LibGuides: TIM-6370 v1: Week 8 Resources

Week 8 Resources

Information technology control and audit

Otero, A. R. (2019). Information technology control and audit (5th ed.). CRC Press.

Read Chapter Appendix 9.

The readings for this week discuss the recommended control areas for auditing software acquisitions. The readings cover all of the different areas of risks associated with acquiring software, and recommended control areas that should be examined by IT auditors.

Access your textbook via the Bookshelf tab in the top navigation bar of your course.

Board and management-level factors affecting the maturity of IT risk management practices
Vincent, N. E., Higgs, J. L., & Pinsker, R. E. (2019). Board and management-level factors affecting the maturity of IT risk management practices. Journal of Information Systems, 33(3), 117–135.
The Security and Exchange Commission’s 2009 enhanced proxy disclosure requirements and the updated Committee of Sponsoring Organizations (COSO) internal control framework have caused organizations to increase their focus on risk management. The results also indicate that the maturity of IT risk management practices does not differ among firms whether risk oversight lies with the overall board, audit committee, risk committee or technology committee. The findings contribute to an under-researched area in IT governance and provide guidance on board oversight.
Between a rock and a hard place: Facing dilemmas in IT risk management
Öbrand, L., Holmström, J., & Mathiassen, L. (2018). Between a rock and a hard place: Facing dilemmas in IT risk management. JITTA : Journal of Information Technology Theory and Application, 19(3), 22-43.
This paper examines the IT risk management theory using evidence gleaned from IT-enabled process management in a Swedish pulp and paper factory. Drawing on practice theory, the authors explain the observed risk management practices, introduce the notion of risk dilemmas, and discuss the practice-based view of risk as a useful approach to advancing IT risk management theory.