THE IMPACT OF INFORMATION SYSTEMS ON BUSINESS OPERATIONS IN SERBIA

In this study, the authors examine the effects of control and audit of information systems on the performance and efficiency of business operations in Serbian companies. IT management is necessary in order to ensure that IT investments have a direct impact on value, and that they reduce IT-related risks. The research involved IT directors or persons responsible for the management of information technology, internal audit directors, auditors and IT auditors, executives and middle managers who use IT services in the sampled companies. The results show that the contribution of IT business improvement is recognized as an asset and investment that creates added value.


INTRODUCTION
e discipline of corporate governance of information technology has been known since 1993, as a descendant of corporate governance.e discipline chie y examined the link between strategic objectives and IT management organization.Among others, one of its main roles is to emphasize the importance of issues related to IT in modern organizations.At the same time, the discipline of corporate governance of information technology states that strategic IT decisions should be made by the board of directors instead of IT service directors or other IT managers.
Upon the failure that Enron experienced (Petrache, 2009) in 2000 and problems in Arthur Andersen (Edelman et al., 2011) and WorldCom (Kuhn, 2006), the roles of auditors, as well as the boards of directors in the public and private sector were brought into question.In response to this, and in order to prevent similar things, the Sarbanes-Oxley Law was created to highlight the signi cance of job control and audit.Even though there is not a direct relationship between them and IT governance, the Sarbanes-Oxley Law (in the US) and Basel II (in Europe) have largely contributed to the progress in the eld of IT management since the early 2000s.
ere exist narrow and broader de nitions of IT management governance: ◆ IT governance is an activity for which executives and the board of directors are responsible; it includes leadership, as well as organizational structures and many other complex processes that provide support to IT departments, which would further have positive e ects on the organization's strategies and objectives (ITGI, 2007).◆ IT governance could also be described as the process of establishing rights in decision-making and accountability; in this way, the wanted behavior, in terms of the use of information technology, is enabled (Weill et al., 2004) development and maintenance of e ective IT control and accountability, as well as performance and risk management (Webb et al., 2006).◆ Van Grembergen and De Haes examine corporate governance of IT and state that it is an essential part of corporate governance, the task of which is to de ne and employ all the processes that would enable both business and IT people to conduct their activities in business support (De Hacs et al., 2009).In the time frame of a couple of decades, various frameworks have been made and suggested to support IT governance implementation.Cobit is one of them, a framework based on the most successful practices, which focuses on the processes of IT organizations and the ways in which their performance could be approached and supervised.
e main objectives of IT management are: ◆ To ensure that investments in IT determine business value, ◆ To reduce risks related to information technology. is could be achieved if an organizational structure with clear-cut roles concerning duties related to information, business processes, applications, infrastructure, etc. is implemented.It is worth noting that accountability represents the biggest problem for IT management.IT Infrastructure Library (ITIL) illustrates the best practices from the scope of both service management and delivery, but it does not include or emphasize the strategic e ects of IT or the relationship between IT and business.Standard Information Security ISO/IEC 27002 (formerly ISO/IEC 17799) is usually mentioned in the context of IT management.It includes (but is not limited to) the guidelines related to IT risk management, the problems of separation, division of responsibilities, separation of duties etc. Weill and Ross (2004) have introduced a framework based on several questions.It is used for mapping tasks at the highest level of IT competencies in 250 companies around the world, but it cannot be used for a detailed assessment of IT governance (Simonsson et al. 2005).

NECESSITY OF IT GOVERNANCE
IT governance is needed to ensure that IT investments generate value and mitigate IT risks, thus avoiding failure.IT is important for the success of an organization -e ective and e cient delivery of services and goods -especially if IT is designed to introduce organizational change.is process of change, which is commonly named "business transformation", is the main driver of new business models in both private and public sector.Business transformation can provide many bene ts, but it also carries numerous risks that could disrupt operations and have unintended consequences.e dilemma is about how to balance the risks and bene ts when using IT to facilitate organizational change.
Despite the e orts done by so ware industry to identify and adopt best practices in development of IT projects, there is still a high level of failure and missed targets.Most of IT projects do not meet the organization's goals.
Good practice would be the implementation of a framework for the e ective management, with clearly stated roles of IT auditors and other participants within the chain.at framework would ensure that IT investments are coordinated and employed in compliance with the objectives and strategy of the company; otherwise, IT projects are likely to fail.However, many organizations do not take the importance of IT governance into consideration.ey frequently decide to start IT projects without a full understanding of what the expectations of the organization concerning the project are, and in what way, the project is linked to the organization's goals.
Another good practice for IT governance is identi cation of organizational goals.It is usually the case that senior managers perceive IT projects from the perspective of set goals and their ful llment.Anyhow, this is not an e cient and effective perspective, since it stems directly from the lack of technical knowledge related to the complexity of these projects; furthermore, such managers could be unfairly blamed for the lack of e ciency caused by the failure of organizations to integrate the goals of IT projects with the overall objectives of the organization.
To achieve success, it is advisable for organizations to consider some factors, which could lead to the best practice: high-level framework, independent con rmation of quality, resource management, risk management, strategic alignment, obtaining value, performance management reporting (Brischois et al., 2008): ◆ High-level framework -this incorporates a de nition of leadership, as well as the accompanying processes related to information requests and organizational structures -it ensures the compliance with general IT investment strategies, maximizing the use of available IT opportunities.◆ Independent con rmation of the quality -is represented in the form of internal or external audit (or review) and could provide prompt feedback on compliance with not only IT policies, but also the standards, procedures and general objectives of the organization.e audits must be conducted in an impartial and objective manner in order to provide a realistic assessment of the managers of audited IT projects.◆ Resource management performs regular assessment that ensures that there are enough resources and that they are competent and e cient to meet the requirements of the organization.◆ Risk management is built into the competence of the organization and ensures that the organization and IT regularly assess and report on the risks associated with IT and their impact on the organization.
◆ Strategic alignment -this is an agreement between the organization's management and IT sector which allows the board of directors and senior managers to understand the strategic IT issues.IT strategy of the organization demonstrates insight into technology and its capabilities, and ensures that IT investments are aligned with the overall strategy of the organization, maximizing the use of IT opportunities.
◆ Obtaining value -this demonstrates the bene ts that could be obtained from any IT investment.Such investments should always be worthwhile for the organization and guided by the needs of investing entity.
◆ Performance management reporting, which included precise, prompt and relevant portfolio, program and reporting of IT projects senior managers, provides a detailed review of progress towards the goals identied within IT projects.rough this review, the organization can evaluate IT performance in terms of what has been achieved, and what should be changed in the future.Performance measurement is a very good way to obtain the data necessary for performance management reporting.

RESULTS AND DISCUSSION
e study is aimed at investigating the e ects of control and audit of information systems on the performance and e ciency of business operations in Serbian companies.In order to achieve the highest possible representativeness of the sample, the survey included companies of various types, ownership structure, size, and numerous business areas.e rst group included IT managers or persons responsible for the management of information technology, internal audit directors, auditors and IT auditors.e second group included executives and middle managers who use IT services in the observed companies.
As shown in Figure 1, the majority of respondents believe that IT is very important (70.33%) or important (25.27%) to achieve the overall business strategy.ereby, there is no signi cant misbalance in the answers between the rst and the second group: 72.92% of the group I compared to 67.44% of the group II believes that IT is very important, while 27.08% of the group I compared to 23.26% of the group I believes that IT is important.erefore, we can conclude that the strategic importance of IT in modern business and business development is widely recognized in the companies in the Republic of Serbia.
In addition, the research showed that it is more likely that IT is considered as very important or important to achieve business strategies for companies the respondents of which indicated that IT plays a proactive role (helping businesses to innovate and achieve strategic goals) than for companies the respondents of which indicated the role as a reactive (responding to business needs, IT is technically focused towards maintaining active and available environment).
Research has shown that the contribution of IT business improvement is recognized as an asset and investment that creates new business value.IT is generally understood and seen as a major contribution to business.e claim that IT investments create value for the business is fully supported by 71% of respondents, while 80% of respondents fully agree that IT enables rapid business changes.Inability to react to business changes can o en be attributed to problems and slow changes in the company's IT infrastructure.is encourages many companies to deal with the launch of initiatives and continuous a rmation of corporate IT governance.
Table 1 shows the entire distribution of answers.In most dimensions, IT responses are generally positive (coming from colleagues in the eld of their respective businesses).e most striking di erence can be seen for the statement "IT supports business strategy" where about 90% of IT respondents fully or partially agreed with the statement, while fewer (75%) business respondents held the same point of view.
Graph 1. e importance of IT systems in companies It is also interesting to note that in matters relating to the level of IT services that meet business needs, positive outlook is re ected among the companies that are outsourcing IT services -unlike those that do not do that.

CONCLUSION
Information systems play a very important role in the daily operations and management of companies.Accordingly, companies in Serbia, especially those that are entirely or predominantly foreign-owned, invest signi cant resources (money, time, personnel) in information systems to improve the e ectiveness and e ciency of their business, as well as to be competitive and achieve a competitive advantage and have a better image.In addition to signi cant bene ts, the use of information technology can expose the company to some risk.For instance, a small company engaged in the development and online sales of mobile phone applications is exposed to numerous IT-related risks, primarily data security and privacy issues, IT infrastructure stability, employees' social media usage etc.

Table 1 .
e role of IT in business operations Apstrakt: