Abstract
An Information Systems (IS) Auditor performs several audit related functions in a Small and Medium Enterprise (SME) such as preparation of a written IS audit procedure, comparison of actual IS configuration with documented configuration standards, assess whether IS assets are secure, check the access rights for users and system services, check for the presence of IS security procedures and finally analyze transactions in an information system. The current work focuses on a quantitative approach to measure the effectiveness of the IS audit functions in selected small and medium enterprises. The variations in KPI scores between sectors and regions are analyzed for the sample SMEs. Finally, the operational best practices for IS Auditors working in SMEs are suggested.Keywords: Information Systems (IS), IS Audit, Key Performance Indicator (KPI), Small and Medium Enterprise (SME), Maturity Level Index1 IntroductionAn enterprise is mainly involved in economic activities. It can be categorized as Large, Medium or Small depending on the limits for investment, number of employees, balance sheet and total turnover. SMEs are contributing for economic development across the world. Information Systems Audit plays an important role in SMEs for running computer based application systems. Information Systems Audit ensures protection of IS assets and maintains data integrity. It also helps in achieving organizational goals and facilitates efficient usage of resources [1]. SMEs in the modern environment extensively make use of information system resources. This will ensure smooth flow of information between various sub systems and improves the business processes as well. An Information Systems (IS) Auditor performs several audit related functions in a Small and Medium Enterprise (SME) such as preparation of a written IS audit procedure, comparison of actual IS configuration with documented configuration standards, assess whether IS assets are secure, check the access rights for users and system services, check for the presence of IS security procedures and finally analyze transactions in an information system.2 ObjectivesThe objectives of the present work can be stated as follows:1) To assess the existence of IS Audit expertise in SMEs with reference to the KPI- Maturity level Index.2) To study the variations in the KPI scores between the sectors and regions.3) Suggest operational best practices for IS Auditors with respect to Information Systems Audit in SMEs.3 Related WorkThe article by Tommie W. Singleton [2] analyses the four phases of the Controls Development Life Cycle, viz., design, implementation, operational effectiveness and monitoring. The design phase involves IS controls pertaining to Top Management, Quality Assurance Management, Operations Management, Security Management, Systems Development Management, Data Resources Management, Programming Management and User Applications Management. The implementation phase should carry out the controls listed in the design phase. The operational effectiveness phase is concerned with ability of the controls to perform their goals (e.g. prevent a material misstatement). The monitoring phase involves continuous auditing on the controls and proper review of the change management procedures.The monograph by Khabib [3] gives an overview of controls for applications, data centre operations and access security. It also gives an overview of computer based audit techniques to independently test computer data. Jim Kaplan proposed [4] a simplified representation of the enterprise information environment. He gave an overview of IS audit process, accuracy, consistency and reliability of data, controls for the core processes and application systems.The fourth annual Information Systems Audit Benchmarking Survey conducted by Information Systems Audit and Control Association (ISACA and Protiviti in 2014 [5] highlights the challenges and concerns relating to computer and internet security, IS staffing and resources, IS risk assessment and IS audit reporting structure. …
Highlights
ObjectivesThe objectives of the present work can be stated as follows: 1) To assess the existence of Information Systems (IS) Audit expertise in Small and Medium Enterprise (SME) with reference to the Key Performance Indicator (KPI)- Maturity level Index
The fourth annual Information Systems Audit Benchmarking Survey conducted by Information Systems Audit and Control Association
Inference There are no significant variations in the Maturity Level Index scores, between the three sectors in India
Summary
The objectives of the present work can be stated as follows: 1) To assess the existence of IS Audit expertise in SMEs with reference to the KPI- Maturity level Index. The design phase involves IS controls pertaining to Top Management, Quality Assurance Management, Operations Management, Security Management, Systems Development Management, Data Resources Management, Programming Management and User Applications Management. The monograph by Khabib [3] gives an overview of controls for applications, data centre operations and access security. It gives an overview of computer based audit techniques to independently test computer data. Jim Kaplan proposed [4] a simplified representation of the enterprise information environment He gave an overview of IS audit process, accuracy, consistency and reliability of data, controls for the core processes and application systems. The fourth annual Information Systems Audit Benchmarking Survey conducted by Information Systems Audit and Control Association
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.