Control Objective for Information and Related Technology - Book Report/Review Example

Finance and accounting Executive Summary The main purpose of the report is to highlight the usage of Control Objective for Information and Related Technology (COBIT) framework by organisations. It also enumerates the criteria that are developed by the framework in order to align the use of information technology (IT) with the goals of the organisations. In light of this, the usage of IT by several organisations is depicted along with the collapse of HIH Group. The reasons for the collapse are related with the inefficient information system that has been used by the company, GEN+. It not only produced inaccurate and faulty financial data but also failed to generate efficient financial reports to the management of the company. The internal audit report also showed a number of mistakes in the accounting systems as it failed to provide a proper ledger system, which could depict transactions correctly. It is advised that the company could have employed COBIT framework so as to avoid its collapse due to the lack of proper information system. Table of Contents Introduction 3 Criteria of COBIT Framework 4 Literature Review 5 Deficiency in HIH accounting system 7 The electronic financial system of HIH 8 Advice to HIH 9 Conclusion 10 Reference List 11 Introduction Information Technology (IT) has also always played a significant role in the success of an organisation (Abu-Musa, 2009). Over the past few decades, it has encountered changes and advancement, which has helped the organisations to build their competitive advantage over the others. Information Technology is needed to track the changes that are taking place in the market environment and also respond to the competitive forces. The growth in IT has given rise to the need for different governance processes and structures. Hence, researches pertaining to IT governance have become an important topic in the past few years (Hardy, 2006). There is a need for comprehensive framework that includes features of IT management in the global industry. The need is for aligning the strategies pertaining to IT with that of the business. The framework is also required for effective deployment of the IT resources, developing the internal control system and preventing the issues that are related to the software errors. Hence, the framework delivers standard guidelines, which are required for implementing different procedures and processes in an organisation. One of the most significant IT governance structure is Control Objective for Information and Related Technology (COBIT). COBIT is a trusted open standard that is employed by many organisations worldwide (Pathak, 2003). It ensures the alignment of usage of the IT system with that of business objectives; since it gives emphasis on the needs of the business, which is required to be satisfied by each of the control objectives (Colbert and Bowen, 1996). Hence, it can be sated that COBIT framework is to be referred while managing information in an organization. Thus, the main purpose of the report is to highlight the deficiencies encountered by the Royal Commissions in reviewing the operations of HIH and how its information system could have been improved by following the criteria of COBIT framework. Criteria of COBIT Framework The primary objective of COBIT framework is to align the IT usage with the fulfilment of objectives of an organisation. There are 34 objectives in the framework and it is developed by employing 41 international documents and is proved internationally so as to assist in balancing the risk associated with IT against the investments made for the same purpose (Lainhart, 2001). These objectives are arranged into hierarchy of domains and processes, which are designed for aligning the IT objectives with the business goals. It identifies the need for IT resources that are linked with 318 controlled objectives. The IT process is majorly grouped into four domains such as acquisition and implementation, planning and organising, support and delivery system and finally monitoring the whole system. The framework is employed by many organisations around the world since 1996 (Guldentops and De Haes, 2002). The framework actually addresses three levels of management in an organisation, which are depicted below: 1) Business and IT management level 2) Executive board and management level 3) General governance, control, assurance and security professional level (IBM Corporation, 2008). In order to satisfy the objectives of the business, the information that is generated by the organisation has “to conform to certain criteria” (IBM Corporation, 2008). This criterion is developed by the COBIT framework, which are basically few information that are required by the organisation. On the basis of fiduciary, quality and security requirements, the criteria are defined, which are discussed henceforth. 1) Efficiency: It is concerned with rudiments of information required for the economical use of resources. 2) Effectiveness: It deals with the relevance and pertinence of information to an organisation. It also refers to the timeliness and consistency of the data that are provided for the business purpose. 3) Confidentiality: It refers to the protection of sensitive information from any unauthorised use. 4) Availability: It is referred to the information, which is available when there is need for the same by the organisation. 5) Integrity: It refers to the completeness and accuracy of the information that meets the needs and expectation of the business. 6) Reliability: It relates to the appropriateness of the information that is required for managing and operating the entities and also exercising the governance responsibilities. 7) Compliance: It refers to the compliance of regulations and laws that are subject to business process, which are imposed internally and externally as the business criteria (IBM Corporation, 2008). Literature Review Accounting Information System (AIS) needs to meet the above mentioned criteria that are referred by the COBIT framework. According to Sajady and Dastgir (2008) AIS is regarded as a significant organizational instrument, which helps in ensuring effectiveness in the management decision making. It also helps in increasing efficiency of the organization by providing correct and timely accounting information to the management. Hence, effectiveness and efficiency information are criteria in AIS. According to Grande, Estebanez and Colomina (2010), information provided by the AIS is kept confidential so that it is not accessed illegally as this information is related to the financial status of the organization. The system should be built in such a manner that it should not disclose the financial data of the organization and the clientele information to any malicious source. This assists an organization to build a good relation with the shareholders by keeping their identity and information safe from unauthorized access. It is very important for an organization to maintain integrity by generating accurate, consistent and trustworthy information (Koch, 2002). Hence, AIS is regarded as an important system, which deals with the accurate financial data that are useful while taking any management decision. Therefore, integrity is also a significant criterion for AIS (Appiah, 2011). The organisations with the help of IT deliver lucid set of procedures. These processes are required for establishing an efficient technical capability for supporting business ability that results in expected outcomes. The research on COBIT and IT governance are linked and both play an important role in AIS because of the detailed reasons. IT has taken a central position in the business, which have justified the claim for governance. However, it can be stated that most of the businesses have failed to establish sufficient control on IT system (Hawkins, Alhajjaj and Kelley, 2003). The organisations encounter many threats that arise from the utilisation of IT system that includes cybercrimes, abuse, errors, fraud and omission. Presently, there is high level of compliance arising from diverse legislations and regulations that the business processes has to meet (Elgammal et al, 2014). From the above discussion it is evident that the criteria ascertained by the COBIT are important for AIS of an organisation. If the criteria are fulfilled by the organisation then it can be stated that the accounting system are efficient enough to provide positive result to the management. The AIS not only helps the management to collect information pertaining to the transactions that takes place during any operation but it also helps the organisation in developing its competitive advantage. Deficiency in HIH accounting system Government of Australia had established Royal Commission for investigating the financial collapse of the Australian Insurance company, HIH Insurance Group during March 2001 (Costello, 1996). The collapse not only affected the company officials and the management but it also had a huge impact on the community groups and the general public. The final report of HIH Royal Commission was issued on 16th April 2003, which marked the reason for the collapse of the company. The committee detailed a number of reasons for collapse; however, it concentrated on consistent practices that were followed by the company, which weakened the management. The accounting system of the company is not efficient enough to assist in management decision making. Hence, it indicated towards the weak internal control of the company (Thomson Reuter, 2003). Among all the issues that are responsible for the collapse of HIH, the company had encountered a number of deficiencies in the information system. For this reason the company was deprived from the reliable and timely information, which is evident for management decision making. The problems aroused due to the complicated corporate structure and ever-expanding operations of the company. The deficiency in three areas of management information is discussed henceforth. The electronic financial system of HIH Efficient information system formed the critical part of insurance business of HIH. Reliable data is needed on liability for the claims so that insurer does not encounter any danger pertaining to under pricing of the products. The reliable data helps the company to trade profitably over a period of time. However, the information system of HIH could not produce that reliable data. The information system should also produce materials, which have the capability to assess the financial position of the company efficiently. The system should be accurate enough to detect the decline of the organisational performance on daily basis; hence it should be monitored and maintained continuously (HIH Royal Commission, 2003a). The executive management does not employ a passive approach of receiving management information; rather they have the responsibility to monitor and manage integrity of financial system and statements that are produced by the system. The significance of maintaining an appropriate accounting and information system is to produce and retain financial information that recognised under Corporations Act 2000 (HIH Royal Commission, 2003a). In case of HIH, it operated a number of accounting and insurance systems in order to monitor its business. The company purchased the Oracle system and became the ledger system for HIH. The system depicted data that are obtained overseas and also in Australia. GEN+ system was created by the company for arranging the existing systems so that it can produce greater functions and also meet the compliance requirements that was issued during the period of 2000 (HIH Royal Commission, 2003a). However, the introduction of the new system, GEN+ has resulted in numerous problems. The problems are related to the inability of the system to generate commission statement, which is required for assuring that accurate commission payments are made to the intermediaries and the agents (HIH Royal Commission, 2003a). The system was also incapable of preparing debtor’s statement and was also unable to process the financial endorsements. GEN+ could not also provide sufficient information for the management reports. Nevertheless, these problems are sorted out during the mid 1998. The Royal Commission had pointed out various back-logs in the data system that was installed in Victoria and New South Wales during 1999. Concerns were raised over integrity of the system. This prevented the company from preparing accurate management reports, which affected the decision making of the same. The management did not receive reliable data pertaining to the key performance indicators of the company; additionally there was lack of daily communication between the general ledger and GEN+ data (HIH Royal Commission, 2003a; HIH Royal Commission, 2003b). During 1999, a number of reports were prepared by the management of the company, which revealed that the system was unable to provide effective financial information. The system was further criticised during 2000; when the internal audit system prepared a report in February that indicated that there were several unreconciled bank accounts in the group. Further, errors were recognised in the credit control system of the company, which occurred due to the implementation of GEN+. The audit report signified that credit control system of HIH is not acceptable; the delays in processing of data on the GEN+ were also highlighted. Several efforts were given to solve the situation; manual processes were employed to make accurate financial reports. Nevertheless, the process is not effective enough to prevent the collapse of the company. Advice to HIH Though there are many reasons behind the collapse of the insurance company in Australia, HIH; but inefficient information system is one of the major issue for the company. The lack of appropriate financial information system leads to insufficient financial information for preparing financial reports for the company. These reports are needed during the management meeting where decisions are taken regarding the improvement of the present situation of the company. In order to avoid the collapse of the company, it could have employed the COBIT framework for managing their financial information. This framework is not only efficient enough to produce reliable and effective financial data within a period of time but it is also trustworthy as it undertakes appropriate process for collecting, storing and analysing data. Conclusion COBIT framework is one of the efficient tools used by the organisations for aligning the usage of IT with that of the management objectives. The criteria of the framework are defined in such a manner so that in encompass all the positive characteristics of collecting, recording and analysing data efficiently. It is observed that the collapse of HIH should have been avoided if the company could have used an efficient IT system such as COBIT framework. The development of GEN+ by the company has proved to be a disaster as it created challenging situations shortly after its introduction. Reference List Abu-Musa, A., 2009. Exploring the Importance and Implementation of COBIT Processes in Saudi Organizations. Information Management & Computer Security, 17 (2), pp. 73-95. Appiah, K., 2011. Computerised Accounting Information Systems: Lessons in State-Owned Enterprise in Developing Economies. Journal of Finance and Management in Public Services, 12(1), pp. 2-23. Colbert, J. and Bowen, P., 1996. A Comparison of Internal Controls: COBIT, SAC, COSO and SAS 55/78. IS Audit & Control Journal, 4, pp. 26–35. Costello, P., 1996. Report of the HIH Royal Commission. [online] Available at: < http://ministers.treasury.gov.au/DisplayDocs.aspx?doc=pressreleases/2003/020.htm&pageID=003&min=phc&Year=2003&DocType=0 > [Accessed 29 December 2014]. Elgammal, A., Turetken, O., van den Heuvel, W.J. and Papazoglou, M., 2014. Formalizing and Appling Compliance Patterns for Business Process Compliance. Software & Systems Modeling, pp. 1-28. Grande, U. E., Estebanez, P. R., and Colomina, M. C., 2010. The impact of Accounting Information Systems (AIS) on performance measures: empirical evidence in Spanish SMEs. The International Journal of Digital Accounting Research, 11, pp. 25 – 43. Guldentops, E. and De Haes, S., 2002. COBIT Usage Survey: Growing Acceptance of COBIT. Information Systems Control Journal, 6, pp. 25–31. Hardy, G., 2006. Using IT Governance and COBIT to Deliver Value with IT and Respond to Legal, Regulatory and Compliance Challenges. Information Security Technical Report, 11(1), pp. 55-61. Hawkins, K. W., Alhajjaj, S., and Kelley, S. S., 2003. Using COBIT to Secure Information Assets. Journal of Government Financial Management, 52(2), p. 22. HIH Royal Commission, 2003a. The Inadequacy of Management Information. [online] Available at: < http://www.hihroyalcom.gov.au/finalreport/Chapter%2018.HTML > [Accessed 29 December 2014]. HIH Royal Commission, 2003b. The Effect of Incorrect Accounting. [online] Available at: [Accessed 29 December 2014]. IBM Corporation, 2008. Control Objectives for Information and related Technology (CobiT®) Internationally Accepted Gold standard for IT Controls & Governance. IBM Corporation, pp. 1-4. Koch, V., 2002. The Powers That Should Be: IT decisions have to reflect the goals of the business and engage the attention of the business, often without the participation or even the interest of the business. CIO, 15 (23), pp. 48–54. Lainhart, J., 2001. And IT Assurance Framework for the Future. Ohio CPA Journal. pp. 191–193. Pathak, J., 2003. Internal Audit and E-Commerce Controls. Internal Auditing, 18 (2), pp.30–34. Sajady, H. and Dastgir, M., 2008. Evaluation of the effectiveness of accounting information systems. International Journal of Information Science & Technology, 6(2). Thomson Reuter, 2003. HIH Royal Commission Final Report. [online] Available at: < http://uk.practicallaw.com/6-107-0980 > [Accessed 29 December 2014]. Read More