Behind the Scenes and Into the Future
Just recently I transferred practices from within my firm. I was originally hired to work in the core assurance division but now I will be an audit staff member of systems and process assurance (SPA). What’s the difference? The difference is MIS. Since I will be graduating with a degree in both accounting and MIS, I wanted to find a way to incorporate both sets of skills while remaining in an audit position. Because IT is being considered in every profession and is impacting our daily lives more and more, it was not difficult for me to do this. As today’s businesses are growing they are becoming more and more complex and in turn placing an increasing reliance on information technology and the controls that are put in place. What is most important is the ability to accept that the information being produced within IT environments by systems and processes is accurate.
This is where I am come in. Not only do companies want to be receiving reliable information but there have also been regulations that have been added as requirements concerning the effectiveness of internal controls. One of these requirements by the SEC is to provide a SAS 70 report as part of Sarbanes-Oxley compliance. In order for companies’ management to be able to make proper decisions and appropriate financial reporting, it is crucial for people of my position to ensure that information is being produced not only accurately but timely as well. Another way in which SPA assists companies is by providing a review of the structure of the companies’ controls and offer ways to improve quality of design and efficiency as well as identifying weaknesses. We also review database security controls, infrastructure security and computer security reviews.
A very important challenge for today’s businesses is being able to manage their risk because we are operating in a world filled with risk. Although zero risk is impossible, it is the job of our risk management teams to evaluate IT risk by assessing IT operations and controls, and then comparing it to the company’s objectives and strategies to see if they are coinciding. Being able to implement risk management within the daily controls and operations of the company delivers the most benefit.
Based on the above description of the types of services SPA provides to our clients, it is apparent how important MIS has become in our business world at every level not just the complex. For example, when the law firm of Kirkland and Ellis was facing an expansion of office space, the firm’s IT needs were crucial to its plans. In the past it has been thought that technology was flexible and accommodating, however in today’s IT driven world, these demands are more complex. As quoted by a chairman of the firm’s tech committee, “Technology was an extremely significant part of our decision to move.” This shows how even something as seemingly basic as making sure there is enough room to install cable has attracted a lot more focus from CIO’s and other IT professionals within businesses.
The future of MIS and information technology as a whole seems to be forever expanding our capabilities of transferring and communicating information effectively and efficiently, even outside of the business world. Take a look at youtube.com, guba.com break.com, midis.biz, even facebook and myspace, the list goes on and on. The future of MIS will allow access to the management of the firm’s information systems via web browser and will enable employees to manage their information systems wherever they are at any time. This enables employees to work in a uniform and flexible environment as well as having more adaptable applications.
What I see to be the most important concept concerning the future of information technology is working your way from the bottom up. Companies are going to find that it is much more costly to try to upgrade a data center than it will be to build a new data center, not to mention more efficient. Trying to integrate a company’s older or currently existing applications is going to be a financial burden for them. Starting over with a fresh face will soon be the way to go. CRM systems that companies have implemented in the past several years will soon become outdated when they realize that with newer systems employees will be able to employ services to their customers, view customer profiles and locations as well as current pricing and inventory locations without even needing strong IT knowledge.
In trying to gain an understanding of what Danielle will be doing for her family’s company when she graduates, I find it interesting how our positions will coincide and compliment each other. It seems as though she will be responsible for replacing/updating the business’ information systems so that they properly carry out the strategies and objectives of the company. My job on the other hand, will be to evaluate her choice of those systems/applications. I will be assessing their effectiveness, security controls put in place around these systems as well as the segregation of duties implemented concerning their operation. I see my position as having more of a behind the scenes perspective. With the help of walkthroughs and understanding the business processes, together Danielle and I will be able to decide upon and implement the best IT environment for her company.
1 comment:
Technology auditing -- because of eveything that technology touches -- is huge ... and let's not forget the impact of SOX and 9/11 ...
Like the integration of risk into the discussion ... we haven't talked too much about risk in class, but it's growing in importance -- especially as companies distribute their business models, go global, expand eBusiness, etc. ...
Another good point refers to the risk embedded in the new (SOA) architectures ... what kind of governance is required to make all this work? What if someone uses andi nfected API?
I love it: after graduation collaboration ... remember that public companies must absorb much more compliance burden than private companies ... maybe this is why public companies go private!
Post a Comment