Muhammad Asif Khan and Ali Al Ghadeer
Keywords: Information systems organizations, Preventative acquisition controls, audit and controls, software acquisition controls
Abstract: Information Systems (IS) organizations are experiencing a mounting pressure to contribute organizational success and to secure information asset, therefore, protection of information assets has become a paramount concern in IS organizations. IS organizations recognize the importance of evaluation of information systems and implemented controls so that any risk either could be removed or mitigated for their information asset and infrastructure by implementing appropriate measures. The aim of this paper is to analyze, explain and demonstrate the effectiveness of software and hardware acquisition controls in IS organizations to ensure optimum benefits in the organizations. Also, the study determines that whether organizations are careful in implementing the preventative controls and how effectively the organizations benefit from the controls for software and hardware acquisition. In order to complete the current study data has been collected from different financial organizations, which have an existing IS audit function in place. The data has been analyzed and approach used by these organizations has been evaluated in view of specific industry standards of IS audit and control set by organizations
[View Complete Article]