Contribution of an information audit to an information systems Essay

Contribution of an information audit to an information systems strategy - Essay Example Information audits are useful tools employed by organizations to identify, cost, develop, and rationalize their information resources and services. Also, as the foregoing definition suggests, an important function of information audits is that it yields results that clarify the benefits contributed by the firm’s information services to the overall effort of the organization in the attainment of its goals (Dubois, 1995). While information audits are of primary importance in organizations that deal in information, such as libraries, and archival and database centres, they nevertheless tend to benefit all types of organizations in managing the firm more effectively (Suduc, et al., 2010). There are several benefits to information audits; these include ensuring validity (that information is accurate and complete), diagnostics (identification of strong and weak points), feedback (to see if inputs produce the desired outputs), information (for staff to maximize the benefits of inform ation), and training (for staff members) (Botha & Boon, 2003). Aside from these, one of the most important of which is the enhancement of information systems security. The great amount of information accessible through the current digital communication networks also creates vulnerabilities for the integrity of company information systems, both to attacks from inside and outside the company (Suduc, et al., 2010). In another study, Rosca, et al. (2010) forward the proposition of and information systems audit as cornerstone of corporate IT governance in the context of institutions of higher learning. Information Technology Governance (IT Governance) addresses the concerns of regulators, management and clientele about the proper use of information, most especially personal data. It focuses on IT systems and their performance and risk management. Application of IT audits in the Rosca study served the purpose of identifying, evaluating and managing university risks, in the course of estab lishing the organization’s governance structure. The principles around which IT audit and governance are structured, however, are not limited to the academe but find much relevance in any type of organization that has its own internal IT system. The goals of information audit, particularly in the service of IT governance, are several and varied, but primarily are aimed at (1) assuring the investment in IT generates value, and (2) mitigating the associated risks with IT implementation. More specific objectives that may be identified are: Objectives for IT audit Major objectives To implement prevailing best practices in IT To assess existing controls or introduce common policy and processes, among which are: IT Help desk amalgamation with common support processes PC/Desktop installation and deployment techniques Information security Software licensing Virtualization of desktops, servers and data hosting To configure key parameters for information security To reduce the frequenc y and/or impact of major incidents Important objectives To align IS components and