Naslov
Methodologies for conducting information system audit: case study of Sarbanes-Oxley compliance

Autori
Spremić, Mario, Popović, Matija

Izvornik
Uporabna informatika (1318-1882) 16 (2008); 133-146

Vrsta, podvrsta i kategorija rada
Radovi u časopisima, članak, znanstveni

Ključne riječi
IT Governance; Information System Audit; Business Process Improvements; Case study; Sarbanes-Oxley compliance

Sažetak
Although information systems (IS) and information technology (IT) are taking significant role in businesses with its innovating and supporting potential, it seems that it is least understood company asset. Successful organizations manage IT function in much the same way that they manage their other strategic functions and processes. This in particular means that they understand the IT control environment and manage the risks associated with growing IT opportunities, such as increasing regulatory compliance as well as critical dependence of many business processes on IT and vice-versa. They are doing so by engaging in IT Governance and information system audit (IS Audit) activities. In recent years there are a number of world-wide used standard, regulatory frameworks and best practices in IT governance and process management area such as CobiT, ITIL, Basel II Sarbanes-Oxley act (SoX), ISO 27000, which helps management to measure the actual IT performance and comply to regulatory demands. In this paper we present the case study of conducting IT compliance audit according to SoX. After brief explanation of key terms, the methodology of complex SoX compliance audit is given and key performance indicators for major business processes stressed. The IS Audit process resulted in recommendations for business process change.

Izvorni jezik
Engleski

Znanstvena područja
Informacijske i komunikacijske znanosti

POVEZANOST RADA