The Internal Auditor's Role in MIS Development: Internal EDP Auditor
Internal Auditor's Role
The Internal Auditor's Role in MIS Developments
By: Larry E. Rittenberg Charles R. Purdy
The MIS manager in many organizations is encountering a new group concerned with the data processing function — the internal EDP auditor.' These auditors often have a broad role ranging from evaluating data processing controls to reviewing data security and new system developments. However, in many organizations, the auditor's role is not clear. This article integrates the results of our own survey with a review of recent literature in an attempt to explain more precisely the potential internal audit roles in the systems development process. After describing the sample, we review the rationale for audit involvement and the constraints upon such involvement as perceived by the internal auditor. This is followed by a report of our study of design phase auditing activities in 39 large organizations. The boundaries and role of the audit function are simultaneously reviewed in light of these activities. Finally, the, potential contribution to the MIS manager is noted, and recommendations are offered to the MIS manager interested in promoting a constructive working relationship with Internal auditors.'
Abstract
The internal auditor's role during the design phase of an EDP application is unclear in many organizations. This article integrates recent literature with the authors' survey in an attempt to explain more precisely the potential role(s) of the internal auditor in the systems development process. In practice, four roles appear to exist. In the order of their importance, they are: (1) audit of control adequacy, (2) audit of design process, (3) auditor as a user of the application, and (4) auditor participant in the design process. The rank ordering of these roles in practice is explainable in terms of three constraints upon internal audit involvement during the design phase. The identified constraints are those of audit approach, audit
The Internal Auditor's Role in MIS Developments
By: Larry E. Rittenberg Charles R. Purdy
The MIS manager in many organizations is encountering a new group concerned with the data processing function — the internal EDP auditor.' These auditors often have a broad role ranging from evaluating data processing controls to reviewing data security and new system developments. However, in many organizations, the auditor's role is not clear. This article integrates the results of our own survey with a review of recent literature in an attempt to explain more precisely the potential internal audit roles in the systems development process. After describing the sample, we review the rationale for audit involvement and the constraints upon such involvement as perceived by the internal auditor. This is followed by a report of our study of design phase auditing activities in 39 large organizations. The boundaries and role of the audit function are simultaneously reviewed in light of these activities. Finally, the, potential contribution to the MIS manager is noted, and recommendations are offered to the MIS manager interested in promoting a constructive working relationship with Internal auditors.'
Abstract
The internal auditor's role during the design phase of an EDP application is unclear in many organizations. This article integrates recent literature with the authors' survey in an attempt to explain more precisely the potential role(s) of the internal auditor in the systems development process. In practice, four roles appear to exist. In the order of their importance, they are: (1) audit of control adequacy, (2) audit of design process, (3) auditor as a user of the application, and (4) auditor participant in the design process. The rank ordering of these roles in practice is explainable in terms of three constraints upon internal audit involvement during the design phase. The identified constraints are those of audit approach, audit