A case for curriculum renewal: Deficiencies in the training of prospective auditors in a technology era

 The information revolution, where the evolution of technology has a pervasive impact on all aspects of life and business, is upon us. The private sector has embraced new technologies, presenting opportunities while also giving rise to new risks. Although slow to start, organisations (or audit clients – auditees) have started implementing specialist information technology (IT) governance frameworks to mitigate the risks attributable to IT. Just as organisations have changed, it is expected that external auditors (auditors), and their education and training, would also have adapted their audit approaches to account for the impact of evolving IT on auditees. This has not necessarily been the case. The standards do not provide the necessary detail guidance on IT required by auditors. The university curriculum as well as supplementary text have neither kept up to date with the rapid changes in technology or the changes in governance frameworks. The objective of this research was to perform a curriculum audit of the sufficiency of the auditing text (i.e. International Standards on Auditing (ISAs) and supporting guidances and textbooks as required by the competency framework) used in the audit specialisation of training prospective CAs (i.e. the curriculum relating to IT as part of the audit process) in ensuring graduates (i.e. future auditors) are relevant in an ever-evolving IT-driven environment The study found that although several areas of the audit curriculum are appropriate, there is in fact a gap within the current curriculum relating to IT internal controls and risks that exist at a technology level. The study calls for curriculum renewal within the audit specialisation, giving specific consideration to technology or operational-level controls within the framework of general and application IT internal controls taught.

Towards a Business Process Quality Culture: From High-Level Guidelines to Grassroots Actions

We present an information systems development (ISD) approach to integrate quality culture in business processes. Action research is our mode of inquiry and a company from the food industry provides the setting. Food production involves auditing throughout the supply chain and a demanding information system, with numerous goals and rules grounded on the organizational policies and values. However, there is a lack of holistic process-oriented approaches to leverage a quality culture. This paper provides a contribution, with the ISO2 approach, offering a set of artifacts to support the ISD lifecycle. An audit from a food retail group confirmed the positive outcome of its use, internalizing quality principles while developing the IS, and it is planning to suggest its adoption by their network of food suppliers

Introduction to Microservice API Patterns (MAP)

The Microservice API Patterns (MAP) language and supporting website premiered under this name at Microservices 2019. MAP distills proven, platform- and technology-independent solutions to recurring (micro-)service design and interface specification problems such as finding well-fitting service granularities, rightsizing message representations, and managing the evolution of APIs and their implementations. In this paper, we motivate the need for such a pattern language, outline the language organization and present two exemplary patterns describing alternative options for representing nested data. We also identify future research and development directions

Evaluasi Layanan Teknologi Informasi ITIL Versi 3 Domain Service Desain pada Universitas Selamat Sri Kendal

Information technology is a necessity for companies and organizations. To ensure the continuity of information technology business processes, it is also very necessary that companies get added value for their use. ITIL v3 is a method used to designing, ensure value is met, provide quality services, and ensure that the parts run as desired. Service design is used to assist companies in designing infrastructure, architecture, service quality, policies, and documents IT. ITIL v3 domain service design in this study is also used as a basis for developing information technology usage policies

Evaluasi Layanan Teknologi Informasi ITIL Versi 3 Domain Service Desain pada Universitas Selamat Sri Kendal

Information technology is a necessity for companies and organizations. To ensure the continuity of information technology business processes, it is also very necessary that companies get added value for their use. ITIL v3 is a method used to designing, ensure value is met, provide quality services, and ensure that the parts run as desired. Service design is used to assist companies in designing infrastructure, architecture, service quality, policies, and documents IT. ITIL v3 domain service design in this study is also used as a basis for developing information technology usage policies

Audit Layanan Teknologi Informasi Berbasis Information Technology Infrastructure Library (ITIL)

IT Service Management adalah salah satu cara untuk mengelola layanan teknologi informasi. Layanan teknologi perlu dikelola dengan baik untuk mendapatkan output dalam bentuk informasi yang dibutuhkan oleh manajemen. Untuk meningkatkan layanan teknologi informasi untuk lebih baik, diperlukan audit meliputi audit layanan teknologi informasi. Audit layanan teknologi informasi dilakukan untuk menentukan kelayakan teknologi informasi denngan terkait, dalam hal ini penulis berfokus pada isu-isu keamanan teknologi informasi. Audit keamanan teknologi informasi dibuat untuk menentukan tingkat keamanan untuk layanan teknologi informasi, sejauh mana informasi tersebut bisa sampai kepada yang berhak menerima, apakah informasi tersebut benar-benar tersedia, apakah informasi tersebut bersifat rahasia. Untuk dapat mengukur tingkat keamanan layanan teknologi informasi, penulis memilih untuk menggunakan metode Information Technology Infrastructure Library Versi 3 (ITIL V3). ITIL adalah set yang terdiri dari Layanan Strategi, Jasa Desain, Jasa Transisi, Layanan Operasi, dan terus-menerus Peningkatan Pelayanan. Dalam hal ini penulis berfokus pada layanan desain pada bagian dari manajemen keamanan informasi, pada bagian ini menjelaskan bagaimana layanan dikatakan baik jika memenuhi 8 poin yang telah distandarisasi secara Internasional

Do You Walk the Talk in Quality Culture?

We present an action research project to foster quality culture in business processes. The client setting is in the food industry, a vital sector for our society and one of the most regulated in the world. Food production involves auditing throughout the supply chain and a demanding information system (IS), with numerous requirements grounded on the organizational policies. Our ISO2 approach – for joint development of IS and quality management system (QMS) – was tailored with a set of routines and artifacts to promote quality culture in the maintenance process of the selected organization. This contribution enables a graphical visualization of existing gaps between the high-level principles endorsed by an organization and its confirmation: (1) instantiating company policies at process level; (2) contrasting the assessment of the process owner and of the quality auditor; and (3) comparing the desired and the real practices in a specific business process. An audit from a food retail group confirmed the positive outcome of ISO2 approach in what regards the internalization of quality principles while developing the IS. Moreover, we performed a longitudinal evaluation to verify enduring effects of the ISO2 approach in business processes. We gathered evidence that ISO2 can (1) improve process users’ awareness of quality culture; (2) suggest an approach to increase trust in company policies; and (3) contribute to business process improvements

Audit Layanan Teknologi Informasi Berbasis Information Technology Infrastructure Library (ITIL)

IT Service Management adalah salah satu cara untuk mengelola layanan teknologi informasi. Layanan teknologi perlu dikelola dengan baik untuk mendapatkan output dalam bentuk informasi yang dibutuhkan oleh manajemen. Untuk meningkatkan layanan teknologi informasi untuk lebih baik, diperlukan audit meliputi audit layanan teknologi informasi. Audit layanan teknologi informasi dilakukan untuk menentukan kelayakan teknologi informasi denngan terkait, dalam hal ini penulis berfokus pada isu-isu keamanan teknologi informasi. Audit keamanan teknologi informasi dibuat untuk menentukan tingkat keamanan untuk layanan teknologi informasi, sejauh mana informasi tersebut bisa sampai kepada yang berhak menerima, apakah informasi tersebut benar-benar tersedia, apakah informasi tersebut bersifat rahasia. Untuk dapat mengukur tingkat keamanan layanan teknologi informasi, penulis memilih untuk menggunakan metode Information Technology Infrastructure Library Versi 3 (ITIL V3). ITIL adalah set yang terdiri dari Layanan Strategi, Jasa Desain, Jasa Transisi, Layanan Operasi, dan terus-menerus Peningkatan Pelayanan. Dalam hal ini penulis berfokus pada layanan desain pada bagian dari manajemen keamanan informasi, pada bagian ini menjelaskan bagaimana layanan dikatakan baik jika memenuhi 8 poin yang telah distandarisasi secara internasional

Information security trust and outcomes : a case study of compliance in a complex system

As recent high-profile data breaches illustrate, an organization that complies with information security control frameworks can also suffer from successful attacks and the subsequent erosion of trust. Information security frameworks used in the federal, payment, and health care industries use a core catalogue of security controls to standardize practices and facilitate assessment. In theory, an organization implementing these standard controls and practices would maintain sufficient security to protect sensitive data. However, these catalogues of controls require resources to implement and change slowly compared to the evolution of technology and threats. Viewed as a static set of rules in a dynamic complex system, the implementation of catalogues of controls may not create predictable outcomes, or act as reliable indicators of the quality of an organization’s security program. I used a case study approach to analyze an organization’s security outcomes during a period when control catalogue implementation transitioned from a best practice to a regulatory mandate I analyzed the organization through the perspective of a complex adaptive system, identifying the complex properties of the organization and its information security team as they endeavored to ensure strict compliance with the control catalogues. I collected data on factors related to the organization’s security outcomes, as well as finances, strategy, and governance. Despite significant changes in IT intensity, strategy, and corporate leadership, the security outcomes faltered and recovered, as emergent processes evolved from the dynamic environment. The compliance results, however, were ambiguous. The formal third-party compliance assessment presented outcomes that overstated the impact of isolated controls from the catalogue, while failing to highlight the broader issues related to organizational risk. This prevented the compliance assessment from representing the true state of security of the organization’s systems. I conclude that the current method of assessing the quality of an organization’s information security program against a control catalogue does not provide sufficient information to establish meaningful trust between organizations. Alternate method that requires a broader perspective of risk may improve the reliability of assessments and provide a more meaningful method to communicate trust.Informatio