Chapter 9. Information Systems Operations
This chapter briefly discusses how to audit information systems (IS) operations from a broad perspective. It also includes examples of a variety of real-world internal control weaknesses and inefficiencies pertaining to IS operations. Some of the computer operation controls discussed in this chapter are closely related to physical security controls, which are discussed in greater detail in Chapter 7.
Information systems operations include internal controls at data processing facilities as well as those in place in end-user environments, which are designed to help an organization's operational processes function as efficiently and effectively as possible within the constraints imposed by the economic, financial, political, legal, and regulatory environments. Because all operations throughout an organization are interdependent, auditors should not view IS operations as completely separate functions from the other operations within an organization. They are all essentially part of the same large "information system." They form one comprehensive input, processing, and output engine working toward achieving the organization's long-range strategic objectives. Therefore, when examining IS operations, auditors should consider the overall impacts of inefficiencies and ineffective procedures on the organization's ability to achieve its long-term objectives.
With the proliferation of distributed data processing systems in recent years, IS operations ...
Get Auditing Information Systems, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
