Assurance for Change Management With COBIT 2019 and CMMC Maturity Frameworks

2022 ◽  
pp. 163-196
Author(s):  
Jeffrey S. Zanzig ◽  
Guillermo A. Francia, III
Keyword(s):  
Change Management ◽  
Personal Development ◽  
Internal Audit ◽  
Maturity Model ◽  
Internal Auditors ◽  
Industrial Base ◽  
Capability Maturity ◽  
Technology Changes ◽  
Constant State ◽  
Levels Of Service

As technology plays an ever-increasing role in carrying out structured tasks in today's society, people are given more time to focus their attention on higher levels of service and personal development. However, technology is in a constant state of change and assurance services are needed to help ensure that technology changes are accomplished properly. The Institute of Internal Auditors has identified 10 steps that can be used to effectively implement changes in technology. This process and its accompanying internal controls can be assessed through an internal audit function that considers issues of both functionality and security. In addition, continuous improvement of the change management process for technology can be evaluated though capability/maturity models to see if organizations are achieving higher levels of accomplishment over time. Such models include the COBIT 2019-supported capability maturity model integration (CMMI) model and the cybersecurity maturity model certification (CMMC) framework used by defense industrial base organizations.

Can internal audit functions improve firm operational efficiency? Evidence from China

2020 ◽  
Vol 35 (8) ◽  
pp. 1167-1188
Author(s):  
Ying Chen ◽  
Bin Lin ◽  
Lizhen Lu ◽  
Gaoguang Zhou
Keyword(s):  
Corporate Governance ◽  
Internal Control ◽  
Internal Audit ◽  
Operational Efficiency ◽  
Alternative Measure ◽  
Maturity Model ◽  
Firm Level ◽  
Content Type ◽  
Internal Auditors ◽  
The Relationship

Purpose The purpose of this study is to examine the effects of internal audit function (IAF) quality on the operational efficiency of Chinese firms. Design/methodology/approach The authors use regression models with a sample of Chinese listed companies to test their research hypotheses. Findings The authors find that IAF quality is positively associated with firm operational efficiency. The result is unchanged after correcting for endogeneity via the instrumental variable method and using an alternative measure of firm operational efficiency. The authors show that IAF competence improves firm operational efficiency, but the relationship between IAF independence and firm operational efficiency is insignificant. Additionally, they find that IAF quality can only significantly improve firm operational efficiency in the presence of effective corporate governance at the firm level and strong institutions at the province level. Using path analysis, the authors find that an IAF can improve firm operational efficiency directly or indirectly by promoting firm internal control quality. Practical implications The findings of this study suggest the need for a balance between IAF competence and independence to achieve the goals of IAF. Additionally, the authors study suggests that the effectiveness of IAF is contingent on corporate governance and market-based institutions. Originality/value The study’s findings contribute to the burgeoning literature on the relationship between IAF and firm operational performance and deepen the authors’ understanding of the role of IAF in an emerging economy whose government plays a major role in promoting and enforcing internal audits. The study also empirically support the Internal Audit Governance Maturity Model proposed by the Institute of Internal Auditors.

Practical Guidance in Achieving Successful Change Management in Information System Environments

2019 ◽  
pp. 41-66
Author(s):  
Jeffrey S. Zanzig ◽  
Guillermo A. Francia III ◽  
Xavier P. Francia
Keyword(s):  
Information System ◽  
Change Management ◽  
Management Practices ◽  
Internal Auditors ◽  
System Environment ◽  
Security Issues ◽  
Constant State ◽  
Practical Guidance ◽  
Managing System ◽  
Successful Change

Situations such as improvements in business transaction processing and various security issues keep today's information systems in a constant state of change. Serious disruption of company operations can occur when changes are improperly planned and/or carried out. In addition to technological issues, an equally important consideration is in regard to how information system changes will affect organizational personnel. The Institute of Internal Auditors has identified seven steps that can be used to effectively implement change in an information system environment. This along with a discussion of significant issues in managing system patches provides an appropriate background to consider a model for evaluating the maturity of an organization's change management process in an information system environment. The highly respected COBIT guidance from the ISACA is included throughout much of the discussion to provide support for many of the suggested change management practices.

Application of People Capability Maturity Model in I.T Industry

2014 ◽  
Vol 4 (1) ◽  
Author(s):  
Padma Tripathi
Keyword(s):  
Workforce Development ◽  
Maturity Model ◽  
It Industry ◽  
Microsoft Excel ◽  
Google Docs ◽  
Capability Maturity ◽  
Important Benefit ◽  
Managerial Positions ◽  
People Capability Maturity Model ◽  
Level 2

The present study was conducted to examine the implementation of PCMM in the Indian IT Industry by analyzing the perceptions of managers regarding the reasons for PCMM implementation, people related issues and benefits of PCMM. The objectives of the study were to gain a conceptual understanding of PCMM, to examine the methods and application of PCMM in IT industry and to gain an overview of the dissemination of PCMM on organizational field by focusing on the implementation of PCMM in organizations, and its impact on the effectiveness of people management and the overall business. Based on the findings of literature review a questionnaire was developed using Google Docs. Subjects of this study were managers belonging to middle and higher managerial positions of various IT companies with PCMM certification ranging from Level 2 to Level 5. The data collected was then analyzed using statistical tools like SPSS and Microsoft Excel. The survey brought out that the reasons for PCMM certification do not vary significantly across IT companies. The Level of PCMM to which an employee’s organization belonged had a significant impact on his/her perception of factors leading to success of IT projects. Reducing turnover was rated as the most prevalent issue followed by overcoming low morale and burnout, and identifying competencies. Integrating workforce development with process improvement was ranked as the most important benefit of PCMM implementation.

Does Incentive-Based Compensation for Chief Internal Auditors Impact Objectivity? An External Audit Risk Perspective

2016 ◽  
Vol 36 (2) ◽  
pp. 21-43 ◽  
Author(s):  
Lucy Huajing Chen ◽  
Hyeesoo H. (Sally) Chung ◽  
Gary F. Peters ◽  
Jinyoung P. (Jeannie) Wynn
Keyword(s):  
Financial Reporting ◽  
Internal Audit ◽  
Positive Association ◽  
Audit Fees ◽  
Data Availability ◽  
Company Performance ◽  
Potential Threat ◽  
External Audit ◽  
Internal Auditors ◽  
Survey Responses

SUMMARY This paper considers the potential impact of internal audit incentive-based compensation (IBC) linked to company performance on the external auditor's assessment of internal audit objectivity. We posit that external auditors will view IBC as a potential threat to internal audit objectivity, thus reducing the extent of reliance on the work of internal auditors and increasing the assessment of control risk. The increase in risk and external auditor effort should result in higher audit fees. We hypothesize that the form of incentive-based compensation, namely stock-based versus cash bonuses, moderates the association between IBC and external audit fee. Finally, we consider whether underlying financial reporting risk mitigates the external auditor's potential sensitivity to IBC. We find a positive association between external audit fees and internal audit compensation based upon company performance. The association is acute to IBC paid in stock or stock options as opposed to cash bonuses. We also find evidence consistent with the IBC associations being mitigated by the company's financial reporting risks. Data Availability: Individual survey responses are confidential. All other data are derived from publicly available sources.

External Auditors' Involvement in the Internal Audit Function's Work Plan and Subsequent Reliance Before and After a Negative Audit Discovery

2016 ◽  
Vol 35 (4) ◽  
pp. 159-173 ◽  
Author(s):  
Byron J. Pike ◽  
Lawrence Chui ◽  
Kasey A. Martin ◽  
Renee M. Olvera
Keyword(s):  
Internal Control ◽  
Internal Audit ◽  
Internal Controls ◽  
Professional Standards ◽  
Data Availability ◽  
Internal Auditors ◽  
External Auditors ◽  
Internal Audit Function ◽  
Anchoring Bias ◽  
Before And After

SUMMARY To reduce redundancies and increase efficiency in the evaluation of internal controls (PCAOB 2007, 402–403), professional standards encourage coordination between external auditors and their clients' internal audit function (IAF). Recent surveys of internal auditors find that a component of this coordination is external auditors' involvement in developing the IAF's audit plans. Nevertheless, it is not known how such involvement affects external auditors' reliance on the internal control test work of the IAF, either before or after a negative audit discovery. Based on an experiment with 107 experienced auditors, we find that external auditors involved in the development of the IAF's audit plan perceive the IAF as more objective and that both objectivity and involvement contribute to these auditors' placing more reliance on the IAF as compared to external auditors with no involvement. This initial reliance results in the involved auditors' proposing reductions to the audit budget and re-performing less of the IAF's work. Consistent with an anchoring bias, we find that involvement leads to external auditors' continuing to place greater reliance on the IAF's work, even after they become aware of a negative audit discovery that should not have occurred had the client's controls been effective. Data Availability: Data are available from the authors on request.

scholarly journals DETERMINAN EFEKTIVITAS AUDITOR INTERNAL PEMERINTAH (Studi Pada Kantor Inspektorat Provinsi Maluku Utara)

2018 ◽  
Vol 14 (1) ◽  
pp. 55
Author(s):  
Irfan Zamzam ◽  
Suriana AR Mahdi
Keyword(s):  
Career Path ◽  
Internal Audit ◽  
Top Management ◽  
Management Support ◽  
Professional Expertise ◽  
Internal Auditor ◽  
Internal Auditors ◽  
Top Management Support ◽  
Quality Of Work

This study examines the determinants of the effectiveness of internal auditors at the Office of the Inspectorate of North Maluku. Specifically, this study tests; influence of professional expertise, quality of work, independence, perceived career path and top management influence of internal auditor on the effectiveness of internal audit. Analysis was conducted by using multiple regression analysis from 43 respondents. The results showed that; Professional expertise, quality of work, independence and career path affect the effectiveness of internal audit while top management support does not influence the effectiveness of internal audit.

New perspective on the black box of internal auditing and organisational change

2016 ◽  
Vol 31 (8/9) ◽  
pp. 804-820 ◽  
Author(s):  
Aviv Kidron ◽  
Yuval Ofek ◽  
Herztel Cohen
Keyword(s):  
Public Sector ◽  
Quantitative Methods ◽  
Internal Audit ◽  
Organisational Change ◽  
Internal Auditing ◽  
Content Type ◽  
Internal Auditors ◽  
The Public ◽  
Innovative Model ◽  
Audit Information

Purpose The shift from the traditional audit towards performance audit implies that internal auditors in the public sector function as change agents who underpin the fundamental change process. This paper aims to propose a model that identifies the determinants of organisational change in the public sector that result from internal auditing and the way internal auditors facilitate it. Design/methodology/approach The conceptual discussion of this paper is based on a review of relevant literature, both practical and academic. Findings This paper develops an innovative model that describes the factors leading to auditees’ change readiness after undergoing internal audit processes. The independent variable is audit information quality and the dependent variable, organisational change. Auditees’ perceptions is the mediator variable, and accessibility to audit information is the moderator variable. Practical implications The proposed model suggests the advantages that can be gained by audit-related services, which in turn will add value to the organisation. The relationships between the variables inform practitioners on how to support effective audits as a means of increasing performance and influencing organisational change. Originality/value As the paper offers an innovative model, it may open up new research areas in internal auditing that can be studied by using both qualitative and quantitative methods.

Sign in / Sign up

Export Citation Format

Share Document