What is an information systems audit?
An information systems audit is a comprehensive examination of a certain specific system (Yung, 2013). The audit consists of an evaluation of the components that make up that system, with examination and tests in the following areas:
The general mechanics of the audit consist of sampling setup and log files, with subsequent interviews with key personnel. In addition, tests are conducted against the identified key controls and may require the creation of user accounts so that auditors can further examine the system and determine the effectiveness of the implemented controls. In addition, a subset of integration testing can be performed in test or test environments to ensure that the controls that the general user may experience are in place and working as described and expected.
While much of the evaluation performed in an information systems audit is heavily focused on the overall control environment for the given system, interviews can be conducted with the primary or primary users of information. An investigation of the user community would be conducted to determine the general acceptance of the system by the user and to determine service expectations of the system.
A u Ditoria Information Systems
The Information Systems (IS) Audit Group assesses critical business systems, technology architecture, and processes to ensure that information assets are protected, reliable, available, and comply with policies and procedures., as well as the applicable laws and regulations.The importance of mitigating security risks during the audit coverage of the company's application, operation and network systems is emphasized. Through integrated audits, the impact of information technology on the company's processes and its capabilities to achieve its goals and objectives is evaluated. Assessments should be objective and professional, using the COBIT framework (Control Objectives for Information and Related Technologies), an international standard for good control practices.
The audit controls the following aspects:
Information Systems - Information systems audits focus on physical and logical security security controls on the server, including change control, server account administration, system log and monitoring, incident handling, backup system and disaster recovery.
Integrated audits - Integrated audits include reviews of business operations and their reliance on automated systems to support the business process. Information technology and financial and operational processes are considered to be mutually dependent on establishing an effective and efficient control environment. From a technology perspective, auditing focuses on application controls, management of user access, control of application change, and backup and recovery to ensure data reliability, integrity, and availability.
Control Self Assessments - Self Assessments are designed for the department that manages and operates a technology environment. These self-assessment tools can be used to identify possible areas of control weakness in managing the technology environment.
Compliance - Compliance audits include the company's policies and procedures, as well as its objectives, mission, vision, etc., in order to identify the achievement of the goals.
What is an information system?
An information system is software that helps you organize and analyze data. This makes it possible to answer questions and solve problems relevant to the mission of an organization.
Many organizations work with large amounts of data. The data is basic values or facts and is organized in a database. Many people think of data as synonymous with information; However, the information actually consists of data that has been organized to help answer questions and solve problems. An information system is defined as the software that helps organize and analyze data. Therefore, the purpose of an information system is to convert raw data into useful information that can be used for decision-making in an organization.
What are databases ?, their creation, management and use
Information systems are the software and hardware systems that support data-intensive applications (Naumann, Shasha, & Vossen, 2014). Information Systems magazine publishes articles on the design and implementation of languages, data models, process models, algorithms, software and hardware for information systems.
Thematic areas include data management issues as presented at major international database conferences (eg ACM SIGMOD, ACM PODS, VLDB, ICDE and ICDT / EDBT) as well as data related issues. fields of data mining, data management, business process management, web semantics, visual and audio information systems, scientific computing and organizational behavior.
S i STEMAS General Information / Specialized
There are some general types of information systems. For example, a database management system (DBMS) is a combination of software and data that makes it possible to organize and analyze data. DBMS software is not normally designed to work with a specific organization or a specific type of analysis. Rather, it is a general-purpose information system. Another example is an electronic spreadsheet. This is a tool for basic data analysis based on formulas that define the relationships between the data. For example, you can use a spreadsheet to calculate averages for a set of values or to plot the trend of a value over time.
Rather, there are a number of specialized information systems that have been specifically designed to support a particular process within an organization or to carry out very specific analytical tasks. For example, Enterprise Resource Planning (ERP) is an information system used to integrate the management of all internal and external information across an organization. Another example is a geographic information system (GIS), which is used to manage and analyze all types of geographic data. Expert systems are another example of information systems. An expert system is designed to solve complex problems following the reasoning of an expert.
Typical C omponents of Information Systems
Although information systems may differ in the way they are used within an organization, they typically contain the following components:
Hardware: Computer-based information systems use computer hardware, such as processors, monitors, keyboards, and printers.
Software: These are the programs used to organize, process and analyze data. Databases: Information systems work with data, organized in tables and files.
Network: Different elements must be connected to each other, especially if many different people in an organization use the same information system.
Procedures: These describe how specific data is processed and analyzed to obtain the responses for which the information system is designed.
The first four components are part of an organization's general information technology (IT). The procedures, the fifth component, are very specific to the information needed to answer a specific question.
D if different types
The many different types of information systems can be divided into categories based on where they are used in an organization's hierarchy.
Information Systems Hierarchy
Types of Information Systems
Figure 2. Types of Information Systems
How are the different types of information systems identified in an organization?
The different types of information systems that can be found are identified through a classification process. Classification is simply a method by which things can be classified or classified together so that they can be treated as if they were a single unit. There is a long history of classifying things in the natural world as plants or animals, yet information systems are not part of the "natural" world; They are created and acquired by man to face particular tasks and problems. Classifying information systems into different types is a useful technique for designing systems and discussing their application; It is not, however, a fixed definition governed by some natural law. A "type" or category of information system is simply a concept,an abstraction, which has been created as a way to simplify a complex problem by identifying areas of community among different things. One of the oldest and most widely used systems for classifying information systems is known as the pyramid model.
How many different types of Information System are there?
As you can see above, there is no simple answer to this. Depending on how you create your classification, you can find almost any number of different types of information system. However, it is important to remember that there are different types of systems that exist in organizations to deal with the particular problems and tasks found in organizations. Consequently, most attempts to classify information systems into different types are based on how the task and responsibilities are divided within an organization. Since most organizations are hierarchical, the way different classes of information systems are classified tends to follow the hierarchy. This is often described as "the pyramid model",Because the way systems are arranged reflects the nature of the tasks at various different levels in the organization.
A comparison of different types of information systems
Using the four-level model from the previous pyramid, we can now compare how the information systems in our model differ from each other.
- Transaction processing systems
What is a transaction processing system?
Transaction processing systems are operating level systems at the bottom of the pyramid. They are typically operated directly by plant workers or front-line staff, who provide the key data necessary to support the management of operations. Typically, this data is obtained through automated or semi-automatic tracking of low-level activities and basic transactions.
-Functions of a TPS:
TPS are ultimately little more than simple data processing systems.
Order processing systems
Reservation systems
Stock control systems
Payment systems and fund transfers
Produce information for other systems
Transverse limits (internal and external)
Used by operational staff + levels of supervision
Oriented efficiency
- Administrative Information Systems
What is an Administration Information System?
For historical reasons, many of the different types of Information Systems found in business organizations are called "Management Information Systems". However, within the pyramid model, Management Information Systems are management level systems that are used by intermediate managers to help ensure the proper functioning of the organization in the short and medium term. The highly structured information provided by these systems allows managers to evaluate the performance of an organization by comparing current outputs with previous ones.
MIS are based on data provided by TPS
Management information systems (MRS) Personnel systems (HRM)
Based on internal information flows
Support relatively structured decisions
Inflexible and with little analytical capacity
Used by lower and middle management levels
Deal with the past and the present rather than the future
Oriented efficiency
- Decision Support Systems
What is a Decision Support System?
A Decision Support System can be seen as a knowledge-based system, used by senior managers, that facilitates the creation of knowledge and allows its integration into the organization. These systems are often used to analyze existing structured information and allow managers to project the potential effects of their decisions in the future. Such systems are generally interactive and are used to solve structured problems. They offer access to databases, analytical tools, "what if" simulations, and can support information sharing within the organization.
DSS manipulates and builds on information from a MIS and / or TPS to generate ideas and new information.
Group Decision Support Systems (GDSS) Cooperative Computer Supported Work (CSCW) Logistics Systems
Financial planning systems
Spreadsheet templates
Support poorly structured or semi-structured decisions
Have analytical and / or modeling skills Used by the highest management levels They are concerned with predicting the future
They are oriented to effectiveness
- Executive Information Systems
What is an Executive Information System?
Executive Information Systems are strategic level information systems that are located at the top of the Pyramid. They help executives and senior managers analyze the environment in which the organization operates, identify long-term trends and plan appropriate actions. The information in these systems is usually weakly structured and comes from both internal and external sources. Executive Information Systems are designed to be directly operated by executives without the need for intermediaries and easily adapted to the preferences of the individual who uses them.
EIS organizes and presents data and information from external data sources and internal MIS or TPS to support and extend the inherent capabilities of senior executives.
Executive information systems tend to be highly individualized and tend to be customized for a particular group of clients. However, there are several packages, the EIS available on the market and many enterprise level systems offer a customizable EIS module.
They care about ease of use They care about predicting the future They are oriented towards effectiveness
They are very flexible
Support unstructured decisions
Use internal and external data sources
Used only at the highest levels of management
B i bliography
Naumann, F., Shasha, D., & Vossen, G. (2014). Information systems. McGraw-Hill. Yung, J. (2013). Information systems audit. Harvard U.
Download the original file
