Information systems auditing - going beyond compliance Online publication date: Thu, 30-Jan-2014
by Kamesh Namuduri
International Journal of Auditing Technology (IJAUDIT), Vol. 1, No. 1, 2013
Abstract: Compliance to industry standards is just the minimum requirement for auditing. A critical analysis of the requirements of compliance reveals that auditing for compliance purposes should not be viewed as a onetime or an ad hoc effort. It needs to be done on a periodic basis. This paper argues that a comprehensive framework that goes above and beyond auditing is important and necessary for protecting information which is the most valuable asset of an organisation. Continuous auditing allows us to monitor the organisational processes that are in place for information protection and take appropriate actions to rectify them in the most efficient manner. Information security management team needs to view compliance requirements from the organisational strategy towards information assurance, and risk management perspectives in order to appreciate the benefits of compliance. This comprehensive view is important for every organisation that strives to improve its auditing process.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Auditing Technology (IJAUDIT):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com