EUROSAI ITWG model adoption for new IT audit framework: e-government cases
- Details
- Category: Information Technologies, Systems Analysis and Administration
- Last Updated on 22 May 2018
- Published on 16 May 2018
- Hits: 3301
Authors:
V. Davidavičienė, Dr. Sc. (Social), Prof., Vilnius Gediminas technical university, Vilnius, Lithuania, e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.; This email address is being protected from spambots. You need JavaScript enabled to view it.; This email address is being protected from spambots. You need JavaScript enabled to view it.
I. Aleliūnas, Dr. Sc. (Human.), Vilnius Gediminas technical university, Vilnius, Lithuania, e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.; This email address is being protected from spambots. You need JavaScript enabled to view it.; This email address is being protected from spambots. You need JavaScript enabled to view it.
J. Sabaitytė, Dr. Sc. (Social), Vilnius Gediminas technical university, Vilnius, Lithuania, e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.; This email address is being protected from spambots. You need JavaScript enabled to view it.; This email address is being protected from spambots. You need JavaScript enabled to view it.
Abstract:
Information and communication technologies have the decisive influence on competitiveness and viability of organization. Efficiency, in general, and the information and communication technologies management processes, in particular, is a key factor in contemporary society and business. However, the success is not guaranteed by implementing new information system or technologies, and a lot of risk and challenges are faced by organizations. To prevent these risks, the IT audit is applied as one of extremely important tools.
Purpose. To evaluate application of existing IT audit methodologies in public sector of Lithuania and the European Commission nowadays and propose augmentation if it is necessary.
Methodology. A systematic literature analysis, benchmarking, observation and structured analysis of the IT audit practice and methodologies. For verifying theoretical model, the empirical data was taken from the Lithuanian Supreme Audit Institution and the Internal Audit Service of the European Commission.
Findings. The analysis of IT audit in governmental institutions revealed that Cobit 3 IT audit model can be implemented nowadays for more efficient IT audit process. During the research the newer methodology of IT audit were taken (Cobit 4.1) for this research and parallels with EUROSAI were drown. Empirical research on EUROSAI WGIT revealed that e-government audit is much wider than project management and quality assurance processes (PO10 and PO11 in COBIT 3.0). Although this research has confirmed that those processes in both institutions still occur most frequently, it has also identified other high risk processes related to IT, such as risk and security management (PO9 and DS5). This work provides basis for the further development of EUSOSAI WGIT e-government audit model taking into account the environmental conditions following the full integration of COBIT5 framework to the proposed methodology. In this case, i.e. paying attention to COBIT5 principle – separation of IT governance domain from IT management domains – we can transform the Cube to the Cuboid. Moreover, as the research revealed some different choices of internal and external auditors, there are new possible areas for research on IT audit in public institutions. This could be the analysis of the differences of internal and external auditors or subjective factors in risk assessment at the initial stages of IT audit.
Originality. A new model of IT audit in e-government systems is proposed on the basis of IT audit methodology Cobit 4.1 and its parallels with EUROSAI, augmented with risk and security management (PO9 and DS5). This provides basis for the further development of EUSOSAI WGIT e-government audit model after full integration of COBIT5 framework to the proposed methodology.
Practical value. Implementation of the proposed model of IT audit in e-government will lead to the decrease in cybercrime, more structured and better managed IT processes in governmental organizations, according to the updated requirements of IT audit methodologies.
References.
1. INTERPOL, 2016. Cybercrime / Cybercrime / Crime areas / Internet / Home ‒ INTERPOL [online]. Available at: <https://www.interpol.int/Crime-areas/Cybercrime/Cybercrime> [Accessed 16 September 2017].
2. Arduini, D., Denni, M., Lucchese, M., Nurra, A. and Zanfei, A., 2013. The role of technology, organization and contextual factors in the development of e-Government services: An empirical analysis on Italian Local Public Administrations. Structural Change and Economic Dynamics, 27, pp. 177–189.
3. Vande Putte, D. and Verhelst|, M., 2013. Cyber crime: can a standard risk analysis help in the challenges facing business continuity managers? Journal of Business Continuity & Emergency Planning, 7, pp. 126–137.
4. Joseph, R.C., 2013. A structured analysis of e-government studies: Trends and opportunities. Government Information Quarterly, 30, pp. 435–440.
5. INTOSAI WGITA II., 2014. WGITA – IDI Handbook on IT audit for Supreme Audit Institutions [online]. Available at: < http://icisa.cag.gov.in/resource_files/c60986ef8dd5d4f658df077c1b5dceb7.PDF> [Accessed 05 April 2017].
6. Xu, K., Wang, F. and Jia, X., 2016. Secure the Internet, one home at a time. Security and Communication Networks, 9, pp. 3821–3832.
7. Gupta, KP., Bhaskar, P. and Singh, S., 2016. Critical Factors Influencing E-Government Adoption in India: Journal of Information Technology Research (JITR), 9, pp. 28–44.
8. Gable, M., 2015. Efficiency, Participation, and Quality: Three Dimensions of E-Government? Social Science Computer Review, 33, pp. 519–532.
9. Kausar, A., Shroff, N. and White, H., 2016. Real effects of the audit choice. Journal of Accounting and Economics, 62, pp. 157–181.
10. Pike, B.J., Chui, L., Martin, K.A. and Olvera, R.M., 2016. External Auditors’ Involvement in the Internal Audit Function’s Work Plan and Subsequent Reliance Before and After a Negative Audit Discovery. Auditing: A Journal of Practice & Theory, 35, pp. 159–173.
11. Weber, 2016. Information Systems: Control & Audit [online]. Available at: <https://www.amazon.in/Information-Systems-Control-AuditWeber/dp/8178086018/ref=sr_1_16?s=books&ie=UTF8&qid=1479989411&sr=116&keywords=information+system+audit> [Accessed 14 March 2017].
12. ISACA, 2016. Cybersecurity Nexus – Cyber Security Training – Security Certification ‒ CSX | ISACA.
13. Mahlknecht, A., Abuzahra, M.E., Piccoliori, G., Enthaler, N., Engl, A. and Sönnichsen, A., 2016. Improving quality of care in general practices by self-audit, benchmarking and quality circles. Wiener klinische Wochenschrift, 128, pp. 706–718.
14. PRINCE2 TSO. 2016. Published of behalf of the Office of Government Commerce.
15. ISACA, 2016. COBIT 5: A Business Framework for the Governance and Management of Enterprise IT [online]. Available at: <http:// www.isaca.org/cobit/pages/default.aspx> [Accessed 5 August 2017].
16. International Organization for Standardization, 2013. ISO/IEC 27002:2013 ‒ Information technology ‒ Security techniques ‒ Code of practice for information security controls [online]. Available at: <https://www.iso.org/standard/ 54533.html> [Accessed 21 February 2018].
17. EUROSAI IT working group, 2016. EUROSAI IT WG. CUBE [online]. Available at: <http://eurosai-it.org/czysta/cube> [Accessed 21 May 2017].
18. Osman, I.H., Anouze, A.L., Irani, Z., Al-Ayoubi, B., Lee, H., Balcı, A., Medeni, T.D. and Weerakkody, V., 2014. COBRA framework to evaluate e-government services: A citizen-centric perspective. Government information quarterly, 31, pp. 243–256.