Information Technology Reference
In-Depth Information
Application information systems governance involves the use of application systems to
automate business processes. Application systems are a lifeline of an enterprise depend-
ent on the use of information technology. Application information system governance is
part of the overall IT governance in the enterprise.
Application information system governance directly involves business users who use ap-
plication systems on a day-to-day basis. The IS auditors will review the organisation
structure around the management and use of application systems, maintenance of the sys-
tems, security of data, relations with vendors, IT department, and other external parties
using the system.
It is recommended that an ASC audit starts with governance so that the IS auditor can
have a good understanding how management, system owners, and IT are handling applic-
ation system governance and management. Where management is not actively involved
in IT issues, it is not likely that governance will be properly implemented and that man-
agement has got any significant influence or control on the use of application information
systems in the enterprise.
The IS audit team should investigate the level of application system governance imple-
mentation in the enterprise and collect evidence which will enable them to come up with
well-supported findings and conclusions.
a) Who are the system owners for the ERP system and what formal positions do
they hold in the organisation?
A large application system such as an ERP would normally have a system owner and cham-
pions. A system owner would be someone in senior management with direct supervision
over business processes which use the application system or ERP.
The IS auditor would be looking for information on how the system is managed. Evidence
the IS auditor would be looking for includes names of system owners and champions and
formal positions they hold in the organisation apart from being system owners or champi-
ons. The IS auditor would review meeting minutes and other documentation to establish
whether management and system owners are actively involved in the management of the
application systems. This information will enable the auditor to access whether there is a
governance and management structure over the application systems.
It would also be important for the IS auditor to further investigate if performance of system
owners and champions is also assessed based on these additional roles.
Search WWH ::
Custom Search