Investigation into Uptake of COBIT Corporate Governance Auditing Methodology - Essay Example

Research Proposal on investigation into uptake of COBIT Corporate Governance Auditing Methodology ID 19714 Order No. 269387 04 February 2009 Table of Contents: Introduction: As an outcome of the analysis of the world famous Enron and Anderson Scandal in late 2001, the US Government introduced Sarbanes Oxley Act 2002 that enforced a number of enhancements in the methodology of Corporate Governance and also ensured better accountability of auditors in control of corporate frauds. The section 404 of Sarbanes Oxley act is pertaining to the internal control assessment & accountability the management of the organization whereby the company is required to submit an internal control evaluation report pertaining to the procedures of financial reporting. In the modern context most of the organizations possess IT enabled Business & Financial Control systems and hence internal controls are largely related to IT governance. IT Governance is gradually forming deep roots into the corporate governance of businesses globally and hence best practices of IT Management like ITIL & COBIT are gaining popularity very rapidly across the world. In fact many organizations are now looking forward to implement integrated frameworks comprising of practices recommended by ITIL, COBIT and ISO 27001. The research proposal presented herewith is targeted to evaluate the feasibility, strengths & weaknesses of COBIT framework when deployed as an Internal Auditing System for IT Governance as a part of the overall Corporate Governance system of an organization. [Findlaw.com. 2002] Role of IT in Corporate Governance and the COBIT Framework – Short Literature Review IT Management is no longer a small management system operating in Silo by a group of professionals that are primarily technical administrators & experts. With more and more organizations migrating to IT enabled business process management systems, the components & building blocks of IT Infrastructure & Applications have gradually achieved the critically of being the most valuable assets of the organization but least understood from the governance perspective. In this context the organizations having high dependence on IT enabled business processes need to practice an effective IT Risk Management system to comply with regulatory requirements and manage the business dependence on IT effectively. Hence, it is mandatory in the modern business era that IT Management & Governance becomes the responsibility of the executive management and the board of directors of an organization. The advantages of having strong & well managed IT Governance in organizations are the following: (a) Effective Business Asset Management & control system (b) Strong fundamentals for Enterprise Governance and Risk Management (c) Optimization of the usage of the available IT resources (d) Better management of threats to business (e) Capitalising of the opportunities offered by the markets and customers (f) Improved competitive advantages (g) Better compliance to applicable regulations (h) Business performance management – performance of people, processes & technologies can be assessed more objectively (i) Improved customer satisfaction (j) Faster growth of business (k) Knowledge management (l) Management by objectives – a KPI (key performance indicators) based approach And many more as we proceed to evolve more correlations between the business and IT. The COBIT (Control Objectives for Information and related Technology) Framework provides the control objectives & controls in a logically organized structure that comprises of good practices designed by a large panel of experts. The primary contributions of this framework are to link IT objectives with business requirements, designing a process model for IT activities, identification & optimum utilization of the major IT resources and defining IT management control objectives. Figure 1: The COBIT Cube (Source: COBIT 4.1 Executive Summary, ISACA.org, 2007) The COBIT Framework ties the requirements of businesses pertaining to information & governance to the IT objectives of the organization. IT goals respond to business goals by virtue of IT processes that manage the IT resources (COBIT Cube in Figure 1). Figure 2: The COBIT Framework (Source: COBIT 4.1 Executive Summary, ISACA.org, 2007) Figure 2 shows the COBIT framework elements getting mapped on to the IT governance focus areas. The overall design of the framework is as presented below: (a) There are four broad groups comprising of 34 processes each. These processes make use of IT resources available within the organization. (b) All the 34 processes possess high level control objectives (c) A total of 318 control objectives and corresponding audit guidelines are presented in the framework (d) For each of the 34 processes, management guidelines, maturity models, critical success factors, key goal indicators and key performance indicators are presented The entire framework is designed to present controls that are applicable to the areas of Management for risk & control investment balance, users for getting assurance of security & controls of IT services and auditors for advising management on the overall system of internal controls. [ISACA.org. 2007; Butler, Raymond J. 2004] The research proposal herewith is to achieve the following objective: (a) To assess and verify the effectiveness of COBIT framework as an Internal Auditing System to verify the effectiveness of establishment, maintenance, measurement & improvement of internal control governance framework of organizations that largely depend upon IT to run their businesses. (b) To analyze the advantages and disadvantages of COBIT Auditing Framework in meeting the business requirements of information management, control and security. (c) To assess the problems faced by organizations in managing the COBIT auditing framework as a Business As Usual (BAU) system. The target company shall be chosen from the companies in the city of London who have adopted COBIT practices and the related auditing systems and have achieved reasonable maturity of IT governance and the corresponding mapping with the corporate governance of the organization. It is hereby proposed that the detailed research shall possess a design in accordance with the approved structure required by the University. A tentative list of contents in the proposed research design is presented herewith (order & choice of topics may change as per instructions from the University): 1. Introduction 2. Significance of research 3. The research problem 4. Objectives of the research 5. Literature review 6. Conceptual framework 7. Research question(s) 8. Hypotheses & Limitations of research 9. Research Methodology 10. Data Collection 11. Survey instruments 12. Selection of Organization for case study and obtaining consent from their management 13. Ethical Clearance 14. Presentation of raw data 15. Data analysis 16. Conclusions & Generalizations The Literature Review shall be carried out with the help of the Isaca.org portal and the various research and case studies published in educational databases. The output of the Literature Review shall be appropriate research question(s) and design of data collection templates populated with questionnaire to be used in the survey. Post data collection, the data shall be presented in the raw format as well as in analytical format to arrive at conclusions and generalizations. Time Chart: Task Description Duration Analysis and conclusion of the most appropriate Research Problem 48 hours Detailed Literature Review 96 hours Arriving at Research Hypothesis, conceptual framework and the research questions 48 hours Research design 72 hours Conducting Survey 96 hours Presentation of Raw Data 24 hours Analysis of the raw data using analytics tables 48 hours Conclusions and Generalizations 48 hours Total 480 Hours Conclusions Corporate Governance is controlled by the legal & statutory machinery of the governments of the developed countries such that corporate fraud can be controlled. Sarbanes Oxley is one such act that requires self assessed & certified internal control framework to be submitted by the executive management & board of directors of organizations. Given the modern era of IT enabled businesses, the IT governance forms an integral part of Corporate Governance. COBIT is globally the most popular IT governance framework which has been adopted by a number of organizations to implement end to end internal control systems. This research proposal is presented hereby to assess how effective COBIT has been in meeting these expectations in the role of an Internal Auditing Framework. An appropriate organization in the city of London that has adopted COBIT shall be chosen for the case study in this research. The tentative topics of research design have been proposed which are subject to modifications as per University guidelines. Reference List: Butler, Raymond J. Applying the COBIT Control Framework to Spreadsheet Developments. H M Customs & Excise Computer Audit Service National Office. 2004. COBIT 4.1 Excerpts – Executive Summary Framework. IT Governance Institute. ISACA.org. 2007. Sarbanes Oxley Act of 2002. H.R.3763. Findlaw.com. 2002. Read More