Systém pro podporu auditu / Audit Supporting System

Wrana, Tomáš

Unknown Date

The aim of this thesis is to illustrate the problems of auditing of information technology and to propose a design of an information system which would support the audit process. The scope of such system is beyond the framework of this thesis and therefore the specification of requirements and system design is only on a general level. We will approach in a more detailed way only one selected component, which is to be implemented. This tool is concerned with the management of assignments. It will record and evaluate the assignments, including the hours charged and hours budgeted to an assignment. In this paper, the system is described, analyzed in detail with respect to the requirements, then implemented, and its functionality tested.

Information technology audit: systems alignment and effectiveness measures

Nicho, Mathew

January 2008

Information technology audit has proven to be a relatively new, less researched and rapidly expanding field among large, medium and even small businesses (commercial and non-commercial organisations). The implementation rate has grown rapidly and presents a huge growth market for audit consultants due to the need for transparency and compliance with regulation (for example: Sarbanes Oxley Act) and the need to be competitive in the marketplace. The audit process is being conducted mainly by consultants following a traditional process but using different proprietary approaches and mostly done manually. The purpose of this study is to present a scientific method to attach a purely measurement focus to the auditing process so as to provide an auditing as well as a quantitative outcome of the performance to the various IS entities that are audited using a novel automated method that can save organisations considerable resources in terms of time, cost and effort. The nature of the topic directed the researcher to three domains of information system (IS) namely studies on IS measurement, IT governance and software engineering. These areas provided information on the nature of IS measurement and the models used; the process of auditing/measurement and the corresponding frameworks used; the principles and methodology of measurement of IS entities; and measurement models used both in the software engineering and information systems domain. The review of the literature gave rise to the research question and the COBIT-GQM (Control Objectives for Information Technology Audit) – Goal Question Metrics) model. The research question that had emerged out of the four propositions “How can an IT audit or governance framework be used to measure the effectiveness of IS entities in a scientific manner using customised and goal oriented metrics” along with the nature of data sought (positivist), guided the researcher to qualitative research using multiple case studies to test the theoretical model (grounded theory) that had emerged out of the literature review. The theoretical model was automated (with a front end interface and a back-end database) and initially tested for usability issues. Then the common COBIT control objective that was obtained through an initial survey was entered into the database along with a set of questions and metrics (developed by the researcher by following the given GQM guidelines). This application that was demonstrated, and given for evaluation in four organisations gave rise to expected and surprising results. While the respondents expressed their desire to incorporate a customised and goal oriented measurement perspective to their IT audit/performance functions, that would save them time, effort and cost, numerous suggestions were provided that need to be incorporated into the model to make it fully functional. Notable among them are the need to embed a multiple contextual qualifying layer, incorporating benchmarking feature to the model, and the need to link this with the maturity model. These were incorporated into the model and a comprehensive model incorporating all the suggestions was created. The qualitative case study method being used here more to evaluate a theory, provided a sound base for future studies to generate hypothesis that can be evaluated using quantitative survey methods for the model to be generalised. IT auditing being a relatively new, less researched, conventional and high growth oriented field, the use of an innovative, comprehensive, automated and scientific method of audit and measurement method will satisfy the implied need for organisations to incorporate the diverse audit/measurement/ control/standards into one comprehensive method and this research is a major step in this direction. Since the new model is comprehensive and can be automated organisations can economise in terms of time, cost and effort. Irrespective of the nature of economic cycle the need for economising in terms of cost, time and effort is universal for all organisations.

Information technology governance

Information technology audit and control

Goal Question Metrics method

Information technology alignment

Information systems measurement

Information technology audit: systems alignment and effectiveness measures

Nicho, Mathew

January 2008

Information technology audit has proven to be a relatively new, less researched and rapidly expanding field among large, medium and even small businesses (commercial and non-commercial organisations). The implementation rate has grown rapidly and presents a huge growth market for audit consultants due to the need for transparency and compliance with regulation (for example: Sarbanes Oxley Act) and the need to be competitive in the marketplace. The audit process is being conducted mainly by consultants following a traditional process but using different proprietary approaches and mostly done manually. The purpose of this study is to present a scientific method to attach a purely measurement focus to the auditing process so as to provide an auditing as well as a quantitative outcome of the performance to the various IS entities that are audited using a novel automated method that can save organisations considerable resources in terms of time, cost and effort. The nature of the topic directed the researcher to three domains of information system (IS) namely studies on IS measurement, IT governance and software engineering. These areas provided information on the nature of IS measurement and the models used; the process of auditing/measurement and the corresponding frameworks used; the principles and methodology of measurement of IS entities; and measurement models used both in the software engineering and information systems domain. The review of the literature gave rise to the research question and the COBIT-GQM (Control Objectives for Information Technology Audit) – Goal Question Metrics) model. The research question that had emerged out of the four propositions “How can an IT audit or governance framework be used to measure the effectiveness of IS entities in a scientific manner using customised and goal oriented metrics” along with the nature of data sought (positivist), guided the researcher to qualitative research using multiple case studies to test the theoretical model (grounded theory) that had emerged out of the literature review. The theoretical model was automated (with a front end interface and a back-end database) and initially tested for usability issues. Then the common COBIT control objective that was obtained through an initial survey was entered into the database along with a set of questions and metrics (developed by the researcher by following the given GQM guidelines). This application that was demonstrated, and given for evaluation in four organisations gave rise to expected and surprising results. While the respondents expressed their desire to incorporate a customised and goal oriented measurement perspective to their IT audit/performance functions, that would save them time, effort and cost, numerous suggestions were provided that need to be incorporated into the model to make it fully functional. Notable among them are the need to embed a multiple contextual qualifying layer, incorporating benchmarking feature to the model, and the need to link this with the maturity model. These were incorporated into the model and a comprehensive model incorporating all the suggestions was created. The qualitative case study method being used here more to evaluate a theory, provided a sound base for future studies to generate hypothesis that can be evaluated using quantitative survey methods for the model to be generalised. IT auditing being a relatively new, less researched, conventional and high growth oriented field, the use of an innovative, comprehensive, automated and scientific method of audit and measurement method will satisfy the implied need for organisations to incorporate the diverse audit/measurement/ control/standards into one comprehensive method and this research is a major step in this direction. Since the new model is comprehensive and can be automated organisations can economise in terms of time, cost and effort. Irrespective of the nature of economic cycle the need for economising in terms of cost, time and effort is universal for all organisations.

Information technology governance

Information technology audit and control

Goal Question Metrics method

Information technology alignment

Information systems measurement

Auditoria de tecnologia da informação na administração pública no âmbito dos Municípios do Estado do Rio de Janeiro

Monteiro, Gustavo Bastos

January 2008

Submitted by Thalita Cristine Landeira Portela Faro (thalita.faro@fgv.br) on 2011-06-21T17:40:53Z No. of bitstreams: 1 1418003.pdf: 4115702 bytes, checksum: a2c362a5c36ca9073d7d964295740909 (MD5) / Approved for entry into archive by Thalita Cristine Landeira Portela Faro(thalita.faro@fgv.br) on 2011-06-21T17:41:19Z (GMT) No. of bitstreams: 1 1418003.pdf: 4115702 bytes, checksum: a2c362a5c36ca9073d7d964295740909 (MD5) / Approved for entry into archive by Thalita Cristine Landeira Portela Faro(thalita.faro@fgv.br) on 2011-06-21T17:43:11Z (GMT) No. of bitstreams: 1 1418003.pdf: 4115702 bytes, checksum: a2c362a5c36ca9073d7d964295740909 (MD5) / Made available in DSpace on 2011-06-21T17:44:38Z (GMT). No. of bitstreams: 1 1418003.pdf: 4115702 bytes, checksum: a2c362a5c36ca9073d7d964295740909 (MD5) Previous issue date: 2010 / The diffusion of results-oriented management doctrines has been leading the public organizations to make important investments in information technology as a component of transparency for government actions and support for decisionmaking by public administrators. The intensive use of information technology in an increasingly interconnected world exposes the government to new forms of threats and vulnerabilities. In this context, the Courts of Accounts must expand the scope of their acting, performing more stringent controls through specific technics in information technology (IT) audit to ensure the integrity and security of data that travei across networks and information systems. The purpose of this research consisted to identify main improprieties associated with the use of computers in the local public administrations under the jurisdiction of TCE-RJ, by means of the case study of its experience in the accomplishment of performance audit in information technology. The research is based on the literature and analysis of findings from systems audits, showing that this kind of audit has contributed to making local public administration more efficient, effective and transparent. / A difusão das doutrinas de gerenciamento orientadas para resultados no Brasil tem levado as organizações públicas a realizarem investimentos relevantes em tecnologia da informação como um componente de transparência para as ações governamentais e como suporte para a tomada de decisões pelos gestores públicos. O uso intensivo da informática em um mundo cada vez mais interconectado expõe a administração pública a novos tipos de ameaças e vulnerabilidades. Nesse contexto, as entidades de fiscalização devem ampliar sua forma de atuação, realizando controles mais rigorosos por meio de técnicas próprias de auditorias de tecnologia da informação, que visam assegurar a integridade e segurança dos dados que trafegam pelas redes e sistemas de informação. O objetivo da presente pesquisa consistiu em identificar as principais impropriedades associadas ao uso da informática nas administrações municipais sob a jurisdição do TCE-RJ, por meio do estudo de caso de sua experiência na realização de auditorias operacionais em tecnologia da informação. A pesquisa foi realizada com base na literatura e na análise dos achados das auditorias de sistemas, mostrando que este tipo de auditoria tem contribuído para tornar a gestão pública municipal mais eficiente, eficaz e transparente.

Information technology audit

Systems audit

Performance audit

Court of accounts

New public management

Auditoria de tecnologia da informação

Auditoria de sistemas

Auditoria operacional

Tribunal de contas

Nova administração pública

Administração de empresas

Auditoria interna - Estudo de casos

Audit IS/IT v menších podnicích / Audit IS/IT in smaller enterprises

Šaroch, Miroslav

January 2012

The diploma work summarizes in the first section the common knowledge in the audit field of information systems and technologies theory as well as common state of knowledge in the field of marketing in small and medium-sized enterprises and market research as well. In the second section, the tools summarized in the first part are used for designing marketing research project on "The audit of information systems and technology in smaller businesses." The aim of the research was to seek the experience and customer feedback from the segment of smaller businesses to audit information systems. The research was designed as a qualitative one. As technique implementation of research was elected a research interview with looser structure. The work is divided to three parts -- designing of marketing research methodology, as well as conducting this research and it's evaluation.