Top Management Control Functions for Information Systems in Small and Medium Enterprises



Similar documents
Functional Area 3. Skill Level 301: Applications Systems Analysis and Programming Supervisor (Mercer 1998 Job 011)

Practitioner Certificate Software Asset Management Syllabus. Version 2.0

Fundamentals of Information Systems, Seventh Edition

INFORMATION TECHNOLOGY CONTROLS

Please Note: Temporary Graduate 485 skills assessments applicants should only apply for ANZSCO codes listed in the Skilled Occupation List above.

Development, Acquisition, Implementation, and Maintenance of Application Systems

Certified Information Systems Auditor (CISA)

Chapter. Developing Business / IT Strategies. Copyright 2008, The McGraw-Hill Companies, Inc. All rights reserved.

Exhibit F. VA CAI - Staff Aug Job Titles and Descriptions Effective 2015

Fundamentals of Information Systems, Fifth Edition. Chapter 1 An Introduction to Information Systems in Organizations

Internal Audit. Audit of HRIS: A Human Resources Management Enabler

Domain 5 Information Security Governance and Risk Management

Appendix A-2 Generic Job Titles for respective categories

Functional Area 1. Skill Level 101 : Information Systems Administration and Planning Manager (Mercer 1998 Job 006)

User experience prototype requirements PROJECT MANAGEMENT PLAN

The Role of Market Analysis in Developing Efficient Marketing Audit

Planning an ERP Implementation Small and Medium Enterprises

Strategic Marketing Planning Audit

IT Infrastructure, Strategy, and Charter Template: ISO Series Compliant - SOX, HIPAA and PCI-DSS Compliant

IT - General Controls Questionnaire

A. Waterfall Model - Requirement Analysis. System & Software Design. Implementation & Unit Testing. Integration & System Testing.

Page 1 of 5. IS 335: Information Technology in Business Lecture Outline Computer Technology: Your Need to Know

PROCURE-TO-PAY AUTOMATION SYSTEM

Performance Audit of the San Diego Convention Center s Information Technology Infrastructure JULY 2012

BENEFITS DERIVED BY SMEs THROUGH IMPLEMENTATION OF TQM

University of Central Florida Class Specification Administrative and Professional. Web Operations Manager

Domain 1 The Process of Auditing Information Systems

INTERNATIONAL JOURNAL OF ENGINEERING SCIENCES & RESEARCH TECHNOLOGY

Compliance Services CONSULTING. Gap Analysis. Internal Audit

1 INTRODUCTION TO SYSTEM ANALYSIS AND DESIGN

SAS System and SAS Program Validation Techniques Sy Truong, Meta-Xceed, Inc., San Jose, CA

B.Sc (Computer Science) Database Management Systems UNIT-V

CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS

Knowledge Base Data Warehouse Methodology

CLASS SPECIFICATION. Business Intelligence Supervisor

A SYSTEM DEVELOPMENT METHODOLOGY FOR ERP SYSTEM IN SMEs OF MALAYSIAN MANUFACTURING SECTORS

ADMINISTRATIVE SUPPORT AND CLERICAL OCCUPATIONS SIN 736 1

Information Technology Specialist - Band A. Class Specifications Demonstration Project

Chapter 13 BUILDING INFORMATION SYSTEMS. How does building new systems produce organizational change?

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 14 Risk Mitigation

Information Technology Specialists, #39110 Occupational Family: Engineering and Technology Pay Band Range: 4-8. Concept of Work

Main Reference : Hall, James A Information Technology Auditing and Assurance, 3 rd Edition, Florida, USA : Auerbach Publications

Carnegie Mellon University Master of Science in Information Technology Software Engineering (MSIT-SE) MSIT Project (17-677) Approval Form

Fundamentals of Information Systems, Fifth Edition. Chapter 8 Systems Development

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

Richmond Police Department Police Records Management System (PISTOL) 12 Months ended December 31, 2011

LDAP Authentication Configuration Appendix

Chapter 1 Exercises. 1. Why would a systems analyst have to act as a translator? What groups might be involved?

Walden University s Guide for Information Systems and

4 Testing General and Automated Controls

Software Configuration Management Plan

Business Analysis Standardization & Maturity

Information Technology Series Information Technology Consultant 1

Project Management Fact Sheet:

International Journal of Management and Social Science Research Review, Vol.1, Issue.2, Aug Page 46

Sound Transit Internal Audit Report - No

Information Technology Auditing for Non-IT Specialist

Auditing in an Automated Environment: Appendix C: Computer Operations

Human Resource Management System

Information Systems and Tech (IST)

DOJ SPECIFIED LABOR CATEGORIES

Presentation. Dear Reader:

System/Data Requirements Definition Analysis and Design

The Information Systems Audit

8. Master Test Plan (MTP)

Recent Advances in Automatic Control, Information and Communications

Cisco Change Management: Best Practices White Paper

7 things to ask when upgrading your ERP solution

IMPACT OF JOB CHARACTERISTICS ON JOB SATISFACTION AMONG ERP SYSTEM USERS

Expert System and Knowledge Management for Software Developer in Software Companies

Fixed Scope Offering for. Oracle Taleo EE Saas Implementation

MIS S S t S ru r ct u ur u e r & & Pl P a l nn n i n n i g

APPENDIX E ISU ERP PROJECT REVIEW REPORT

ASPECTS OF SELECTING AN ERP SYSTEM FOR AGRIFOOD AND AGRITOURISM STUDENTS TRAINING

California Department of Mental Health Information Technology Attention: MHSA-IT th Street, Room 141 Sacramento, CA 95814

JOURNAL OF OBJECT TECHNOLOGY

TIBCO Spotfire and S+ Product Family

CHANGE MANAGEMENT PRINCIPLES AND PRACTICES IN ORGANISATION

The Role of Different Types of Information Systems In Business Organizations : A Review

Existing Technologies and Data Governance

Special Item No Information Technology Professional Services. Government Site GSA Rate Effective March 6, 2015

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

IJMIE Volume 2, Issue 8 ISSN:

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Office of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget

HKITPC Competency Definition

ANALYSIS OF WEB-BASED APPLICATIONS FOR EXPERT SYSTEM

BADM 590 IT Governance, Information Trust, and Risk Management

ITIL: What is it? How does ITIL link to COBIT and ISO 17799?

E-HUMAN RESOURCE MANAGEMENT IN LIBRARY AND INFORMATION CENTRE.

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

HUMAN RESOURCE INFORMATION SYSTEM BASICS & RECENT TRENDS

Master Document Audit Program

Project Management Plan for

Efficiency Criteria in Software Project Management

Case Study: Factors in Defining the Nurse Informatics Specialist Role

Systems Development Life Cycle (SDLC)

BANK OF UGANDA VACANCIES IN MANAGEMENT INFORMATION SYSTEMS DEPARTMENT

Dallas IIA Chapter / ISACA N. Texas Chapter. January 7, 2010

Polish Agency for Enterprise Development

Transcription:

Informatica Economică vol. 13, no. 4/2009 109 Top Management Control Functions for Information Systems in Small and Medium Enterprises Uma VIJAYAKUMAR Practicing Chartered Accountant, Tiruchirappalli & Research Scholar, Research & Development Centre, Bharathiar University, Coimbatore, India uma_vvk_66@yahoo.co.in This paper analyzes the Top Management Control functions for Information Systems (IS) in Small and Medium Enterprises (SMEs). SMEs extensively rely on information technology resources to enhance their competence in today s global economy. They should have adequate top management control mechanisms in place for their efficient functioning. Top Management Controls determine how effectively the senior management manages the IS functions in a SME. The major tasks at this level consist of Planning, Organizing, Leading and Controlling functions. A brief introduction to SMEs is given at the beginning followed by the different categories of Top Management Controls. The final section highlights on some good practices to be followed by Top Management to realize the vision for the IS project in SMEs. Keywords: Charge-Out, Information Systems, IS Plan, Small and Medium Enterprise, Top Management Controls, Zero Based Budgeting 1 Introduction An enterprise is an entity engaged in an economic activity. Enterprises can be classified as Micro, Small, and Medium and large based on labor employed, capital turnover and balance sheet [5]. Small and Medium Enterprises (SMEs) play a vital role in the world economy. They contribute to the provision of new jobs and sustaining employment growth rates. They also participate effectively in creating stable economic structure, since their activities are extended to all major sectors. According to European Commission s definition, small enterprises have 10-49 employees whereas medium enterprises with 50-250 employees [5]. The SMEs in the modern business environment extensively make use of Computer-based Information Systems and Information Technology Resources in their day-to-day operations. An Information System [3] uses people, hardware, software, data and network resources to perform input, processing, output, storage and control activities that transform data resources into information products. People resources include information systems specialists and users. Hardware resources include machines and media used in information processing. Software resources include programs and procedures for people to follow. The data resources can be typically product descriptions, customer records & student databases and are encoded in ASCII (American Standard Code for Information Interchange), image, video, audio and other forms of data. The information products can take a variety of forms, including reports, visual displays, multimedia documents, electronic messages, graphic images and audio responses. Top Management Controls determine how effectively the senior management manages the IS (Information System) functions in a SME. The major tasks at this level consist of Planning, Organizing, Leading and Controlling functions. The present work focuses on top management control functions for information systems in small and medium enterprises to ensure their reliable functioning. 2 Objectives and Motivation The present work is intended to meet the following objectives:

110 Informatica Economică vol. 13, no. 4/2009 - Examine the various categories of Top Management Controls in planning, organizing, leading and controlling functions; - Specify some good practices to be followed by Top Management to realize the vision for the IS project in SMEs. SMEs extensively rely on information technology resources to enhance their competence in today s global economy. There exists a strong requirement to exercise adequate Top Management Controls to achieve the goals that have been established for the IS project in SMEs. The present work is motivated by the increasing importance of Top Management Controls for Information Systems in SMEs. 3 Problem Description The present work analyzes the key functions of Top Management Controls in SMEs. The SMEs considered in this paper have been drawn from selected computer firms, access control and security companies, manufacturing segment, consultancy organizations, trading and construction companies in India and United Arab Emirates. 4 Related Work The two popular methodologies for organizational planning used in business today include Scenario Approach & Planning for Competitive Advantage. In the Scenario Approach [3] to strategic IS Planning, teams of business and IS managers create and evaluate a variety of business scenarios. They make assumptions on what a business will be like in the next three to five years and the role that IT (Information Technology) can play in the future scenarios. Alternative scenarios are created by the teams, based on combining a variety of developments, trends and environmental factors such as political, social, business and technological changes that might occur. This will help greatly in business / IS planning. Planning for Competitive Advantage [3] is important in today s competitive business scenario and complex IT environment. The business / IS planning in this approach involves an evaluation of the potential benefits and risks a company faces when using IT based strategies and technologies for competitive advantage. The present day computers form part of a vast computer network in a wider area. Organizations are required to closely monitor the hardware and software configuration of all systems regularly and this is possible only by means of adequate audit and control processes [8]. The successful deployment of Information Systems creates value for the organization. The control processes should be deployed in acquisition, implementation, operation and upgrade of IS [4]. ISACA (Information Systems Audit & Control Association) and ITGI (Information Technology Governance Institute) have proposed an Audit-Oriented set of guidelines named COBIT (Control Objectives for Information and related Technology) for IT processes, practices and controls [1], [2]. It acts as a good checklist for IT. The main limitations of COBIT are that it does not deal directly with software development or IT services. The present work focuses on the key functions of Top Management Controls in SMEs. The controls can be applied at planning, organizing, leading and controlling functions. Fig. 1. Categories of Top Management Controls

Informatica Economică vol. 13, no. 4/2009 111 5 Top Management Controls Top Management Controls determine how effectively the senior management manages the IS functions in a SME. The major tasks at this level consist of Planning, Organizing, Leading and Controlling functions. Figure 1 shows the various categories of Controls relating to top management. A steering committee comprising of IS auditor, senior IS personnel and senior users can be formed to take overall responsibility for the activities of the IS function in SMEs. 5.1 Evaluate the Planning Function The planning function determines the goals of IS functions and the means of achieving these goals. The steering committee can refer the IS plan (strategic & operational) while discharging its responsibilities. The controls for the planning function are shown in table 1. Table 1. Controls for the Planning function Type of Control Description Activities Evaluate the present computer systems configuration, IS personnel hierarchy, Assess Current SWOT (Strengths, Weaknesses, IS. Opportunities and Threats) analysis on IS. Assess Strategic Identify the services proposed for future Directions. IS and overall strategies for intra and 1. Evaluation of IS Strategic Plan [6]. (long term plan covering the next 3 to 5 years of operations) 2. Evaluation of IS Operational Plan [6]. (short term plan covering the next 1 to 3 years of operations) 3. Assess the level of implementation of IS. Assess Development Strategy. Progress Report. Initiatives to be taken up. Implementation Schedule. Infusion [7]. Diffusion [7]. inter organizational IS. Examine the vision statement for IS and future requirements for the following entities: application systems, databases, computer systems configuration, IT personnel and financial resources. Evaluate the approach to monitoring the implementation of the development strategy. Assess the extent to which the current plan initiatives are achieved and missed, major hardware/software platform changes and additional initiatives embarked upon. Identify the scope for new application systems, adaptation to new technologies for computer systems and plan for personnel & financial resources. Examine the proposed start and finish dates for each IS project, milestones and project control procedures to be followed. Examine the extent to which IS is integrated into day-to-day operations in SME. Examine the extent to which IS has been dispersed throughout the SME.

112 Informatica Economică vol. 13, no. 4/2009 5.2 Evaluate the Organizing Function The Organizing function involves gathering, allocating and coordinating resources needed to accomplish the goals in an organization. This will involve establishment of controls over acquisition, development & termination of staff. An IS auditor should examine the organizational structure for the IS personnel and ensure the following: - Responsibilities of each job position must be clear. - The jobs performed within IS function should preserve separation of duties. Figure 2 shows the organizational structure of IS department proposed for a typical SME. Table 2 lists the job responsibilities of IS personnel. Fig. 2. Organizational Structure of IS department proposed for a typical SME Job Title IS Manager System Analyst Database Administrator System / Network Administrator IS Auditor End User Support Specialist Programmer Data Entry Operator Librarian Administrative Support Clerk Table 2. Job responsibilities of IS personnel Position Description Overall in-charge of IS activities. Manages IS functions related to purchase, development, operations and maintenance. Analysis and Design tasks for new and existing applications. Creation, Maintenance and Granting Access Control of corporate databases. Manages users, devices and local area network and internet. Implements physical and logical security for IS assets. Regular Audit pertaining to system activities and periodic checking of control & security mechanisms in IS. Advises end-users on analysis, design and implementation of systems. Impart user training & provide support for end-user tools. Develops, tests, debugs, documents and maintains programs for user applications. Entry, verification, validation and updating of data in a database. Maintains a library of computer storage media, user and technical documents, books & magazines related to IS. Acquires consumables needed by IS function, maintains and operates transfer pricing system, manages user queries, arranges and distribute reports and works on accounting software. The controls for the organizing function are shown in Table 3.

Informatica Economică vol. 13, no. 4/2009 113 Organizing Function Acquisition of Staff. Personnel Development. Personnel Termination. (voluntary or involuntary) Table 3. Controls for the Organizing function Control Activity Checking of Resumes, References, Skill Sets and Educational Qualifications. Screening applicants for physical & mental health. Orientation on IS policies and procedures. Determine the job requirements as per IS plan. Conduct staff reviews on regular basis covering the following aspects: 1) Promotion Policy. 2) Employee s self-development (sponsoring the employee for higher education and short-term courses / seminars / conferences in IS related topics. 3) IS personnel s strengths and weaknesses. 1. Identify the reasons/problems for leaving and take corrective measures, if required. 2. Recover Keys and ID badges. 3. Close down Login & Password. 4. Modify Distribution List. 5. Check for return of all reports, books and documents by employee. 6. Check for return of equipments. 7. Arrange for handing over of the assigned IS tasks to replacement employee. 8. In the case of disgruntled employees, do not assign critical tasks and arrange for early relieving. 5.3 Evaluate the Leading Function Leading is a complex management function designed to influence the behavior of an individual or group. The process of leading requires managers to motivate subordinates, direct them and communicate with them. An IS auditor should evaluate how well top management performs the leading function by examining the following factors: - Staff turnover statistics. - Check if the projects related application systems meet their budget. - Absenteeism levels in complex projects. IS auditor can perform the following actions: - Assess IS plan; - Go through documented standards, policies, minutes of meetings & memoranda distributed to IS staff; - Conduct interviews with IS staff about their level of satisfaction with the ways top management communicate their messages; - Assess the cooperation and general awareness of IS among the project group members. 5.4 Evaluate the Controlling Function The controlling function involves the act of determining the deviation between actual and planned activities of the IS function. An IS auditor should assess the strategic & operational plans and see evidence that the IS function has resulted in operational efficiency in SMEs. When new information technologies are introduced into an organization, managers can apply moderate controls to foster innovation and diffusion of the technologies. When the technologies have matured, greater control can be enforced. IS auditor should examine the IS policies and standards followed in a SME. The IS policies specify the following general guidelines for behavior:

114 Informatica Economică vol. 13, no. 4/2009 - The nature of work that can be undertaken by IS team. - The type of computer hardware and software that can be purchased to ensure compatibility among systems. The IS standards enforce specific guidelines for behavior and are shown in table 4. Type of Standard Methods Performance Documentation Project-Control Post-Audit Table 4. IS standards for a typical SME Description Establish practices and procedures to govern Analysis, Design, Programming, Testing & Implementation activities of IS. Expect reasonably good response time for online applications and the expected time for testing the application programs. Documentation for software development and user operations. Specify the major checkpoints at which reviews and sign-offs must be undertaken and the variance-monitoring procedures to be adopted. Makeup of the review team and its activities & the form of the final report that must be prepared. IS auditor can evaluate the top management s choice of the means of control over the users of IS services. This includes mechanisms such as zero-based budgeting [6] and chargeout [6] scheme. Zero-based budgeting refers to the identification of users requests for IS services and assigning priorities to users requests. The first step here is to reduce all IS activities to a zero base. Next, all IS activities are identified and structured into sequentially dependent incremental service levels. For each service level, estimates must be made of the expected benefits and resource consumption. The review committee assigns the priorities for IS activities at each service level. Cumulative resource consumption can then be calculated. Depending on the funding available for IS services, the activities are chosen in the order of their priorities, at each service level. The charge-out is based on number of transactions processed / number of report pages generated for each user, availing the IS service. 6 Good Practices This section deals with some of the good practices that the top management can follow in realizing the vision for the IS project in SMEs: - Define the purposes of IS project, what it intends to solve / improve. - Build up a strong management team with leadership skill and commitment to IS plan. - Provide training for management team and staff in IS related skills. - Establish good communication with the staff on IS Plan. - Get external help from Consultants in some specialized areas. This will help in improving specific business issues and also offering existing staff a chance to learn during the process. - Focus on avenues for financial assistance (govt. agencies, SME banking sector, hardware & software vendors) to implement IS project. - Consider the option of a cost-effective ERP (Enterprise Resource Planning) System, specifically designed for SMEs. ERP software suite [9] typically includes integrated modules of manufacturing, distribution, sales, accounting and human resource applications. 7 Conclusion The demand for IT services in SMEs is increasing every year. IT vendors, business financiers and telecom service providers all see considerable opportunities in this sector. The present work analyzes the different categories of top management controls as applicable to SMEs. It can be inferred that

Informatica Economică vol. 13, no. 4/2009 115 top management control functions enable effective functioning of SMEs, as observed during field visits to selected SMEs in India and United Arab Emirates. The present work can be extended further to analyze controls relating to system development management, programming and data resource management, security management and operations management. Acknowledgement The author would like to thank Prof. Dr. D. Ilangovan, Dept. of Commerce, Annamalai University, Chidambaram, India for his valuable inputs. References [1] G. H. Antes, Model Mania, Computer World, Vol. 38, No. 10, 2004, pp. 41-45. [2] Information Systems Audit & Control Association, COBIT-4.1 [Online], 2008. Available at: www.isaca.org. [3] J. A. O Brien and G. M. Marakas, Management Information Systems, Tata McGraw-Hill, 2009, pp. 25-29, 367-368. [4] R. Muthukrishnan, The Auditor s Prerogative to Review Internal Controls, IS Control Journal, Vol. 2, 2004, pp. 53-56. [5] R. Dababneh and F. Takan, Booklet of Standardized SMEs Definitions [Online], pp. 1-10, 2007. Available at: www.sabeq-jordan.org. [6] R. Weber, Information Systems Control and Audit, Pearson Education, Asia, 2002. [7] C. H. Sullivan, Systems Planning in the Information Age, Sloan Management Review, 1985, pp. 3-12. [8] V. Raval and N. Kromberg, Online Monitoring of Software in LAN environments, IS Audit & Control Journal, Vol. 5, 1999, pp. 38-41. [9] V. Venkatesh, ERP for SME, Times B2B, Hyderabad, Nov. 2003. auditing. Uma VIJAYAKUMAR is a practicing Chartered Accountant, with specialization in Information Systems Audit. She is pursuing her research in Information Systems Audit and Control relating to small and medium enterprises. She is a senior member of professional bodies such as Institute of Chartered Accountants of India and Information Systems Audit and Control Association, USA. Her areas of interest include Auditing & Finance. She has 9 years of experience in office administration and 11 years in

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information