A Metrics Generation Model for Measuring the Control Objectives of Information Systems Audit

Information technology governance (ITG) which was a relatively new concept in the late 1990s, has gained importance in the 21st century due to factors namely the collapse of Enron Inc, and the need for a better reporting and financial disclosure system as requested by the US Securities and Exchange Commission chairman in 2001. Subsequent legislations namely the Sarbanes Oxley Act (SOX) in the United States and the Turnbull Guidance in the United Kingdom provided further impetus for the need for ITG. Other factors that prompt companies to give more importance to the management, control and measurement of information systems include the risk associated with information, the investments made by companies into the IT resource and the need to be competitive in the marketplace. All of these factors emphasize the requirement to measure the performance or effectiveness of information systems. The state of performance of various entities, events and process of information systems give a 'dashboard approach' vision to management. In this paper a metrics generation model is proposed for generating metrics that can measure the key performance indicators and goals of the control objectives of CoBIT by applying the GQM model

[1]  Fatemeh Zahedi,et al.  Reliability metric for information systems based on customer requirements , 1997 .

[2]  A. Neely,et al.  WHY MEASUREMENT INITIATIVES FAIL , 2000 .

[3]  Christopher M. Lott,et al.  Technology Package for the Goal Question Metric Paradigm , 1996 .

[4]  Scott Hamilton,et al.  Evaluating Information Systems Effectiveness - Part I: Comparing Evaluation Approaches , 1981, MIS Q..

[5]  Mayuram S. Krishnan,et al.  Measurement Programs in Software Development: Determinants of Success , 2002, IEEE Trans. Software Eng..

[6]  Norman E. Fenton,et al.  Software Metrics: A Rigorous Approach , 1991 .

[7]  Capers Jones,et al.  Applied software measurement (2nd ed.): assuring productivity and quality , 1996 .

[8]  Horst Zuse 3 History of Software Measurement , 1998 .

[9]  J Bowe,et al.  Total quality management. , 1992, Contemporary longterm care.

[10]  Dennis R. Goldenson,et al.  Measurement and analysis: what can and does go wrong? , 2004 .

[11]  Luc Kordel IT Governance Hands-on : Using COBIT to Implement IT Governance , 2004 .

[12]  Andy Neely,et al.  Automating the balanced scorecard – selection criteria to identify appropriate software applications , 2003 .

[13]  Derek Smith,et al.  A balanced approach to IT project management , 2003, South Afr. Comput. J..

[14]  Ephraim R. McLean,et al.  The DeLone and McLean Model of Information Systems Success: A Ten-Year Update , 2003, J. Manag. Inf. Syst..

[15]  Sebastiaan H. von Solms,et al.  Information Security governance: COBIT or ISO 17799 or both? , 2005, Comput. Secur..

[16]  David B. Pratt,et al.  The modified critical ratio: towards sequencing with a continuous decision domain , 2005 .

[17]  Gerry C. Jacobs,et al.  Whose responsibility is IT management , 1995 .

[18]  Timo Saarinen,et al.  An expanded instrument for evaluating information system success , 1996, Inf. Manag..

[19]  William R. King,et al.  Measuring the Performance of Information Systems: A Functional Scorecard , 2005, J. Manag. Inf. Syst..

[20]  Victor R. Basili,et al.  Validation on an Approach for Improving Existing Measurement Frameworks , 2000, IEEE Trans. Software Eng..

[21]  James C. Wetherbe,et al.  Key issues in information systems management , 1987 .

[22]  Norman E. Fenton,et al.  Software metrics: successes, failures and new directions , 1999, J. Syst. Softw..

[23]  Seija Komi-Sirviö,et al.  Measurement automation: methodological background and practical solutions a multiple case study , 2001, Proceedings Seventh International Software Metrics Symposium.

[24]  Helen Sharp,et al.  Introduction to Software Project Management and Quality Assurance , 1993 .

[25]  Karl-Heinrich Moller Software Metrics: A Practitioner's Guide to Improved Product Development , 1992 .

[26]  J. Lainhart COBIT™: A Methodology for Managing and Controlling Information and Information Technology Risks and Vulnerabilities , 2000 .

[27]  Ephraim R. McLean,et al.  Information Systems Success: The Quest for the Dependent Variable , 1992, Inf. Syst. Res..

[28]  W. Van Grembergen,et al.  Goals and metrics: core concepts of COBIT 4.0 , 2006 .

[29]  Victor R. Basili,et al.  The TAME Project: Towards Improvement-Oriented Software Environments , 1988, IEEE Trans. Software Eng..

[30]  Ray Offen,et al.  Establishing Software Measurement Programs , 1997, IEEE Softw..

[31]  Norman E. Fenton,et al.  Implementing Effective Software Metrics Programs , 1997, IEEE Softw..

[32]  H. D. Rombach,et al.  The Goal Question Metric Approach , 1994 .

[33]  Oran R. Young Hitting the Mark , 1999 .

[34]  Wim Van Grembergen,et al.  The balanced scorecard and IT governance , 2000, IRMA Conference.

[35]  James C. Wetherbe,et al.  Key Information Systems Issues for the 1980's , 1984, MIS Q..

[36]  Gail Ridley,et al.  COBIT and its utilization: a framework from the literature , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[37]  Markku Oivo,et al.  Adopting GQM-Based Measurement in an Industrial Environment , 1998, IEEE Softw..

[38]  M. Lynne Markus,et al.  Learning from adopters' experiences with ERP: problems encountered and success achieved , 2000, J. Inf. Technol..

[39]  John W. Priest,et al.  A framework for an integrated supply chain performance management system , 2004 .

[40]  Ole Andersen,et al.  The use of software engineering data in support of project management , 1990, Softw. Eng. J..

[41]  Leon Strous Audit of Information Systems: The Need for Cooperation , 1998, SOFSEM.

[42]  Tapani Kilpi,et al.  Implementing a Software Metrics Program at Nokia , 2001, IEEE Softw..