Risk and Compliance Management Framework for Outsourced Global Software Development

Author

Magnusson, Christer ; Chou, Sung-Chun

Author_Institution

Dept. of Comput. & Syst. Sci., Stockholm Univ., Stockholm, Sweden

fYear

2010

fDate

23-26 Aug. 2010

Firstpage

228

Lastpage

233

Abstract

After the U.S. Congress enacted the Sarbanes-Oxley Act, the need to guarantee transparency to companies´ stakeholders increased substantially. To become SOX compliant, companies are required to base their Corporate Governance on a suitable internal control framework; companies shall provide transparency, accountability and control to the different stakeholders. Financial applications and ERP-systems are critical in this process; if they fail, corporate governance will fail as well. This paper provides a Risk and Compliance Management framework for outsourced GSD of financial applications and ERP-systems. The challenge is to integrate COSO-ERM, ISO 20000 and ISO 27001. We have addressed this challenge by extending the SABSA model to incorporate the integration of these standards. As a result, the framework clarifies the responsibilities of customers and outsourcing companies, thereby providing efficient risk and compliance management.

Keywords

enterprise resource planning; financial data processing; risk management; software engineering; ERP-systems; SOX compliant; compliance management framework; financial applications; outsourced global software development; risk management framework; Companies; Computer architecture; ISO standards; Risk management; Security; Software; COSO-ERM; Compliance; Global Software Development; ISO 20000; ISO 27001; Risk Management; SABSA; SOX;

fLanguage

English

Publisher

ieee

Conference_Titel

Global Software Engineering (ICGSE), 2010 5th IEEE International Conference on

Conference_Location

Princeton, NJ

Print_ISBN

978-1-4244-7619-0

Electronic_ISBN

978-1-4244-7620-6

Type

conf

DOI

10.1109/ICGSE.2010.34

Filename

5581513