INFORMATION AUDITING

1
INFORMATION AUDITING
2
INTRODUCTION

• Information exists in all agencies in many forms
  as paper records, in computer databases, in
  libraries, in personal journals and business
  records.
• All agencies depend heavily on the collection and
  use of information.
• Information Audit is an element of Information
  Management, a discipline which seeks to ensure
  that information is managed as an integrated
  business resource.

3
MANAGEMENT TOOL

• Auditing is a management tool. There are two main
  categories of audit
• Compliance audits
• Advisory audits

4
COMPLIANCE AUDIT

• Compliance audits are implemented to check that
  procedures are being followed properly and that
  standards are being adhered to. A compliance
  audit is an inspection.

5
ADIVISORY AUDIT

• Advisory audits inform management about the
  problems and appropriateness of systems and
  practices to the organization. There is a close
  link between advisory auditing and strategic
  planning.

6
INFORMATION AUDIT

• Information audits may be carried out across a
  whole organization, or focus on a specific
  function (for example the maintenance of
  membership records on a database or the flow of
  information related to IT help desk enquiries).

7
WHAT IS IA?

• Information Audit is the assessment of the
  information held by an agency and of its
  information management activities.
• "review the existing system of information
  management, identify problems and recommend
  solutions for those problems." (Ellis, 1993).

8
Continue

• "a process for discovering, monitoring and
  evaluating an organization's information flows
  and resources in order to implement, maintain, or
  improve the organization's management of
  information." (Buchanan and Gibb, p. 34).

9
SCOPE OF IA

• The Information Audit may examine some or all of
  information form, content, processes,
  classifications, costs and values at any stage of
  the information lifecycle and assess them against
  criteria under the identified purpose of the
  Audit.

10
In General, IA

• determines user information needs
• lists the information resources available
• identifies the costs and benefits of the
  information resources available
• establishes how information systems within the
  organization function
• results in the production of a report which
  proposes recommendations, for example to minimize
  system failures, to provide alternative solutions
  to information handling problems, to integrate IT
  investments further with strategic business
  initiatives, to devise an information
  strategy/policy.

11

• As a management tool information audit work
  should help organizations make best use of
  information (often through the development of an
  information strategy).
• Information audits indirectly
• aid management decision making
• support and encourage competitive advantage
• enable organizations to adapt and change
• facilitate organizational communication
• encourage use of, and investment in, IT
• contribute to the value of manufactured products
  

12

• To achieve this the auditor has to devise a
  methodology that will provide data that can be
  processed to answer the following questions
• What is the purpose of the audited system?
• Does it accomplish its purpose?
• Is the purpose in line with the purpose and
  philosophy of the organization as a whole?
• How effectively are resources used?
• How are resources accounted for and safeguarded?
• How useful is the information system supporting
  the organization?
• How reliable is the information system?
• Does the system comply with regulations and
  standards?

13
IA Problems Identification

• Information audits can identify
• redundancy
• duplication
• inconsistency
• incompatibility
• costs
• ... in information management practices and
  systems

14
IA Opportunities Identification

• Information audits can identify
• skills and expertise of staff
• previously hidden assets
• value chains
• new products to market
• markets for further expansion

15
Methodological approaches to IA

• 1. Cost benefit methodologies
• 2. Geographical approach
• 3. Hybrid approaches
• 4. Management information audits
• 5. Operational advisory audits

16

• Cost-benefit methodologies (Riley, 1976
  Henderson, 1980) - lists information
  system/product options and compares them on the
  basis of their cost and perceived benefit.
• 2. Geographical approach (Gillman, 1985) -
  identifies major components of the information
  system and maps them in relation to one another
  with the aim of identifying and meeting needs
  within the system as it stands.
• 3. Hybrid approach (Quinn, 1979) - takes the
  geographical approach combined with interest in
  the cost and values of information services and
  products, and emphasis on control and management
  procedures such as budgeting and matching
  information provision with organizational
  strategy.
• 4. Management information audits (Reynolds,
  1980) - focus on the reporting of management
  information through activity such as the
  circulation of reports.
• 5. Operational advisory audits (Gruber, 1983) -
  have much in common with the hybrid approach,
  but also consider efficiency and effectiveness
  with which information resources are used,
  accounted for and safeguarded, the reliability
  of the information system and compliance with
  obligations, regulations and standards.

17
Buchanan and Gibb (1998, pp. 37-41) examine two
of the most widely adopted approaches
1. InfoMap (Burk Horton, 1988) - involves
making an inventory of all information resource
entities (IREs), measuring their cost and value,
relating them to the structure, functions and
management of the organization, resulting in the
identification of the strengths and weaknesses
of the organization's information resources with
reference to the objectives of the organization.
2. Information flow analysis (Orna, 1990) -
identifies the organization's objectives,
culture and structure conducts an information
audit which a focus on information flows the
resulting balance sheet is used as a basis on
which to develop and information policy.
18
Buchanan and Gibb propose their own "integrated
strategic" approach (Buchanan and Gibb, 1998)
This methodology comprises five stages
Promote - to gain support and co-operation for
the information audit. Identify - to build up a
picture of the organization's mission,
environment, structure and culture, and to
identify information resources and information
flows. Analyze - to evaluate the organization's
information resources and plan how to overcome
problems and achieve objectives identified at the
"identity" stage. Account - to cost the
organization's information sources and services,
and perform cost analysis and cost modeling as
part of the development and evaluation of an
information strategy. Synthesize - to report on
the process and provide findings and
recommendations.
19
Problems of information auditing

• 1. Support of senior management
• 2. Internal auditors versus external consultants
• 3. Data gathering instruments (combination of
  what who to ask, what interview, questionnaire,
  when, where, other data)
• 4. Size of organization and time span
• 5. How to establish costs and value of
  information

20
RESULTS OF IA

• snapshot of information resources
• number and format of resources, nature and
  frequency of their use
• total costs of information activity
• gaps in provision and redundancy of gathering and
  storage
• information flows and where it fails
• who owns and manages critical resources
• hierarchy and needs of organization priorities
• price in all forms (money, time, effort), what
  benefits arise
• linkage to strategic objectives.

21
Inputs and outputs of a generic information Audit
22

• Source, please visit this web site
• http//www.oit.nsw.gov.au/Guidelines/4.3.12.a-IM-A
  udit.htmc
• Information Audit as A Holistic Approach
• A Case Study
• http//www.sla.org/division/dst/LangleySLA062003.p
  df