The document discusses planning and controlling the management information systems (MIS) audit function. It covers topics like:
1. Planning the MIS audit function involves determining requirements, implementing frameworks like Zachman and using tools like strategic importance grids for portfolio analysis.
2. Controlling the MIS audit function involves cost-benefit analysis of project options, software acquisition planning, and organizing the audit team through activity and decision analysis.
3. Key frameworks for MIS audit include COBIT for controls, risk-based audit frameworks for assessing risks, and project management disciplines for successful system delivery.
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Sreekanth Narendran
The full version of the ppt is available in www.lifein01.com
Systems development is the procedure of defining, designing, testing, and implementing a new software application or program. It comprises of the internal development of customized systems, the establishment of database systems or the attainment of the third-party developed software.
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Sreekanth Narendran
Visit www.lifein01.com for more chapters and summary of each chapters.
Top management must determine the implications of the hardware and software technology changes that support information systems function and the organization. Auditors can evaluate top management by examining how well the senior management performs four major functions: Planning: Determining the goals of the information systems function and means of achieving these goals. Organizing: Gathering, allocating, coordinating the resources needed to accomplish the goals. Leading: Motivating, guiding and communicating with personnel.
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Sreekanth Narendran
The full version of the ppt is available in www.lifein01.com
Systems development is the procedure of defining, designing, testing, and implementing a new software application or program. It comprises of the internal development of customized systems, the establishment of database systems or the attainment of the third-party developed software.
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Sreekanth Narendran
Visit www.lifein01.com for more chapters and summary of each chapters.
Top management must determine the implications of the hardware and software technology changes that support information systems function and the organization. Auditors can evaluate top management by examining how well the senior management performs four major functions: Planning: Determining the goals of the information systems function and means of achieving these goals. Organizing: Gathering, allocating, coordinating the resources needed to accomplish the goals. Leading: Motivating, guiding and communicating with personnel.
Visit www.lifein01.com for presentations of all chapters.
Auditing is the process of assessment of financial, operational, strategic goals and processes in organizations to determine whether they are in compliance with the stated principles, regulatory norms, rules, and regulations.
Governance relates to management, policies, procedures, and decisions for a given area of enterprise responsibility.Hence IT related assets should be governed in way that it will of profitability to the company in order to achieve its goals and objectives.
Defining an IT Auditor,
IT Auditor Certifications & ISACA,
IT Audit Phases,
Preparing to be Audited,
How IT auditor audits an Applications,
Auditing technology for Information System.
Security and Audit Report Sign-Off—Made EasyHelpSystems
View this slideshow to learn how to get your security and audit report processes in line so that you’re ready when the auditors come calling.
Watch the recorded webinar on HelpSystems.com:
http://www.helpsystems.com/rjs/events/recorded-webinars/security-and-audit-report-approvals
Visit www.lifein01.com for presentations of all chapters.
Auditing is the process of assessment of financial, operational, strategic goals and processes in organizations to determine whether they are in compliance with the stated principles, regulatory norms, rules, and regulations.
Governance relates to management, policies, procedures, and decisions for a given area of enterprise responsibility.Hence IT related assets should be governed in way that it will of profitability to the company in order to achieve its goals and objectives.
Defining an IT Auditor,
IT Auditor Certifications & ISACA,
IT Audit Phases,
Preparing to be Audited,
How IT auditor audits an Applications,
Auditing technology for Information System.
Security and Audit Report Sign-Off—Made EasyHelpSystems
View this slideshow to learn how to get your security and audit report processes in line so that you’re ready when the auditors come calling.
Watch the recorded webinar on HelpSystems.com:
http://www.helpsystems.com/rjs/events/recorded-webinars/security-and-audit-report-approvals
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docxLynellBull52
· Processed on 09-Dec-2014 9:01 PM CST
· ID: 488406360
· Word Count: 1969
Similarity Index
47%
Similarity by Source
Internet Sources:
46%
Publications:
2%
Student Papers:
N/A
sources:
1
30% match (Internet from 27-Mar-2009)
http://www.isaca.org/Content/ContentGroups/Journal1/20023/The_IS_Audit_Process.htm
2
13% match (Internet from 29-Mar-2011)
http://www.scribd.com/doc/36655995/Chapter-1-the-Information-System-Audit-Process
3
2% match (publications)
Athula Ginige. "Web site auditing", Proceedings of the 14th international conference on Software engineering and knowledge engineering - SEKE 02 SEKE 02, 2002
4
1% match (Internet from 26-Feb-2012)
http://www.dc.fi.udc.es/~parapar/files/ai/The_IS_Audit_Process_isaca_sayana.pdf
5
1% match (Internet from 01-Apr-2009)
http://www.idkk.gov.tr/web/guest/it_audit_manual_isaca
paper text:
Running head: AUDITING INFORMATION SYSTEMS PROCESS Auditing information systems process Student’s Name University Affiliation Auditing information systems 2process Information systems are the livelihood of any huge business. As in past years, computer systems do not simply record transactions of business, but essentially drive the main business procedures of the enterprise. In such a situation, superior management and business managers do have worries concerning information systems. Auditing is a methodical process by which a proficient, independent person impartially obtains and assesses evidence concerning assertions about a financial entity or occasion for the reason of outlining an outlook about and reporting on the extent to which the contention matches to an acknowledged set of standards. Auditing of information systems is the administration controls assessment inside the communications of Information Technology. The obtained proof valuation is used to decide if systems of information are defensive assets, maintenance reliability of data, and also if they are efficiently operating in order to attain organization’s goals or objectives (Hoelzer, 2009). Auditing of Information Systems has become an essential part of business organization in both large and small business environments. This paper examines the preliminary points for carrying out and Information system audit and some of the, techniques, tools, guidelines and standards that can be employed to build, manage, and examine the review function. The Certified Information Systems Auditor (CISA) qualifications is recognized worldwide as a standard of accomplishment for those who assess, monitor, control and audit the information technology of an organization and business systems. Information Systems experts with a concern in information systems security, control and audit. At least five years of specialized information systems security, auditing and control work practice is necessary for certification. An audit contract should be present to evidently state the responsibility of the management, 2objectives for, and designation of authority to Information .
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
Honest Reviews of Tim Han LMA Course Program.pptxtimhan337
Personal development courses are widely available today, with each one promising life-changing outcomes. Tim Han’s Life Mastery Achievers (LMA) Course has drawn a lot of interest. In addition to offering my frank assessment of Success Insider’s LMA Course, this piece examines the course’s effects via a variety of Tim Han LMA course reviews and Success Insider comments.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
2. MIS
• The three components of MIS provide a more complete and focused definition, where System
suggests integration and holistic view, Information stands for processed data, and Management is
the ultimate user, the decision makers.
• Management information system can thus be analyzed as follows:
• Management covers the planning, control, and administration of the operations of a concern.
The top management handles planning; the middle management concentrates on controlling; and
the lower management is concerned with actual administration.
• Information, in MIS, means the processed data that helps the management in planning,
controlling and operations. Data means all the facts arising out of the operations of the concern.
Data is processed i.e. recorded, summarized, compared and finally presented to the management
in the form of MIS report.
• System Data is processed into information with the help of a system. A system is made up of
inputs, processing, output and feedback or control. Thus MIS means a system for processing data
in order to give proper information to the management for performing its functions
3. INTRODUCTION
• Need of MIS audit to focus on the issues of corporate governance of
IS in computerized environment and security controls to safeguard
information and IS.
• Well planned and structured audit is essential for risk management
and monitoring and control IS in any organization.
• objective is to identify risks that an organization in computerized
environment.
• evaluates adequacy of security controls and informs mgmt with
suitable conclusions and recommendations
4. • it is continuous process of evaluating control, suggest security
measures for purpose of safeguarding assets or resources,
maintaining data integrity, improve system effectiveness and system
efficiency for purpose of satisfying organization goals.
• safeguarding of assets includes protection of hardware, software,
facilities, people, data, technology, documentation and supplies.
• auditor should review physical security over the facilities, security
over systems software and adequacy of internal controls.
• Data integrity includes safeguarding of information against
unauthorized addition, deletion, modification or alteration.
• it is maintained by Accuracy, Confidentiality, Completeness, Reliability,
Efficiency.
5. AUDIT IN COMPUTERIZED ENVIRONMENT
A) understanding computerized environment:
• auditor requires following skills to understand the environment:
1. computer concepts and system design
2. functioning of accounting information system, identify new risks
3. understand how internal controls are mapped on to computers to
manage technology and business risks
4. knowledge of use of computers in audit
6. B) ACCOUNTING INFORMATION SYSTEM IN
COMPUTERIZED ENVIRONMENT
• AIS is nothing but Transaction Processing system. TPS has 3
components input, processing and output.
• IS follows the principle of garbage in- garbage out principle it is
necessary that the input to the system should be accurate, complete
and authorized for processing purpose.
• It can be achieved by automating the input. there are large no of
methods to be used for this purpose.
• COBIT(Control Objectives for IT) is internal control framework
established for IS which can be applied to AIS.
7. • To apply COBIT Framework, organization should define IS
architecture:
• frame security policies
• conduct technology risk assessment
• take steps to manage technology risks like designing appropriate audit
trails, providing security to software systems, prepare business
continuity plan, managing IS resources like data, apps and facilities,
provide assurance for IS.
• It is applicable to sales, purchase and payroll AIS by considering inputs
required, app control, processing, report generation, exception
reports, files used.
• Auditor need to collect audit evidence to understand AIS.
8. C) IMPACT OF IT ON ECONOMICS OF AUDITING
• IT impacts audit documentation, reporting, paper work.
• Auditing in computerized environment enchances skills and
knowledge of traditional auditing, IS, business technology risks.
• it also impacts auditing, audit planning, audit risk, audit tools and
techniques.
• Detection and reduction of risks can now controlled by computer
assisted tools and techniques.
• Risk based audit approach starts with preliminary review. then
followed by risk assessment
9. • under audit approach, depending upon intensity of use of IT, audit is
done through computers.
• Once approach is decided, the next step is assses general and
application controls.
• after this step, evidence is collected, evaluated and reports are
prepared using IS.
10. D) SECURITY
• IS resources are vulnerable to risks and subject financial, productivity
losses.
• security is necessary to maintain confidentiality, integrity and
availability of data, app system and other resources.
• principles of security:
• Accountability: apportionment of duties, responsibilities, and
accountability in organization
• creation of security awareness
• cost effective implementation of info security
11. • integrated efforts to implement security
• periodic assesment of security needs
• Timely implementation of security
• Types of control to implement security:
• framing and implementing security policy: physical, environmental,
logical, administrative control.
1. physical: keys, locks, biometrics
2. environmental controls
3. logical control: access controls
4. Admin control: seperation of duties, policy, procedures, standards,
disaster recovery, IS audit etc.
12. E) IS MANAGEMENT
• it includes collection and evalation of evidence to determine whether
the IS safeguard assets, maintain data integrity, achieve organizational
goals, and consume resources efficiently.
• it is divided into 4 phases:
• Management(planning and organizing)
• Implementation and deployment
• Directing and controls
• audit and monitoring
13. F) AVAILABILITY OF IS
• security serves 3 purposes: confidentiality, availability and integrity
• access controls provide confidentiality and availability
• Business continuity process and back-up procedures provides
integrity
• Disaster recovery plan puts various IS resources in place, if any
disaster occurs.
• Because of this, financial auditor gets an idea about the risks and
importance of application
14. G) DATABASE MANAGEMENT
• database provides data sharing and data independence.
• data sharing means users and apps can share data and data
independence means data is stored independent of applications.
• It makes IS secure and easy implementation.
• DB offers facilities like data dictionary, sign-in and authentication
mechanisms.
15. H) ACCESS CONTROL
• all IS requires OS and DB that have ability to control access to the data and
apps.
• OS controls access at dictionary and file systems.
• DB controls access at record and field levels.
• To ensure data integrity, it is necessary to control access to data, apps and
other resources.
• so access to these systems should be strictly limited with the help of
authetication and authorization
• Authentication allows only authorized user should access to system and
authorization allows only minimum access to authorized user.
• This can be achieved by System Administrator
• Auditors should know all these roles.
16. I) APPLICATION CONTROLS AND THEIR
FUNCTIONING
• purpose of application control is data integrity which is achieved to
ensure integrity of input, processing and output.
• Application controls are divided into: validation of input,
authorization of input, completeness of input, accuracy of input
integrity of stored data, completeness and accuracy of processing
data, restricted access to assets and data, confidentiality and
integrity of output.
• Business risks are controlled by application control.
• Application controls effectiveness can be tested either by continuous
audit or by general audit software
17. J) EVALUATION OF BUSINESS RISKS
• Business risks are controlled and managed by implementing application
controls so primary duty of auditor is to evaluate application control to reduce
risk to minimun.
• 2 types of testing is done i.e compliance and substantial testing. compliance
testing is done only for complex systems.
• computer assisted tools and techniques help to conduct substantive testing to
evaluate whether financial statements depicts true and fair picture.
• Audit command Language(ACL) is used in general audit software which offers
tools to understand qualitative and quantitative features of data.
• it provides facilities like indexing, sorting, joining, setting relation, creating
output files, exporting files, extracting files.
• It also has feature to create command log which keeps check on auditor,
improves the quality of audit also helps in systems audit.
18. K) CONVERSION AUDIT
• Data conversion in a software project provides ability to convert data
from one database to another and from one application to another.
• Conversion audit is conducted to check accuracy of such data
conversions.
19. RISK BASED AUDIT FRAMEWORK
• It assists managers in meeting Policy on transfer payments(PTP) risk
related requirements that support governments directions to more
systematic and corporate management of risk in design and delivery
of programs.
• Planning of incorporating risks in initial stages:
• type of transfer payment should be determined by departmental
mandate, business lines, clients etc
• it is a government policy to manage transfer payments in a manner
that is sensitive to risks, complexity, accountability for results and
economical use of resources.
• Department must develop risk based audit framework for auditing of
risks.
20. • Treasury Board of Secretariat(TBS) acknowleged importance and
benefit of systematic risk management as a strategic investment in
attainment of overall business objectives and demonstration of good
governance.
• Integrated Risk Management Framework strengthen accountability by
demonstrating that levels of risk should explicitly understood.
• Active monitoring policy which incorporate that department must
actively monitor their management practices and controls using risk
based approach
21. RBAF
• It is a management document that explains how risks concepts are integrated
into strategies and approaches used for managing programs that are funded
through transfer payments.
• RBAF provides:
• Background and profile info on transfer payment pgm including key areas that
program faces.
• understanding of specific risks that may influence achievement of transfer
payment program through objectives
• description of existing measures and strategies for managing specific risks
• explaination of monitoring, recipient auditing, internal auditing, reporting
practices and procedures
22. NEED OF RBAF
• Transfer payment programs operate in environment includes
numerous interconnections, global organizations, governance req,
authorities, and various risk drivers.
• RBAF enhances managers and employees understanding and comm
of risk and related mitigation options.
• strengthen accountability for achieving objectives over public funds
• facilitates managers achivement of govm wide req.
• provides basis upon which to create contingency plans
• helps to secure funding for new or renewed pgms
• enhance info for decision making
23. DEVELOPMENT AND IMPLEMENTATION OF RBAF
• Key parties involved in development and implementation of RBAF:
• Managers of pgm to ensure framework reflects accurate analysis of
potential risks to achieve objectives as well as monitor and report
strategies.
• Internal Audit and Program staff provide expert advice and technical
support to idenfy, assess and monitor risk.
• Evaluation staff provide knowledge and expertise in recognition of
potential for overlap between RBAF and RMAF
• TBS program and Center for excellence for internal audit analyst
provide advice during preparation of pgm
• Delivery partners, codewriters, etc.
24. PLANNING AND PREPARING RBAF
• uncomplicated programs with low materiality and straightforward
accountability and risk mgmt environment would require less detailed
RBAF.
• high priority and complex pgms with significant materiality and
diversified and complex env require more detailed RBAF and large
time and efforts investment.
• meaningful info should be provided in each section of RBAF
25. ROLES, RESPONSIBILITIES AND RELATIONSHIPS
• Purpose: it should clearly delegate respective roles and responsibilities of
mgmt and IA with terms and conditions for monitoring, auditing and RBAF
requirements.
• Proces: PTP, guide on grants, contributions and other transfer payments
delegate the roles and responsibilities of mgmt and IA.
• Management: responsible for ongoing financial and operational monitoring
and audit of recipients whether results data is reliable.
• Internal Audits: to employ risk based methodologies in planning and
conducting audits to provide assurance on adequacy of integrated risk mgmt
practices, mgmt control frameworks and info used for decision making and
reporting on achievement of overall objectives.
• product: stmt of roles and responsibilities betn mgmt and IA
and recipient
26. PROGRAM PROFILE
• purpose: should provide context and key areas of inherent risk that
evolve from transfer payment programs objectives amd environment.
• process: should be developed with reference to organizations
outcomes and design info that has been compiled during recent
business planning and development of RMAF.
• product: needs of pgm, target population, resources, product grps,
delivery mechanisms and governance structure.
27. RISK IDENTIFICATION, ASSESSMENT AND MGMT
SUMMARY
• key risks should be identified, assessed and associated measures either implemented.
• purpose: ensure explicit understanding of level of key risks also understands controls to
reduce this risk.
• process: it requires input from team of managers and knowledgeable staff within pgm
area of functional grps.
• preparation steps:
• consider who should participate
• clearly define risk
• establish time horizon
• customize risk matrix
• consider other tool req.
28. Process Steps
• understand objectives: objectives with reference to outcomes
• risk identification: conduction of preliminary analysis of risk level of
each area to further analysis of areas
• risk assessment: use existing preventive measures for risk areas
selected for analysis for further analysis
• risk response: decide strategies to avoid, transfer, share, accept and
manage the risk
29. Process steps
• Key risk summaries: includes following-
• methodologies section- risk definition and model
• brief description- process steps
• identification of involved teams
• risk matrix- levels of impact and likelihood
• key areas- overall risk context of pgm and strategies
30. PROGRAM MONITORING AND RECIPIENT
AUDITING
• purpose: to provide description of monitoring and recipient auditing
practices undertaken by mgmt.
• process: objectives to meet
• achievement of established outcomes
• risks to achieve outcomes
• determine eligibility of recipients and expenditures of funds
• efficient, effective and economical use of resources
• whether or not pgm is administered with terms and conditions at all
stages of transfer payment life cycle
31. INTERNAL AUDITING
• purpose: provide valuable assistance to mgmt by providing assurance
as to soundness of risk mgmt strategy and practices , mgmt control
framework and practices and info being used for decision making and
reporting
• process: used same risk assessment methodology and recipient audit
risk
• indicate results of audit performed , details of future plans, with
expected costs
• product: description of results, audit objectives assessed, scope,
timing and expected cost for future plan, description of audit risk
assessment methodology
32. PLANNING OF MANAGING IS AUDIT FUNCTION
• Once need for a new system has been identified, plans must be
developed to ensure that the new system can be successfully
integrated with business processes and that should provide
acceptable return of investment for organization.
• effective project mgmt is essential if systems are to be produced that
correctly fulfill req of their users without exceeding constraints of
time and budget
33. PLANNING OF MANAGING IS AUDIT FUNCTION
• requirements:
• inbound logistics: receiving, warehousing and inventory control of
input materials.
• operations: value creating activities that transform inputs into final
product
• outbound logistics: activities req to get finished product to customer,
including warehousing, order fullfillment
• marketing and sales: activities associated with getting buyers to
purchase product, including channel selection, advertising, pricing
• service: activities maintain and enhance products value including
customer suport, repair services
34. ZACHMAN FRAMEWORK
• Zachman developed it for most systematic delivery of IS.
• perspectives:
• Data: what data entities need to capture and what are relationships between
them
• Function: which functions need to be addressed and which arguments does
each function have
• Network: which nodes need t be supported and what links exists between
them
• People: who are our agents and what are their tasks or work
• Time: when do things happen and to which cycles do they conform
• Motivation: what are ends of goals and by what means will we get there?
35. STRATEGIC IMPORTANCE GRID
• Looks at entire IS portfolio of organization i.e all the systems currently
in operation as well as the future systems currently under
development or being planned.
• assess whether a significant portion of an organizations systems is of
strategic nature and classifies the organization acc into one of 4
possible categories on IS strategic imp grid.
• assess imp of IS strategic plannoing in overall strategic business plan.
• useful in strategic competitor analysis or significant shifts in budget
36. IS PLANNING
• components of IS need to be successfully integrated in order to
provide right info at right place and time.
• So IS architecture needed to define IS resources that will be used to
support business strategy and stds that should be adhered to in order
to ensure compatibility within the system
• planning needs to identify app needs of business and business goals
• alternative software products needs to be evaluated also hardware
and OS should be appropriate.
• includes technical support, estimation of operating costs, financing
method
37. COST BENEFIT ANALYSIS
• used to access and prioritize new system development projects by
measuring financial impact of proposed system.
• Tangible benefits includes reduced inventory and admin cost, higher
processing volume, reduction of bad debts and improved cash flow.
• Intangible benefits includes customer satisfaction and better decision
making.
• Costs includes Development cost, equipment cost, operating cost
38. SOFTWARE ACQUISITION OPTIONS
• In-house development: develop and support computer systems to
support companys strategic goals.
• Outsourcing: purchasing of service, ASP
• End-user computing: training and assistance to user
• Project management: planning, allocation, scheduling and review
• organizing of MIS audit function with the help of activity analysis and
decision analysis
• Also creating departmentation and delegation of authority.
39. CONTROLLING MIS AUDIT FUNCTION
• purpose of control:
• to regulate process to achieve goals, objectives, targets
• control is exercised through system through comparing perfomance
• it should work on principle of feedback
• Corrective action to be taken time
• it gives advance warning about occurence of deviations in system
• auditing is tool of control
• control tools: planning, budgets, financial, risk analysis, pert/cpm
40. BENEFITS OF IS AUDIT FOR ORGANIZATION
• mapping business control with IT application
• business process reengineering
• IT security policy
• Security awareness
• Better return on inverstment
• risk management