The amount of information that humans generate today is incredible; In 2010, the CEO of the Google company Eric Schmidt stated that the amount of information produced in two days was the equivalent of all the information that humans had generated since the beginning of humanity, a truly interesting piece of information.
Likewise, in order to give us a better idea of the amount of information we generate and we do not realize, in 2017, with only 1 minute elapsing: 3.5 million searches were generated on Google, 16 million texts were sent from different peripherals, around 750 thousand dollars were spent on internet purchases, 156 million emails were sent, among others.
Since organizations were created as such, they have always needed their most important resource, which is human capital, but for an organization to be able to stay in the market for a long time, be competitive and be able to respond in a timely manner to various problems that are crossed, they need information, a lot of information, and as the amount of data generated per minute could be read previously, there must be a system that allows us to audit that information to know if it is trustworthy or not and that the company can use it with complete confidence.
An organization that knows that the information it possesses and generates is trustworthy, will be able to make accurate sales forecasts, be able to define what will be the next trend among consumers, which marketing campaign will be the best for a certain product, among other things.
Key concepts
To facilitate the reading process on the topic "Audit of the organization's information systems", some definitions will be cited that are considered important for the reader to know:
“It is based on examining some process, mechanism or sector, to see what its performance is. Audits have always been considered as the examination and control of the economic situation of the company, to know what things are going wrong, what things are going well and how it can be improved in any of the key points of the company. " (Emprende Pyme, 2016)
Information system
"It is a set of elements oriented to the treatment and administration of data and information, organized and ready for later use, generated to cover a need or an objective." (Wikipedia, 2018)
"It can be specified as the organized systemic review of information systems in a company, to evaluate the correct handling of controls, security, information, functionality, procedures, policies and standards. In order to issue a professional evaluation of the efficiency of information systems. " (Juan, 2016)
Information system.
An information system (also found as SI) is the group of elements that are intended and interrelated to treat and manage data and information, organize them and later give them a useful use within the organization, whether they were created to attack a need of the company or simply to meet a goal or objective. These elements belong to one of the following classes:
- People Actions carried out by the organization Data generated and collected Resources in general that the organization has, (papers, books, folders, among others)
These activities of collecting and processing data to later return information to them were activities that had to be done by hand practically or although the company was going to use typewriters, but with the arrival of ICTs (Information and Communication Technologies). of Communication), such as the internet or computers, have become systems with computing and communication resources.
When these components are related to each other to process data (includes both manual and automatic processes) and more detailed information is conceived, which will be distributed in the way the organization needs it, depending on the objectives that have been set.
The concept of "information system" is often incorrectly applied as a synonym for a computer information system, since information systems today are mostly made up of computer systems. If we are a little more severe, an information system does not have to be entirely designed with such resources. So we could say that computer information systems are a category that derives from information systems in general.
Parts that make up the Computer Information system
For the information system to work correctly and as expected, it must have some basic elements interacting with each other, which are:
It refers to all the tangible parts (that we can touch) of a computer system, and therefore it will be the physical equipment that we will use to capture, process and save the data that will later become information, (it would be the case of a computer for example).
It is the logical support of a computer system, which is the intangible part (that we cannot touch) that will help us transform and extract the information, of course with the necessary procedures, (it could be a computer program in which we store the information).
They are the representations of certain attributes, which are generated by all the activity both external and internal of the organization.
It is the way in which the organization's computers are connected so that they can share information with each other, streamlining processes and making this information much more useful for all collaborators who require it.
It is the collaborators who will make use of this system, who will take advantage of it, will have it in optimal conditions with their respective maintenance and will carry out audits when necessary.
Information systems are defined by 3 essential parts which are people, the methods to acquire information and ICTs.
Actions that accompany an Information System
Any good information system, regardless of the organization, must be based on 4 main actions, which will generate the information that organizations require for their decision-making, better control of their operations, knowing how to better face the problems that are presented, introduce new marketing campaigns for a certain product, among others. These activities are:
Scheme - Information Systems
Capture or harvest of data as it is being generated, coming from both inside and outside the organization.
As its name implies, it refers to storing the collected information in an organized manner.
Transform that data entry into something that has meaning for the collaborators of the organization who require it.
It transfers the information that has already been processed to the collaborator or collaborators who require it, to give it an appropriate use.
As can be seen in the previous diagram, information systems need a feedback process, which is when the information reaches the collaborator who requires it and he tells the person in charge of the information system what his impressions are regarding the quality of the information. information, delivery time, veracity, among other things, which will serve to improve the entry stage.
Information systems must always be analyzed and valued based on the usefulness they generate, which is deduced in how much it helps a collaborator to increase their performance in the organization or by studying the effectiveness of the information system (if it is easy to understanding, high reliability, flexible, among others), and also the quality of the information it generates (degree of importance, if it is complete or not and if it is delivered when required).
Examples of information systems
According to (Emprende Pyme, 2016) some examples of information systems that we can find in organizations are the following:
The Management Information System is responsible for providing quickly and easily the information required by the management or directors of the organization, about the current situation in which it is.
The Transaction Processing System is used by organizations to store and process information that has to do with their purchases and sales and general operations of the organization. This information will be of vital importance for decision making.
The Decision Support System is an instrument that helps employees make decisions. It resides in the union and analysis of data that add valuable information that will help solve specific issues.
Its purpose is to help senior management to extract essential information to achieve the strategic objectives of the company.
The Group Decision Support System will help to transmit the information between the members of the team, so that they can collaborate as a team and face problems together.
They have the intention of achieving competitive advantages through the use of information technologies, finding advantages or opportunities that the competition does not have.
It has the task of publicizing and selling the products and / or services that the company has, in addition to developing new elements to attract new consumers and retain current ones.
Audit
The audit interpretation is based on the analysis of a process, device or sector, to know what its performance is. The audits have always been appreciated as a kind of examination and inspection of the economic situation of the organization, so that we know what is going wrong, what is going from strength to strength and how we can enhance those points key to the organization. Then, by auditing we can understand that it is to compare the accounts of an organization with a kind of examination to know what the real situation of the organization is and where we have to go from there.
But now there are several parts of a company that can be audited and that general examination does not necessarily have to be carried out. That is to say, the organization has the ability to control a particular sector or an organizational area of which we want to know what its true situation is, to know if what we are doing is right or something needs to be improved.
It is for this reason that we can interpret as an audit the process of recognition or control of any key element of the organization, to understand its real state and know whether to continue like this or implement any improvement.
Objectives of the audit
- Know what is the true and precise situation of the organization in general or of a particular part That future or potential investors feel confident that the organization is conducting its practices Locate scams that are occurring in the organization Correct the legitimacy of products and / or services Find possible technical failures that are being made Analyze whether the organization's way of working is efficient Obtain all the possible information that helps us make a better decision to increase the company's performance.
Importance of the audit
At various stages of their existence, organizations do not sufficiently take into account the need and the value of auditing their sectors. And it is that auditing will give you the opportunity to know what is currently happening, to know if they are doing well, if they are barely meeting the minimum standards, if they will be a resilient organization and will know how to adapt to new markets, in order to have a much bigger picture when making an extremely important decision.
It is vital for the top management of the organization to have reliable and timely information that allows them to study and estimate the possible paths to follow.
Likewise, the control of the organizational administration can be useful to avoid diverse problems as far as legal matter is concerned. There will be times when we are committing mistakes that can be considered as “scams”, which could bring us legal problems such as fines. For example, if our statements do not contain the reality of the organization, if our software does not have active licenses (pirated software), if our equipment no longer meets the minimum specifications for use, among others.
Ways to audit.
With this process you can see the most general and remarkable features of the organization that later will try to go deeper.
The analysis is based on the union of different parts on the same account, from which we can deduce two classes:
- Analysis of movements Analysis of balances
Required information will be obtained through interviews or talks with the organization's collaborators.
It is based on forging statements obtained through research.
It resides in verifying the events of the organization against its official documentation.
This form of auditing is based on physically checking if some supplies, elements, products, documents, among others, are actually in stock.
As its name implies, it will be confirmed that the data stipulated in the accounting records are true and that they agree with what the auditor has seen.
It resides in appreciating by sight various situations and events to corroborate that the stipulated standards are being met. It goes very hand in hand with the production processes.
Information systems audits.
Information systems audits can be interpreted as the process of studying the organization's information systems, in order to deliver a result on their performance and utility for the company.
To achieve this, it is necessary to analyze the information that the organization has, its way of using it, how it is distributed, the way it is processed and the technologies they have.
Information systems audits can in turn be interpreted as:
- A tool that aims to assess the information that the company has in different aspects, a tool that will allow us to determine how positive the business is carried out within the company with the information that is available.
IS audits are necessary for any company, regardless of its main economic activity, since it is an activity that will help it improve the information management issue, something that every organization needs if it wants to continue to feel competitive with respect to your competitors.
Main objectives of the information systems audit.
According to (Ahumada, 2016) the main objectives that the information systems audit should pursue are the following:
- Verify all the information that the company has, whether it is in physical media such as papers, documents or folders, in electronic media such as computer databases and even in the minds of the collaborators. is available to employees who require it for decision-making Audit employees in charge of information management to achieve the goals set The way in which information is used within the organization The tools and processes that are used to be able to use the information.
The audit should also be able to give us an answer to the following:
- The purpose of the use of the information The potential users and consumers In what conditions are the information systems of the organization and if they help to achieve the objectives set If the distribution channels of the information are adequate. How it is used How it is administered and managed Who determines what kind of information is important and what is the price for its control.
Decisions that are made based on the audit.
Once the information systems audit has been carried out, it will allow us to make a variety of decisions around the situation that was found in the organization, some of these decisions are:
- Define an information management and control policy and establish a new service that allows us to concentrate the information Define an adequate strategy that allows the organization to have good control and use of its information Establish the organizational strategy that corresponds to the management of Use if you don't have it yet or improve if you already have an intranet.
Thesis proposal.
Develop a methodology that allows auditing the information systems of the hospitals in the Córdoba - Orizaba area.
Objective.
Ensure that the information that the hospital collaborators have is adequate and is kept in a timely manner, to avoid any inconvenience with a patient.
Thanks.
I thank my family, for giving me all the support and the drive to continue day by day, to the Technological Institute of Orizaba for opening its doors to me and allowing me to continue my studies with the Master in Administrative Engineering and Doctor Fernando Aguirre y Hernández for motivating me with their Knowledge in the Administrative Engineering Foundations seminar to carry out each of the assigned articles.
Conclusion.
Information systems are a vital part for any organization, no matter what its line of business, as it will give them the ability to transform both external and internal data into valuable information for decision-making that has to be made. But, like any element that the organization has, it is not exempt from having problems, so they must be audited every certain period of time to be able to find these problems or find an opportunity that can be exploited to increase competitiveness. of the organization.
Each organization can carry out the audits depending on how their systems are, but it must always be borne in mind that not only their electronic media (such as computers, internet, databases, among others) have to be audited but also those that have physical as in folders, documents and those that your collaborators have in their minds.
Bibliography.
Ahumada, AM (April 7, 2016). Gestiopolis. Obtained from
AUMATELL, CS (2012). INFORMATION AUDIT. Catalonia: UOC.
Dangel, AD (February 24, 2010). Ecolink. Obtained from
Start SMEs. (2016). emprendepyme.net. Retrieved from
Start SMEs. (2016). emprendepyme.net. Obtained from
García, MV (2006). Information audits in organizations. Information Sciences, 3-14.
Institute of Nutrition of Central America and Panama. (2018). INCAP. Obtained from
Juan, RP (November 17, 2016). Gestiopolis. Obtained from
Wikipedia. (May 2, 2018). Wikipedia, the free encyclopedia. Obtained from
Wikipedia. (February 22, 2018). Wikipedia, the free encyclopedia. Obtained from
“It is a computer network that uses Internet protocol technology to share information, operating systems or computing services within an organization. It is usually internal, rather than public like the internet, so only members of that organization have access to it. " (Wikipedia, 2018).
