Welcome to The World Of
 
   TMM International Home : Mypage
TMM India Home : Mypage  

:: Back 2 School
Finance
Human Resources
Information Technology
Manufacturing
Marketing
Strategic Management
 


Information Systems Auditing

Introduction

Today, organisations are adapting to the technological changes in order to survive competition. They are adopting technology for different reasons, such as to seek competitive advantage, to achieve operational excellence and sometimes to network their different branches. This increases their operational efficiency. Application of technology by the organisation gives rise to many risks, which may be detrimental to the business. Thus, there is a need for Information System Auditing (ISA).

Information System Auditing – Explained

Information Systems Auditing involves using technical tools and expertise to evaluate the adequacy and effectiveness of Information Systems in an organisation. Further, it involves working with management to identify weak controls and risk, which arises due to the application of technology in a business. It also suggests ways to enhance these weak controls to increase the reliability of IS, which will help an organisation to achieve its strategic objectives.

Three elements in ISA that evaluate the reliability of a particular system are--

  • Exposures: These refer to the adverse affects that an organisation may encounter by using IS. Examples of exposures are business interruption, fraud, embezzlement, and so on. It is measured as the financial effect of any cause multiplied by the probable frequency of its occurrence.
  • Causes: They are the activities that adversely affect a business. A cause usually precedes exposure; a cause may generate more than one type of exposures.
  • Controls: They act upon causes in order to reduce exposures. They tend to reduce/eliminate the causes that lead to exposures rather than directly affecting the exposure. Controls are of different types:

i) Preventive controls

ii) Detective controls

iii) Corrective controls

Example:

Exposure—Destruction that fire may cause

Preventive Control—Inspection

Detective Control—Fire Alarm

Corrective controls—Fire extinguisher and sprinklers.

IS Auditing Methodology

Step 1: Define objectives of the audit.

Step 2: Obtain basic understanding of systems and flow of transactions.

Step 3: Detailed information gathering.

Step 4: Search for exposures that exist under the system and suggest the control to eliminate that exposure

Step 5: Define Auditing procedures to verify controls.

Step 6: Perform audit tests using various techniques and tools.

Step 7: Evaluation of findings.

Step 8: Generation of Report.

 

Introduction  |  Contents   |  Top

Feedback or Comments?

Designed and Maintained by C & K Management Limited

© Copyright 2003 C & K Management Limited