Title: Information systems auditing - going beyond compliance

Authors: Kamesh Namuduri

Addresses: Department of Electrical Engineering, University of North Texas, Denton, TX 76203, USA

Abstract: Compliance to industry standards is just the minimum requirement for auditing. A critical analysis of the requirements of compliance reveals that auditing for compliance purposes should not be viewed as a onetime or an ad hoc effort. It needs to be done on a periodic basis. This paper argues that a comprehensive framework that goes above and beyond auditing is important and necessary for protecting information which is the most valuable asset of an organisation. Continuous auditing allows us to monitor the organisational processes that are in place for information protection and take appropriate actions to rectify them in the most efficient manner. Information security management team needs to view compliance requirements from the organisational strategy towards information assurance, and risk management perspectives in order to appreciate the benefits of compliance. This comprehensive view is important for every organisation that strives to improve its auditing process.

Keywords: continuous auditing; payment card industry; PCI; data security standards; DSS; information systems auditing; information security management; compliance requirements; risk management.

DOI: 10.1504/IJAUDIT.2013.052247

International Journal of Auditing Technology, 2013 Vol.1 No.1, pp.45 - 51

Received: 04 Jul 2012
Accepted: 10 Sep 2012
Published online: 30 Jan 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article