Audit and Assurance of Information Systems and Business Processes: A Foundation for Providing Sound Governance Decision Making

摘要

The production of reliable information from information systems and business processes is a cornerstone of sound governance. This case study describes a business-critical implementation programme, ranked amongst the top 12 organisational risks for Nokia's Nokia Research Center (NRC) in 2004. The functionality, reliability and business benefit to be derived from the systems and business processes were of top priority. The programme delivered six systems into production during 2004 and 2005. Because the systems contained and processed critical financial data, this audit and assurance project was connected to the corporate Sarbanes-Oxley project. As with most international organisations, Nokia has a large number of individual Sarbanes-Oxley projects for the overall Sarbanes-Oxley programme. The programme expected the systems implementation project to comply with enterprise quality and control standards.