Search results

The assessment of COBIT process maturity levels is fraught with a number of problems regarding the objectivity of the assessment results. Unlike ISO/IEC 15504, COBIT does not define an assessment model. The purpose of this paper is to align the behavioural aspects of the six COBIT process attributes with achievement results defined for the nine process attributes associated with the ISO/IEC 15504‐2 measurement scale. The authors believe that this alignment permits a translation of the ISO/IEC 15504 assessment data into an objective COBIT process maturity rating.

The tables presented in the paper identify the COBIT process attributes, the applicable ISO/IEC 15504 process attribute achievement results and the aggregated rating that pertains to the selected achievement results. A final table lists the derived COBIT process maturity level in terms of the ratings for the ISO/IEC 15504 process attribute achievement results for an assessed process.

The objectivity of the aggregated result (COBIT process maturity level) appeals strongly to end‐users of this measurement result, particularly where contractual obligations must be satisfied.

The method is useful where measurement rigour must be demonstrated in the computation of the COBIT process maturity levels.

This assessment and computational method was developed and trialled in the second half of 2010 in the context of the assessment of 13 information technology (IT) service management processes at two different customer sites. The material is of special value to service managers in companies that have outsourced IT service management processes to external IT service providers.

The purpose of this paper is to form a new framework for preventing money laundering by mapping COBIT (Control for Information and Related Technology) processes to COSO (Committee of Sponsoring Organisation) components.

First, a new framework for preventing money laundering in banks is formed by mapping COBIT to COSO. Further, the potential of the mapped framework to comply with the Bank Secrecy Act requirements is analysed.

The mapped framework effectively supports all the activities of financial sectors through defining efficient information technology‐based processes and control methods. Information systems play a key role for financial sectors in producing financial statements, managing customer databases, detecting frauds, etc.

Case studies of banks of different sizes, and in different countries are needed. It is necessary to improve the mapped framework by considering Basel III regulations.

COBIT‐mapped‐COSO framework is useful for banks to fight money laundering. While adopting the new framework, an organisation should apply the best practices that suit its operations rather than all the control objectives.

The new framework can help banks fight money laundering.

For preventing money laundering through banks, a number of policies and intelligence systems are in place. However, there is no efficient framework that could guide banks to follow these policies and use information technologies. This paper proposes a new framework to target these gaps.

The purpose of this paper is to explore the importance and implementation of the Control Objectives for Information and Related Technology (COBIT) processes in Saudi organizations.

An empirical survey, using a self‐administered questionnaire, was conducted to achieve this purpose. A total of 500 questionnaires were distributed to a selected sample of organizations in Saudi Arabia. Of these, 127 valid questionnaires – representing 25.4 percent response rate – were collected and analyzed using the Statistical Package for Social Sciences (SPSS) version 16.

The results of this paper reveal that the majority of respondents perceive the importance of the COBIT processes and domains, but a lower percentage believe that such processes are adequately implemented in their organizations. It is observed that banks, financial institutions, and service organizations show more concern and application of COBIT processes compared with other organizations. The results also reveal that IT specialists, internal auditors, and executive managers perceive and appreciate the importance of COBIT processes more than the others.

The results of this paper will enable Saudi organizations to better understand, implement, evaluate, and manage information technology governance (ITG) for their businesses success. The paper provides useful information for executive managers, IT managers, accountants, auditors, and academics to understand the implementation phase and impact of COBIT on ITG in Saudi organizations.

The paper provides useful information for executive managers, IT managers, accountants, auditors, and academics, to understand the implementation phase and impact of COBIT on ITG in Saudi organizations.

The use of capability maturity model integration (CMMI) on its own can be problematic for the organisation because it does not provide a roadmap to implementation or identification of key process improvement areas, but instead only provides the goals for each level of implementation. Addition of another framework such as control objectives for information and related technology (CoBIT) can add the required operational data, but poses some unique challenges for implementation. However, the integration of Information Technology Infrastructure Library (ITIL), CoBIT, and ISO/IEC 22007 provides a roadmap to the integration of CMMI and CoBIT. The purpose of this paper is to discuss this co‐implementation and integration of the two frameworks, as well as the underlying framework of a new proposed integration model.

A literature review approach is used to address issues that have evolved from the empirical literature regarding the integration of CMMI and ITIL with other standards and determining whether this approach can be applied to the integration of CMMI and CoBIT as well. This literature review also provides insight into roadblocks to the implementation and structural improvements for CMMI.

The literature review demonstrated that the integration of CMMI and CoBIT could potentially be performed using the same techniques used in integrating ITIL and CoBIT, which provides a valuable guideline for further research into this area. However, further work will be required in order to determine the specifics of integration.

The paper adds to the existing literature by discussing the integration of CMMI and CoBIT and examining how these two frameworks can work together in order to create the basis for a new integration model.

The purpose of this paper is to analyze how the COBIT framework, integrated within the internal control framework, enables improvement in the quality of financial reporting while helping to reduce or eliminate the material weaknesses (MWs) of internal control over financial reporting (ICFR). The Control Objectives for Information and Related Technology (COBIT) model is a framework for information technology (IT) management and IT governance. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. Preliminarily, the analysis in this paper illustrates how the Committee of Sponsoring Organizations (COSO) framework impacts on the MWs, highlighting strengths and weaknesses. This paper shows how these limits can be overcome with the use of the COBIT framework.

This is a conceptual paper that aims to highlight the relationship between COBIT and COSO, by illustrating how the IT processes reduce or eliminate the main MW categories.

The analysis indicates that the implementation of the COBIT framework, or more generally the adoption of effective IT controls, provides important benefits to the entire company or organization. IT control objectives have a direct impact on the IT control weaknesses and indirectly on the other categories of material weaknesses.

The adoption of the framework allows managers to implement effective ICFR. In particular, the COBIT approach provides managers with a more evolved tool in terms of compliance with the Sarbanes–Oxley Act requirements. This framework also improves the reliability of financial reporting in relation to the requirements of Public Company Accounting Oversight Board’s Auditing Standards No. 2 and 5.

The analysis provides an interdisciplinary approach, connecting accounting and information systems themes, and suggest solutions and tools than can help managers to address the internal control weaknesses. This paper addresses an area of relevance to both practitioners and academics and expands existing accounting literature.

The purpose of this paper is to illustrate how information technology (IT) governance supports the process of enterprise risk management (ERM). In particular, the paper illustrates how the Control Objectives for Information and related Technology (COBIT) framework helps a company reach its objectives by integrating and supporting the Enterprise Risk Management by the Committee of Sponsoring Organizations (COSO ERM) framework.

This paper explains how the integration between the two frameworks (COSO ERM and COBIT 5) can represent, for any organization, a good way to achieve the objectives of internal control and risk management and, more generally, corporate governance.

The paper identifies some gaps in the COSO ERM and illustrates how the COBIT framework facilitates the implementation of an adequate system of internal control.

The originality of the work presented here is in analyzing the COBIT 5 together with the COSO ERM framework. This paper highlights that is not enough to apply only an internal control framework for achieving the risk management and internal control system objectives. An IT governance framework, such as COBIT 5 is proposed as a tool that support risk management in order to develop an adequate system of internal control.

An area of information technology (IT) in organizations is required to manage resources efficiently. For this, IT certifications are adopted by companies and sought by professionals. However, these have many requirements and to identify which are paramount to the performance of their activities and/or are much more important to IT managers is not a trivial task. The purpose of this study is to identify how the processes of the Information Technology Infrastructure Library (ITIL) v3 and Control Objectives for Information and Related Technology (CobiT) 5 certifications are analyzed by IT managers. Regarding the knowledge of professionals about the processes, which are more important, less important or indifferent in the manager’s view.

A survey is carried out with IT managers using questions elaborated according to the Kano model in which the processes of the analyzed certifications are related to classify according to the proposed model.

Of the 64 analyzed processes, 20 CobiT processes and 13 ITIL processes were classified as must-be requirements. Another 17 CobiT processes and 9 ITIL processes were classified as one-dimensional and 5 ITIL processes are present in more than one relationship with CobiT processes and, depending on the relationship, they were classified as must-be or one-dimensional requirements.

It is concluded that this study contributes in the discussion of the importance of the ITIL and CobiT implementations and analyzes the relevance of ITIL and CobiT certification processes in the view of IT managers, providing useful information for the professionals in terms of prioritization of the processes expected by the managers.

The purpose of this paper is to analyze how an IT governance framework [Control Objectives for Information and related Technology (COBIT)] influences the control environment and the internal control system. In particular, it aims to illustrate how the COBIT’s structure and processes impact on the seven categories of factors that compose the control environment.

This paper aims to highlight how an IT governance framework with its processes enables to improve the control environment assessment and implementation.

The analysis indicates that the implementation of the COBIT framework provides some indications for managers and auditors, which must implement or assess internal control system.

The adoption of the framework allows managers to focus effectively on integrating, aligning and linking processes. This improves the understanding of the key aspects connected to the control environment. In addition, the adoption of the framework allows overcoming some limitations regarding the Committee of Sponsoring Organizations framework.

This paper addresses an area of relevance to both practitioners and academics. This analysis focuses on Accounting Information Systems themes and, through the examination of an IT governance framework, suggests solutions and tools than can help managers and auditors to address the control environment assessment.

This chapter presents an analysis illustrating the evolution of information systems’ development based on three interdependent phases. In the first period, information systems were mainly considered as a strictly technical discipline. Information technology (IT) was used to automate manual processes; each application was treated as a separate entity with the overall objective of leveraging IT to increase productivity and efficiency, primarily in an organizational context. Secondly, the introduction of networking capabilities and personal computers (instead of fictitious terminals) has laid the foundations for a new and broader use of information technologies while paving the way for a transition from technology to its actual use. During the second phase, typical applications were intended to support professional work, while many systems became highly integrated. The most significant change introduced during the third era was the World Wide Web, which transcended the boundaries of the Internet and the conventional limits of IT use. Since then, applications have become an integral part of business strategies while creating new opportunities for alliances and collaborations. Across organizational and national boundaries, this step saw a transformation of IT in the background. These new ready-to-use applications are designed to help end-users in their daily activities. The end-user experience has become an essential design factor.

The purpose of this paper was to develop a comprehensive best practices checklist that can be used by governing bodies to identify and evaluate an enterprise’s risk exposure around cognitive systems (CSs) and formulate mitigating internal controls that can address these risks.

COBIT 5 was scrutinised to identify the processes which are necessary for the effective governance of CSs. The applicable processes were used to identify significant risks relating to cognitive computing (CC), as well as to develop a best practices control checklist.

The research output developed was a best practices checklist and executive summary that would assist enterprises in evaluating their CC risk exposure and assess the adequacy of existing controls. The first checklist highlights the incremental risk exposure which needs to be addressed. To evaluate the effectiveness of the cognitive computing control structure, a best practices checklist was developed that can be used by internal auditors and risk and audit committees. An executive summary was developed to highlight the key focus areas that governing bodies need to consider.

The checklist provides a tool to assess the enterprises’ risk exposure, evaluate the existing CC control mechanisms and identify areas that require management attention.

The checklists and executive summary developed provides enterprises with a comprehensive checklist that can be used, while at the same time allowing them to discharge their responsibility in terms of King IV.