250 likes | 352 Views
INFORMATION AUDITING. INTRODUCTION. Information exists in all agencies in many forms: as paper records, in computer databases, in libraries, in personal journals and business records. All agencies depend heavily on the collection and use of information.
E N D
INTRODUCTION • Information exists in all agencies in many forms: as paper records, in computer databases, in libraries, in personal journals and business records. • All agencies depend heavily on the collection and use of information. • Information Audit is an element of Information Management, a discipline which seeks to ensure that information is managed as an integrated business resource.
MANAGEMENT TOOL Auditing is a management tool. There are two main categories of audit: • Compliance audits • Advisory audits
COMPLIANCE AUDIT • Compliance audits are implemented to check that procedures are being followed properly and that standards are being adhered to. A compliance audit is an inspection.
ADIVISORY AUDIT • Advisory audits inform management about the problems and appropriateness of systems and practices to the organization. There is a close link between advisory auditing and strategic planning.
INFORMATION AUDIT • Information audits may be carried out across a whole organization, or focus on a specific function (for example the maintenance of membership records on a database or the flow of information related to IT help desk enquiries).
WHAT IS IA? • Information Audit is the assessment of the information held by an agency and of its information management activities. • "review the existing system of information management, identify problems and recommend solutions for those problems." (Ellis, 1993).
Continue … • "a process for discovering, monitoring and evaluating an organization's information flows and resources in order to implement, maintain, or improve the organization's management of information." (Buchanan and Gibb, p. 34).
SCOPE OF IA • The Information Audit may examine some or all of information form, content, processes, classifications, costs and values at any stage of the information lifecycle and assess them against criteria under the identified purpose of the Audit.
In General, IA • determines user information needs • lists the information resources available • identifies the costs and benefits of the information resources available • establishes how information systems within the organization function • results in the production of a report which proposes recommendations, for example to minimize system failures, to provide alternative solutions to information handling problems, to integrate IT investments further with strategic business initiatives, to devise an information strategy/policy.
As a management tool information audit work should help organizations make best use of information (often through the development of an information strategy). Information audits indirectly: aid management decision making support and encourage competitive advantage enable organizations to adapt and change facilitate organizational communication encourage use of, and investment in, IT contribute to the value of manufactured products
To achieve this the auditor has to devise a methodology that will provide data that can be processed to answer the following questions: What is the purpose of the audited system? Does it accomplish its purpose? Is the purpose in line with the purpose and philosophy of the organization as a whole? How effectively are resources used? How are resources accounted for and safeguarded? How useful is the information system supporting the organization? How reliable is the information system? Does the system comply with regulations and standards?
IA & Problems Identification Information audits can identify: • redundancy • duplication • inconsistency • incompatibility • costs ... in information management practices and systems
IA & Opportunities Identification Information audits can identify: • skills and expertise of staff • previously hidden assets • value chains • new products to market • markets for further expansion
Methodological approaches to IA 1. Cost benefit methodologies 2. Geographical approach 3. Hybrid approaches 4. Management information audits 5. Operational advisory audits
Cost-benefit methodologies (Riley, 1976; Henderson, 1980) - lists information system/product options and compares them on the basis of their cost and perceived benefit. • 2. Geographical approach (Gillman, 1985) - identifies major components of the information system and maps them in relation to one another with the aim of identifying and meeting needs within the system as it stands. • 3. Hybrid approach (Quinn, 1979) - takes the geographical approach combined with interest in the cost and values of information services and products, and emphasis on control and management procedures such as budgeting and matching information provision with organizational strategy. • 4. Management information audits (Reynolds, 1980) - focus on the reporting of management information through activity such as the circulation of reports. • 5. Operational advisory audits (Gruber, 1983) - have much in common with the hybrid approach, but also consider efficiency and effectiveness with which information resources are used, accounted for and safeguarded, the reliability of the information system and compliance with obligations, regulations and standards.
Buchanan and Gibb (1998, pp. 37-41) examine two of the most widely adopted approaches: 1. InfoMap (Burk & Horton, 1988) - involves making an inventory of all information resource entities (IREs), measuring their cost and value, relating them to the structure, functions and management of the organization, resulting in the identification of the strengths and weaknesses of the organization's information resources with reference to the objectives of the organization. 2. Information flow analysis (Orna, 1990) - identifies the organization's objectives, culture and structure; conducts an information audit which a focus on information flows; the resulting balance sheet is used as a basis on which to develop and information policy.
Buchanan and Gibb propose their own "integrated strategic" approach (Buchanan and Gibb, 1998) This methodology comprises five stages: Promote - to gain support and co-operation for the information audit. Identify - to build up a picture of the organization's mission, environment, structure and culture, and to identify information resources and information flows. Analyze - to evaluate the organization's information resources and plan how to overcome problems and achieve objectives identified at the "identity" stage. Account- to cost the organization's information sources and services, and perform cost analysis and cost modeling as part of the development and evaluation of an information strategy. Synthesize - to report on the process and provide findings and recommendations.
Problems of information auditing: 1. Support of senior management 2. Internal auditors versus external consultants 3. Data gathering instruments (combination of what: who to ask, what; interview, questionnaire, when, where, other data) 4. Size of organization and time span 5. How to establish costs and value of information
RESULTS OF IA • snapshot of information resources • number and format of resources, nature and frequency of their use • total costs of information activity • gaps in provision and redundancy of gathering and storage • information flows and where it fails • who owns and manages critical resources • hierarchy and needs of organization priorities • price in all forms (money, time, effort), what benefits arise • linkage to strategic objectives.
Source, please visit this web site http://www.oit.nsw.gov.au/Guidelines/4.3.12.a-IM-Audit.htm#c • Information Audit as A Holistic Approach: A Case Study http://www.sla.org/division/dst/LangleySLA062003.pdf