessment, Unit Performance reporting, Performance Quality Assessment, Control Adequacy and Effectiveness and Follow Up is necessary. In short, the IT Audit should be leveled with ISACA standard. The responsibility of IT auditing also lays in the development and implementation of a risk-based IT Auditing strategy and objective. It should also ensure the information that is achieved is reliable, useful, relevant and sufficient. Other functions of IT auditing involves the communication of audit results to key manager and stakeholders. The IT auditing also requires and understanding the characteristic of IT auditing of other company audit which can be typically seen in audit charter. The charters need to achieve the needs of the organization. For that, the IT audit, chief executive and the line managers should be in close proximity and work accordingly. The level of the authority to act delegated to the audit function is indicated in the charter for the operational manager (Tallon, Ramirez and Short 2013). The audit function selects the wording, content and the form which is indicated by the It audit standards. It is an independent publication.
To ensure the adequacy of the security and the control of the economy of company is maintained through the It audit. Some of the methods that is useful in the case are ITSEC, ISO 9000 and TCSEC.
Gathered information is also important for the auditors of the organization. It is done with the help of the audit program which are prescribed steps that an auditor has to follow for gaining the appropriate evidence.
The plan is necessary for achieving the audit objectives. There are various components are included in the plan.
Primarily, the objectives and the scopes need to be determined with consultation with the auditees. The finalized objective and scopes need to be sent to the clients in prior to avoid any misunderstanding. Reading of operating procedure manuals and discussions with the operating management needs to be obtained to determine the objectives. Planning of the audit report is another important task which communicates audit results which is used in communication between auditors and others in the company. Approval of the audit approach is also necessary which is approved by the auditor in-charge.
Audit management includes the management of IT quality through peer reviews. It should include planning, function of the organization, staffing, business information system and many more of the organization. Integrated auditor and audit comes in action in this field where auditor is to develop an expanded auditor skill set, whereas, integrated audit is to focus the company’s resources directly by providing an integrated audit product.
On the second article, we find various aspects of IT governance Audit which will be discussed in the following.
According to the author, the first and foremost part of governance auditing is the planning phase where the company has to determine the overall strategy (Jackson 2010). There are various steps in the process which are identification of the subject of the audit, the timeframe, determination of the scope and the objective. After determining the factors, the next most important step is the formulation of a plan. It includes the identification of the resources needed like skill and technology, organizational structure, process, data flow, determination of the person under the audit will be carried out and identification of the logistics information. The next phase is the data accumulation. After gathering the data, the auditor has to analyze the data. It is important in identifying potential risks. In the risk assessments, various methodologies are used. Control activity is the next step which recommends help mitigating risk. The important aspects of controls in COSO are operational, compliance and financial reporting. There are broad and cover all the issues regarding IT. Information and communication is another important part in governance which enables free flow between all aspects of the business (Smallwood 2014).
ISACA or Information Systems Audit and Control Association is an integral part of security auditing. Author referred as the largest association of IT auditors. Every IT organizations should follow the standard of ISACA. It also provides Certified Information System Auditor certification of CISA and Certified Information System Manager or CISM. These institutions also provide guideline for the IT Company to provide assistance which includes standard of IS Auditing, Auditing G Auditing procedures and many more. The Standards of IS auditing includes various codes of conduct. Auditing G comprises the manual of conduct audit following the standard of IS auditing (Van Grembergen and De Haes 2017).
It involves the technical security discipline of the company. Various tools are used in the process among which, Security Auditing Tools are proposed by the author. The sophistication and the power of these tools increase exponentially in each year. Identification is another aspect of security auditing where selection of control is of absolute necessity. It includes the knowledge of understanding the risks and security objectives of the company. Author opines that as it is directly associated with the technology it should address mitigating risk around process, people and technology itself.
Audit checklist is another important section of governance as mentioned by the author which acts as the blueprint of the complete auditing process. To the objective of the company, it is a vital to and ensures the success of the company. The checklist covers all the aspects of audit, starting from objective, assessment method and results to improve the compliance. It is referred as the back bone of the governance of a company. The more elaborative the checklist is, the more easy it will become for governance of the company and supports other staffs to help in their evidence hunt (Bhardwaj and Rao 2015).
Both the authors in their respective books mentioned different techniques that can be adopted for IT governance. The authors primarily focused on the audit which is an integral part of the governance. All the aspect had been covered in the books, but some important ones from each are mentioned such as planning, checklist, management, It audit and security.
Cascarino, R.E., 2012. Auditor's Guide to IT Auditing,+ Software Demo (Vol. 583). John Wiley & Sons.
Jackson, C., 2010. Network security auditing. Cisco Press.
Kooper, M.N., Maes, R. and Lindgreen, E.R., 2011. On the governance of information: Introducing a new concept of governance to support the management of information. International Journal of Information Management, 31(3), pp.195-200.
Smallwood, R.F., 2014. Information governance: Concepts, strategies, and best practices. John Wiley & Sons.
Tallon, P.P., Ramirez, R.V. and Short, J.E., 2013. The information artifact in IT governance: toward a theory of information governance. Journal of Management Information Systems, 30(3), pp.141-178.
Van Grembergen, W. and De Haes, S., 2017, January. Introduction to IT Governance and Its Mechanisms Minitrack. In Proceedings of the 50th Hawaii International Conference on System Sciences.