Module 6 – Part 1 An Overview of Information Systems Audit 1

Introduction Today computers perform much of data processing required in both the private and public sectors of our economies. Need to maintain the integrity of data processed by computers now seems to pervade our lives. Fear of the substantially increased data- processing capabilities are not well controlled – computer abuse. 2

Introduction Concerns with the privacy of data exchange with organizations.  E.g. tax department, medical authorities. Uncontrolled use of computers can have a widespread impact on a society.  E.g. inaccurate information causes misallocation of resources within the economy and fraud can perpetrated because of inadequate system controls.  Those who suffer most often are those who can least afford to suffer. 3

Need for control & Audit of computers Computers are used extensively to process data and to provide information for decision making. Rapid decrease in the cost of computer technology, widespread availability of powerful microcomputers and their associated packaged software – resulted in the extensive use of computers in the workplace and at home. 4

Need for control & Audit of computers Seven major reasons for establishing a function to examine controls over computer-based data processing. Costs of incorrect decision making Costs of computer Abuse Organization costs of data loss Value of hardware, software, personnel High costs of computer error Maintenance of privacy Controlled evolution of computer use ORGANIZATIONS Control and audit of computer-based information system 5

Factors influencing an organization toward control and audit of computers. Organization costs of data loss  Data make up a critical resource necessary for an organization’s continuing operations.  Data provides the organization with an image to itself, its environment, its history, and its future.  If image is accurate – organization increases its ability to adapt and survive in a changing environment, otherwise the organization can incur substantial losses.  Losses of data can occur when existing controls over computers are lax.  E.g. inadequate backup for computer files.  E.g. The lost of file via computer error, sabotage, natural disaster and cannot be recovered. 6

Factors influencing an organization toward control and audit of computers. Organization costs of data loss  Data make up a critical resource necessary for an organization’s continuing operations.  Data provides the organization with an image to itself, its environment, its history, and its future.  If image is accurate – organization increases its ability to adapt and survive in a changing environment, otherwise the organization can incur substantial losses.  Losses of data can occur when existing controls over computers are lax – e.g. inadequate backup for computer files.  E.g. The lost of file via computer error, sabotage, natural disaster and cannot be recovered. 7

Factors influencing an organization toward control and audit of computers. Incorrect Decision Making Incorrect Decision Making  High-quality decisions depends in part on the quality of the data and the quality of the decision rules that exist within computer-based information systems.  The importance of accurate data in a computer system depends on the types of decisions made by persons having some interest in an organization.  Inaccurate data can cause costly, unnecessary investigations to be undertaken or out-of-control processes to remain undetected. 8

Factors influencing an organization toward control and audit of computers. Incorrect Decision Making Incorrect Decision Making  Have impact on other Parties who have interest in an organization.  Stakeholders might make poor investment if they are provided with inaccurate financial information.  The importance of having accurate decision rules in a computer system also depends on the types of decisions made by persons having some interest in a organization.  In some cases, incorrect decision rules have minor consequences – depreciation calculation  In some other cases, incorrect decision rules have major consequences – incorrect decision rules in medical expert system. 9

Factors influencing an organization toward control and audit of computers. Cost of computer abuse. Cost of computer abuse.  The major stimulus for development of the information systems audit function within organization often seems to have been computer abuse.  Computer abuse  Any incident associated with computer technology in which a victim suffered or could have suffered loss and a perpetrator by intention made or could have made gain. 10

Factors influencing an organization toward control and audit of computers. Types of abuse Types of abuse  Hacking  Viruses  Illegal physical access  Abuse of privileges Consequences of abuse Consequences of abuse  Destruction of assets  Theft of assets  Modification of assets  Privacy violations  Disruption of operations  Unauthorized use of assets  Physical harm to personnel 11

Factors influencing an organization toward control and audit of computers. Value of computer Hardware, software, and Personnel Value of computer Hardware, software, and Personnel  Computer hardware, software and personnel are critical organizational resources.  Organization have multimillion dollar investments in hardware – if loss hard (either deliberately or unintentionally) – can cause considerable disruption.  Software constitutes considerable investment of an organization.  if corrupted or destroyed – unable to continue operations.  If software is stolen – confidential information could be disclosed to competitor.  If the software is a proprietary package – lost of revenue or lawsuits could arise 12

Factors influencing an organization toward control and audit of computers. Personnel are always a valuable resource, particularly in light of an ongoing scarcity of well-trained computer professionals in many countries. Personnel are always a valuable resource, particularly in light of an ongoing scarcity of well-trained computer professionals in many countries. 13

Factors influencing an organization toward control and audit of computers. High costs of computer error. High costs of computer error.  Computers now automatically perform many critical functions within our society  Monitor the condition of patients during surgery  Direct the flight of a missile  Control nuclear reactor  Steer a ship  Monitor the country financial performance.  The cost of computer error in terms of loss of life, deprivation of liberty, or damage to the environment ca be high.  Due to the error in the computer systems design, jobs are carried out in accurately. 14

Factors influencing an organization toward control and audit of computers. Maintenance of Privacy Maintenance of Privacy  Much data is now collected about us as individuals.  The powerful data processing capabilities of computers, particularly their rapid throughput, integration and retrieval capabilities, cause many people to wonder whether the privacy of individual and organizations has now been eroded beyond acceptable levels.  E.g. personal information, human genetic data.  There are now many instances in which computer have been use to abuse the privacy of an individual. 15

Factors influencing an organization toward control and audit of computers. Control evolution of computer use. Control evolution of computer use.  From time to time, major conflicts arise over how computer technology should be use in our society.  E.g. use of computer to control nuclear weapons  People are concerned about the effects that use of computer can have on a person’s working life.  Should computer technology be allowed to displace people from workforce or to stultify jobs?  What effects do computers have on the physical and mental well-being of their users? 16

17