IS practitioners' views on core factors of effective IT governance for Taiwan SMEs

With Sarbanes-Oxley Act (SOX) and other legislation enacted worldwide, effective information technology (IT) governance has become an imperative for many companies. To maintain effective supervision for keeping their organisation on track with its business strategy, top management need to understand their evolving roles in governance over IT by adopting relevant frameworks to assist the design and evaluate the performance of the company’s IT systems. One commonly used framework is COBIT (control objectives for information and related technology) which provides guidelines and best practices to design and evaluate the performance of IT systems. The purpose of this paper is to evaluate the general status of IT governance in Taiwan’s small and medium enterprises (SMEs) and examine whether the key components necessary for achieving effective IT governance are in place.

[1]  Brad Tuttle,et al.  An empirical examination of CobiT as an internal control framework for information technology , 2007, Int. J. Account. Inf. Syst..

[2]  Janet L. Colbert,et al.  A Comparison of Internal Controls: COBIT®, SAC, COSO and SAS 55/78 , 2005 .

[3]  Dwight A. Haworth,et al.  Sarbanes–Oxley: Achieving Compliance by Starting with ISO 17799 , 2006, Inf. Syst. Manag..

[4]  J. Nunnally Psychometric Theory (2nd ed), New York: McGraw-Hill. , 1978 .

[5]  Lawrence Capuder ISO-17799 – Standard for Information Security: A Welcome Boon for Security Management and Audit , 2004 .

[6]  Sirkka L. Jarvenpaa,et al.  Integrating market, technology, and policy opportunities in e-business strategy , 1999, J. Strateg. Inf. Syst..

[7]  J. Efrim Boritz,et al.  IS practitioners' views on core concepts of information integrity , 2005, Int. J. Account. Inf. Syst..

[8]  Rolph E. Anderson,et al.  Multivariate data analysis with readings (2nd ed.) , 1986 .

[9]  Nick Robinson,et al.  IT excellence starts with governance , 2005 .

[10]  Sebastiaan H. von Solms,et al.  Information Security governance: COBIT or ISO 17799 or both? , 2005, Comput. Secur..

[11]  S. Kelley,et al.  Using CobiT to Secure Information Assets , 2003 .

[12]  Gary Hardy,et al.  Using IT governance and COBIT to deliver value with IT and respond to legal, regulatory and compliance challenges , 2006, Inf. Secur. Tech. Rep..

[13]  Rene Saint-Germain,et al.  Information Security Management Best Practice Based on ISO/IEC 17799 , 2005 .

[14]  Michael Ramos,et al.  Evaluate the Control Environment: Documentation Is Only a Start; Now It's All about Asking Questions , 2004 .