Title :
Risk and Compliance Management Framework for Outsourced Global Software Development
Author :
Magnusson, Christer ; Chou, Sung-Chun
Author_Institution :
Dept. of Comput. & Syst. Sci., Stockholm Univ., Stockholm, Sweden
Abstract :
After the U.S. Congress enacted the Sarbanes-Oxley Act, the need to guarantee transparency to companies´ stakeholders increased substantially. To become SOX compliant, companies are required to base their Corporate Governance on a suitable internal control framework; companies shall provide transparency, accountability and control to the different stakeholders. Financial applications and ERP-systems are critical in this process; if they fail, corporate governance will fail as well. This paper provides a Risk and Compliance Management framework for outsourced GSD of financial applications and ERP-systems. The challenge is to integrate COSO-ERM, ISO 20000 and ISO 27001. We have addressed this challenge by extending the SABSA model to incorporate the integration of these standards. As a result, the framework clarifies the responsibilities of customers and outsourcing companies, thereby providing efficient risk and compliance management.
Keywords :
enterprise resource planning; financial data processing; risk management; software engineering; ERP-systems; SOX compliant; compliance management framework; financial applications; outsourced global software development; risk management framework; Companies; Computer architecture; ISO standards; Risk management; Security; Software; COSO-ERM; Compliance; Global Software Development; ISO 20000; ISO 27001; Risk Management; SABSA; SOX;
Conference_Titel :
Global Software Engineering (ICGSE), 2010 5th IEEE International Conference on
Conference_Location :
Princeton, NJ
Print_ISBN :
978-1-4244-7619-0
Electronic_ISBN :
978-1-4244-7620-6
DOI :
10.1109/ICGSE.2010.34
