balanced scorecard and is auditing
TRANSCRIPT
BOOKS REVIEWED:
Smith, Ralph, 2007, BusinessProcess Management and theBalanced Scorecard: UsingProcesses as Strategic Drivers(Hoboken, NJ: Wiley).
Cascarino, Richard, 2007,Auditor’s Guide to InformationSystems Auditing (Hoboken, NJ:Wiley).
The first book reviewedaddresses developing a balancedscorecard approach to managefundamental processes toimprove strategic performance ofa company. The second booktakes a more specializedapproach by focusing on infor-mation systems auditing.
BUSINESS PROCESSMANAGEMENT AND THEBALANCED SCORECARD:USING PROCESSES ASSTRATEGIC DRIVERS
Boosting productivity andmaximizing resources are essen-tial elements of succeeding intoday’s competitive landscape. Abalanced scorecard can be aneffective tool for strategic suc-cess in a changing environment.
Ralph Smith provides an easy-to-understand, step-by-step guideto help managers identify funda-mental processes that eitherdrive or hinder the strategic per-formance of their company.Important lessons include how touse business processes for a rad-ical transformation of a com-pany’s business, integratingprocesses into business strategy,and how to make the scorecard akey component of managementprocesses.
Key takeaways of the bookare:
Current trends such as workforcemobility, changing customerexpectations, and the increas-ing speed of business cyclesexacerbate the importance ofprocess as a component ofsuccess.
Process excellence has becomean integral part of manage-ment thinking and planningfor successful organizations.This is evidenced by the evo-lution of such managerialnotions as continuousimprovement, reengineering,and process-based organiza-tional design and excellence.
A good vision statement isessential for a management
team to arrive at the desiredfuture state.
Strategic assessment requires alarge process component.
Strategy maps provide one-pageillustrations of criticalprocesses and the financialresults improvements in theseprocesses can provide.
The balanced scorecard is a use-ful tool to help monitor strat-egy effectiveness and makecourse corrections betweenstrategic planning processes.
Each of the six key mes-sages are covered in one of thesix chapters of the 220-page text.For example, Smith providesmanagers with considerableguidance developing vision andmission statements. Those of uswho have spent one endless dayafter another with colleagues tofacilitate development of theperfect vision statement willappreciate Smith’s approach tomore quickly identify key com-ponents and reduce them to astatement that clarifies where acompany wants to go.
Similarly, Smith providesguidance for developing strategymaps for identifications ofstrengths, weaknesses, opportu-nities, and threats related to
85
© 2007 Wiley Periodicals, Inc.Published online in Wiley InterScience (www.interscience.wiley.com).DOI 10.1002/jcaf.20343
Balanced Scorecard and IS Auditing
David Cannon, Joseph H. Godwin, and Stephen R. Goldberg
bo
ok r
evi
ew
jcaf_1005.qxp 8/18/07 2:33 AM Page 85
all-important processes as wellas finance, customers, technol-ogy, and people. This ensuresthat the correct themes havebeen identified, that they fittogether cohesively, and that allstakeholders understand thedirection of the enterprise. Suchan understanding is critical fordevelopment and use of thescorecard.
Smith provides considerableguidance in one chapter that canease development and use of thebalanced scorecard. A key objec-tive is to identify and prioritizemeasures for the scorecard. Thisinvolves identification of possi-ble key measures and rankingthem based on their relevanceand ease of collection. Smith’sguidance leaves readers with aclear understanding of the score-card and considerable ability toset about the task of implement-ing its use. As a result, this textfills the gap between theory andpractice and will enable man-agers to begin to use processesas a weapon for deliveringworld-class performance.
AUDITOR’S GUIDE TOINFORMATION SYSTEMSAUDITING
The Sarbanes-Oxley Act andbudgetary pressures haveresulted in a heightened attentionto information technology gover-nance and, in particular, concernfor the integrity of informationtechnology-based organizationalprocesses. Accordingly, the roleof the information systems audi-tor has increased significantly inrecent years. Cascarino’s Audi-
tor’s Guide to Information Sys-tems Auditing is a timely andcomprehensive reference andtextbook describing the nuancesof the information systems audit-ing function that may be used bypracticing internal and externalauditors, information technologyprofessionals, and others to learnthe role and craft of the informa-tion systems auditor.
In today’s environment, sig-nificant financial transactionsare routinely initiated andrecorded by real-time automatedprocesses without human inter-action. The identification ofrisks and evaluation of controlsin these processes often requirespecialized knowledge beyondthat held by the typical financialor operational auditor.
The comprehensiveness ofthis book is remarkable and oneof its major attributes. The firstsix parts of the book are organ-ized around the job practiceareas for an IS auditor identifiedby the Information SystemsAudit and Control Association,and on which the CertifiedInformation Systems Auditor(CISA) exam is based. The sev-enth part of the book coversadvanced IS auditing topics,such as auditing e-commerceand dealing with hackers andfraudsters.
This book serves as a refer-ence for those who wish tounderstand this specialized auditenvironment or as a self-studytextbook from which the founda-tional knowledge of IS auditingmay be learned. It also providesexcellent general preparation forindividuals planning to sit for the
CISA and Certified InformationSystems Manager (CISM)exams. However, candidates forthese exams should supplementthis book with materials that pro-vide more in-depth coverage oftechnical areas such as networks,hardware, and emerging tech-nologies such as radio frequencyidentification (RFID) tags. Inci-dentally, this is not a criticism ofCascarino’s work. Similar booksthat emphasize specific technolo-gies become quickly obsolete astechnologies are displaced or fallinto disfavor.
In addition to the book’s 36chapters organized into sevenparts, there are five appendicesand a CD containing the studentversion of a general audit soft-ware package, the IDEA DataAnalysis software. The firstappendix discusses publishedethics and standards for IS audit-ing, while the remaining appen-dices contain examples of auditprograms.
Cascarino’s Auditor’s Guidehas the clarity and organizationof a well-written textbook, andits content is at the “perfect”level for the professional auditoror information technology pro-fessional who wishes to developexpertise in IS auditing.
Auditor’s Guide to Informa-tion Systems Auditing is highlyrecommended for such individu-als and anyone with an interestin IS auditing. In fact, webelieve that this book has thepotential to become a standardreference work in the auditliterature and should be in thecollection of every audit shop’sprofessional library.
86 The Journal of Corporate Accounting & Finance / September/October 2007
DOI 10.1002/jcaf © 2007 Wiley Periodicals, Inc.
jcaf_1005.qxp 8/18/07 2:33 AM Page 86
The Journal of Corporate Accounting & Finance / September/October 2007 87
© 2007 Wiley Periodicals, Inc. DOI 10.1002/jcaf
David Cannon, PhD, CPA, CISA, is an assistant professor at Grand Valley State University. Dr. Cannon’steaching interests are in accounting information systems, management information systems, and mana-gerial accounting. His research areas include accounting information systems and methodological issuesin accounting research. Joseph H. Godwin, PhD, CPA, and Stephen R. Goldberg, PhD, CPA, are profes-sors of accounting at Grand Valley State University. Their teaching and research interests focus on finan-cial accounting, international accounting, financial derivatives, and economic value added. They have pub-lished articles in a number of academic and practitioner-oriented journals.
jcaf_1005.qxp 8/18/07 2:33 AM Page 87