A Review on Information System Audit Using COBIT Framework

Abstract

Information systems (IS) audit contains a proper review of risks associated along with the organization of information systems and processes. Also, an assessment of whether enough quality control will ensure the efficiency, effectiveness, integrity, and security of organization data and assets of the information system.  An IS / IT audit is a coordinated process that specializes in high-risk areas in the organization. Selection of the areas can arise with the board of directors, the board of directors, audit committee, government agencies, or external audit organizations. Generally, it audits help organizations monitoring and evaluation of how the business is work and give protection to the interests of managers, workers, customers, and investors. Control Objectives for Information and related Technology (COBIT) is a detailed resource that consists of all the information organizations have to be compelled to adopt its governance and control framework. COBIT delivers good practices across all domains and process frameworks in an easily manageable and rational structure to assist in optimizing investments that support it. COBIT optimizes investments that support IT and ensure that IT successfully meets business requirements. In this paper, we find that paper about IT/IS audit using COBIT is had a different perspective. Base on the review from twenty papers, there is 85% with a title IT/IS Audit, but the content is about Maturity or Capability Level. The discussion paper is expected to provide new knowledge to other researchers who focused his research on the area of information systems audit. This paper is expected to provide new enlightenment that information system audit is different from the maturity/ capability level, which is also examined in the COBIT 4.1 framework.