Title: INFORMATION AUDITING
1INFORMATION AUDITING
2INTRODUCTION
- Information exists in all agencies in many forms
as paper records, in computer databases, in
libraries, in personal journals and business
records. - All agencies depend heavily on the collection and
use of information. - Information Audit is an element of Information
Management, a discipline which seeks to ensure
that information is managed as an integrated
business resource.
3MANAGEMENT TOOL
- Auditing is a management tool. There are two main
categories of audit - Compliance audits
- Advisory audits
4COMPLIANCE AUDIT
- Compliance audits are implemented to check that
procedures are being followed properly and that
standards are being adhered to. A compliance
audit is an inspection.
5ADIVISORY AUDIT
- Advisory audits inform management about the
problems and appropriateness of systems and
practices to the organization. There is a close
link between advisory auditing and strategic
planning.
6INFORMATION AUDIT
- Information audits may be carried out across a
whole organization, or focus on a specific
function (for example the maintenance of
membership records on a database or the flow of
information related to IT help desk enquiries).
7WHAT IS IA?
- Information Audit is the assessment of the
information held by an agency and of its
information management activities. - "review the existing system of information
management, identify problems and recommend
solutions for those problems." (Ellis, 1993).
8Continue
- "a process for discovering, monitoring and
evaluating an organization's information flows
and resources in order to implement, maintain, or
improve the organization's management of
information." (Buchanan and Gibb, p. 34).
9SCOPE OF IA
- The Information Audit may examine some or all of
information form, content, processes,
classifications, costs and values at any stage of
the information lifecycle and assess them against
criteria under the identified purpose of the
Audit.
10In General, IA
- determines user information needs
- lists the information resources available
- identifies the costs and benefits of the
information resources available - establishes how information systems within the
organization function - results in the production of a report which
proposes recommendations, for example to minimize
system failures, to provide alternative solutions
to information handling problems, to integrate IT
investments further with strategic business
initiatives, to devise an information
strategy/policy.
11- As a management tool information audit work
should help organizations make best use of
information (often through the development of an
information strategy). - Information audits indirectly
- aid management decision making
- support and encourage competitive advantage
- enable organizations to adapt and change
- facilitate organizational communication
- encourage use of, and investment in, IT
- contribute to the value of manufactured products
12- To achieve this the auditor has to devise a
methodology that will provide data that can be
processed to answer the following questions - What is the purpose of the audited system?
- Does it accomplish its purpose?
- Is the purpose in line with the purpose and
philosophy of the organization as a whole? - How effectively are resources used?
- How are resources accounted for and safeguarded?
- How useful is the information system supporting
the organization? - How reliable is the information system?
- Does the system comply with regulations and
standards?
13IA Problems Identification
- Information audits can identify
- redundancy
- duplication
- inconsistency
- incompatibility
- costs
- ... in information management practices and
systems
14IA Opportunities Identification
- Information audits can identify
- skills and expertise of staff
- previously hidden assets
- value chains
- new products to market
- markets for further expansion
15Methodological approaches to IA
- 1. Cost benefit methodologies
- 2. Geographical approach
- 3. Hybrid approaches
- 4. Management information audits
- 5. Operational advisory audits
16- Cost-benefit methodologies (Riley, 1976
Henderson, 1980) - lists information
system/product options and compares them on the
basis of their cost and perceived benefit. - 2. Geographical approach (Gillman, 1985) -
identifies major components of the information
system and maps them in relation to one another
with the aim of identifying and meeting needs
within the system as it stands. - 3. Hybrid approach (Quinn, 1979) - takes the
geographical approach combined with interest in
the cost and values of information services and
products, and emphasis on control and management
procedures such as budgeting and matching
information provision with organizational
strategy. - 4. Management information audits (Reynolds,
1980) - focus on the reporting of management
information through activity such as the
circulation of reports. - 5. Operational advisory audits (Gruber, 1983) -
have much in common with the hybrid approach,
but also consider efficiency and effectiveness
with which information resources are used,
accounted for and safeguarded, the reliability
of the information system and compliance with
obligations, regulations and standards.
17Buchanan and Gibb (1998, pp. 37-41) examine two
of the most widely adopted approaches
1. InfoMap (Burk Horton, 1988) - involves
making an inventory of all information resource
entities (IREs), measuring their cost and value,
relating them to the structure, functions and
management of the organization, resulting in the
identification of the strengths and weaknesses
of the organization's information resources with
reference to the objectives of the organization.
2. Information flow analysis (Orna, 1990) -
identifies the organization's objectives,
culture and structure conducts an information
audit which a focus on information flows the
resulting balance sheet is used as a basis on
which to develop and information policy.
18Buchanan and Gibb propose their own "integrated
strategic" approach (Buchanan and Gibb, 1998)
This methodology comprises five stages
Promote - to gain support and co-operation for
the information audit. Identify - to build up a
picture of the organization's mission,
environment, structure and culture, and to
identify information resources and information
flows. Analyze - to evaluate the organization's
information resources and plan how to overcome
problems and achieve objectives identified at the
"identity" stage. Account - to cost the
organization's information sources and services,
and perform cost analysis and cost modeling as
part of the development and evaluation of an
information strategy. Synthesize - to report on
the process and provide findings and
recommendations.
19Problems of information auditing
- 1. Support of senior management
- 2. Internal auditors versus external consultants
- 3. Data gathering instruments (combination of
what who to ask, what interview, questionnaire,
when, where, other data) - 4. Size of organization and time span
- 5. How to establish costs and value of
information
20RESULTS OF IA
- snapshot of information resources
- number and format of resources, nature and
frequency of their use - total costs of information activity
- gaps in provision and redundancy of gathering and
storage - information flows and where it fails
- who owns and manages critical resources
- hierarchy and needs of organization priorities
- price in all forms (money, time, effort), what
benefits arise - linkage to strategic objectives.
21Inputs and outputs of a generic information Audit
22- Source, please visit this web site
- http//www.oit.nsw.gov.au/Guidelines/4.3.12.a-IM-A
udit.htmc - Information Audit as A Holistic Approach
- A Case Study
- http//www.sla.org/division/dst/LangleySLA062003.p
df