Review of Efficacy of Management Information System - Review of Internal Control | Auditing and Secretarial Practice - B Com PDF Download

Review of Management Information System

A management information system (MIS) provides information that organizations need to manage themselves efficiently and effectively. MIS is an information system which provides information to the management so that management may take timely decisions. MIS is basically concerned with processing data into information which is then communicated to the various Departments in an organisation for appropriate decision-making. MIS provides several benefits to the business organisation: the means of effective and efficient coordination between Departments; quick and reliable referencing; access to relevant data and documents; improvement in organisational and departmental techniques. Management information system helps companies keep track of its resources and stay organised. MIS allows managers to make different types of reports about the company activities.

The clear starting point in reviewing the Management Information System (MIS) is to understand what it collects, how it works, and how teams can call (or contribute) information using it. There are some basic questions to consider:

– What are the components of the information system?

– Who uses each component?

– What information is available?

– What information is not available?

– How reliable is the information?

– How readily, and how quickly, is it available?

– How hard is it to modify data?

Management Information Systems Review Objectives

1. To determine whether review procedures are necessary to achieve stated objectives.
2. To determine whether MIS policies or practices, processes, objectives, and internal controls are adequate.
3. To evaluate whether MIS applications provide users with timely, accurate, consistent, complete, and relevant information.
4. To assess the types and level of risk associated with MIS and the quality of controls over those risks.
5. To determine whether MIS applications and enhancements to existing systems adequately support corporate goals.
6. To determine whether MIS is being developed in compliance with an approved corporate MIS policy or practice statement.
7. To determine whether management is committed to providing the resources needed to develop the required MIS.
8. To determine if officers are operating according to established guidelines.
9. To evaluate the scope and adequacy of audit activities.
10. To initiate corrective action when policies or practices, processes, objectives, or internal controls are deficient.
11. To determine if any additional work is needed to fulfill the examination strategy of the institution.

Management Information Systems Review Procedures

Review of management information system requires a systematic approach. Following steps are require to be taken for review of MIS system of an organisation

1. Obtain following documents

a. MIS-related audit/compliance reviews?

b. Institution’s formal MIS policies and practices framework/guidelines

c. Board/MIS Committee-related minutes

d. Organization charts detailing MIS responsibility.

2. Study previous MIS review’s findings and management’s response to those findings. Study the deficiencies or strengths pointed out in the reports. On the basis of deficiencies reported, set priorities for review. Study the recommendations provided for resolving MIS deficiencies and management’s responses. Check whether corrective actions have been initiated and/or completed and see follow-up audit activities.

3. Determine any material changes in regard to the five MIS elements i.e. Timeliness, Accuracy, Consistency, Completeness, and Relevance. Review MIS-related policies, practices and processes. See if any changes have been made since the previous review.

4. Review the Internal Control Questionnaire (ICQ) and determine the scope and objectives of the MIS review.

5. Identify each of the functional or product related areas to be reviewed. Provide copies of the MIS review objectives, review procedures and highlight the areas of MIS review that need to be addressed during the review. Aggregate these observations, conclusions, and recommendations for each of the functional areas addressed and incorporate them (as appropriate) into the final MIS review conclusions.

6. For the selected sample of MIS system(s) and as appropriate to support the defined scope, obtain user manual, user training manual/instructions, project plan and related work papers, Sample of MIS output Reports, MIS project development/enhancement work papers.

7. Test for compliance with established policies or practices and processes, and the existence of appropriate internal control measures. Refer to the Internal Control Questionnaire as needed.

8. Identify any area with inadequate supervision and/or undue risk. As required, perform appropriate verification procedures.

9. Select and review samples of ongoing executive reports for the targeted MIS area(s). Determine whether

a. The source of the information collected originates from the expected business area.
b. Users of the information are the appropriate employees or managers within that area of activity.
c. The reports are ultimately distributed to the appropriate users.
d. The flow of these MIS information/reports is consistent with the responsibilities reflected on the area’s official organization chart.

10. Determine the degree to which management and the staff in an area under review use MIS adequately and can support that the MIS being used is appropriate and effective. Discuss the five MIS elements with a senior manager(s) of the respective business unit. Repeat this work step with an employee of the business unit who has experience with the MIS system. Based on management’s self-assessment of the usability of its MIS, identify any planned activities to enhance, modify, or expand these systems.

11. Review minutes of the board of directors or committee(s) representing the MIS target area(s) for a relevant time period. Determine any areas where MIS does not seem to meet the five required elements of MIS. Identify MIS issues for follow up.

12. Request a copy of the development plan for significant MIS-related projects. Review MIS project objectives and determine if they address reported MIS weaknesses and meet business unit plans. Review the project management technique used by management and determine the status of important MIS projects. Sample a significant MIS project(s) and determine whether it follows an approved and implemented development methodology.

13. Select a system and request copies of relevant user instructions. Determine whether the guidelines are meaningful, easy to understand, and current.

14. Determine whether user manuals provide adequate guidelines about complete description of the system, Input instructions, including collection points and times to send updated information, Balancing/ reconciliation instructions, full listing of output reports, including sample formats.

15. To review how information is identified, gathered, merged, manipulated, and presented, obtain a work flow showing data from the point-of-entry, through user processes, to final product. Discuss the area’s MIS process with a representative sample of users and determine if they know where the data is coming from, where it is going, and how it gets there. Identify and note the points where adjustments to data occur. Identify the department staffs who are responsible for the MIS related input data and reports. Determine if preparation and reconciliation processes are sufficient to reasonably ensure integrity of information. Check whether data adjustments are adequately documented.

16. Review the effectiveness of MIS in communication linking executives, appropriate users, and information systems employees. Review the effectiveness of the flow of communication throughout the organization and the documentation of which underlying MIS process supports the area’s management.

17. Determine the adequacy of MIS training including whether training needs are properly identified and prioritized. Check whether training is organized in a formal classroom setting, or on-the-job, or is a combination of both approaches. Check whether training material is provided or not. Check whether any training manual exist or not. Check whether training material adequately covers relevant and current issues.

18. Determine whether established procedures are sufficient to ensure the proper testing of system developments or enhancements. Determine if authorized processes are followed as data is acquired, merged, manipulated, and up-loaded from subsystems.

19. Check if the organization has had recent merger and/or acquisition activity, determine how management at the senior and departmental levels ensure that the resulting MIS supports and includes the five MIS elements. If mergers and acquisitions are frequent, determine whether appropriate policies or practices and procedures have been developed to support such activity from an integrated MIS perspective and the consolidation of MIS systems in a merger still meets the requirements of a quality MIS system.

20. Review the results of your work, summarize your findings and initial conclusions, and discuss issues with an appropriate officer(s):

a. How well risks are controlled.

b. Identify significant control deficiencies.

c. Recommend action to remove deficiencies.

d. Obtain management’s corrective commitments and firm time frames.

21. Prepare a memorandum of your conclusions and supporting findings. Identify suggested follow-up actions, prepare a memorandum and document work programs to facilitate future examinations.