INFORMATION SYSTEM AUDIT COMPONENTS RELATED TO INFORMATION TECHNOLOGY RISK ASSESSMENT
Keywords:
Organizational Context, System Characteristics, IS Auditor, IT Risk AssessmentAbstract
Currently, organizations have changed competitive advantage approach from traditional, data processing and data reporting through publishing media, to modern approaches through digital media. Moreover, organizations have adopted modern technology such as virtual reality to create organization value and competitive advantage and to enhance the organizational reporting approach. It can be seen organizational data and information are disclosed through digital society, are also revealed to the public. In this circumstance, negative impact or risk could arise from using modern technology. As a result, organizations should pay more attention on the components of information system auditor (IS auditor) consisting of the IS auditor itself, characteristics of IS auditor and organizational context through IT risk assessment process done by IS auditor. This can be ensured that IT risk assessment process has not only been done by IS auditor correctly and accurately but also reducing IT risk.
References
กรมพัฒนาธุรกิจการค้า. (2558). ระบบคุณภาพสำนักงานบัญชี. สืบค้นวันที่ 4 ธันวาคม 2560, จาก http://www.dbd.go.th/download/PDF_law/2.pdf
Allinson, C. (2004). The process of audit and control - a comparison of manual and electronic information systems Policing: An International Journal of Police Strategies & Management, 27(2), 183-205.
Burdea, C.G. and Coiffet, P. (2003). Virtual Reality Technology. (2nd edition). Hoboken, New Jersey: John Viley & Son.
D’Onza, G., Lamboglia, R., and Verona, R. (2015). Do IT audits satisfy senior manager expectations? A qualitative study based on Italian banks. Managerial Auditing Journal, 30(4/5), 413-434.
Maheshwari, A. (2017). Big Data. McGraw Hill Education.
Fenz, S., Heurix, J., Neubauer, T., and Pechstein, F. (2014). Current challenges in information security risk management. Information Management & Computer Security, 22(5), 410-430.
Filho, E.L., Hashimoto, G.T., Pedro, F., Souza, J.H.P., and De and Paulo, S. (2011). The impact of corporate culture in security policies – a methodology. The Seventh International Conference on Networking and Service (ICNS 2011), Venice. (PP: 98-103).
Hermanson D.R, Hill, M., and Ivancevich, D.M. (2000). Information technology related activities of internal auditor, Journal of Information Systems, 14(1), 39-53.
Hermanson, D.R., and Rittenberg, L.E., (2003). Internal audit and organizational governance. Research Opportunities in Internal Auditing, The Institute of Internal Auditors Research Foundation, Altamonte Springs, FL.
IBM Knowledge Center. (2013). CICS Transaction Server for z/OS, Version 3.2. Retrieved December 4, 2017, from https://www.ibm.com/support/knowledgecenter/SSGMGV_3.2.0/com.ibm.cics. ts.productoverview.doc/concepts/TransactionProcessing.html?view=embed
Information System Audit and Control Association. (ISACA). (2016). Information Systems Auditing: Tools and Techniques, Creating Audit Programs, ISACA. Retrieved December 4, 2017, from https://www.isaca.org/COBIT/Documents/IS-auditing-creating-audit-programs_whp_eng_0316.pdf
Mahzan, N., and Veerankutty, F. (2011). IT auditing activities of public sector auditors in Malaysia. African Journal of Business Management, 5(5), 1551-1563.
Moghaddasi, H., Sajjadi, S., and Kamkarhaghighi, M. (2016). Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model. The Open Medical Informatics Journal, 10, 4-10.
Kanellou, A., and Spathis, C. (2011), Auditing in enterprise system environment: A synthesis, Journal of Enterprise Information Management, 24(6), 494-519.
Nuijtena, A., Keil, M., Pijla., G.V.D., and Commandeur, H. (2018). IT managers’ vs. IT auditors’perceptions of risks: An actor–observer asymmetry perspective. Information & Management, 55, 80-93.
Omoteso, K. (2013). Audit Effectiveness: Meeting the IT Challenge. New York: Routledge Taylor and Francis Group.
Palermo, T. (2011). Integrating risk and performance in management reporting: Research executive summary series. Chartered Institute of Management Accountant (CIMA), 7(5), 1-12.
Rhee, H.S., Ryu, Y.U. and Kim, C.T. (2012). Unrealistic optimism on information security management. Computers & Security, 31(2), 221-232.
Ridgeway, G. (2018). Policing in the Era of Big Data. Annual Review of Criminology, 1, 401-419. Retrieved December 4, 2017, from https://doi.org/10.1146/annurev-criminol062217-114209
Shahabuddin, A.M., Alam, A., and Azad, M. M. (2011). Internal Controls in Management Information System. International Journal of Computer Information Systems, 2(6), 58-78.
Shaikh, J.M. (2005). E-commerce impact: emerging technology – electronic auditing. Managerial Auditing Journal, 20(4), 408-421.
Shamala, P., Ahmad R., Zolait, A. H., and Sahib S. B. (2015). Collective information structure model for Information Security Risk Assessment (ISRA). Journal of Systems and Information Technology, 17(2), 193-219.
Dickmann, M., and Tyson, S. (2005). Outsourcing payroll: Beyond transaction-cost economics. Personnel Review, 34(4), 451-467.
Vasarhelyi, A. M., and Romero, S. (2014). Technology in audit engagements: A case study. Managerial Auditing Journal, 29(4), 350-365.
Vasarhelyi, M., Lombardi, D., and Bloch, R. (2010). The Future of Audit: A Modified Delphi Approach. SSRN Electronic Journal. 10.2139/ssrn.2488730.
Downloads
Published
How to Cite
Issue
Section
License
Content and information of the article published at Suthiparithat Journal are based on the sole opinions and responsibility of author(s) only. Neither the editorial board involve in......
