INTRODUCTION
In the current era, called the information age, it is estimated that in the last five decades more information has been produced than in all previous years, that is, at this time one of the most serious problems that arise in an organization. It is the superinformation that is obtained, all entities depend on the adequate information for their operation (Vega, M., 2006)
It is at this time when the problem is not the lack of information but the time to analyze it, which is why it becomes essential to verify the information that the entities use for the development of their activities.
In this way, the two great challenges that the organizational world faces are: Achieving that no irrelevant information is leaked within the organization and obtaining the greatest amount of important and truthful information.
Accurate information is currently considered a factor in the development of innovation and competitive advantages, when it is managed effectively within an organization, managing to improve its processes and services, generating greater efficiency and increasing returns.
Therefore, if an organization wants to be considered competitive and achieve its permanence in the market, it is necessary to adequately carry out the processes of identification, creation, storage, transmission, and use of knowledge.
INFORMATION WITHIN THE ORGANIZATIONS
To give a good start, it is essential to clarify that information is a basic element for the proper functioning of any company, however, for a long time, managers have not directed their efforts in obtaining and managing relevant information.
The main characteristics of the information are:
- It is difficult to measure, handle, check and manage. It does not suffer wear and tear, it is constantly being updated.
Within any entity, the information is already considered a highly important resource. Properly obtaining information at the right times and in the ideal way is considered information management, which provides methods and tools to contribute practical solutions to information-related problems.
It is necessary to carry out an adequate classification and organization of the information to be able to consider it as a resource, and be useful to the organization, that is, it can be considered as raw material.
We can identify if an information is adequate if it has any of the following characteristics (Vega, M., 2006):
- You can alter any decision You can modify the consequences of a decision You can minimize the uncertainty of the future
When an organization has an adequate information annex system, it tends to increase competitiveness, its innovation processes and the efficiency presented.
The management of information systems has come to position itself as a strategic factor, which, together with the new technologies available, provide an adequate competitive advantage. (Vega, M., 2006)
SECURITY IN INFORMATION SYSTEMS
According to a study carried out in 2008 (Guerrero, M., 2011), the control of information systems has not been adequate due to two major factors, which are.
- Lack of understanding of the risks involved. The managers do not understand the dimension of the security of the information they handle, so they hinder the proper functioning of the strategies used. That the organization does not have an adequate culture, preventing the identification of the risks to which they are exposed. A strategy must be provided that modifies the organizational culture in this regard, permeating the organization with concern for the risks associated with its mismanagement, which generates a state of dissatisfaction in the individual regarding the performance generated, which will lead them to perform activities differently.
Within an organization, it should be emphasized that all the information that is generated and managed within it must have a process of integrity, availability and confidentiality.
When carrying out an adequate analysis of the security of these systems, a report must be prepared specifying the risk that can be identified at each level of the organization, which could cause it and the impact that mismanagement would generate.
Organizations and their collaborators must know the risks related to the information they handle, in order to achieve a sense of belonging with respect to their security policies and their internal regulations. (Guerrero, M., 2011)
AUDITING IN INFORMATION SYSTEMS
When truthful information is properly managed it can prevent problems, provide solutions or alternatives to obtain better results, informational audits provide the certainty that the information handled within organizations is trustworthy and adequate.
The purpose of the audit is to identify and evaluate something, this discipline is directly related to many others such as statistics. Around the world there are different firms in charge of carrying out audits of this nature in organizations, to help them to better internal control, providing as a result a management report, where the areas of opportunity of the organization are pointed out, the benefits and risks that provides the system used, as well as its ability to achieve the stated objectives, at the end of said document, the auditor details the departments that he considers are necessary to audit (in case of being an internal audit) as well as offering proposals that provide benefits to short and medium term
Ducker mentions that the audit is essential to identify the objectives and performance, classifying them as adequate or unproductive. However, among the most important characteristics are:
- Adequate information will be directly related to the entity's objectives and strategies. The information is considered an asset of any entity.
The information audit does not represent only a list of assets of a company, it should be considered as a primary tool to carry out an information management system.
It is important to mention that the information audit does not constitute a legal order, on the contrary it is an initiative of the organizations, since this activity can provide improvements in the internal control of the organization.
The audits that are carried out can be classified as follows:
- Depending on who is addressed
o Internal
o External
- Depending on your reach
o Total
o Partial
- Depending on the mandate
or Voluntary
o Mandatory
- Depending on the object being audited
o Marketing
o Administrative
o Information systems
This type of audits can be considered as a diagnosis that is carried out within a company and can be carried out in various environments, audits can be identified in two areas: Global (also called strategic audit which identifies the elements within the organization) and partial (Also called operational audit, it is carried out in only part of the process).
INTERNAL OR PARTIAL AUDITS
They are carried out within a specific department or area, locating the following classifications:
- Strategic audit of the information service. Verification of internal and external environments as well as the marketing process. Audits of automation levels. Verify technological aspects Procurement audit. Corroborates the proper management of economic resources. Audit of a collection. Analyze the sources, determine the validity of the documents. Security audits of the funds of an information service. Verify the adequate protection of the information provided. (Vega, M., 2006)
STRUCTURE OF AN INFORMATION AUDIT
For the tactics to be used in the development of an organization to be effective, the initial diagnosis of any organization must be taken into account, which must contain the following elements:
- Information resources. A thorough analysis of the resources that the organization has must be made, identifying them, verifying who is responsible for each one of them as well as the information they handle, identifying the people who handle this information and classifying the qualification that the customers provide of them. Guardians and information users. Guardians are those collaborators who guard and provide the information service, while users, as the name implies, are those individuals who require said information to be processed. Information flows and interrelationships. An adequate description must be made of the address that the information takes, that is, who will provide it and to whom it is directed, in addition to corroborating that the sources are reliable.Technologies and information systems. When conducting an audit, it is necessary to identify the means by which the technology will collaborate with the information to make it more effective, whether the method used is the correct one or not, whether it is in a friendly or easily understood environment, whether it can be related to other existing systems.
It will also be necessary to identify who is in charge of acquiring the different technologies, what is the opinion of the users regarding the operation of the system or systems.
- Information cost-benefit ratio. It is an undeniable fact that all resources must bring economic benefits to the organization, and the management of information is not an exception, so an estimate of the costs of the system should be made, making a comparison with the benefits it generates, the factors that will be taken into account are: Costs derived from the equipment and personnel that manage it, savings generated from the adequate disposition of the information including the scope of objectives and dedication of the personnel (Vega, M., 2006)
INFORMATION AUDIT - KNOWLEDGE AUDIT
When an audit of any kind is carried out, the methodology used must be adapted to the requirements of each organization, however there are general classifications.
It is worth mentioning that both the information audit and the knowledge audit will facilitate the implementation of strategies that lead the organization to an adequate development, focusing on the detection of failures (such as duplicate or excessive information, unresolved needs, loss of information derived from lack of training or conservation thereof) and proposing appropriate solutions.
In both processes, activities are carried out aimed at defining the type of organizational environment, that is, data is collected and analyzed, presenting a detailed report at the end.
Among the most prominent methodologies for auditing information are:
- Reynolds Management Information Audit (1980) Riley Methodologies (1975) Anderson Methodologies (1993) Soy I Aumatell Methodology (2003) Stanat Model (1992) Gruber Methodology (1983) Gilliman's Graphical Approach Audits (1985) Methodology de Buchanan & Gibb (1998) Methodology for Orna (1999) Methodology for Henczel (2001)
And within the main methodologies for knowledge audits are:
- Liebowitz Methodology (2000) Hyiton Model (2002) Iazzolino and Pietrantgonio Methodology (2005) Knowledge Management Audit Methodology by Lauer & Tannin (2001) Methodology with emphasis on the key processes of Pérez Soltero (2006) Roberts Model (2008) Burnett's 8-Stage Methodology (2004) Cheung's Methodology (2007)
KEY DIFFERENCES BETWEEN INFORMATION AND KNOWLEDGE AUDITS
In the case of knowledge analysis, measures to corroborate the impact they have on the knowledge management process are generally not described.
Each of the audits intervenes directly with the information / knowledge resources, with the collaborators, etc. Through different techniques for obtaining data and data flows, properly identifying the area where the audit is performed, however, the approaches used to analyze this data are completely different. (Stable, Y., 2012)
BIBLIOGRAPHIC REFERENCES
- Abbey, H. (2012). The Communication Audit: a critical evaluation of the effectiveness of organizational communication in Colombian Universities. Texts & Senses. Retrieved from http://go.galegroup.com.etechconricyt.idm.oclc.org/ps/i.do?p=IFME&u=pu&i d = GALE-A361943019 & v = 2.1 & it = r & sid = summonGuerrero, M. (2011). Review of relevant standards and literature on risk management and controls in information systems. Management Studies. Retrieved from http://go.galegroup.com.etechconricyt.idm.oclc.org/ps/i.do?p=IFME&u=pu&i d = GALE-A301870298 & v = 2.1 & it = r & sid = summonSolano, O. (2004). Information Systems Audit as a control element. Administration notebooks. Retrieved from http://go.galegroup.com.etechconricyt.idm.oclc.org/ps/i.do?p=IFME&u=pu&id = GALE-A243528085 & v = 2.1 & it = r & sid = summon & authCount = 1Stable, Y. (2012). Information and knowledge audit in the organization. University publishing house of the Republic of Cuba. Retrieved from http://go.galegroup.com.etechconricyt.idm.oclc.org/ps/i.do?p=IFME&u=pu&i d = GALE-A337288681 & v = 2.1 & it = r & sid = summonVega, M. (2006). Information audits in organizations. Information sciences. Retrieved from http://go.galegroup.com.etechconricyt.idm.oclc.org/ps/i.do?p=IFME&u=pu&i d = GALE-A176901688 & v = 2.1 & it = r & sid = summonetechconricyt.idm.oclc.org/ps/i.do?p=IFME&u=pu&i d = GALE-A337288681 & v = 2.1 & it = r & sid = summonVega, M. (2006). Information audits in organizations. Information sciences. Retrieved from http://go.galegroup.com.etechconricyt.idm.oclc.org/ps/i.do?p=IFME&u=pu&i d = GALE-A176901688 & v = 2.1 & it = r & sid = summonetechconricyt.idm.oclc.org/ps/i.do?p=IFME&u=pu&i d = GALE-A337288681 & v = 2.1 & it = r & sid = summonVega, M. (2006). Information audits in organizations. Information sciences. Retrieved from http://go.galegroup.com.etechconricyt.idm.oclc.org/ps/i.do?p=IFME&u=pu&i d = GALE-A176901688 & v = 2.1 & it = r & sid = summon
