Investigating COBIT for information technology audit in the Tasmanian public sector

Autor: Gerke, L
Rok vydání: 2023
DOI: 10.25959/23210051.v1
Popis: There has been worldwide interest in corporate governance because of the high profile corporate collapses of the early 2000s. The use of control frameworks has been mandated in the United States of America through the Sarbanes Oxley Act of 2002. One of the popular frameworks adopted is the Control Objectives for Information and Related Technologies (CoBIT). Organisations have shown an increasing interest in using COBiT both as an IT governance framework and also for IT audit because of its focus on the alignment of business and IT goals and processes. The COBiT framework is massive, so there is a need for research to determine the most important IT processes in public sector organisations in order to reduce the number of audit areas included in an abbreviated COBiT IT audit instrument while retaining relevance. There is a large body of published work available for COBiT, however, much of this has originated within the domain of the practitioner and is aimed at a similar readership, with little, if any, academic research that has considered the effectiveness of the framework. Prior research has been conducted in the national and international arenas, but it is unclear if this can be extended to the Tasmanian public sector. This research used a survey methodology to obtain ratings from selected Tasmanian public sector organisations for each of the high level IT control objectives in the COBiT framework. These ratings were compiled to form a ranked list of the most important IT processes for the Tasmanian public sector. Audit measures were selected for the key IT processes, then validated by a senior public sector IT audit professional and the instrument subsequently trialled on a range of Tasmanian public sector organisations. An evaluation of the IT audit process using COBiT was also undertaken. The instrument developed contained seven IT control objectives and was successfully trialled in nine public sector organisations of all possible levels. The results obtained indicated that Tasmanian public sector organisations perceived ensuring security of their systems to be the most important IT process. Of the seven it control objectives audited, five were also considered important in national and international studies. The results obtained suggests that use of the COBiT -derived instrument for public sector IT audit provided a insight into the IT governance and control within these organisations as well as indicating the degree to which the goals and governance of the organisation and the organisation were aligned, neither of which was available with the use of the previous instrument. The use of COBrf for IT audit in this case was considered to be effective and provides some validation in one public sector context of the extensive use of COBIT by practitioners.
Databáze: OpenAIRE