ISSN 1566-6379

First published
in 2003


   

Papers in this Issue

Home Papers in this Issue Previous Issues Site Map
    .

Home
About the Journal
Scope
Editorial Board
Submission Guidelines
Call for Papers

 

For information about the European Conference on IT Management and Evaluation, click here

Downloadable documents on this site require Adobe Acrobat Reader (free download here)

Volume 12 Issue 1
February 2009

Improving the Benefits of IT Compliance Using Enterprise Management Information Systems
Renata Paola Dameri
University of Genova, Italy

   

During recent years, IT governance has become more and more important. More of the attention on IT Governance is captured by compliance, owing to the recent financial scandals and the severe rules regarding information systems’ audit and control. Companies need to comply with these rules, but it requires important investments, considered not strategic but only necessary (Remenyi et. Al. 2000). However, companies should analyse the compliance requirements and to implement an IT governance system, not only to comply with legal rules, but also to improve the strategic alignment between IT and business and to optimise value creation by IT compliance investments (Ventrakaman and Henderson 1996, Van Grembergen 2003).

However, companies have difficulties in implementing IT compliance initiatives, because they are complex and require an integrated approach all over the organization. But IT compliance initiatives often lack an integrated, strategic approach: they only try to comply with the increasing rules affecting IT operations, thereby limiting the value of compliance investments. To optimise IT compliance, companies should develop an IT compliance strategy, aiming not only to accomplish it with regulation, but also to bring processes into compliance. That is, to realise full integration between operations, risk control, data reliability. To reach this result, compliance automated solutions are indicated, like GCR (Governance, Risk and Compliance) applications. However, standard solutions fail to support specific problems and their own value proposition of each company: an EIMS (Enterprise Information Management Systems), developed in-house, permits automatically managed processes, data and information security, access to control and system performance and improved data usability, in accordance with company specific organisation and needs.

In this paper, IT compliance is introduced, to define how to orient it to value creation; GRC systems and EIM systems are described, with their different cost and benefits for companies. The aim of the paper is to define how to develop compliance automated systems, to save money and enhance information integration and value. Observations and conclusions derive from the practical experience of the author, participating to a project of EIM implementation in a major Italian company.

Keywords: IT governance, risk management, accounting information systems, IT compliance, knowledge management

Download FULL PAPER

 

Back to Contents

Home Up Previous Issues Site Map

EJISE is published by Academic Conferences Limited
Curtis Farm, Kidmore End, Nr Reading RG4 9AY, England
Tel: +44 (0)1189 724148, Fax: +44 (0)1189 724691, Email: info@ejise.com

Send mail to info@academic-conferences.com with questions or comments about this web site.
Copyright © 2002-2006 Electronic Journal of Information Systems Evaluation
Last modified: September 29, 2005
ISSN 1566-6379