Muhammad Asif Khan and Saleh Al Turki
Keywords: Information systems, software development and acquisition, audit controls.
Abstract: Information Systems organizations have become more vigilant in identifying risks to their infrastructures. In fact, organizations have recognized the significance of IS audit and controls to remove or mitigate the risks for their infrastructures by implementing appropriate measures. The aim of this study is to analyze, explain and demonstrate that how Information Systems organizations implement and ensure that business applications are developed under a controlled environment, thus preventing and/or mitigating the risks involved in development. Also, the study focuses on whether organizations are careful in carrying out the acquisition process as efficiently and effectively possible. To complete our work we have collected and analyzed data from different large organizations in Saudi Arabia, which have an existing IS audit function in order to compare between the approach used by these organizations and the industry standards of IS audit and control set by organizations.
[View Complete Article]