A Framework for Including Sustainability in IS Audit

The information systems (IS) audit in public sector organisations is generally conducted to provide assurance about the effectiveness of IS controls, processes, resources, operations, and value for money in the IS investment. Public sector organisations are being confronted with various new demands from businesses, the public and other stakeholders because of the high level of IS investment, which takes long to complete and involves uncertainty of performance. This research argues that the current IS audit practice does not take a broad enough view in assessing the overall system. Hence, it is particularly challenging for an IS auditor not only to identify how well the IS supports the overall business objectives, but also to justify the continuity of IS operation and to produce an effective IS audit report. There have been several cases in which IS were unsuccessful and did not perform as the users expected. Due to the current IS audit practice, IS auditors are unable to recognise any inherent limitations that may exist in the design, development and implementation of application systems that will impact on the organisation’s objectives and operational activities. Sustainability is a relevant and practical way to deal with limitations found in IS audit practice. Sustainability is future oriented and concerned with holistic and integrated systems consisting of humans, nature, social and technology infrastructure.
This research is conducted with the goal of incorporating sustainability within the IS audit framework as a strategy to minimise IS control risk, to reduce inherent risks faced by the IS auditors and to produce effective IS audit reports. This research found that the proposed framework known as the Sustainability Driven Information System Audit (SISA) is an appropriate alternative that can overcome these shortcomings, and effectively address risks associated with IS controls. SISA is also considered to reduce uncertainties in decision making by reviewing results, processes and input. It facilitates coordination and communication to produce an audit report that provides effective value to the key stakeholders and the public. This research also studies the appropriate method for IS auditors to make audit judgements, particularly in measuring IS controls. The applicability of the SISA framework to a real case study has been found to be very promising. The result showed that a systematic and numerical approach is suitable for prioritising audit criteria and in order to emphasise the key areas of concern for the audit purpose. The results indicate that the sustainability approach is a practical and reasonable method that can be employed at any public sector organisation. This research contributes theoretically, methodologically and practically to the IS audit body of knowledge.