Re-Engineering IT Internal Controls: Applying Capability Maturity Models to the Evaluation of IT Controls

Financial and management accounting relies not only on traditional computerized accounting information systems but also on many application systems that feed data to the entries that make up the financial accounting systems. The importance of IT has been recognized by auditing standards setters. In response, a variety of organizations have developed control frameworks for the IT lifecycle. COBIT, published by the IT Governance Institute (ITGI), is a well understood and widely used control framework. An important element of the various elements and tools that make up the COBIT framework is the Capability Maturity Model (CMM) that is included in the COBIT Management Guidelines. The six-level CMM is drawn from the software engineering research community. A given level of the CMM allows managers and others to determine the capacity of the entity to manage its risks and strategic and operational outcomes, for that particular process. Whether a given capability maturity level correlates to a particular level of internal control, under auditing standards, has not been determined. This research is an exploratory attempt to determine the capability maturity of organizations; address metrication issues in measuring capability maturity and correlate capability maturity with the state of internal control over financial reporting.

[1]  Jerry N. Luftman Competing in the Information Age , 2003 .

[2]  Vernon J. Richardson,et al.  Returns on Investments in Information Technology: A Research Synthesis , 2002, J. Inf. Syst..

[3]  W. Deming Quality, productivity, and competitive position , 1982 .

[4]  W. V. Grembergen Strategies for Information Technology Governance , 2003 .

[5]  Izak Benbasat,et al.  Factors That Influence the Social Dimension of Alignment Between Business and Information Technology Objectives , 2000, MIS Q..

[6]  R. Peterson Integration Strategies and Tactics for Information Technology Governance , 2004 .

[7]  Gary Klein,et al.  An exploration of the relationship between software development process maturity and project performance , 2004, Inf. Manag..

[8]  Mayuram S. Krishnan,et al.  Effects of Process Maturity on Quality, Cycle Time, and Effort in Software Product Development , 2000 .

[9]  Watts S. Humphrey,et al.  Managing Technical People: Innovation, Teamwork, and the Software Process , 1996 .

[10]  Andrew B. Whinston,et al.  An Empirical Investigation of Net-Enabled Business Value , 2004, MIS Q..

[11]  Yolande E. Chan,et al.  Business Strategic Orientation, Information Systems Strategic Orientation, and Strategic Alignment , 1997, Inf. Syst. Res..

[12]  James D. Herbsleb,et al.  Software quality and the Capability Maturity Model , 1997, CACM.

[13]  Jerry N. Luftman Competing in the Information Age: Align in the Sand , 2003 .

[14]  Vernon J. Richardson,et al.  Reexamining the Value Relevance of E-Commerce Initiatives , 2004, J. Manag. Inf. Syst..

[15]  Edward G. Schilling,et al.  Juran's Quality Handbook , 1998 .

[16]  Steven De Haes,et al.  IT Governance Structures, Processes and Relational Mechanisms: Achieving IT/Business Alignment in a Major Belgian Financial Group , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[17]  F. M. Gryna Quality planning and analysis , 1970 .

[18]  M. Oliverio Internal control—integrated framework: who is responsible? , 2001 .

[19]  Watts S. Humphrey,et al.  Managing the software process , 1989, The SEI series in software engineering.

[20]  Jeff Tian What Is Software Quality , 2005 .

[21]  Peter J. Denning Editorial: what is software quality? , 1992, CACM.

[22]  Jerry N. Luftman Competing in the Information Age: Strategic Alignment in Practice , 1996 .

[23]  Jerry N. Luftman,et al.  Achieving and Sustaining Business-IT Alignment , 1999 .

[24]  Mary Beth Chrissis,et al.  CMMI: Guidelines for Process Integration and Product Improvement , 2003 .

[25]  Didar Zowghi,et al.  A Maturity Model for the Implementation of Software Process Improvement: an Empirical Study , 2022 .

[26]  J. Lainhart COBIT™: A Methodology for Managing and Controlling Information and Information Technology Risks and Vulnerabilities , 2000 .

[27]  Vernon J. Richardson,et al.  The Value Relevance of Announcements of Transformational Information Technology Investments , 2003, MIS Q..

[28]  W. Edwards Deming,et al.  Out of the Crisis , 1982 .

[29]  Raymond R. Panko,et al.  What we know about spreadsheet errors , 1998 .

[30]  Susan Phillips Dawson,et al.  CONTINUOUS IMPROVEMENT IN ACTION Applying Quality Principles to Software , 1994 .