Disclaimer: This is an example of a student written essay.
Click here for sample essays written by our professional writers.

Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UKEssays.com.

Advantages of an IT Compliance Program

Paper Type: Free Essay Subject: Information Technology
Wordcount: 4232 words Published: 8th Feb 2020

Reference this

Table of Contents


  1. Introduction…………………………………………………………………………..4
  2. Challenges in achieving IT Regulatory Compliance…………………………………5
  3. IT Governance……………………………………………………………………….7
  4. Plan of action…………………………………………………………………………9
  5. Business Processes & IT Compliance Factors………………………………………12
  6. Conclusion………………………………………………………………………….15
  7. References………………………………………………………………………….16


The significance of advancement of IT compliance program in Management Information Systems in an IT association been portrayed in numerous examinations on the best way to deal with IT design and difficulties that IT Organizations look as far as accomplishing compliance and the definite IT Governance on the most proficient method to enhance the viability of IT division and how we execute IT compliance program and different directions that are affecting the IT Organization are depicted. Offering consideration regarding these ideas will profit the IT Organizations.


In today’s dynamic business condition, IT plays a key role in organization and consistent changes in IT runs the show. These constant changes and evolution of IT leads to multi-faceted transformation in both operational and corporate structures like financing, delivering and promoting of the items or administration are some of the examples of the possible changes. Companies experience transformation by the following factors also, factors like State and federal controls, stakeholders contacts, simple internal controls to implementing and strategically exploiting enterprise resource planning platforms and outsourcing, corporate approach, and mechanical infrastructure are some of the other changes that undergo transformation in an organization.

Get Help With Your Essay

If you need assistance with writing your essay, our professional essay writing service is here to help!

Essay Writing Service

  As a result of these changes there is always a need for continuous research of new of competing there is always pressure on the companies to invest in IT systems. In terms of corporate strategy point IT investments is a sizeable component in the budget of the corporate. But in the terms of IT, system complexity may lead to risk exposure that could affect both in financial as well as moral damage and it could even affect a company’s reputation and its client base. It becomes critical to develop the auditing framework in sense of the company’s structure which are transformed by technological discontinuities.

This article is about the new forms of corporate structures, auditing and discuss the standard COBIT framework of IT governance, focus on the business webs (b-webs), corporate structure based on IT technologies, B-web Transformation Model and the effect on its governance by the adoption of b-webs by corporations are analyzed and discussed on a new auditing framework. The aim is to track changes to auditing parameter’s and requirements as an organization evolves. 

Challenges in achieving IT Regulatory Compliance



It is good to understand the challenges that the IT division would face to successfully implementing the program of conformity. Among them is the management support especially on financing. It is a technical field, and the resources needed may sound unrealistic to a management team who has not ha expertise knowledge on the latest information systems. In such a case, the division suffers inadequate support from the management. For these reasons, the department is forced to work with a minimum budget that may compromise the audit activities taking place during the compliance program. For example, the company may choose to go for the cheapest external review team who may not deliver as expected. Besides the users and management may be reluctant to change if the IT division has to review the systems to suit the changing regulations.

Secondly, matching the user requirement of the system specification is a challenge the IT division may meet. Regulatory frameworks are among the user needs, and the team should convert them to product specifications to help them design different modules of the information systems. For example, Sarbanes Oxley act grants the external investors to access the financial trend of the company. If the IT division is not in a position to allow such an access due to system design challenges on limiting user access rights, then that is a requirement that is challenging to convert to the product specification.

What about the changing standards? It is true that the world is dynamic and the standards of today may be reviewed to different requirements. In the event of such changes, the It compliance results would show that the company has failed to comply with the new standards. The IT division is forced to make changes to their system to suit the new requirements (Griffith & Baxter Jr, 2016). It can be however challenging of the changes happen so rapidly, and each time the company incurs some cost on change management.


IT governance


IT governance (ITG) – The processes that ensure the effective and efficient use of IT in enabling

an organization to achieve its goals. It’s being recognized that IT has a fundamental role to play in improving corporate governance practices, because critical business processes are usually automated, and directors rely on information provided by IT systems for their decision making. With the growth of direct connection between organizations and their suppliers and customers, and more and more focus on how IT can be used to add value to business strategy, the need to effectively manage IT resources to avoid IT failures and poor performance has never been superior. The current typical situation of cost reduction and budget restriction has resulted in new norm – there is an expectation that IT resources should always be used as proficiently and the steps are taken to organize these IT resources ready for the next cycle of growth and new IT developments. A key aspect of these factors is the increasing use of third party service providers and the need to manage these suppliers properly to avoid costly and damaging service failures.

IT governance is not just an IT concern or only of importance to the IT function. In its extensive sense it is a part of the overall governance of an entity, but with a specific focus on improving the administration and control of Information technology for the benefit of the primary stake holders. Ultimately it is the responsibility of Board of Directors to ensure that IT along with other critical activities is adequately governed. IT Governance has its own key areas as below:

IT Governance

Strategic Alignment

The process of bringing the actions of an organization’s business divisions and staff members in-line.

Value Delivery

IT delivers the promised benefits against the strategy, concentrating on optimizing costs and provide the essential value of IT

Resource Management

It’s about the optimal investment and proper management of IT resources.

Risk Management

Establishing formal risk acceptance criteria that puts some severity around how IT measures, accepts, manages and reports risk approach.

Performance Measurement

Tracks and monitors strategic implementation, project completion, resource usage, process performance and service delivery.

IT Governance is not a one –time exercise or something achieved by a mandate or setting of rules. It requires a commitment from the top of the organization to install a better way of dealing with the management and control of IT. IT Governance is an ongoing activity that requires a continuous improvement mentality and sensitivity to the fast-changing IT environment. IT Governance can be integrated within a wider Enterprise Governance approach and support the increasing legal and regulatory requirements of corporate Governance.

Plan of action

IT Governance should guarantee the esteem commitment of an association’s IT to its general business technique. Because of different possibility factors, for example, authoritative structure or organization measure, models for IT Governance can’t be off-the shelf arrangements, however must be intended for each organization exclusively. While there have been various logical commitments managing the way and degree possibility factors influence associations’ IT, just restricted research is accessible exploring the effect of hierarchical change on the foundation of particular IT Governance models.

An association as a rule chooses a managing body to supervise an administration plan and its procedures and methods by guaranteeing that every single authoritative structure are set up for information exactness and security. A powerful administration plan streamlines IT arranging.

Forrester Research prescribes the accompanying way to deal with IT arranging:

•         Planning instruments: Provide endeavor organizers with access to programming application information stock, including information identified with costs, life cycles and end clients.

•         Capability maps: Produce guides by connecting IT abilities to basic IT-bolstered business forms.

•         Gap examination apparatuses: Capture information identified with future business abilities managed by business systems for the recognizable proof of regions requiring IT capacity advancement, enhancement or decrease.

•         Modeling and examination apparatuses: Create fluctuated designs and gauge aces, cons and dangers to encourage clear IT correspondence and comprehensive arranging.

•         Reporting apparatuses: Report arranging group results, for example, distinguished programming applications with excess abilities, to legitimize IT choices.

Activity Planning:

A center group was set up to redevelop the IT Governance model and plan its acknowledgment. Individuals from the center group were the creator of this paper, the leader of the SSC IT, and the leaders of the SSC IT system and SSC IT activities gatherings. A start for the IT Governance display was to make utilization of acknowledged industry measures and of “best practices” from different organizations. In an initial step it was settled upon the authoritative extent of the IT Governance display, containing coordinated effort between the lines of business and the corporate focus, between the SSC IT and the corporate focus, and between the SSC IT and the lines of business. Cooperation with outer accomplices was not thought about amid this period of the task. The hierarchical extent of the IT Governance show is outlined in Figure 1. In a second step, the jobs to be associated with the procedure were recognized. The rundown of jobs included:

The lines of business:

CIOs, the line administrators of the CIOs, application chiefs, innovation directors, and advancement supervisors.

Corporate focus: leader of every single shared administration who likewise held the job of the Group CIO; obtainment division; HR administration; account directors of shared administrations for business lines.

Individuals from the IT Strategy Committee were the line directors of the three divisional CIOs and the Group CIO. It was essentially accountable for adjusting the IT to the organization’s business methodology.

The IT Steering Committee comprised of the Group CIO, the CIOs from the lines of business and also of agents from the SSC IT, in particular the leader of the SSC IT and the heads of SSC IT methodology and tasks. demonstrates the workshop timetable including members from different authoritative units and real outcomes. The establishment for the move making stage was a workshop arrangement comprising of both entire workshops with every single included partner thus called “one on one” workshops with the distinctive lines of business. Figure 4: Decision Areas Covered by the IT Governance Model The principal form of the IT Governance demonstrate was the beginning stage for the primary assessment cycle directed in July 2006. In different entire day sessions, the status of the IT Governance demonstrate was introduced to the divisional CIOs. The creator of this paper strolled them through the distinctive choice zones and the proposed allotment of duties. The model was talked about and remarks from the CIOs recorded. On the finishing of the principal assessment cycle, the creator of this paper had a rundown of input remarks on the primary variant of the IT Governance display. The center group took up on the rundown when building up the second model variant consolidating the remarks into the model. The center group experienced that the greater part of remarks could without much of a stretch be reflected in the model. Be that as it may, various remarks prompted clashes. Those were recorded by the center group for later goals by the IT Steering Committee.

Business processes & IT compliance Factors


Now a day, monitoring the compliance of business processes with significant guidelines, restrictions, and rulebooks while runtime has turned out as main issue in practice. Monitoring not only meant for endless detecting of potential compliance deviations, but also embraces the capability to offer a proper response to foresee potential compliance deviations. Usually, compliance necessity on business processes related from various sources like laws, protocols, or guiding principle that are frequently accessible on public platforms. The main job headed for compliance monitoring is the analysis of these necessities as compliance goals and the successive description of compliance guidelines or procedures. Specific compliance procedures would be substantiated over the course of completing tasks. The outcomes of compliance monitoring can be analyzed and conveyed back to users in several ways, stretching from warnings on violations to precise comments on causes for violations, or even the expectation of potential and obvious prospect violations (L.T. Ly et al, 2015).

Find Out How UKEssays.com Can Help You!

Our academic experts are ready and waiting to assist with any writing project you may have. From simple essay plans, through to full dissertations, you can guarantee we have a service perfectly matched to your needs.

View our services

For instance, The Sarbanes-Oxley (SOX) Act presents a different set of requirements into software development. Companies must evaluate their core monitoring efficiency for business processes to be in compliance with the act. SOX is one of the best comprehensive act since the securities and Exchange Act of 1934 with key concerns for ethics in business governance, and thus with direct effects on information technology (IT) governance. SOX bought innovative ethics for corporate liability by wanting corporations to evaluate and report the efficiency of internal controls and procedures for financial reporting (Sushma Mishra & Heinz Roland Weistroffer, 2007).

Combination of risk managing, and administration control is evolving as major part in the wake of the Sarbanes-Oxley Act and with constant growth of structures such as the Enterprise Risk Management (ERM) system from the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Relying on an inclusive practical method using interviews with managers involved in risk management and core control tasks, finds three major parts that now have management responsiveness. These are business process risk management, compliance management and internal control development (Rikhardsson, Pall et al, 2006).

Business process re-engineering is not an unknown word to the business world .it has become a most popular process management tool this business sector and attracted great attention from manufacturers practitioners and most companies are still looking for the method to better manage for their Business to get success. Business systems are made up of processes and collection of activities of the result in an output. When the process becomes old and inefficient and can’t deliver the result they must be replaced. The study of critical literature analysis to investigate and focus on the development of process application concept and its outcome to the industrial setup for service giving and manufacturing according to their business requirements (T.W.Liao, P.J. Egbelu, B.R. Sarker,&S.S. Leu, 2000).

The business process has been widely recognized within the academic community. It is largely implemented in wide organizations for business development for documentation design automation and highly performance improvement according to business needs which gives more workflow management document to manage business software for business rules for supports the modeling analysis execution and tracking the business processes. While the big advantages for business process and organizations are clear and high risks of implementation failure have been found out by business experts are many studies for success factors (Vom Brocke, J Zelt & Schmiedel,T, 2016).

There are many factors and ways for business processes can be improved in this resource allocation and improve the existing by adding new ones in terms of key performance indicators. In order to show the success and applicability of the validation of the current process and electronic invoicing and document processing for the business requirement according to business owners and the main role is BRD and FRD which give the model to accomplish all scenarios and ranges to optimize the business. The presented approach is validated with the current process of improvement for the resource. There are much worldwide organization is using the process to accomplish their project (Attaran, M, 2004).


The awareness of compliance problems is growing, yet the action to improve compliance is ungraceful and unsystematic. Enhancing regulatory compliance requires expanded consideration regarding all components of the chain of activities– from issue definition to compliance monitoring. Those included all through the way toward process of developing and enforcing regulations need to be aware of the interdependent nature of their actions, and the need for consistency and coordination. Bringing about compliance-friendly regulation requires an incorporated strategy. The challenge and risk for governments is not only in developing regulations. But also, all policy implementation, is to push toward more objective-oriented policies. Regulatory drafting, implementation, monitoring, and enforcement should be designed to maximize the potential for target groups to achieve substantive policy objectives. The key component in IT governance is the arrangement of the business and IT to prompt the accomplishment of business value. This high-level objective can be accomplished by recognizing IT governance as a piece of enterprise governance and by setting up an IT governance system with best practices. Such a system and practices ought to be made out of an assortment of structures, forms and relational components.


  • Alder A. IT Governance: Guidelines for Directors. Vol Version 1.2. Ely, U.K.: IT Governance Publishing; 2005. Retrieved from http://0-search.ebscohost.com.library.acaweb.org/login.aspx?direct=true&AuthType=ip,cpid,url&custid=s4338230&db=nlebk&AN=391097.
  • Ansell, C., and A. Gash, November 13, 2007, Collaborative Governance in Theory and Practice, Journal of Public Administration Research and Theory.
  • Attaran, M. (2004). Exploring the relationship between information technology and business process reengineering. Information & Management, 41 (5), 585-596.
  • Bekiaris, Michail G., Kutsikos, Konstadinos.(2007) Perspectives and Challenges for  IT GovernanceRetrieved from https://www.researchgate.net/publication/268430866_Perspectives_and_Challenges_for_IT_Governance
  • Brisebois, R., G. Boyd, and Z. Shadid, August 2007, Canada – What is IT Governance? And Why Is It Important for the IS Auditor, The IntoSAI IT Journal, No. 25, pp. 30–35.
  • Calder A, Watkins S. IT Governance: A Manager’s Guide to Data Security and BS 7799/ISO 17799. Vol 3rd ed. London: Kogan Page; 2005. Retrieved from http://Search.ebscohost.com.library.acaweb.org/login.aspx?direct=true&AuthType=ip,cpid,url&custid=s4338230&db=nlebk&AN=137393.
  • Calder, A. (2007). IT Governance: A Pocket Guide. City of Ely [England]: IT Governance Publishing. Retrieved from http://0-search.ebscohost.com.library.acaweb.org/login.aspx?direct=true&AuthType=ip,cpid,url&custid=s4338230&db=nlebk&AN=391139.
  • Calder A, Watkins S. IT Governance: A Manager’s Guide to Data Security and ISO 27001/ISO 27002. Vol 4th ed. London: Kogan Page; 2008.  Retrieved fromhttp://0-search.ebscohost.com.library.acaweb.org/login.aspx?direct=true&AuthType=ip,cpid,url&custid=s4338230&db=nlebk&AN=224380. Accessed.
  • Calder A, Moir S. IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT. Ely, UK: IT Governance Publishing; 2009. Retrieved from http://0-search.ebscohost.com.library.acaweb.org/login.aspx?direct=true&AuthType=ip,cpid,url&custid=s4338230&db=nlebk&AN=391099.
  • Fink, K., and C. Ploder, January 2008, Decision support framework for the implementation of IT-governance,” Hawaii International Conference on System Sciences, pp. 432–441.
  • Griffith, S. J., & Baxter Jr, T. C. (2016). The Changing Face of Corporate Compliance and Corporate Governance. Fordham Journal of Corporate & Financial Law, 21(1),, 1.
  • Linh Thao Ly, Fabrizio Maria Maggi, Marco Montali, Stefanie Rinderle-Ma, Wil M.P. van der Aalst (2015). Compliance monitoring in business processes: Functionalities, application, and tool-support. Information Systems 54 (2015) 209–234.


  • Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.
  • Rikhardsson, Pall & Best, Peter J & Green, Peter & Rosemann, Michael (2006). Business Process Risk Management and Internal Control: A proposed Research Agenda in the context of Compliance and ERP systems. In Proceedings Second Asia/Pacific Research Symposium on Accounting Information Systems, Melbourne.
  • Sushma Mishra & Heinz Roland Weistroffer (2007). A Framework for Integrating Sarbanes-Oxley Compliance into the Systems Development Process. Communications of the Association for Information Systems (Volume 20, 2007) 712- 727.
  • T.W.Liao, P.J. Egbelu, B.R. Sarker,&S.S. Leu (2000).Metaheuristics for project and construction management – A state-of-theart review,” Automation in Construction, vol. 20, no. 5, pp. 49.
  • Van Grembergen, W., & De Haes, S. (2017). Introduction to IT Governance and Its Mechanisms Minitrack. In Proceedings of the 50th Hawaii International Conference on System Sciences.
  • Vom Brocke, J Zelt & Schmiedel,T (2016). On the role of context in business process management. International Journal of Information Management 36(3), 486-495.


Cite This Work

To export a reference to this article please select a referencing stye below:

Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.

Related Services

View all

DMCA / Removal Request

If you are the original writer of this essay and no longer wish to have your work published on UKEssays.com then please: