Introduction to Deception, Digital Forensics, and Malware Minitrack

N/

Modeling a systems-based framework for effective IT auditing and assurance for less regulatory environments

Information Technology (IT) has become indispensable in contemporary business processes and in business value creation strategies. Those charged with governance, risk management and compliance are, often, challenged by sophisticated IT oriented decision-making dilemmas due to complex IT use in contemporary business processes. Investors and other stakeholders increasingly expect very rich, reliable and transparent assurance that their interests are safe. Auditors, as a result, are looked upon to expand their role to leverage the functions of those charged with governance and management. IT audit literature, hence, demonstrates existence of several best practices aimed at meeting the increasing demand for more audit and assurance outcomes that bridge the widening audit expectations gaps. In developing countries with less stringent regulatory systems, however, attempts to implement many of these frameworks have proved unsuccessful. Reasons include paucity of guidance in the frameworks and lack of suitable theoretical foundations to resort to for solutions to implementation challenges. Extant literature review reveals scanty research effort by practitioners or academicians in the field in the empirical situation to design a more suitable framework to serve as intervention. In this research an attempt has been made to create an intervention by designing a framework, i.e. an artefact for IT auditing for less regulated business environments. By adductive inference the cybernetics theory of viable systems approach was ingrained as the theoretical foundation from which the variables for the design were extracted. The abduction was based on the diagnostic power and ability to support self-regulation in a less regulatory environment. Action design research (ADR) approach was employed to achieve the research objective. Both qualitative and quantitative techniques were found to be useful for the evaluation and data analysis. At the design phase, a multiple case study method together with workshops were employed to gain insight into the problem and to collect data to support the design process. Four organisations from both public and private sectors in Ghana were selected to participate in the research. At the evaluation stage a survey technique was used to collect data mainly for the validation of construct variables and the refinement of the framework. The questionnaire scale used was 1=Strongly Disagree; 2=Disagree; 3=Somewhat Agree; 4=Agree and 5=Strongly Agree. A total of 136 respondents who included IT audit and Internal audit practitioners, Audit trainees and students, Directors and management staff were involved from four selected organisations. A factor analysis yielded twenty variables extracted from the ingrained theory for the building of a conceptual model which were grouped into six factors or domains. The entire conceptual model was tested with PLS-SEM technique because of the causal relationships that motivated the development of the conceptual hypotheses. A composite reliability used to assess the internal consistency of the model was overall adequate with values greater than 0.7. Similarly, a convergent validity of the model showed that all the variables were above the threshold value of 0.5. Thus, the model and design theory were found to be reliable and valid. Correlation and regression analysis was applied in testing individual hypotheses and the results helped to reorganise the final framework. The study contributed an artefact in the field of IT audit which represents a comprehensive teachable practitioner’s guide for the improvement of the IT audit practice. The framework also serves as guidance to those charged with governance and management in monitoring, self-review and as framework to attain IT audit readiness in less regulatory environments. Implementation challenges are expected to be resolved by reverting to the ingrained theory

WICC 2017 : XIX Workshop de Investigadores en Ciencias de la Computación

Actas del XIX Workshop de Investigadores en Ciencias de la Computación (WICC 2017), realizado en el Instituto Tecnológico de Buenos Aires (ITBA), el 27 y 28 de abril de 2017.Red de Universidades con Carreras en Informática (RedUNCI