information_auditing.pdf
TRANSCRIPT
-
8/14/2019 INFORMATION_AUDITING.pdf
1/22
INFORMATION AUDITING
-
8/14/2019 INFORMATION_AUDITING.pdf
2/22
2
INTRODUCTION
Information exists in all agencies in manyforms: as paper records, in computerdatabases, in libraries, in personal journalsand business records.
All agencies depend heavily on thecollection and use of information.
Information Audit is an element ofInformation Management, a discipline whichseeks to ensure that information is managedas an integrated business resource.
-
8/14/2019 INFORMATION_AUDITING.pdf
3/22
3
MANAGEMENT TOOL
Auditing is a management tool. There are
two main categories of audit:
Compliance audits
Advisory audits
-
8/14/2019 INFORMATION_AUDITING.pdf
4/22
4
COMPLIANCE AUDIT
Compliance audits are implemented to
check that procedures are being
followed properly and that standardsare being adhered to. A compliance
audit is an inspection.
-
8/14/2019 INFORMATION_AUDITING.pdf
5/22
5
ADIVISORY AUDIT
Advisory audits inform management
about the problems and
appropriateness of systems andpractices to the organization. There is
a close link between advisory auditing
and strategic planning.
-
8/14/2019 INFORMATION_AUDITING.pdf
6/22
6
INFORMATION AUDIT
Information audits may be carried out
across a whole organization, or focus
on a specific function (for example themaintenance of membership records
on a database or the flow of
information related to IT help deskenquiries).
-
8/14/2019 INFORMATION_AUDITING.pdf
7/22
7
WHAT IS IA?
Information Audit is the assessment of
the information held by an agency and
of its information managementactivities.
"review the existing system of
information management, identifyproblems and recommend solutions for
those problems." (Ellis, 1993).
-
8/14/2019 INFORMATION_AUDITING.pdf
8/22
8
Continue
"a process for discovering, monitoring
and evaluating an organization's
information flows and resources inorder to implement, maintain, or
improve the organization's
management of information."(Buchanan and Gibb, p. 34).
-
8/14/2019 INFORMATION_AUDITING.pdf
9/22
9
SCOPE OF IA
The Information Audit may examine
some or all of information form,
content, processes, classifications,costs and values at any stage of the
information lifecycle and assess them
against criteria under the identifiedpurpose of the Audit.
-
8/14/2019 INFORMATION_AUDITING.pdf
10/22
10
In General, IA
determines user information needs
lists the information resources available
identifies the costs and benefits of the informationresources available
establishes how information systems within theorganization function
results in the production of a report which proposes
recommendations, for example to minimize systemfailures, to provide alternative solutions toinformation handling problems, to integrate ITinvestments further with strategic businessinitiatives, to devise an information strategy/policy.
-
8/14/2019 INFORMATION_AUDITING.pdf
11/22
11
As a management tool information audit workshould help organizations make best use ofinformation (often through the development of an
information strategy).Information audits indirectly:
aid management decision making
support and encourage competitive advantage
enable organizations to adapt and change facilitate organizational communication
encourage use of, and investment in, IT
contribute to the value of manufactured products
-
8/14/2019 INFORMATION_AUDITING.pdf
12/22
12
To achieve this the auditor has to devise amethodology that will provide data that can beprocessed to answer the following questions:
What is the purpose of the audited system?
Does it accomplish its purpose?
Is the purpose in line with the purpose and
philosophy of the organization as a whole? How effectively are resources used?
How are resources accounted for andsafeguarded?
How useful is the information systemsupporting the organization?
How reliable is the information system?
Does the system comply with regulations and
standards?
-
8/14/2019 INFORMATION_AUDITING.pdf
13/22
13
IA & Problems Identification
Information audits can identify:
redundancy
duplication
inconsistency
incompatibility
costs
... in information management practices
and systems
-
8/14/2019 INFORMATION_AUDITING.pdf
14/22
14
IA & Opportunities
Identification
Information audits can identify:
skills and expertise of staff
previously hidden assets
value chains
new products to market
markets for further expansion
-
8/14/2019 INFORMATION_AUDITING.pdf
15/22
15
Methodological approaches to IA
1. Cost benefit methodologies
2. Geographical approach
3. Hybrid approaches
4. Management information audits
5. Operational advisory audits
-
8/14/2019 INFORMATION_AUDITING.pdf
16/22
16
1. Cost-benefit methodologies (Riley, 1976; Henderson, 1980) - lists
information system/product options and compares them on the basis of their
cost and perceived benefit.
2. Geographical approach (Gillman, 1985) - identifies major components of theinformation system and maps them in relation to one another with the
aim of identifying and meeting needs within the system as it stands.
3. Hybrid approach (Quinn, 1979) - takes the geographical approach combined
with interest in the cost and values of information services and products, and
emphasis on control and management procedures such as budgeting andmatching information provision with organizational strategy.
4. Management information audits (Reynolds, 1980) - focus on the reporting
of management information through activity such as the circulation of reports.
5. Operational advisory audits (Gruber, 1983) - have much in common withthe hybrid approach, but also consider efficiency and effectiveness with
which information resources are used, accounted for and safeguarded, the
reliability of the information system and compliance with obligations,
regulations and standards.
-
8/14/2019 INFORMATION_AUDITING.pdf
17/22
17
Buchanan and Gibb (1998, pp. 37-41) examine two of the most widely
adopted approaches:
1. InfoMap (Burk & Horton, 1988) - involves making an inventory of all
information resource entities (IREs), measuring their cost and value,
relating them to the structure, functions and management of the
organization, resulting in the identification of the strengths and
weaknesses of the organization's information resources with
reference to the objectives of the organization.
2. Information flow analysis (Orna, 1990) - identifies the
organization's objectives, culture and structure; conducts an
information audit which a focus on information flows; the resulting
balance sheet is used as a basis on which to develop and
information policy.
-
8/14/2019 INFORMATION_AUDITING.pdf
18/22
18
Buchanan and Gibb propose their own "integrated strategic"
approach (Buchanan and Gibb, 1998)
This methodology comprises five stages:
Promote - to gain support and co-operation for the information audit.
Identify - to build up a picture of the organization's mission, environment,
structure and culture, and to identify information resources and
information flows.
Analyze - to evaluate the organization's information resources and plan
how to overcome problems and achieve objectives identified at the
"identity" stage.
Account - to cost the organization's information sources and services,
and perform cost analysis and cost modeling as part of the
development and evaluation of an information strategy.
Synthesize - to report on the process and provide findings and
recommendations.
-
8/14/2019 INFORMATION_AUDITING.pdf
19/22
19
Problems of information auditing:
1. Support of senior management
2. Internal auditors versus external
consultants3. Data gathering instruments (combination
of what: who to ask, what; interview,
questionnaire, when, where, other data)
4. Size of organization and time span
5. How to establish costs and value of
information
-
8/14/2019 INFORMATION_AUDITING.pdf
20/22
20
RESULTS OF IA
snapshot of information resources
number and format of resources, nature andfrequency of their use
total costs of information activity gaps in provision and redundancy of gathering
and storage
information flows and where it fails
who owns and manages critical resources
hierarchy and needs of organization priorities price in all forms (money, time, effort), what
benefits arise
linkage to strategic objectives.
-
8/14/2019 INFORMATION_AUDITING.pdf
21/22
21
Inputs and outputs of a generic information Audit
-
8/14/2019 INFORMATION_AUDITING.pdf
22/22
22
Source, please visit this web sitehttp://www.oit.nsw.gov.au/Guidelines/4.3.12.a-IM-Audit.htm#c
Information Audit as A Holistic Approach:
A Case Studyhttp://www.sla.org/division/dst/LangleySLA062003.pdf
http://www.oit.nsw.gov.au/Guidelines/4.3.12.a-IM-Audit.htmhttp://www.sla.org/division/dst/LangleySLA062003.pdfhttp://www.sla.org/division/dst/LangleySLA062003.pdfhttp://www.oit.nsw.gov.au/Guidelines/4.3.12.a-IM-Audit.htmhttp://www.oit.nsw.gov.au/Guidelines/4.3.12.a-IM-Audit.htmhttp://www.oit.nsw.gov.au/Guidelines/4.3.12.a-IM-Audit.htmhttp://www.oit.nsw.gov.au/Guidelines/4.3.12.a-IM-Audit.htmhttp://www.oit.nsw.gov.au/Guidelines/4.3.12.a-IM-Audit.htm