Towards an Integrative Theoretical Model For Examining IT Governance Audits

The heightened need for Enterprise Governance of IT (EGIT) for both public and private enterprises increases the requirement for regular audits of governance activities. The review of the extant literature showed a paucity of IT auditing studies focusing on EGIT. On the other hand, majority of EGIT studies have provided little theoretical backing and as such have not effectively captured all the constructs needed to gain better understanding of the phenomena. This study develops an integrative theoretical framework for examining EGIT. A conceptual model based on this integrative framework to guide further research in EGIT audits is also presented. The conceptual model provides a holistic analysis for EGIT from the perspective of the auditor to drive policy changes in IT auditing. The model uses the gestalt theory to propose the measurement of the alignment amongst the mechanisms using the configurational approach. The model contributes to practice by explaining the need for alignment amongst the governance mechanisms to maximise EGIT effectiveness.

[1]  G. D’Onza,et al.  Do IT audits satisfy senior manager expectations?: A qualitative study based on Italian banks , 2015 .

[2]  Zhixiong Chen,et al.  IT Auditing to Assure a Secure Cloud Computing , 2010, 2010 6th World Congress on Services.

[3]  Wim Van Grembergen,et al.  Antecedents of IT Governance Effectiveness: An Empirical Examination in Brazilian Firms , 2017, J. Inf. Syst..

[4]  Georgiana Mateescu,et al.  Auditing cloud computing migration , 2014, 2014 IEEE 9th IEEE International Symposium on Applied Computational Intelligence and Informatics (SACI).

[5]  M. Porter Competitive Advantage: Creating and Sustaining Superior Performance , 1985 .

[6]  Rossouw von Solms,et al.  The Board and CIO: The IT Alignment Challenge , 2014, 2014 47th Hawaii International Conference on System Sciences.

[7]  Dieter Fink,et al.  Information technology governance: an evaluation of the theory‐practice gap , 2010 .

[8]  Wanda J. Orlikowski,et al.  Information Technology and the Structuring of Organizations , 2011 .

[9]  Claudiu Brândas,et al.  Integrated Approach Model of Risk, Control and Auditing of Accounting Information Systems , 2012 .

[10]  Stefan Thalmann,et al.  Auditing service providers: supporting auditors in cross-organizational settings , 2014 .

[11]  Jan Devos,et al.  Towards a theoretical foundation of IT governance: the COBIT 5 case , 2015 .

[12]  Peter F. Green,et al.  Effective information technology (IT) governance mechanisms: An IT outsourcing perspective , 2009, Information Systems Frontiers.

[13]  Gerald G. Grant,et al.  An Extended Model of IT Governance: A Conceptual Proposal , 2007, AMCIS.

[14]  Steven De Haes,et al.  COBIT 5 and Enterprise Governance of Information Technology: Building Blocks and Research Opportunities , 2013, J. Inf. Syst..

[15]  Linda Duxbury The corporation of the 1990s: Information technology and organizational transformation , 1993 .

[16]  Tichaona Zororo IT Governance Assurance and Consulting: A Compelling Need for Today’s IT Auditors , 2014 .

[17]  Danny Miller,et al.  Notes on the Study of Configurations , 1999 .

[18]  Steven A. Cavaleri,et al.  Management systems : a global perspective , 2011 .

[19]  Steven De Haes,et al.  An Exploratory Study into IT Governance Implementations and its Impact on Business/IT Alignment , 2009, Inf. Syst. Manag..

[20]  A. Adam Whatever happened to information systems ethics? Caught between the devil and the deep blue sea , 2004 .

[21]  Steve G. Sutton,et al.  Continuous Auditing in ERP System Environments: The Current State and Future Directions , 2010, J. Inf. Syst..

[22]  John R. Labadie,et al.  Auditing of post‐disaster recovery and reconstruction activities , 2008 .

[23]  Norshidah Mohamed,et al.  A Conceptual Framework for Information Technology Governance Effectiveness in Private Organizations , 2012, Inf. Manag. Comput. Secur..

[24]  N. Venkatraman,et al.  The Concept of Fit in Strategy Research: Towards Verbal and Statistical Correspondence , 2018 .

[25]  William H. Glick,et al.  Fit, Equifinality, and Organizational Effectiveness: A Test of Two Configurational Theories , 1993 .

[26]  R. Peterson Integration Strategies and Tactics for Information Technology Governance , 2004 .

[27]  Auditing in Context , 2014 .

[28]  Paul H. Barnes,et al.  A Delphi study into the audit challenges of IT governance in the Australian public sector , 2013 .

[29]  M. Morton,et al.  The corporation of the 1990s: Information technology and organizational transformation , 1993 .

[30]  Kenneth N. McKay,et al.  Antecedents and Consequences of Board IT Governance: Institutional and Strategic Choice Perspectives , 2012, J. Assoc. Inf. Syst..

[31]  Daniel J. Svyantek,et al.  A Complex-Systems Approach to Organizations , 2000 .

[32]  Judy Young,et al.  Studies to Evaluate COBIT's Contribution to Organisations: Opportunities from the Literature, 2003–06 , 2008 .

[33]  Abdul A. Rasheed,et al.  Configuration Research in Strategic Management: Key Issues and Suggestions , 1993 .

[34]  Philip Powell,et al.  IS alignment in small firms: new paths through the maze , 2003, ECIS.

[35]  Suzanne C. Wagner,et al.  IT Audit Challenges for Small and Medium-Sized Financial Institutions , 2022 .

[36]  Paul H. Barnes,et al.  Optimising COBIT 5 for IT governance : examples from the public sector , 2012 .