Search results

To provide background for senior and middle management in information technology organizations who may be in the implementation phase of compliance for Sarbanes‐Oxley (SOX). As the information technology (IT) organization looks forward to additional compliance or other IT control frameworks such as COBIT, the paper can help construct a roadmap. Other audiences include senior management, accountants, internal auditors, and academics who may wish to evaluate the impact of SOX on the information technology organization.

SOX is surveyed to understand the four major compliance areas that must be supported in the IT organization. Recently published works are integrated into an evaluation of enterprise resource planning (ERP) research to identity several ongoing themes that point to practical advice for implementing SOX. The private sector of US business is saturated with ERP applications and provides a useful benchmark of what to expect with SOX compliance. The sections of this report include: SOX and IT governance; ERP systems: recurring themes; after the initial implementation of SOX; frameworks to support SOX compliance; IT governance and SOX: where we go from here; to best practice and competitive advantage; and conclusion.

Competencies in several related core disciplines including project management, change management, and software integration should be the top priority for SOX implementation. Enterprise architecting and related areas such as security and outsourcing can be managed more effectively with the appropriate competencies.

The authors' observations are based on several research reports but are not exhaustive, and are not specific to a particular industry.

The content is a very useful source of information for senior management, IT management, accountants, auditors, and academics to understand the impact of SOX on the IT organization and how to develop a roadmap to respond.

The purpose of this paper is to explore the importance and implementation of the Control Objectives for Information and Related Technology (COBIT) processes in Saudi organizations.

An empirical survey, using a self‐administered questionnaire, was conducted to achieve this purpose. A total of 500 questionnaires were distributed to a selected sample of organizations in Saudi Arabia. Of these, 127 valid questionnaires – representing 25.4 percent response rate – were collected and analyzed using the Statistical Package for Social Sciences (SPSS) version 16.

The results of this paper reveal that the majority of respondents perceive the importance of the COBIT processes and domains, but a lower percentage believe that such processes are adequately implemented in their organizations. It is observed that banks, financial institutions, and service organizations show more concern and application of COBIT processes compared with other organizations. The results also reveal that IT specialists, internal auditors, and executive managers perceive and appreciate the importance of COBIT processes more than the others.

The results of this paper will enable Saudi organizations to better understand, implement, evaluate, and manage information technology governance (ITG) for their businesses success. The paper provides useful information for executive managers, IT managers, accountants, auditors, and academics to understand the implementation phase and impact of COBIT on ITG in Saudi organizations.

The paper provides useful information for executive managers, IT managers, accountants, auditors, and academics, to understand the implementation phase and impact of COBIT on ITG in Saudi organizations.