Title: Auditing methodology on legal compliance of enterprise information systems

Authors: Sangkyun Kim

Addresses: Department of Industrial Engineering, Kangwon National University, Chuncheonsi, Gangwondo, Republic of Korea

Abstract: In spite of the scepticism, that information technology (IT) compliance is useless enforcement, which does not contribute to an economic balance of the organisations, IT compliance is a mandatory responsibility of the organisations for their survival enforced by legalised rules. To review and update enterprise information systems to be in compliance with various laws is not an easy work because previous studies on information engineering or security engineering do not provide a specialised methodology for IT compliance. The most critical problem that the organisations are facing is that it is very difficult to identify what they should do for IT compliance. An auditing methodology, which identifies the problems of and provides guides on IT compliance would be the solution for the problems that organisations are facing. This paper provides an auditing methodology, which consists of an auditing target, checklist, process model, evaluation indices and reference model. The methodology proposed in this paper helps IT staffs, managements and auditors to improve the level of IT compliance and manage an auditing project effectively.

Keywords: auditing methodology; legal compliance; enterprise information systems; EIS; information technology; IT compliance; checklists; process models; evaluation indices; reference models.

DOI: 10.1504/IJTM.2011.039315

International Journal of Technology Management, 2011 Vol.54 No.2/3, pp.270 - 287

Published online: 06 Apr 2013 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article