B Com Exam  >  B Com Notes  >  Auditing and Secretarial Practice  >  Review of Efficacy of Management Information System - Review of Internal Control

Review of Efficacy of Management Information System - Review of Internal Control | Auditing and Secretarial Practice - B Com PDF Download

Review of Management Information System

A management information system (MIS) provides information that organizations need to manage themselves efficiently and effectively. MIS is an information system which provides information to the management so that management may take timely decisions. MIS is basically concerned with processing data into information which is then communicated to the various Departments in an organisation for appropriate decision-making. MIS provides several benefits to the business organisation: the means of effective and efficient coordination between Departments; quick and reliable referencing; access to relevant data and documents; improvement in organisational and departmental techniques. Management information system helps companies keep track of its resources and stay organised. MIS allows managers to make different types of reports about the company activities.

The clear starting point in reviewing the Management Information System (MIS) is to understand what it collects, how it works, and how teams can call (or contribute) information using it. There are some basic questions to consider:

– What are the components of the information system?

– Who uses each component?

– What information is available?

– What information is not available?

– How reliable is the information?

– How readily, and how quickly, is it available?

– How hard is it to modify data?

Management Information Systems Review Objectives

  1. To determine whether review procedures are necessary to achieve stated objectives.
  2. To determine whether MIS policies or practices, processes, objectives, and internal controls are adequate.
  3. To evaluate whether MIS applications provide users with timely, accurate, consistent, complete, and relevant information.
  4. To assess the types and level of risk associated with MIS and the quality of controls over those risks.
  5. To determine whether MIS applications and enhancements to existing systems adequately support corporate goals.
  6. To determine whether MIS is being developed in compliance with an approved corporate MIS policy or practice statement.
  7. To determine whether management is committed to providing the resources needed to develop the required MIS.
  8. To determine if officers are operating according to established guidelines.
  9. To evaluate the scope and adequacy of audit activities.
  10. To initiate corrective action when policies or practices, processes, objectives, or internal controls are deficient.
  11. To determine if any additional work is needed to fulfill the examination strategy of the institution.

Management Information Systems Review Procedures

Review of management information system requires a systematic approach. Following steps are require to be taken for review of MIS system of an organisation

1. Obtain following documents

a. MIS-related audit/compliance reviews?

b. Institution’s formal MIS policies and practices framework/guidelines

c. Board/MIS Committee-related minutes

d. Organization charts detailing MIS responsibility.

2. Study previous MIS review’s findings and management’s response to those findings. Study the deficiencies or strengths pointed out in the reports. On the basis of deficiencies reported, set priorities for review. Study the recommendations provided for resolving MIS deficiencies and management’s responses. Check whether corrective actions have been initiated and/or completed and see follow-up audit activities.

3. Determine any material changes in regard to the five MIS elements i.e. Timeliness, Accuracy, Consistency, Completeness, and Relevance. Review MIS-related policies, practices and processes. See if any changes have been made since the previous review.

4. Review the Internal Control Questionnaire (ICQ) and determine the scope and objectives of the MIS review.

5. Identify each of the functional or product related areas to be reviewed. Provide copies of the MIS review objectives, review procedures and highlight the areas of MIS review that need to be addressed during the review. Aggregate these observations, conclusions, and recommendations for each of the functional areas addressed and incorporate them (as appropriate) into the final MIS review conclusions.

6. For the selected sample of MIS system(s) and as appropriate to support the defined scope, obtain user manual, user training manual/instructions, project plan and related work papers, Sample of MIS output Reports, MIS project development/enhancement work papers.

7. Test for compliance with established policies or practices and processes, and the existence of appropriate internal control measures. Refer to the Internal Control Questionnaire as needed.

8. Identify any area with inadequate supervision and/or undue risk. As required, perform appropriate verification procedures.

9. Select and review samples of ongoing executive reports for the targeted MIS area(s). Determine whether

a. The source of the information collected originates from the expected business area.
b. Users of the information are the appropriate employees or managers within that area of activity.
c. The reports are ultimately distributed to the appropriate users.
d. The flow of these MIS information/reports is consistent with the responsibilities reflected on the area’s official organization chart.

10. Determine the degree to which management and the staff in an area under review use MIS adequately and can support that the MIS being used is appropriate and effective. Discuss the five MIS elements with a senior manager(s) of the respective business unit. Repeat this work step with an employee of the business unit who has experience with the MIS system. Based on management’s self-assessment of the usability of its MIS, identify any planned activities to enhance, modify, or expand these systems.

11. Review minutes of the board of directors or committee(s) representing the MIS target area(s) for a relevant time period. Determine any areas where MIS does not seem to meet the five required elements of MIS. Identify MIS issues for follow up.

12. Request a copy of the development plan for significant MIS-related projects. Review MIS project objectives and determine if they address reported MIS weaknesses and meet business unit plans. Review the project management technique used by management and determine the status of important MIS projects. Sample a significant MIS project(s) and determine whether it follows an approved and implemented development methodology.

13. Select a system and request copies of relevant user instructions. Determine whether the guidelines are meaningful, easy to understand, and current.

14. Determine whether user manuals provide adequate guidelines about complete description of the system, Input instructions, including collection points and times to send updated information, Balancing/ reconciliation instructions, full listing of output reports, including sample formats.

15. To review how information is identified, gathered, merged, manipulated, and presented, obtain a work flow showing data from the point-of-entry, through user processes, to final product. Discuss the area’s MIS process with a representative sample of users and determine if they know where the data is coming from, where it is going, and how it gets there. Identify and note the points where adjustments to data occur. Identify the department staffs who are responsible for the MIS related input data and reports. Determine if preparation and reconciliation processes are sufficient to reasonably ensure integrity of information. Check whether data adjustments are adequately documented.

16. Review the effectiveness of MIS in communication linking executives, appropriate users, and information systems employees. Review the effectiveness of the flow of communication throughout the organization and the documentation of which underlying MIS process supports the area’s management.

17. Determine the adequacy of MIS training including whether training needs are properly identified and prioritized. Check whether training is organized in a formal classroom setting, or on-the-job, or is a combination of both approaches. Check whether training material is provided or not. Check whether any training manual exist or not. Check whether training material adequately covers relevant and current issues.

18. Determine whether established procedures are sufficient to ensure the proper testing of system developments or enhancements. Determine if authorized processes are followed as data is acquired, merged, manipulated, and up-loaded from subsystems.

19. Check if the organization has had recent merger and/or acquisition activity, determine how management at the senior and departmental levels ensure that the resulting MIS supports and includes the five MIS elements. If mergers and acquisitions are frequent, determine whether appropriate policies or practices and procedures have been developed to support such activity from an integrated MIS perspective and the consolidation of MIS systems in a merger still meets the requirements of a quality MIS system.

20. Review the results of your work, summarize your findings and initial conclusions, and discuss issues with an appropriate officer(s):

a. How well risks are controlled.

b. Identify significant control deficiencies.

c. Recommend action to remove deficiencies.

d. Obtain management’s corrective commitments and firm time frames.

21. Prepare a memorandum of your conclusions and supporting findings. Identify suggested follow-up actions, prepare a memorandum and document work programs to facilitate future examinations.

The document Review of Efficacy of Management Information System - Review of Internal Control | Auditing and Secretarial Practice - B Com is a part of the B Com Course Auditing and Secretarial Practice.
All you need of B Com at this link: B Com
55 videos|53 docs|24 tests

FAQs on Review of Efficacy of Management Information System - Review of Internal Control - Auditing and Secretarial Practice - B Com

1. What is the purpose of a Management Information System (MIS)?
Ans. A Management Information System (MIS) is a computer-based system that collects, processes, stores, and disseminates information to support decision-making within an organization. Its purpose is to provide management with accurate and timely information to make informed decisions, enhance operational efficiency, and achieve organizational goals.
2. What are the key components of a Management Information System (MIS)?
Ans. The key components of a Management Information System (MIS) include data input, data processing, data storage, data output, and feedback. Data input involves collecting and entering raw data into the system. Data processing involves transforming and manipulating the data to generate meaningful information. Data storage involves storing the processed data for future use. Data output involves presenting the information to the users in a usable format. Feedback involves evaluating the system's performance and making necessary improvements.
3. How does a Management Information System (MIS) enhance internal control?
Ans. A Management Information System (MIS) enhances internal control by providing accurate and timely information that helps in monitoring and controlling organizational activities. It allows management to track and analyze operations, detect anomalies or deviations from established controls, and take corrective actions. MIS also facilitates the implementation of segregation of duties, access controls, and other internal control measures to prevent fraud, errors, and unauthorized activities.
4. What are the potential risks associated with a Management Information System (MIS)?
Ans. Potential risks associated with a Management Information System (MIS) include data breaches, unauthorized access, data corruption, system failures, and inadequate data quality. These risks can lead to loss of confidential information, disruption of operations, financial losses, and damage to the organization's reputation. To mitigate these risks, organizations should implement strong security measures, backup and recovery procedures, data validation processes, and regular system audits.
5. How can organizations ensure the effectiveness of their Management Information System (MIS)?
Ans. Organizations can ensure the effectiveness of their Management Information System (MIS) by conducting periodic reviews and evaluations. This includes assessing the system's performance, identifying any weaknesses or areas for improvement, and implementing necessary changes. Organizations should also provide training to employees to ensure proper utilization of the system and adherence to internal control procedures. Regular monitoring and testing of the MIS's functionality and security measures are also essential to maintain its effectiveness.
55 videos|53 docs|24 tests
Download as PDF
Explore Courses for B Com exam
Signup for Free!
Signup to see your scores go up within 7 days! Learn & Practice with 1000+ FREE Notes, Videos & Tests.
10M+ students study on EduRev
Related Searches

Extra Questions

,

Important questions

,

Previous Year Questions with Solutions

,

practice quizzes

,

Review of Efficacy of Management Information System - Review of Internal Control | Auditing and Secretarial Practice - B Com

,

Review of Efficacy of Management Information System - Review of Internal Control | Auditing and Secretarial Practice - B Com

,

mock tests for examination

,

pdf

,

Sample Paper

,

ppt

,

Objective type Questions

,

shortcuts and tricks

,

Free

,

Review of Efficacy of Management Information System - Review of Internal Control | Auditing and Secretarial Practice - B Com

,

study material

,

Exam

,

Summary

,

video lectures

,

Semester Notes

,

past year papers

,

Viva Questions

,

MCQs

;