Investigating COBIT for information technology audit in the Tasmanian public sector
Gerke, L (2005) Investigating COBIT for information technology audit in the Tasmanian public sector. Honours thesis, University of Tasmania.
There has been worldwide interest in corporate governance because of the high profile
corporate collapses of the early 2000s. The use of control frameworks has been
mandated in the United States of America through the Sarbanes Oxley Act of 2002.
One of the popular frameworks adopted is the Control Objectives for Information and
Related Technologies (CoBIT).
Organisations have shown an increasing interest in using COBiT both as an IT
governance framework and also for IT audit because of its focus on the alignment of
business and IT goals and processes. The COBiT framework is massive, so there is a
need for research to determine the most important IT processes in public sector
organisations in order to reduce the number of audit areas included in an abbreviated
COBiT IT audit instrument while retaining relevance. There is a large body of published
work available for COBiT, however, much of this has originated within the domain of
the practitioner and is aimed at a similar readership, with little, if any, academic
research that has considered the effectiveness of the framework. Prior research has been
conducted in the national and international arenas, but it is unclear if this can be
extended to the Tasmanian public sector.
This research used a survey methodology to obtain ratings from selected Tasmanian
public sector organisations for each of the high level IT control objectives in the COBiT
framework. These ratings were compiled to form a ranked list of the most important IT
processes for the Tasmanian public sector. Audit measures were selected for the key IT
processes, then validated by a senior public sector IT audit professional and the
instrument subsequently trialled on a range of Tasmanian public sector organisations.
An evaluation of the IT audit process using COBiT was also undertaken.
The instrument developed contained seven IT control objectives and was successfully
trialled in nine public sector organisations of all possible levels. The results obtained
indicated that Tasmanian public sector organisations perceived ensuring security of their
systems to be the most important IT process. Of the seven it control objectives audited,
five were also considered important in national and international studies.
The results obtained suggests that use of the COBiT -derived instrument for public sector
IT audit provided a insight into the IT governance and control within these organisations as well as indicating the degree to which the goals and governance of the
organisation and the organisation were aligned, neither of which was available with the
use of the previous instrument. The use of COBrf for IT audit in this case was
considered to be effective and provides some validation in one public sector context of
the extensive use of COBIT by practitioners.
|Item Type:||Thesis (Honours)|
|Additional Information:||Copyright 2005 the Author|
|Deposited By:||ePrints Officer|
|Deposited On:||05 Jul 2011 14:05|
|Last Modified:||30 Jul 2012 12:17|
|ePrint Statistics:||View statistics for this ePrint|
Repository Staff Only: item control page