Communications of the IIMA


The increasing complexity of information technology, attacks on confidential information, and the passing of new laws and regulations have shifted the focus around internal controls in organizations. Particularly, general information technology controls related to change management (i.e., system change controls) are critical in ensuring the integrity, completeness, and reliability of financial information. The literature points to various evaluation methods for these controls to determine which ones to implement. However, these methods do not necessarily consider relevant organization constraints, preventing the inclusion of required controls or the exclusion of unnecessary controls. This paper proposes a novel approach, using Desirability Functions, for evaluating system change controls providing management with a measurement that is representative of the overall quality of each control based solely on organizational goals and objectives. Through a case assessment, the approach is proven successful in providing a way for measuring the quality of system change controls in organizations.