The Electronic Journal of Information Systems Evaluation provides critical perspectives on topics relevant to Information Systems Evaluation, with an emphasis on the organisational and management implications
Click here to see other Scholarly Electronic Journals published by API
For a range of research text books on this and complimentary topics visit the Academic Bookshop

Information about the European Conference on Information Management and Evaluation is available here

linkedin-120 

twitter2-125 

fb_logo-125 

 

Journal Article

Improving the Benefits of IT Compliance Using Enterprise Management Information Systems  pp27-38

Renata Paola Dameri

© Jan 2009 Volume 12 Issue 1, ECIME 2008, Editor: Dan Remenyi, pp1 - 118

Look inside Download PDF (free)

Abstract

During the latest years, IT governance has become more and more important. More of the attention on IT Governance is captured by compliance, owing to the recent financial scandals and the severe rules regarding information systems audit and control. Companies need to comply with these rules, but it requires important investments, considered not only strategic but necessary (Remenyi et. al. 2000). However, companies should analyse the compliance requirements to implement an IT governance system, not only to comply with legal rules, but also to improve the strategic alignment between IT and business and to optimise value creation by IT compliance investments (Ventrakaman and Henderson 1996, Van Grembergen 2003). However, companies have difficulties in implementing IT compliance initiatives, because they are complex and require an integrated approach all over the organization. But IT compliance initiatives often lack an integrated, strategic approach: they only try to comply with the increasing rules affecting IT operations, thereby limiting the value of compliance investments. To optimise IT compliance, companies should develop an IT compliance strategy, aiming not only to accomplish with regulations, but also to bring processes into compliance. That is, to realise a full integration between operations, risk control, data reliability. To reach this result, compliance automated solutions are indicated, like GCR (Governance, Risk and Compliance) applications. However, standard solutions fail to support specific problems and the individual value proposition of each company: an EIMS (Enterprise Information Management Systems), developed in house, allows automatically managed processes, data and information security, to access control and system performance and to improve data usability, in accordance with company specific organisation and needs. In this paper, IT compliance is introduced, to define how to orient it to value creation; GRC systems. EIM systems are described, with their different cost and benefits for companies. The aim of the paper is to define how to develop compliance automated systems, to save money and enhance information integration and value. Observations and conclusions derive from practical experience of the author, participating to a project of EIM implementation in a major Italian company.

 

Keywords: IT governance, risk management, accounting information systems, IT compliance, knowledge management

 

Share |