Internal control system and management information systems

Abstract

Rapid changes in information technology and managerial practices in many organizations were forcing efficient internal audit as a tool for reducing the total risk. Simultaneously, information has become one of the most valuable assets of the corporation, and must be protected with care and concern, because business continuity and success are heavily dependent upon the integrity and continued availability of critical information. Within this framework of extremely fluid business environment, the objective of this research is to explore the existence and adequacy of internal control system in management information systems. The results point out that internal auditors pay attention to “traditional” risks that are associated with information systems’ security, while they should take into consideration risks and controls associated with the other units, in order to make information system audit’s function more effective, improving thereby the internal audit’s operation.