Abstract
M.Com. (Computer auditing)
1. Overview of Topic
This dissertation deals with the question of the computer auditor's involvement in IT
(Information Technology) strategic planning. Increasingly, organizations have come to value
IT for the competitive or strategic advantage that it can provide in the modern marketplace. IT
has thus moved from being an administrative function to being of strategic importance to an
organization.
The IT strategic plan expresses an organization's beliefs and goals relating to the use of
information technology and the use of IT for strategic purposes. The IT strategic plan should
ideally support the organizational goals and the principles identified in the organizational
strategic plan.
2. Research Problem and Methodology
The purpose of this research project is to identify whether a computer auditor should be
involved in IT strategy planning. It is contended that the involvement would normally be that
of auditing an IT strategy, but could also extend to providing input into the development of
such a strategy. This dissertation suggests that the IT strategy is a risk area in the
organization and as such should be examined by the computer auditor. In addition, the
concept of IT strategy being a key control system within the organization is introduced.
A survey of literature is used to justify the above. Based on points gleaned from the literature
survey, a suggested guideline for auditing an IT strategy is proposed.
3. Results of the Research
Although a comprehensive survey of literature was performed. no indication was found that
this topic had been dealt with in the past. The literature survey. however, proved to be of value
in defining IT strategy and identifying it's risk areas. In addition, some of the literature did
imply that there was scope for the involvement of the computer auditor in IT strategy
planning. The literature survey also indicated that the topic of IT strategy was of importance
to South African companies.
Based on the literature survey it was concluded that, because IT strategy represented a risk
area to the organization, the computer auditor should be involved in the audit thereof. The
following guidelines were drawn up: one to assist in identifying when an IT strategy should
be audited, one to identify control objectives relating to IT strategy and a corresponding audit
guideline for each control objective.
4. Conclusion
The literature surveyed indicated that there was a definite need for the computer auditor to
become involved in the audit of IT strategy. The guideline presented for the audit of an IT
strategy should prove to be useful to the computer auditor in identifying when and how an IT
strategy should be audited. Investigating the actual involvement of the computer auditor in IT
strategic planning was identified as an area for possible future research.