Information Technology Review - Auditing Information Systems: Enhancing Performance of the Enterprise

Information Technology Reference

In-Depth Information

Office productivity application systems are also common in enterprises and are used to

support our everyday activities, such as sending emails, making calculations, storing

data, publishing reports and newsletters, making presentations, among many other

activities. Because a lot of company data is generated and stored using these tools,

the IS auditor should take interest in how data is protected and stored.

Vendors are also able to provide software as a service (SaaS). This type of use of soft-

ware has become popular as users do not need to install software on their computers.

This is a software distribution model were application systems are hosted by a ser-

vice provider and made available to customers. Different types of software can be

accessed online.

On the top end, there are enterprise resource planning systems (ERP), which are integ-

rated systems used across the enterprise. All functions in the enterprise would have

a module which is used to input and access data. The benefit of ERP systems is that

data is only entered once and can be used by all modules in the ERP system. For

example, if the administration department placed a request for computers, the same

data will be processed and used to issue a purchase order by the procurement depart-

ment and to make payment by the finance department. The audit function will also

use the same data to review transactions made during the financial year.

The systems implemented could be end to end and across the entire enterprise. This

raises the need to ensure that data is protected and appropriate controls are imple-

mented throughout the ERP system. It is the responsibility of the IS auditor to ensure

that these controls are regularly reviewed and that management is given an assurance

that they are properly designed, effective, and operating according to defined busi-

ness rules.

The IS audit team might look at various audit objectives in order to assess the proper

functioning of application systems and effectiveness of controls. Audit objectives for

application systems might include assessing:

1. effectiveness of access controls

2. recovery of data

3. availability of input controls

4. audit logging

5. controls during data transfer

6. availability of output controls

7. database controls

8. processing controls

Search WWH ::

Custom Search

Home