Title :
Formalization of the IT Audit Management Process
Author :
Rosario, T. ; Pereira, Rui ; da Silva, Miguel Mira
Author_Institution :
Inst. Super. Tecnico, Univ. Tec. de Lisboa, Lisbon, Portugal
Abstract :
Audit is an independent activity that employs standardized methods to evaluate and improve the effect in the process of compliance and control in order to help the organization achieve its goals. Nowadays, the current audit management process is costly and requires a high effort since there is a high amount of resources and used assets needed. This happens due to the large number of regulations with which it is crucial to comply. However, there are several frameworks which bring uncertainty and complexity to an organization. We intend to analyze the most important frameworks, elicit the needed requirements and use them to formalize the IT audit management process. Our work is important since a formalization of the IT audit management process is still missing and organizations keep struggling with so many frameworks in the market. Thus, organizations can achieve an improvement in their audits performance and an improvement on the analyses of their internal controls and compliance requirements.
Keywords :
DP management; auditing; formal specification; BPMN; IT audit management process; audit performance; business process model notation; compliance process; compliance requirement; control process; internal control; standardized method; ISO standards; Organizations; Process control; Proposals; Standards organizations; Business Process Model; Compliance; Formal Process; IT Audit Management; Petri Nets;
Conference_Titel :
Enterprise Distributed Object Computing Conference Workshops (EDOCW), 2012 IEEE 16th International
Conference_Location :
Beijing
Print_ISBN :
978-1-4673-5005-1
DOI :
10.1109/EDOCW.2012.11
