information_auditing.pdf

8/14/2019 INFORMATION_AUDITING.pdf

1/22

INFORMATION AUDITING


2/22

2

INTRODUCTION

Information exists in all agencies in manyforms: as paper records, in computerdatabases, in libraries, in personal journalsand business records.

All agencies depend heavily on thecollection and use of information.

Information Audit is an element ofInformation Management, a discipline whichseeks to ensure that information is managedas an integrated business resource.


3/22

3

MANAGEMENT TOOL

Auditing is a management tool. There are

two main categories of audit:

Compliance audits

Advisory audits


4/22

4

COMPLIANCE AUDIT

Compliance audits are implemented to

check that procedures are being

followed properly and that standardsare being adhered to. A compliance

audit is an inspection.


5/22

5

ADIVISORY AUDIT

Advisory audits inform management

about the problems and

appropriateness of systems andpractices to the organization. There is

a close link between advisory auditing

and strategic planning.


6/22

6

INFORMATION AUDIT

Information audits may be carried out

across a whole organization, or focus

on a specific function (for example themaintenance of membership records

on a database or the flow of

information related to IT help deskenquiries).


7/22

7

WHAT IS IA?

Information Audit is the assessment of

the information held by an agency and

of its information managementactivities.

"review the existing system of

information management, identifyproblems and recommend solutions for

those problems." (Ellis, 1993).


8/22

8

Continue

"a process for discovering, monitoring

and evaluating an organization's

information flows and resources inorder to implement, maintain, or

improve the organization's

management of information."(Buchanan and Gibb, p. 34).


9/22

9

SCOPE OF IA

The Information Audit may examine

some or all of information form,

content, processes, classifications,costs and values at any stage of the

information lifecycle and assess them

against criteria under the identifiedpurpose of the Audit.


10/22

10

In General, IA

determines user information needs

lists the information resources available

identifies the costs and benefits of the informationresources available

establishes how information systems within theorganization function

results in the production of a report which proposes

recommendations, for example to minimize systemfailures, to provide alternative solutions toinformation handling problems, to integrate ITinvestments further with strategic businessinitiatives, to devise an information strategy/policy.


11/22

11

As a management tool information audit workshould help organizations make best use ofinformation (often through the development of an

information strategy).Information audits indirectly:

aid management decision making

support and encourage competitive advantage

enable organizations to adapt and change facilitate organizational communication

encourage use of, and investment in, IT

contribute to the value of manufactured products


12/22

12

To achieve this the auditor has to devise amethodology that will provide data that can beprocessed to answer the following questions:

What is the purpose of the audited system?

Does it accomplish its purpose?

Is the purpose in line with the purpose and

philosophy of the organization as a whole? How effectively are resources used?

How are resources accounted for andsafeguarded?

How useful is the information systemsupporting the organization?

How reliable is the information system?

Does the system comply with regulations and

standards?


13/22

13

IA & Problems Identification

Information audits can identify:

redundancy

duplication

inconsistency

incompatibility

costs

... in information management practices

and systems


14/22

14

IA & Opportunities

Identification

Information audits can identify:

skills and expertise of staff

previously hidden assets

value chains

new products to market

markets for further expansion


15/22

15

Methodological approaches to IA

1. Cost benefit methodologies

2. Geographical approach

3. Hybrid approaches

4. Management information audits

5. Operational advisory audits


16/22

16

1. Cost-benefit methodologies (Riley, 1976; Henderson, 1980) - lists

information system/product options and compares them on the basis of their

cost and perceived benefit.

2. Geographical approach (Gillman, 1985) - identifies major components of theinformation system and maps them in relation to one another with the

aim of identifying and meeting needs within the system as it stands.

3. Hybrid approach (Quinn, 1979) - takes the geographical approach combined

with interest in the cost and values of information services and products, and

emphasis on control and management procedures such as budgeting andmatching information provision with organizational strategy.

4. Management information audits (Reynolds, 1980) - focus on the reporting

of management information through activity such as the circulation of reports.

5. Operational advisory audits (Gruber, 1983) - have much in common withthe hybrid approach, but also consider efficiency and effectiveness with

which information resources are used, accounted for and safeguarded, the

reliability of the information system and compliance with obligations,

regulations and standards.


17/22

17

Buchanan and Gibb (1998, pp. 37-41) examine two of the most widely

adopted approaches:

1. InfoMap (Burk & Horton, 1988) - involves making an inventory of all

information resource entities (IREs), measuring their cost and value,

relating them to the structure, functions and management of the

organization, resulting in the identification of the strengths and

weaknesses of the organization's information resources with

reference to the objectives of the organization.

2. Information flow analysis (Orna, 1990) - identifies the

organization's objectives, culture and structure; conducts an

information audit which a focus on information flows; the resulting

balance sheet is used as a basis on which to develop and

information policy.


18/22

18

Buchanan and Gibb propose their own "integrated strategic"

approach (Buchanan and Gibb, 1998)

This methodology comprises five stages:

Promote - to gain support and co-operation for the information audit.

Identify - to build up a picture of the organization's mission, environment,

structure and culture, and to identify information resources and

information flows.

Analyze - to evaluate the organization's information resources and plan

how to overcome problems and achieve objectives identified at the

"identity" stage.

Account - to cost the organization's information sources and services,

and perform cost analysis and cost modeling as part of the

development and evaluation of an information strategy.

Synthesize - to report on the process and provide findings and

recommendations.


19/22

19

Problems of information auditing:

1. Support of senior management

2. Internal auditors versus external

consultants3. Data gathering instruments (combination

of what: who to ask, what; interview,

questionnaire, when, where, other data)

4. Size of organization and time span

5. How to establish costs and value of

information


20/22

20

RESULTS OF IA

snapshot of information resources

number and format of resources, nature andfrequency of their use

total costs of information activity gaps in provision and redundancy of gathering

and storage

information flows and where it fails

who owns and manages critical resources

hierarchy and needs of organization priorities price in all forms (money, time, effort), what

benefits arise

linkage to strategic objectives.


21/22

21

Inputs and outputs of a generic information Audit


22/22

22

Source, please visit this web sitehttp://www.oit.nsw.gov.au/Guidelines/4.3.12.a-IM-Audit.htm#c

Information Audit as A Holistic Approach:

A Case Studyhttp://www.sla.org/division/dst/LangleySLA062003.pdf
http://www.oit.nsw.gov.au/Guidelines/4.3.12.a-IM-Audit.htmhttp://www.sla.org/division/dst/LangleySLA062003.pdfhttp://www.sla.org/division/dst/LangleySLA062003.pdfhttp://www.oit.nsw.gov.au/Guidelines/4.3.12.a-IM-Audit.htmhttp://www.oit.nsw.gov.au/Guidelines/4.3.12.a-IM-Audit.htmhttp://www.oit.nsw.gov.au/Guidelines/4.3.12.a-IM-Audit.htmhttp://www.oit.nsw.gov.au/Guidelines/4.3.12.a-IM-Audit.htmhttp://www.oit.nsw.gov.au/Guidelines/4.3.12.a-IM-Audit.htm

information_auditing.pdf

Documents