Management audit of information systems

Abstract

Periodic review of the information systems function is necessary to determine if costs are in line with services provided, if the users are satisfied with services, and if computer power is effectively used to meet the demands of management. The purpose of this paper is to propose and introduce a new concept: Management Audit of Information Systems. An audit is defined as an “official” examination or review implying reference to some standard such as Generally Accepted Practice (GAP) as is used by accountants. Since there are no proposed or official standards in information processing, the term review is used instead of audit. As a result, conclusions reached in a review tend to be subjective and reflect the emphasis of the reviewer. A methodology is proposed for performing a standardized review (e.g., audit) of Information Systems with a view toward development of Information Systems Standards which could be adopted and promulgated by an appropriate professional organization. A Management Audit of Information Systems could then be conducted by qualified individuals to determine the extent of compliance with Generally Accepted Practice. © 1989, ACM. All rights reserved.