Informatica Economica Vol. 14 No. 1/2010
Issue Topic: Informatics Audit
Issue Editor: Marius POPA, PhD
CONTENTS
E-Commerce Audit Judgment Expertise: Does Expertise in System Change Management and Information Technology Auditing Mediate E-Commerce Audit Judgment Expertise?
Jagdish PATHAK, Mary LIND, Mohammad ABDOLMOHAMMADI 5
A global survey of 203 E-commerce auditors was conducted to investigate the perceptions about the potential determinants of expertise in E-commerce audits. We hypothesize and find evidence indicating that information technology and communication expertise are positively related to expertise in E-commerce audit judgment. We also find that system change management expertise and information technology audit expertise mediate this relationship.
Keywords: E-commerce Audit Judgment, IT Audit, Structural Equations Modeling
Information Systems Audit for University Governance in Bucharest Academy of Economic Studies
Ion Gh. ROŞCA, Pavel NĂSTASE, Florin MIHAI 21 Today’s successful audit leaders never lose sight of the importance of continually assessing and improving the organizations’ university governance structure. Focusing on small and large mission, and using practical exercises and individual activities, the auditors will help gain the skills necessary to review and improve university governance structure, while developing techniques to assess risk management activities. Attendees will leave with an understanding of legal and regulatory guidelines as they pertain to university governance and discuss in-depth issues such as business ethics, transparency and disclosure, IT governance and university risks management. Identification, evaluation and management of university risks, is an important element of the university governance system. Today, the Bucharest Academy of Economic Studies is in a complex process to realize a university governance integrate information system. In context of this paperwork there are presented the main aspects for developing and implementing in actual phase information systems audit, to recognize the risks and establish the necessary measures to eliminate them.
Keywords: University Governance, IT Governance, IS Audit, Risks Management, Performance
Audit Methodology for IT Governance
Mirela GHEORGHE 32 The continuous development of the new IT technologies was followed up by a rapid integration of them at the organization level. The management of the organizations face a new challenge: structural redefinition of the IT component in order to create plus value and to minimize IT risks through an efficient management of all IT resources of the organization. These changes have had a great impact on the governance of the IT component. The paper proposes an audit methodology of the IT Governance at the organization level. From this point of view the developed audit strategy is a strategy based on risks to enable IT auditor to study from the best angle efficiency and effectiveness of the IT Governance structure. The evaluation of the risks associated with IT Governance is a key process in planning the audit mission which will allow the identification of the segments with increased risks. With now ambition for completeness, the proposed methodology provides the auditor a useful tool in the accomplishment of his mission.
Keywords: IT Governance, Corporate Governance, IT Audit Process, IT Risk
Audit for Information Systems Security
Ana-Maria SUDUC, Mihai BÎZOI, Florin Gheorghe FILIP 43 The information and communication technologies advances made available enormous and vast amounts of information. This availability generates also significant risks to computer systems, information and to the critical operations and infrastructures they support. In spite of significant advances in the information security area many information systems are still vulnerable to inside or outside attacks. The existence of an internal audit for information system security increases the probability of adopting adequate security measures and preventing these attacks or lowering the negative consequences. The paper presents an exploratory study on informatics audit for information systems security.
Keywords: Information System Risks, Audit, Security
Increasing the Efficiency of IT Audit Methodology by Using the Organizations Tolerance to IT Systems Availability
Cristian AMANCEI, Traian SURCEL 49 The purpose of this paper is to present a method of identifying key risks during IT audit of an organization, regardless of the organization activity, and presenting the impact of the risks identified on the audit methodology. Our main focus is reducing the risk identification during phase during an audit mission. Due to the fast changing economy, the need for efficiency in resources allocation is greater than ever. Optimal use of predefined risk matrix proves to be the main element contributing to an increase in efficiency.
Keywords: Audit, Risk Assessment, Audit Areas, Residual Aggregated Risk
Changing Methodologies in Financial Audit and Their Impact on Information Systems Audit
Daniel VÎLSĂNOIU, Mihaela ŞERBAN 57 This paper tries to provide a better understanding of the relation between financial audit and information systems audit and to assess the influence the change in financial audit methodologies had on IS audit. We concluded that the COSO Internal Control – Integrated Framework was the starting point for fundamental changes in both financial and IS audit and that the Sarbanes-Oxley Act should be viewed as an enabler rather than an enforcer in establishing strong governance models. Finally, our research suggests that there is a direct causality effect between the employment of BRA (business risk audit) methodologies and the growing importance of IS audit.
Keywords: Financial Audit Methodologies, Business Risk Audit, Information Systems Audit, Internal Controls Framework
The Audit of Business Intelligence Solutions
Bogdan GHILIC-MICU, Marinela MIRCEA, Marian STOICA 66 Although in this period humanity passes through a relative economic crisis, we all agree that our environment is that of a society of information and knowledge, based on communication and teleactivity, one that is also called information society. Every new form of activity in the information society has an associated informational component consisting in a software program, an application, a system, etc. It is a certainty that in the new economic environment it is necessary to adjust quickly to the opportunities of the market, through Business Process Reengineering, adoption of Business Intelligence solutions, implementation of complex automation applications like Enterprise Resource Planning. But, more than this, in, the digital economy the stress is put on the “label”, the “image”, the “brand”, and these features that are associated to organizations may be obtained by the information audit processes. The present study is focusing on the problem of information audit developed in one of the upper forms of manifestation of the information society in the field of changing the ways of doing business: Business Intelligence.
Keywords: Audit, Business Intelligence, Information and Communication Technology, Data & Metadata, Value Chain, Performance
An Auditing Approach for ERP Systems Examining Human Factors that Influence ERP User Satisfaction
Theodoros MITAKOS, Ioannis ALMALIOTIS, Anna DEMEROUTI 78 This paper tries to connect the successful implementation and operation of the ERP (Enterprise Resource Planning) information systems with people and their characteristics through a pilot survey. It examines the human factors that influence ERP user satisfaction. The presented survey tests 14 hypotheses and is based on the model developed by Zviran, Pliskin & Levin [21]. An additional factor has been added to the specified model, the self-efficacy factor analyzed by Bandura [1]. The results are based on 250 ERP users that responded to the survey. The key findings that were revealed by data analysis were that none of the human socio-demographic characteristics do influence ERP user satisfaction. Additionally it was found that perceived usefulness and self-efficacy are the key directors of the ERP user satisfaction. Moreover suggestions are given about how the companies should handle ERP usage in order to develop the prerequisites for increasing user satisfaction and productivity accordingly.
Keywords: ERP Audit, User Satisfaction, Perceived Usefulness
Auditing IT Governance
Florin-Mihai ILIESCU 93 Effective IT governance helps ensure that IT supports business goals, optimizes business investment in IT, and appropriately manages IT-related risks and opportunities. Organizations that realize the IT is no longer a support process and embeds value and risks need a structured approach for better managing Information Technology, enable its capability to deliver added value enterprise wide and for setting up a risk management program to address new risks arising for usage of IT in business processes. In order to assess if IT Governance is in line with industry practices, IT Auditors need a good understanding of processes and applicable standards, particular audit work programs and experience in assessing potential problem indicators.
Keywords: IT Governance, Audit, ISACA, CGEIT, Val IT, Value Governance, Portfolio Management, Investment Management
Using Quantitative Methods as Support for Audit of the Distributed Informatics Systems
Marius POPA, Sergiu CAPISIZU 103 This paper highlights some issues regarding how an indicators system must be developed and used in an audit process. Distributed systems are presented from de points of view of their main properties, architectures, applications, software quality characteristics and the scope of audit process in such systems. The audit process is defined in accordance to standard ISO 19011 and the main characteristics of this process are highlighted. Before using quantitative methods in audit processes, the framework in which the indicators are built must be defined. There are presented types of indicators used in audit process and classes of measurement scale. An audit process is carried out on different levels and support indicators must be in accordance to audit object. The paper presents some requirements of the indicators depending on the level of audit.
Keywords: Quantitative Methods, Audit Process, Distributed Informatics System
Risks and Audit Objectives for IT Outsourcing
Claudiu BRÂNDAŞ 113 In the recent years, as a result of globalization, internet and IT progress, the outsourcing of IT services has seen an exponential growth. As a result more and more companies decide to outsource, partially or totally, their IT services. Nevertheless, the outsourcing process exposes both clients and service providers to a series of risks that can seriously affect their activities. Managing these risks by improving the quality and efficiency of internal control has made the ITO audit a necessary component for all the companies involved in this process. The goal of this paper is to identify analyze and map the influence areas of ITO risks in order to suggest a series of objectives for ITO audit.
Keywords: Information Technology, Outsourcing, Audit, Risks, Service Provider
The Informatics Audit – A Collaborative Process
Cristian CIUREA 119 The paper present issues regarding the audit in informatics field, the audit seen as a collaborative process and how the collaborative banking systems are audited. In this paper, the methodology and techniques for an effective audit process are described. There are highlighted some aspects regarding the assessment of collaborative systems and specific flows of informatics audit.
Keywords: Informatics Audit, Collaborative Process, Collaborative System, Methodology, Banking
Audit Techniques for Service Oriented Architecture Applications
Liviu COTFAS, Dragoş PALAGHIŢĂ, Bogdan VINTILĂ 128 The Service Oriented Architecture (SOA) approach enables the development of flexible distributed applications. Auditing such applications implies several specific challenges related to interoperability, performance and security. The service oriented architecture model is described and the advantages of this approach are analyzed. We also highlight several quality attributes and potential risks in SOA applications that an architect should be aware when designing a distributed system. Key risk factors are identified and a model for risk evaluation is introduced. The top reasons for auditing SOA applications are presented as well as the most important standards. The steps for a successful audit process are given and discussed.
Keywords: Service Oriented Architecture, Audit, Quality Attributes, Interoperability, Performance, Security
Mobile Learning Applications Audit
Paul POCATILU, Adrian POCOVNICU 137 While mobile learning (m-learning) applications have proven their value in educational activities, there is a need to measure their reliability, accessibility and further more their trustworthiness. Mobile devices are far more vulnerable then classic computers and present inconvenient interfaces due to their size, hardware limitations and their mobile connectivity. Mobile learning applications should be audited to determine if they should be trusted or not, while multimedia contents like automatic speech recognition (ASR) can improve their accessibility. This article will start with a brief introduction on m-learning applications, then it will present the audit process for m-learning applications, it will iterate their specific security threats, it will define the ASR process, and it will elaborate how ASR can enhance accessibility of these types of applications.
Keywords: IT Audit, Software Testing, Penetration Testing, Mobile Applications, Multimedia, Automatic Speech Recognition
The Audit of the Application’s Management of the Structured Entities Orthogonality
Ion IVAN, Daniel MILODIN 145 It is presented the concept of applied informatics systems audit. Types of systems are identified, depending on specialization and location. There are given quality criteria considered when designing and building systems. In this paper are described modules and functions implemented by the ORTOES application. Also, there are applied the quality criteria of informatics systems underlying application ORTOES assessment, determining the ways to improve the application.
Keywords: Audit, Informatics Systems, ORTOES
Security Assessment of Web Based Distributed Applications
Cătălin BOJA, Mihai DOINEA 152 This paper presents an overview about the evaluation of risks and vulnerabilities in a web based distributed application by emphasizing aspects concerning the process of security assessment with regards to the audit field. In the audit process, an important activity is dedicated to the measurement of the characteristics taken into consideration for evaluation. From this point of view, the quality of the audit process depends on the quality of assessment methods and techniques. By doing a review of the fields involved in the research process, the approach wants to reflect the main concerns that address the web based distributed applications using exploratory research techniques. The results show that many are the aspects which must carefully be worked with, across a distributed system and they can be revealed by doing a depth introspective analyze upon the information flow and internal processes that are part of the system. This paper reveals the limitations of a non-existing unified security risk assessment model that could prevent such risks and vulnerabilities debated. Based on such standardize models, secure web based distributed applications can be easily audited and many vulnerabilities which can appear due to the lack of access to information can be avoided.
Keywords: Security, Risks and Vulnerabilities, Distributed Applications, Audit Process
Outsourcing the Business Services
Ioan I. ANDONE, Vasile-Daniel W. PĂVĂLOAIA 163 The nowadays international market of outsourcing services is relatively mature and with age comes wisdom ... Thus, on a grown market, choosing to outsource services can not only be justified by the strive to reduce costs but it aims to meeting more advanced objectives as accurate alignment with business strategies of the enterprise. As a result, outsourcing has reached new forms of expression that can help the enterprises to gain competitive advantage. In the context of a grown market, a new concept appears, namely the multisourcing which it refers to the outsourcing model of the future [1] that businesses must prepare to accept and use. This concept or model of the future refers to working with several suppliers, which are competitors in a spirit of trust and teamwork, in a collaborative process to maximize the benefits associated with outsourcing process.
Keywords: Business Outsourcing, Audit, Economic and Financial Analysis, Information Technology Outsourcing
A Simple Web Platform Solution for M-Learning
Alin MUNTEAN, Nicolae TOMAI 172 Nowadays the role of educational platforms is more than obvious, thanks to websites and modern platforms like Microsoft SharePoint designed for e-learning. We consider that the next generation of learning platforms will be m-learning platforms. These kind of platforms offer first of all mobility for the potential users of PDAs, pocket PCs, smart phones and other modern mobile devices, discovered and developed in last years. One of the most important aspect of these manners of e-learning is the display mode. Classic systems like personal computers have a bigger screen, modern portable devices have a few inches screens and the problem is to adapt the structure of websites and platforms for pocket PC screens and in the same time to develop the capability to produce same experience and usefulness to all users.
Keywords: Platform, M-learning, Discussion Forum, Search Engine, JavaScript, IIS, Port Forwarding
Online Project Management for Dynamic e-Collaboration
Lucia RUSU, Vasile RUSU 182 Today’s collaborative projects demand efficient and productive software application tools for the workplace that will bring remote teams together to get the work done. Dynamic e-collaboration is a necessity for virtual relations and business agreements. It depends on two distinct factors: trust and need. This paper presents a way to manage remote teams using a web application developed with ColMap model of project management in an IT company. The information exposed and shared applications with partners in collaborative projects are based on RBAC. Group collaboration and management software has been proven to successfully manage and coordinate projects.
Keywords: Dynamic E-collaboration, Collaboration Model, Web Application
Web-Based Group Decision Support System: an Economic Application
Ion ISTUDOR, Luminiţa DUŢĂ 191
Decision Support Systems (DSS) form a specific class of computerized information systems that support business and managerial decision-making activities. Making the right decision in business primarily depends on the quality of data. It also depends on the ability to analyze the data with a view to identifying trends that can suggest solutions and strategies. A “cooperative” decision support system means the data are collected, analyzed and then provided to a human agent who can help the system to revise or refine the data. It means that both a human component and computer component work together to come up with the best solution. This paper describes the usage of a software product (Vanguard System) to a specific economic application (evaluating the financial risk assuming that the rate of the economic profitability can be under the value of the interest rate).
Keywords: Decision Script, Decision Support Systems (DSS), Leverage Effect, Software Tool, Web Support
Decision Support System and Customer Relationship Management as Components of the Cybernetic System Enterprise
Ruxandra MISDOLEA 201 This study analyzes the role played by the information system and its component, the software system, in a larger system - the Enterprise. In this context, the paper focuses on the structure of Decision Support System and Customer Relationship Management and their benefits in the functioning of the global system, by examining the conditions of implementation of these tools in the organization. We will show that used independently these tools offer reduced services, but when interconnected, they become a very powerful tool for command and control. Viability, evolution and autonomy requested by users for their information system are obtained more easily by a systemic-cybernetic approach to the Enterprise.
Keywords: DSS, Data Warehouse, CRM, Information System, Cybernetic System
Upon a Message-Oriented Trading API
Claudiu VINŢE 208 In this paper, we introduce the premises for a trading system application-programming interface (API) based on a message-oriented middleware (MOM), and present the results of our research regarding the design and the implementation of a simulation-trading system employing a service-oriented architecture (SOA) and messaging. Our research has been conducted with the aim of creating a simulation-trading platform, within the academic environment, that will provide both the foundation for future experiments with trading systems architectures, components, APIs, and the framework for research on trading strategies, trading algorithm design, and equity markets analysis tools. Mathematics Subject Classification: 68M14 (distributed systems).
Keywords: Trading System API, Straight-Through Processing, Distributed Computing, Service-Oriented Architecture (SOA), Message-Oriented Middleware (MOM), Java Message Service (JMS), OpenMQ
Publishing guide for authors 217
Inforec Association 219 |