Communications of the Association for Information Systems


Information systems provide both the means for organizations to transact business and the ability to report the financial results of their operations. Information technology auditing is an integral part of corporate governance. However, information technology auditing is often looked upon as a “necessary evil” or is overlooked entirely by IT management We argue that IT audit activities can provide additional value beyond the primary objective of assurance, assuming the organization embraces IT governance partnerships between IT management and the audit function. We also analyze factors developed from field study research that suggest IT audits are special projects requiring a quality audit process and sound project management principles. These success factors, if managed properly, can lead to high-quality IT audit products (i.e., engagements) that could conceivably free audit resources for more value-added projects and enterprise oversight. We close with a discussion of future research directions.