Top Management Controls
Chapter 3
Introduction
The hardware & software technology that
supports information systems is constantly
changing.
z How then can an auditor evaluate how
well senior management manages the
information systems function ?
z
Evaluating The Planning Function
z
Types of Plans :
1. A strategic plan
- Current information assessment
- Strategic directions
- Development strategy
2. An operational plan
- Progress report
- Initiatives to be undertaken
- Implementation schedule
Need for a Contingency Approach to
Planning
By McFarlan et al :
Low
Importance of future systems
Low
High
Support
organization
Turnaround
organization
Factory
organization
Strategic
organization
Importance of
Current Systems
High
By Sullivan :
Systems Infusion
Low
High
Low
Traditional
organization
Backbone
organization
High
Federation
organization
Complex
organization
Systems
Diffusion
Role of a Steering Committee
z
z
z
The IS plan is a critical tool needed by the
steering committee to discharge its
responsibilities.
Depending on how critical the IS function is to
the success of the organization.
In the organization where extensive diffusion of
IT has occurred, the organization wide steering
committee should have broad, divisional
representation.
Evaluating The Organizing
Function
Resourcing the information systems
function.
z Staffing the information systems function :
- Personnel acquisition
- Personnel development
- Personnel termination
z
Centralization versus Decentralization
of the Information Systems Function
Three dimensions to centralize (by King):
1. Control
2. Location
3. Function
z The structure of the IS function must be
congruent with the organization/s needs.
z
Internal Organization of The Information
Systems Function
z
Job within the IS function should be well
defined and documented and preserve
separation of duties to the extent possible.
Location of the IS Function :
z The IS function should be located in the
organizational hierarchy so that its
independence is preserved.
Evaluating The Leading Function
Motivating Information Systems Personnel
z Matching Leadership Styles With IS
Personnel and Their Jobs.
z Effectively Communicating With IS
Personnel.
z
Evaluating The Controlling Function
z
Overall Control of The IS Function:
1.
2.
z
How much should the organization be
spending on the IS function ?
Is the organization getting value for money
from its IS function ?
Actual performance should be evaluated
against the long-run and short-run goals
articulated in the plans.
Technology Diffusion and Control of
The IS Function
Data processing
Budget dollars
Stage III
control
Stage I
initiation
Stage II
contagion
Time
Stage IV
integration
Control of Information Systems Activities
The types of IS Standards :
1. Methods standards
2. Performance standards
3. Documentation standards
4. Project control standards
5. Post audit standards
Control over the Users of IS Services
z
The providers of IS services :
1.
2.
3.
4.
z
Cost center
Profit center
Investment center
Hybrid center
Specific transfer price or charge :
1.
2.
3.
4.
5.
Allocated cost
Standard cost
Dual price
Negotiated price
Market price
Some of the factors the management must
consider :
1. Is the organization trying to stimulate
innovation among users of IS services or
constrain consumption of the services ?
2. What level of accountability for
consumption of IS services has been
assigned to users ?
3. What level of maturity has the
organization attained with respect to IS
services ?