Academic journal article Communications of the IIMA

Incorporating the COBIT Framework for IT Governance in Accounting Education

Academic journal article Communications of the IIMA

Incorporating the COBIT Framework for IT Governance in Accounting Education

Article excerpt


Enterprises consider information systems and related technology as vital factors necessary to be competitive and successful (Blili & Raymond, 1993). Information systems encounter serious security threats that may arise from the weakness of the internal controls and/or the nature of the competitive environment as the need and dependency on information increases (Hayale & Abu-Khadra, 2006).

Information security and governance have received increasing attention from both academics and professionals for the need to minimize information systems risk (Greenstein & Vasarhelyi, 2000).

The Sarbanes Oxley Act of 2002, section 404, requires both management and the external auditors to report upon the adequacy of the company's system of internal controls, including those controls of the information system. However, the act did not specify the methodology to accomplish this goal. The Information Systems (IS) profession was ready for that; the Information System Audit and Control Foundation (ISACF) developed the Control Objectives for Information and related Technology (COBIT), which is a framework of generally applicable IS security and control practices of information technology control. COBIT was initially developed as an IT benchmark consisting of best practices, then it evolved to become a framework that could be applicable as a dual use framework by which organizations can achieve efficiencies in either operation and/or IT audits. This framework is widely accepted by the profession and allows management to benchmark the security and control practices of the IT environment. Additionally, it ensures that adequate security and controls exist (Lainhart, 2000).

On the other hand, the accounting profession started to consider seriously the IT governance concept as a part of the internal control system much later. The accounting profession's interest heightened after the declaration of the Sarbanes-Oxley act in 2002 (Pauwels, 2006), and the release of the Public Company Accounting Oversight Board's (PCAOB) Auditing Standard No. 2 (AS2) in 2004. The Committee of Sponsoring Organization of the Treadway Commission's (COSO's) issued an internal control - integrated framework. However, this framework is a highly abstract conceptual framework that does not identify control objectives at a level of specificity sufficient to design detailed audit tests. In addition, the general nature of COSO does not address the complexity and special risk inherent in the IT field. Therefore, organizations and auditors in computerized environments started looking for a suitable framework to supplement the COSO framework, such as COBIT and the Maturity Model as one of the COBIT's testable constructs.

The Maturity Model enables management of a company to evaluate and determine where on the internal control spectrum their controls are currently located. This issue becomes more important with the increasing pressure on the senior managers to consider how well IT is being managed and what needs to be done in the future to reach an adequate level of control over IT functions (Tuttle and Vandervelde, 2007). The Maturity Model enables enterprises not only to benchmark their present IT performance but also to identify future targets for improvements.

This paper explores the gaps that exist in the use of COBIT for IT governance between the accounting academic programs in and accounting professional practices. It examines the level of coverage of COBIT in accounting textbooks and the level of support from accounting professors in utilizing the COBIT model in classroom. The researchers found that the COBIT coverage did not exceed 3% of the total Accounting Information Systems textbooks (see Table 1). Furthermore, based on the result of an empirical study, the researchers found that there is a lack of support for the COBIT model from professors in accounting.

Table 1: Accounting Information Systems Textbook Comparison. … 
Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.