Essay: Critical Comparison of Information Governance Articles
VerifiedAdded on  2020/03/13
|9
|2018
|110
Essay
AI Summary
This essay provides a critical analysis of two recent articles related to Information Governance, focusing on IT Governance Audit. The essay compares the articles, highlighting their theoretical, technical, and practical relevance, including similarities and differences. The analysis covers the importance of IT and Audit having a lingual transparency, auditor's role, the need for IT Audits to align with ISACA standards, and the planning phase of governance auditing. The essay also explores the use of audit checklists, ISACA standards, and various auditing techniques. The conclusion summarizes key points, emphasizing the techniques for IT governance discussed by the authors.
Running head: ESSAY
Information Governance
Name of the Student
Name of the University
Author’s Note
Information Governance
Name of the Student
Name of the University
Author’s Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1ESSAY
Annotation
In the essay, a critical analysis is done on two recent articles related the Information
Governance. Both the articles are critically compared focusing on theoretical, technical and
practical relevance of the articles. Similarities and differences of the articles are highlighter in
the essay. Expert comments are also given on the merits of each article and supported by proper
evidence.
Introduction
Information governance is a structure to direct a control the enterprise for achieving the
enterprise’s aims and goals. It also adds value while balancing the risk and return over
information and its process. It has multiple dimensions with an ultimate objective to handle
information in confidential and secure manner (Kooper, Maes and Lindgreen 2011). The articles
that are compared in the essay are based on information auditing and the work will be carried out
by analyzing, comparing and criticizing the articles. A conclusion is provided at the end of the
essay summarizing the key point that has been discussed.
Analysis
Both the article under study focuses on the IT Governance Audit. It helps in evaluating
the company’s strategic and operational alignment with its business strategy to ensure the
company’s goals measuring the performance and transparently reporting the results. The articles
are ‘Author’s Guide to IT auditing, + Software Demo’ and ‘Network Security Auditing’.
Annotation
In the essay, a critical analysis is done on two recent articles related the Information
Governance. Both the articles are critically compared focusing on theoretical, technical and
practical relevance of the articles. Similarities and differences of the articles are highlighter in
the essay. Expert comments are also given on the merits of each article and supported by proper
evidence.
Introduction
Information governance is a structure to direct a control the enterprise for achieving the
enterprise’s aims and goals. It also adds value while balancing the risk and return over
information and its process. It has multiple dimensions with an ultimate objective to handle
information in confidential and secure manner (Kooper, Maes and Lindgreen 2011). The articles
that are compared in the essay are based on information auditing and the work will be carried out
by analyzing, comparing and criticizing the articles. A conclusion is provided at the end of the
essay summarizing the key point that has been discussed.
Analysis
Both the article under study focuses on the IT Governance Audit. It helps in evaluating
the company’s strategic and operational alignment with its business strategy to ensure the
company’s goals measuring the performance and transparently reporting the results. The articles
are ‘Author’s Guide to IT auditing, + Software Demo’ and ‘Network Security Auditing’.
2ESSAY
In the first article (Cascarino 2012), the author clarifies the auditor’s job by stating that it
is their job to if the system is functioning properly with accordance to the intention with
integrity, accuracy and completeness.
First, the relation of Audit is established with technology. The author found it critical for
IT and Audit have a lingual transparency and the importance for the auditor to have a proper
understanding of technological jargon. Where and what is two essential question the auditor
should resolve before starting the auditing process for which Control Strategy Assessment, Unit
Performance reporting, Performance Quality Assessment, Control Adequacy and Effectiveness
and Follow Up is necessary. In short, the IT Audit should be leveled with ISACA standard. The
responsibility of IT auditing also lays in the development and implementation of a risk-based IT
Auditing strategy and objective. It should also ensure the information that is achieved is reliable,
useful, relevant and sufficient. Other functions of IT auditing involves the communication of
audit results to key manager and stakeholders. The IT auditing also requires and understanding
the characteristic of IT auditing of other company audit which can be typically seen in audit
charter. The charters need to achieve the needs of the organization. For that, the IT audit, chief
executive and the line managers should be in close proximity and work accordingly. The level of
the authority to act delegated to the audit function is indicated in the charter for the operational
manager (Tallon, Ramirez and Short 2013). The audit function selects the wording, content and
the form which is indicated by the It audit standards. It is an independent publication.
To ensure the adequacy of the security and the control of the company is maintained
through the It audit. Some of the methods that is useful in the case are ITSEC, ISO 9000 and
TCSEC.
In the first article (Cascarino 2012), the author clarifies the auditor’s job by stating that it
is their job to if the system is functioning properly with accordance to the intention with
integrity, accuracy and completeness.
First, the relation of Audit is established with technology. The author found it critical for
IT and Audit have a lingual transparency and the importance for the auditor to have a proper
understanding of technological jargon. Where and what is two essential question the auditor
should resolve before starting the auditing process for which Control Strategy Assessment, Unit
Performance reporting, Performance Quality Assessment, Control Adequacy and Effectiveness
and Follow Up is necessary. In short, the IT Audit should be leveled with ISACA standard. The
responsibility of IT auditing also lays in the development and implementation of a risk-based IT
Auditing strategy and objective. It should also ensure the information that is achieved is reliable,
useful, relevant and sufficient. Other functions of IT auditing involves the communication of
audit results to key manager and stakeholders. The IT auditing also requires and understanding
the characteristic of IT auditing of other company audit which can be typically seen in audit
charter. The charters need to achieve the needs of the organization. For that, the IT audit, chief
executive and the line managers should be in close proximity and work accordingly. The level of
the authority to act delegated to the audit function is indicated in the charter for the operational
manager (Tallon, Ramirez and Short 2013). The audit function selects the wording, content and
the form which is indicated by the It audit standards. It is an independent publication.
To ensure the adequacy of the security and the control of the company is maintained
through the It audit. Some of the methods that is useful in the case are ITSEC, ISO 9000 and
TCSEC.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3ESSAY
Gathered information is also important for the auditors of the organization. It is done with
the help of the audit program which are prescribed steps that an auditor has to follow for gaining
the appropriate evidence.
The plan is necessary for achieving the audit objectives. There are various components
are included in the plan.
Primarily, the objectives and the scopes need to be determined with consultation with the
auditees. The finalized objective and scopes need to be sent to the clients in prior to avoid any
misunderstanding. Reading of operating procedure manuals and discussions with the operating
management needs to be obtained to determine the objectives. Planning of the audit report is
another important task which communicates audit results which is used in communication
between auditors and others in the company. Approval of the audit approach is also necessary
which is approved by the auditor in-charge.
Audit management includes the management of IT quality through peer reviews. It
should include planning, function of the organization, staffing, business information system and
many more of the organization. Integrated auditor and audit comes in action in this field where
auditor is to develop an expanded auditor skill set, whereas, integrated audit is to focus the
company’s resources directly by providing an integrated audit product.
On the second article, we find various aspects of IT governance Audit which will be
discussed in the following.
According to the author, the first and foremost part of governance auditing is the
planning phase where the company has to determine the overall strategy (Jackson 2010). There
are various steps in the process which are identification of the subject of the audit, the timeframe,
Gathered information is also important for the auditors of the organization. It is done with
the help of the audit program which are prescribed steps that an auditor has to follow for gaining
the appropriate evidence.
The plan is necessary for achieving the audit objectives. There are various components
are included in the plan.
Primarily, the objectives and the scopes need to be determined with consultation with the
auditees. The finalized objective and scopes need to be sent to the clients in prior to avoid any
misunderstanding. Reading of operating procedure manuals and discussions with the operating
management needs to be obtained to determine the objectives. Planning of the audit report is
another important task which communicates audit results which is used in communication
between auditors and others in the company. Approval of the audit approach is also necessary
which is approved by the auditor in-charge.
Audit management includes the management of IT quality through peer reviews. It
should include planning, function of the organization, staffing, business information system and
many more of the organization. Integrated auditor and audit comes in action in this field where
auditor is to develop an expanded auditor skill set, whereas, integrated audit is to focus the
company’s resources directly by providing an integrated audit product.
On the second article, we find various aspects of IT governance Audit which will be
discussed in the following.
According to the author, the first and foremost part of governance auditing is the
planning phase where the company has to determine the overall strategy (Jackson 2010). There
are various steps in the process which are identification of the subject of the audit, the timeframe,
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4ESSAY
determination of the scope and the objective. After determining the factors, the next most
important step is the formulation of a plan. It includes the identification of the resources needed
like skill and technology, organizational structure, process, data flow, determination of the
person under the audit will be carried out and identification of the logistics information. The next
phase is the data accumulation. After gathering the data, the auditor has to analyze the data. It is
important in identifying potential risks. In the risk assessments, various methodologies are used.
Control activity is the next step which recommends help mitigating risk. The important aspects
of controls in COSO are operational, compliance and financial reporting. There are broad and
cover all the issues regarding IT. Information and communication is another important part in
governance which enables free flow between all aspects of the business (Smallwood 2014).
ISACA or Information Systems Audit and Control Association is an integral part of
security auditing. Author referred as the largest association of IT auditors. Every IT
organizations should follow the standard of ISACA. It also provides Certified Information
System Auditor certification of CISA and Certified Information System Manager or CISM.
These institutions also provide guideline for the IT Company to provide assistance which
includes standard of IS Auditing, Auditing G Auditing procedures and many more. The
Standards of IS auditing includes various codes of conduct. Auditing G comprises the manual of
conduct audit following the standard of IS auditing (Van Grembergen and De Haes 2017).
It involves the technical security discipline of the company. Various tools are used in the
process among which, Security Auditing Tools are proposed by the author. The sophistication
and the power of these tools increase exponentially in each year. Identification is another aspect
of security auditing where selection of control is of absolute necessity. It includes the knowledge
of understanding the risks and security objectives of the company. Author opines that as it is
determination of the scope and the objective. After determining the factors, the next most
important step is the formulation of a plan. It includes the identification of the resources needed
like skill and technology, organizational structure, process, data flow, determination of the
person under the audit will be carried out and identification of the logistics information. The next
phase is the data accumulation. After gathering the data, the auditor has to analyze the data. It is
important in identifying potential risks. In the risk assessments, various methodologies are used.
Control activity is the next step which recommends help mitigating risk. The important aspects
of controls in COSO are operational, compliance and financial reporting. There are broad and
cover all the issues regarding IT. Information and communication is another important part in
governance which enables free flow between all aspects of the business (Smallwood 2014).
ISACA or Information Systems Audit and Control Association is an integral part of
security auditing. Author referred as the largest association of IT auditors. Every IT
organizations should follow the standard of ISACA. It also provides Certified Information
System Auditor certification of CISA and Certified Information System Manager or CISM.
These institutions also provide guideline for the IT Company to provide assistance which
includes standard of IS Auditing, Auditing G Auditing procedures and many more. The
Standards of IS auditing includes various codes of conduct. Auditing G comprises the manual of
conduct audit following the standard of IS auditing (Van Grembergen and De Haes 2017).
It involves the technical security discipline of the company. Various tools are used in the
process among which, Security Auditing Tools are proposed by the author. The sophistication
and the power of these tools increase exponentially in each year. Identification is another aspect
of security auditing where selection of control is of absolute necessity. It includes the knowledge
of understanding the risks and security objectives of the company. Author opines that as it is
5ESSAY
directly associated with the technology it should address mitigating risk around process, people
and technology itself.
Audit checklist is another important section of governance as mentioned by the author
which acts as the blueprint of the complete auditing process. To achieve the objective of the
company, it is a vital to and ensures the success of the company. The checklist covers all the
aspects of audit, starting from objective, assessment method and results to improve the
compliance. It is referred as the back bone of the governance of a company. The more
elaborative the checklist is, the more easy it will become for governance of the company and
supports other staffs to help in their evidence hunt (Bhardwaj and Rao 2015).
Conclusion
Both the authors in their respective books mentioned different techniques that can be
adopted for IT governance. The authors primarily focused on the audit which is an integral part
of the governance. All the aspect had been covered in the books, but some important ones from
each are mentioned such as planning, checklist, management, It audit and security.
directly associated with the technology it should address mitigating risk around process, people
and technology itself.
Audit checklist is another important section of governance as mentioned by the author
which acts as the blueprint of the complete auditing process. To achieve the objective of the
company, it is a vital to and ensures the success of the company. The checklist covers all the
aspects of audit, starting from objective, assessment method and results to improve the
compliance. It is referred as the back bone of the governance of a company. The more
elaborative the checklist is, the more easy it will become for governance of the company and
supports other staffs to help in their evidence hunt (Bhardwaj and Rao 2015).
Conclusion
Both the authors in their respective books mentioned different techniques that can be
adopted for IT governance. The authors primarily focused on the audit which is an integral part
of the governance. All the aspect had been covered in the books, but some important ones from
each are mentioned such as planning, checklist, management, It audit and security.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6ESSAY
Reference
Cascarino, R.E., 2012. Auditor's Guide to IT Auditing,+ Software Demo (Vol. 583). John Wiley
& Sons. https://books.google.co.in/books?
hl=en&lr=&id=DKRD1S10dg8C&oi=fnd&pg=PA17&dq=Cascarino,+R.E.,+2012.+Auditor
%27s+Guide+to+IT+Auditing,%2B+Software+Demo+(Vol.+583).+John+Wiley+
%26+Sons.&ots=1q7Jd5oyB0&sig=o4jg7fNSeVz8_RW4kypmAFFJa_4#v=onepage&q&f=false
Jackson, C., 2010. Network security auditing. Cisco Press. https://books.google.co.in/books?
hl=en&lr=&id=cHCvSjvOAQIC&oi=fnd&pg=PT48&dq=Jackson,+C.,
+2010.+Network+security+auditing.
+Cisco+Press&ots=qy4foax_lC&sig=9JFAoPdeZ658Oq01FYR537ZPU5A#v=onepage&q&f=fa
lse
Kooper, M.N., Maes, R. and Lindgreen, E.R., 2011. On the governance of information:
Introducing a new concept of governance to support the management of
information. International Journal of Information Management, 31(3), pp.195-200.
http://www.sciencedirect.com/science/article/pii/S0268401210000708
Smallwood, R.F., 2014. Information governance: Concepts, strategies, and best practices. John
Wiley & Sons. https://books.google.co.in/books?
hl=en&lr=&id=m5U6AwAAQBAJ&oi=fnd&pg=PT21&dq=Smallwood,+R.F.,
+2014.+Information+governance:+Concepts,+strategies,+and+best+practices.+John+Wiley+
%26+Sons.&ots=O5rRZlsrbz&sig=p5V2FmcoGjP1CiU4edMT0pWvfSM#v=onepage&q&f=fal
se
Reference
Cascarino, R.E., 2012. Auditor's Guide to IT Auditing,+ Software Demo (Vol. 583). John Wiley
& Sons. https://books.google.co.in/books?
hl=en&lr=&id=DKRD1S10dg8C&oi=fnd&pg=PA17&dq=Cascarino,+R.E.,+2012.+Auditor
%27s+Guide+to+IT+Auditing,%2B+Software+Demo+(Vol.+583).+John+Wiley+
%26+Sons.&ots=1q7Jd5oyB0&sig=o4jg7fNSeVz8_RW4kypmAFFJa_4#v=onepage&q&f=false
Jackson, C., 2010. Network security auditing. Cisco Press. https://books.google.co.in/books?
hl=en&lr=&id=cHCvSjvOAQIC&oi=fnd&pg=PT48&dq=Jackson,+C.,
+2010.+Network+security+auditing.
+Cisco+Press&ots=qy4foax_lC&sig=9JFAoPdeZ658Oq01FYR537ZPU5A#v=onepage&q&f=fa
lse
Kooper, M.N., Maes, R. and Lindgreen, E.R., 2011. On the governance of information:
Introducing a new concept of governance to support the management of
information. International Journal of Information Management, 31(3), pp.195-200.
http://www.sciencedirect.com/science/article/pii/S0268401210000708
Smallwood, R.F., 2014. Information governance: Concepts, strategies, and best practices. John
Wiley & Sons. https://books.google.co.in/books?
hl=en&lr=&id=m5U6AwAAQBAJ&oi=fnd&pg=PT21&dq=Smallwood,+R.F.,
+2014.+Information+governance:+Concepts,+strategies,+and+best+practices.+John+Wiley+
%26+Sons.&ots=O5rRZlsrbz&sig=p5V2FmcoGjP1CiU4edMT0pWvfSM#v=onepage&q&f=fal
se
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7ESSAY
Tallon, P.P., Ramirez, R.V. and Short, J.E., 2013. The information artifact in IT governance:
toward a theory of information governance. Journal of Management Information Systems, 30(3),
pp.141-178. http://www.tandfonline.com/doi/abs/10.2753/MIS0742-1222300306
Van Grembergen, W. and De Haes, S., 2017, January. Introduction to IT Governance and Its
Mechanisms Minitrack. In Proceedings of the 50th Hawaii International Conference on System
Sciences. http://scholarspace.manoa.hawaii.edu/bitstream/10125/41788/1/paper0639.pdf
Tallon, P.P., Ramirez, R.V. and Short, J.E., 2013. The information artifact in IT governance:
toward a theory of information governance. Journal of Management Information Systems, 30(3),
pp.141-178. http://www.tandfonline.com/doi/abs/10.2753/MIS0742-1222300306
Van Grembergen, W. and De Haes, S., 2017, January. Introduction to IT Governance and Its
Mechanisms Minitrack. In Proceedings of the 50th Hawaii International Conference on System
Sciences. http://scholarspace.manoa.hawaii.edu/bitstream/10125/41788/1/paper0639.pdf
8ESSAY
Appendix
In this article the authors describe a definition for information governance, extending the
common, one-dimensional approach into a more generic statement. Starting from the well-
known principles of IT governance the authors further explore the aspects of both information
and governance.
The professionalism of It Auditing is demonstrated by adherence to both the ISACA Code of
Professional Ethics and the ISACA IT Auditing Standards.
Increasingly, accreditation and audit of IT services must be provided by international or third
parties to ensure that adequate security and control exists. Several evaluation methods exit that
can be used to determined adequacy including ITSEC,TCSEC, and ISO 9000 evaluations using
standards such as COBIT, COSO Internal Control-Integrated Framework and COSO Enerprise
Risk management –Integrated Framework, and so forth.
The auditing checklist acts as the blueprint for the entire auditing process. The checklist itself
provides areas to be audited, control objective, assessment methods and results (evidence)
expected to prove compliance.
ISACA is the largest association of IT auditors in existence with over 65,000 members across the
world. Many of the auditing techniques and security governance processes used to audit IT today
have been compiled and standardized by ISACA. Over 50,000 people have earned the
Certificated Information System Auditor Certification, demonstrating knowledge in auditing.
The Certificated information System Manager is also offered to test IT governance and
management expertise.
Appendix
In this article the authors describe a definition for information governance, extending the
common, one-dimensional approach into a more generic statement. Starting from the well-
known principles of IT governance the authors further explore the aspects of both information
and governance.
The professionalism of It Auditing is demonstrated by adherence to both the ISACA Code of
Professional Ethics and the ISACA IT Auditing Standards.
Increasingly, accreditation and audit of IT services must be provided by international or third
parties to ensure that adequate security and control exists. Several evaluation methods exit that
can be used to determined adequacy including ITSEC,TCSEC, and ISO 9000 evaluations using
standards such as COBIT, COSO Internal Control-Integrated Framework and COSO Enerprise
Risk management –Integrated Framework, and so forth.
The auditing checklist acts as the blueprint for the entire auditing process. The checklist itself
provides areas to be audited, control objective, assessment methods and results (evidence)
expected to prove compliance.
ISACA is the largest association of IT auditors in existence with over 65,000 members across the
world. Many of the auditing techniques and security governance processes used to audit IT today
have been compiled and standardized by ISACA. Over 50,000 people have earned the
Certificated Information System Auditor Certification, demonstrating knowledge in auditing.
The Certificated information System Manager is also offered to test IT governance and
management expertise.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 9
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.