An empirical examination of CobiT as an internal control framework for information technology

Tuttle, Brad; Vandervelde, Scott D.

doi:10.1016/j.accinf.2007.09.001

Cited by 98 publications

(62 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…COBIT berbeda dengan CMMI dalam hal tujuan penilaian perangkat lunak, dimana COBIT berfokus pada manajemen dan operasi. Organisasi menggunakan COBIT untuk menetapkan tolok ukur (benchmark) dan audit internal maupun eksternal dari sistem [3]. Penelitian ini akan lebih difokuskan pada bagaimana mengembangkan suatu pendekatan terstruktur untuk mengidentifikasi bagaimana teknik penambangan proses dapat mendukung proses penilaian perangkat lunak berdasarkan kerangka kerja COBIT 4.1.…”

Section: Pendahuluanunclassified

Penambangan Proses Yang Mendukung Penilaian Perangkat Lunak Dengan COBIT4.1

Setiawan¹,

Sarwosri²

2013

JUTI

View full text Add to dashboard Cite

ABSTRAK PENDAHULUANProses-proses dalam perangkat lunak yang dirancang dengan baik dan matang, akan membantu organisasi dalam mengembangkan perangkat lunak yang sesuai dengan waktu dan biaya yang direncanakan. Proses-proses dalam perangkat lunak perlu untuk terus dinilai dan ditingkatkan. Kebiasaan umum dalam peningkatan proses perangkat lunak (Software Process Improvement -SPI) berfokus pada penilaian dan peningkatan proses pengembangan perangkat lunak. Kegiatan SPI diawali dengan menilai proses pembangunan yang sebenarnya terjadi dalam siklus pengembangan perangkat lunak di organisasi. Oleh karena itu, sangat penting untuk mendapatkan informasi yang tepat tentang proses dalam suatu organisasi.Proses perangkat lunak merupakan proses yang kompleks, fleksibel, berorientasi pada manusia, kreatif, dan sering kali berdurasi lama, terpusat dan terdistribusi; dan perangkat lunak yang dihasilkan merupakan produk yang tak berwujud [1]. Karakteristik seperti ini yang memunculkan ketidakpastian dalam proses yang melibatkan perangkat lunak. Oleh karenanya, penilaian dalam proses perangkat lunak didasarkan pada informasi yang dapat diandalkan dan merefleksikan fakta tentang proses nyata yang terjadi dalam organisasi.Gambaran atau model nyata sistem perangkat lunak dapat diperoleh melalui penambangan proses (process mining). Teknik penambangan proses mampu mengambil pengetahuan dari log kejadian umum yang tersedia dalam sistem informasi. Teknik ini memberikan cara atau metode baru untuk menemukan, memantau, dan meningkatkan proses yang berlangsung dalam berbagai domain aplikasi [2].Penambangan proses dalam kaitannya dengan kerangka kerja SPI, telah dilakukan oleh Samalikova [1] dengan menerapkan penambangan proses dalam konteks CMMI (Capability Maturity Model Integration). Oleh karenanya, dimungkinkan untuk dapat dilakukan upaya menghimpun informasi proses yang obyektif dengan tujuan peningkatan dan penilaian suatu proses. Namun, pendekatan yang dilakukan belum menyertakan evaluasi kualitas data yang digunakan untuk penambangan proses.Pada penelitian ini, akan dipelajari dan disampaikan bagaimana penerapan penambangan proses dalam keterkaitan dengan kerangka SPI yang lain, yaitu COBIT (Control Objectives for Information and Related Technology). COBIT berbeda dengan CMMI dalam hal tujuan penilaian perangkat lunak, dimana COBIT berfokus pada manajemen dan operasi. Organisasi menggunakan COBIT untuk menetapkan tolok ukur (benchmark) dan audit internal maupun eksternal dari sistem [3]. Penelitian ini akan lebih difokuskan pada bagaimana mengembangkan suatu pendekatan terstruktur untuk mengidentifikasi bagaimana teknik penambangan proses dapat mendukung proses penilaian perangkat lunak berdasarkan kerangka kerja COBIT 4.1.

show abstract

Section: Pendahuluanunclassified

Penambangan Proses Yang Mendukung Penilaian Perangkat Lunak Dengan COBIT4.1

Setiawan¹,

Sarwosri²

2013

JUTI

View full text Add to dashboard Cite

show abstract

“…The results also revealed that COBIT's conceptual model predicts auditor behavior in the field related to their seeking help and giving help as evidenced by their postings to a general IT audit. From a practical standpoint, the results of the study of Tuttle and Vandervelde (2007) suggested that it is very important and potentially very useful for the audit profession to seek academic examination of its practices. The findings suggest that the COBIT framework is significantly related to overall risk assessments of the COBIT processes for which they are associated.…”

Section: Introductionmentioning

confidence: 99%

“…The results also suggest that Saudi organizations should use their IT resources more responsibly and manage their IT-related risks appropriately in order to champion the IT development for the success of their businesses. Tuttle and Vandervelde (2007) empirically examined internal consistency of the conceptual model that underlies the COBIT internal control framework as it applies to an audit setting (including operational, compliance, and financial audit settings). The study investigated the auditor perceptions of audit risk related to complexity, client importance, client attention, and process risk combined to represent IT process risk in the manner asserted by COBIT.…”

Section: Introductionmentioning

confidence: 99%

Exploring COBIT Processes for ITG in Saudi Organizations An empirical Study

Abu‐Musa¹

2009

IJDAR

View full text Add to dashboard Cite

Abstract. Control Objectives for Information and Related Technology (COBIT) has become one of the most important guidelines for information technology governance (ITG), which provides organizations with a useful tool to start evaluating their own ITG systems. COBIT introduces an ITG framework and supporting toolset that allows IT managers to bridge the gap between control requirements, technical issues and business risks. The objective of this study is to investigate the formality, auditing, responsibility and accountability of implementing COBIT processes for ITG in Saudi organizations. An empirical survey, using a self-administered questionnaire, was conducted to achieve these objectives. Five hundred questionnaires were distributed to a sample of Saudi organizations in a selected number of Saudi cities. One hundred and twenty seven valid questionnaires -representing a 25.4 percent response rate -were collected and analyzed using the Statistical Package for Social Sciences (SPSS) version 16. While the results of the study reveal that the majority of respondents reported that implementing ITG COBIT processes and domains is the responsibility of IT departments in Saudi organizations, most of the respondents reported that the COBIT processes and domains are neither audited nor formally conducted in their organizations. From a practical standpoint, managers and practitioners alike stand to gain from the findings of this study. The study provides useful information for senior management, IT managers, accountants, auditors, and academics to understand the implementation phase and the impact of COBIT on ITG in Saudi organizations.

show abstract

“…However, up to date they have received very limited empirical and theoretical support from academia despite their extensive use in organisations in particular for IT, operational and compliance audits (Ridley et al, 2008). The accounting and information systems domains seem to lack an empirically validated theory of internal control that identifies metrics that determine good control (Tuttle and Vandervelde, 2007). It can be reasoned that organisations adopt control frameworks without investing the considerable time and resources to question the validity of the constructs and dimensions for the subject task and taking into account the specific organisational needs and culture.…”

Section: Cobit Was Developed By the Information Technology Governancementioning

confidence: 99%