Audit IS - teorie a praxe / IS Audit - Theory and Practice

Fišera, Martin

January 2013

The thesis covers the issue of IS audit in all its breadth. On the basis that this is a very complex area, it was necessary to divide the work into several logical and subsequent chapters. Quality and audit are the key words for this job. Therefore is them given the whole first chapter that chronologically describes the evolution of these concepts. Interpretation of quality is widely described since the Greece and Rome ancient, through Total Quality Management approach to the current understanding of the normative frameworks issued by ISO. There is the term audit continuously followed in the chapter of the concept of quality, whose development is also described in detail in chronological order starting from the reading public accounts to the current form of IS audit. Especially, we focus on development of the definition of audit and the relationship between the financial audits and IS. The second - last - part of the chapter is devoted to a detailed description of the reasons for the application of IS audit in practice. Because of the large specifications of the IS audit is this characteristic position in practice given the second chapter. This chapter contains not only description of the characteristics but also a brief outline of the issue of outsourcing and CloudComputing in relation to the audit of IS. The third chapter is devoted to a normative base of IS audit. Due to a large number of normative frameworks there are analysed only selected representatives in the chapter. These include the ISO / IEC 20000, COBIT, ITIL and others. They are thoroughly described, evaluated and compared to other possibly relevant for the definition of relations and benefit evaluation. The last chapter deals with design process of IS audit at a conceptual level. The aim is to freely continue on the normative base discussed in the previous chapter and a simple, versatile, easily applicable and adaptable IS audit process regarding defined limits.

Analysis of the relationship between Governance of Enterprise Information Technology (IT) and strategic business-IT alignment using COBIT 5 in the case of the Commercial Bank of Ethiopia

Fiseha, Martha Sileshi

06 1900

Effective Governance of Enterprise Information Technology (GEIT) is very important for an enterprise that has a huge investment in IT infrastructure. Implementing effective GEIT helps an enterprise to meet stakeholder needs by creating business value through strategic business-IT alignment. This study focuses on the analysis of GEIT implementation related to strategic business-IT alignment using Control Objectives for Information and Related Technology (COBIT 5), using the Commercial Bank of Ethiopia (CBE) as a case study. Strategic alignment is found to be the main concern of GEIT and strong alignment between business objectives and IT capabilities as a means of creating an effective foundation for business execution. There are various internationally accepted GEIT good practices and standards. In this study, COBIT 5 is selected for its strong aspects of control objectives for strategic business-IT alignment that help enterprises’ security, risk and compliance guidance and serves as a tool for leveraging GEIT. COBIT 5 is the leading business framework for the GEIT by making clear that there is a separation between governance and management of IT. This is a single integrated framework that covers the enterprise holistically and integrates with other important frameworks and standards at an advanced level. In addition to this, the use of COBIT 5 Balanced Score Card (BSC) for performance measurement tool (goals cascade), Process Reference Model (PRM), Process Assessment Model (PAM), principles and enablers and Capability Maturity Model (CMM) tool also utilise IT investments more effectively and accurately and measure performance with lower costs through stronger governance. This study analysed how enterprises effectively implement GEIT practices using COBIT 5 to achieve strong strategic business-IT alignment. The target groups of the study were the top management and IT management of CBE. The researcher used explanatory sequential mixed methods (both quantitative and qualitative) data collection techniques and analysis procedures. In the quantitative data collection, data were collected and analysed using GEIT practices maturity assessment tool, Luftman Strategic Alignment Maturity Model (LAMM) tool and the data analysed using Statistical Package for the Social Science (SPSS). In the qualitative phase of the study, evidence was collected and examined from observation and participation, document review, focus group, formal and informal discussions with selected managements of CBE and gap assessment using COBIT 5. Finally, the researcher integrated results to combine the quantitative and qualitative methods. The finidngs of the quantitative analysis indicate that the maturity level of GEIT practices implementation was 1.77, around level 2 maturity level (repeatable but intuitive), whereas the business-IT alignment maturity level of 53.13% agrees that strategic alignment business-IT was good level 3 (established, focused processes) in the case of CBE. GEIT practices implementation regarding strategic business-IT alignment is found to be positive. The data qualitative analysis indicates that the achievement of the capability level of GEIT processes is not defined and deployed based on international best practices and also confirms that the GEIT BSC is not yet implemented. The achievement capability level of GEIT processes implementation using COBIT 5 is under level 2. In this study, the gap between the existing GEIT practices processes and desirable level 4 (managed and measurable) using COBIT 5 was identified and a method to fill the gap was proposed. / School of Computing / M. Sc. (Computing)

Business-IT alignment

BSC

COBIT

GEIT

ISACA

SO/IEC 15504

LAMM

PRM

PAM

Performance measurement

658.40380110963

Banks and banking -- Ethiopia

Employees -- Rating of -- Ethiopia

YaʼItyoṗyā negd bānk