Elements that Orient the Regulatory Compliance Verification Audits on ICT Governance

The expression Information and Communications Technology (ICT) refers to a large integrated set of structures and functions employed to access, transfer, store and treat all forms of information, i.e., actually, text, voice, data and image, which continue to be an important factor for improving organizational management and achieving competitive advantage, since ICT can be used to add value, continuously, to almost all business processes. This paper presents and discusses elements that are considered important to guide verification actions regarding regulatory compliance of ICT management practices. Designated hereinafter as Elements that Orient Regulatory Compliance Verification Audits (ECVAs), these elements are characterized in this paper from a survey of literature, international and national regulations, and best practices bodies. Their selection aims at improving ICT Governance in a Brazilian public company which is used as a reference to validate our choices.

[1]  P. Weill,et al.  IT Governance , 2017 .

[2]  Steven De Haes,et al.  Enterprise Governance of Information Technology: Achieving Alignment and Value, Featuring COBIT 5 , 2015 .

[3]  Isaca COBIT 5: Enabling Processes , 2012 .

[4]  John C. Henderson,et al.  Strategic alignment: a model for organizational transformation via information technology , 2011 .

[5]  Abhik Chaudhuri,et al.  Enabling Effective IT Governance: Leveraging ISO/IEC 38500:2008 and COBIT to Achieve Business–IT Alignment , 2011 .

[6]  Milen Ivanov,et al.  IT project management control and the Control Objectives for IT and related Technology (CobiT) framework , 2011 .

[7]  Alexander Kouzmin,et al.  Benchmarking and performance measurement in public sectors , 1999 .

[8]  M. C. Jensen,et al.  Harvard Business School; SSRN; National Bureau of Economic Research (NBER); European Corporate Governance Institute (ECGI); Harvard University - Accounting & Control Unit , 1976 .

[9]  W. V. Grembergen,et al.  Introduction to the Minitrack on IT Governance and its Mechanisms , 2018, HICSS.

[10]  日本規格協会 情報技術-セキュリティ技術-情報セキュリティ管理策の実践のための規範 : ISO/IEC 27002 = Information technology-Security techniques-Code of practice for information security controls : ISO/IEC 27002 , 2013 .

[11]  A. C. Gil Como elaborar projetos de pesquisa , 2010 .

[12]  Mårten Simonsson,et al.  Predicting IT Governance Performance: A Method for Model-Based Decision Making , 2008 .

[13]  Eslei Jose de Morais Controles internos e estrutura de decisao organizacional , 2005 .

[14]  W. V. Grembergen Strategies for Information Technology Governance , 2003 .

[15]  John C. Henderson,et al.  Strategic Alignment: Leveraging Information Technology for Transforming Organizations , 1993, IBM Syst. J..