Uitgeverij Kleine Uil
KPMG

IT Governance, Performance & Compliance

  • Print
 

 

In the Dutch-speaking territories, Compact is the leading periodical in the fields of IT auditing and IT advisory services. To make articles published in this journal available to a broader public, a number of the most important articles in the areas of IT governance, performance and compliance have been translated into English and published in a book: IT Governance, Performance & Compliance (edited by Hans Donkers and Brigitte Beugelaar).

 
 
 

The articles were written by authors who are leading in their respective fields and these authors have revised and updated the articles in question to accommodate the most recent developments. They address the areas of IT Strategy & Governance, ERP Advisory, IT Attestation, IT Project Advisory, IT Security Services, IRM in the External Audit, and Regulatory & Compliance Services.

  • IT Strategy & Governance. This section investigates the conditions that have to be considered when implementing and monitoring an IT strategy. The first two articles cover ways to manage IT when the technology is implemented as a business strategy (IT governance and IT control), look into the use of the business balance scorecard and deal with IT governance and the many methods and models used for this purpose. The third article specifically investigates different types of IT users. Insight into generational differences is absolutely necessary for a successful strategic implementation of IT.
  • ERP Advisory. This section investigate the ways in which satisfying compliance requirements can be combined with improving business processes and the effectiveness of ERP systems. The first article indicates how GRC tooling can be a facilitator for compliance objectives and process improvement. The second article specifically deals with the requirements that tax legislation makes on an SAP structure. Compliance projects in an international environment present their own challenges; the third article examines the nature and size of these challenges.
  • IT Attestation. SAS 70 is so popular that if one thinks of process-related attestation reports, the term SAS 70 is automatically mentioned. It is true that an SAS 70 report is an attestation report, but it is a very specific one. It is based on US standards and is over fifteen years old. When writing, reviewing, and reading an SAS 70 report, we ought to do so with US audit standards and customs in mind. However, in most cases, there are alternatives in situations where the report is not compulsory by SOX regulations. This section helps you evaluate the usefulness of an SAS 70 report, consider its content, but also consider alternatives.
  • IT Project Advisory. This section explores the extent to which effective programme and project management, in combination with project governance, can contribute to the success of IT projects. The first article reveals how the role of the IT auditor has transformed in recent years from an occasional project auditor to an expert in the field of project control and risk management. The second article investigates the degree to which more mature programme management contributes to improvement in project success.
  • IT Security Services. Do compliance efforts actually help a company's security? It can probably be said that, in the past, regulations lagged behind the market when it came to security. Time and budget are no longer available to the extent they once were, and security can be rocket science to some. Moreover, being compliant doesn't necessarily make you secure. After all, your company contains more than just transactional finance systems. This section provides more detail on how to achieve technical security as a part of financial statement audits, and how to implement effective and efficient authorization management.
  • IRM in the External Audit. This section deals with the shift of attention from the exclusive evaluation of general computer controls to application controls. The first article takes a close look at the relationship between general and application controls. It presents an interesting view of the role played by direct and indirect general computer controls in the annual audit. In the second article the various types of application controls and the practical means of testing them are examined. The third article discusses fact-finding with the aid of data analysis and provides some practical examples.
  • Regulatory & Compliance Services. This section examines two practical examples: one from the process industry and the other from the energy sector. In the first article, we read about the use of 'in-control dashboards', which provide the highest level of insight into the extent (and progress) of internal control. This continuous monitoring contributes to process improvement as well as the adequacy of decision-making processes. The second article describes developments in the energy sector with regard to the need for demonstrably reliable information.
© 2012 Compact | Disclaimer