Importance of Information System Auditing in Vital Pharmacy
VerifiedAdded on 2021/07/13
|8
|2750
|407
AI Summary
This article discusses the importance of information system auditing in Vital Pharmacy, a renowned pharmacy in Mauritius. It covers the types of audits, information gathering methods, and the frequency of conducting audits. The article also explains the steps involved in conducting an IS audit and the role of an information system auditor.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Contents
Introduction ............................................................................................................................... 2
1.0 System Auditing................................................................................................................... 2
2.0 Information System Auditor ................................................................................................ 3
2.1 Internal Audit ................................................................................................................... 3
2.2 Steps in conducting an IS audit: ....................................................................................... 3
3.0 Importance of audit in the organization. .............................................................................. 4
3.1 When should IT risks and controls be assessed?.............................................................. 4
4.0 Types of audits ..................................................................................................................... 5
5.0 Information gathering .......................................................................................................... 6
5.1 Method of gathering audit information ............................................................................ 6
6.0 Frequency of Doing an Information Systems Audit ............................................................ 7
6.1 When to perform a special audit? ..................................................................................... 8
Introduction ............................................................................................................................... 2
1.0 System Auditing................................................................................................................... 2
2.0 Information System Auditor ................................................................................................ 3
2.1 Internal Audit ................................................................................................................... 3
2.2 Steps in conducting an IS audit: ....................................................................................... 3
3.0 Importance of audit in the organization. .............................................................................. 4
3.1 When should IT risks and controls be assessed?.............................................................. 4
4.0 Types of audits ..................................................................................................................... 5
5.0 Information gathering .......................................................................................................... 6
5.1 Method of gathering audit information ............................................................................ 6
6.0 Frequency of Doing an Information Systems Audit ............................................................ 7
6.1 When to perform a special audit? ..................................................................................... 8
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Introduction
Nowadays many organisations irrespective to their size or scope of operation, have realise
the importance of using information technology to be able to cope with the current global
scenario. An audit can help an enterprise ensure effective operations and demonstrate to its
compliance with administrative and legal regulations. It can confirm for management that the
business is functioning well and is prepared to meet potential challenges. Most importantly,
it can assure stakeholders of the financial, operational and ethical well-being of the
organisation.
Information systems (IS) audits support all those outcomes, with a special focus on the
information and related systems upon which most businesses and public institutions depend
for competitive advantage.
Vital Pharmacy, found in Plentynun, existed since 1998, is a renowned pharmacy in Mauritius.
Vital Pharmacy produces a broad range of medicines and products.
Due to numerous benefits of Information technology, Vital Pharmacy is investing in
information systems to ensure their IT systems are reliable, secure and invulnerable to
computer attacks.
At Vital Pharmacy, the pharmacy manager gets access to the database only due to security
issues. There are 2 administrators who are allowed to log in the system and view the stock of
medicines and the record of transactions.
1.0 System Auditing
System Auditing is the process of collecting and evaluating evidence to determine whether a
computer system:
• Safeguard assets,
• Maintains data integrity,
• Allows organizational goals to be achieved effectively,
• And uses resources efficiently
Likewise, Vital Pharmacy opts for an information system auditing to improve performance of
its organisation.
Due to endless information and data, Vital Pharmacy needs technology to work, require
complex software and computerized equipment to develop their activity in an optimised and
efficient manner. That prevailing presence of software and technology, leads the need for
system auditing.
The main objective of systems auditing is to validate the integrity of the information and data
stored in the databases of the information systems and the processing of Vital Pharmacy.
Nowadays many organisations irrespective to their size or scope of operation, have realise
the importance of using information technology to be able to cope with the current global
scenario. An audit can help an enterprise ensure effective operations and demonstrate to its
compliance with administrative and legal regulations. It can confirm for management that the
business is functioning well and is prepared to meet potential challenges. Most importantly,
it can assure stakeholders of the financial, operational and ethical well-being of the
organisation.
Information systems (IS) audits support all those outcomes, with a special focus on the
information and related systems upon which most businesses and public institutions depend
for competitive advantage.
Vital Pharmacy, found in Plentynun, existed since 1998, is a renowned pharmacy in Mauritius.
Vital Pharmacy produces a broad range of medicines and products.
Due to numerous benefits of Information technology, Vital Pharmacy is investing in
information systems to ensure their IT systems are reliable, secure and invulnerable to
computer attacks.
At Vital Pharmacy, the pharmacy manager gets access to the database only due to security
issues. There are 2 administrators who are allowed to log in the system and view the stock of
medicines and the record of transactions.
1.0 System Auditing
System Auditing is the process of collecting and evaluating evidence to determine whether a
computer system:
• Safeguard assets,
• Maintains data integrity,
• Allows organizational goals to be achieved effectively,
• And uses resources efficiently
Likewise, Vital Pharmacy opts for an information system auditing to improve performance of
its organisation.
Due to endless information and data, Vital Pharmacy needs technology to work, require
complex software and computerized equipment to develop their activity in an optimised and
efficient manner. That prevailing presence of software and technology, leads the need for
system auditing.
The main objective of systems auditing is to validate the integrity of the information and data
stored in the databases of the information systems and the processing of Vital Pharmacy.
2.0 Information System Auditor
An information system auditor analyses and interprets many different types of computer or
information systems within an organisation. They may develop, examine and evaluate a
company’s information systems, internal controls and management procedures to make sure
records are accurate and information controls are in place.
At vital pharmacy, the auditor review risks relating to IT systems and processes. The
organisation has an Internal Auditor who analyses business processes, procedures and
activities with the goal of highlighting any problems and recommending solutions.
2.1 Internal Audit
Internal Audit is an important tool for monitoring and managing quality, performance and
business systems. It also includes an objective assessment of gathered audit evidence
against criteria. Internal audits are adapted according to changing demands and can offer a
more comprehensive approach compared to the traditional method of inspecting.
Vital Pharmacy have to do a lot of collaboration with other companies such as suppliers and
contractors. Raw materials are often manufactured or supplied by others and development,
manufacturing and laboratory analysis can be outsourced to save costs Quality and
compliance audits e.g. contract laboratories, contract manufacturers and suppliers are done
to ensure the safety of the raw materials used in production, safety of the product and
accuracy of analysing methods, which the company is responsible for.
2.2 Steps in conducting an IS audit:
1. Previewing the environment
2. Understanding the Information Systems
3. Identifying the Audit Risks
4. Identifying Audit Evidence
5. Identify Key Control Points
6. Identify Control Weaknesses
7. Verifying integrity of computer files
8. Conduct Audit Tests
9. Concluding the Audit
An information system auditor analyses and interprets many different types of computer or
information systems within an organisation. They may develop, examine and evaluate a
company’s information systems, internal controls and management procedures to make sure
records are accurate and information controls are in place.
At vital pharmacy, the auditor review risks relating to IT systems and processes. The
organisation has an Internal Auditor who analyses business processes, procedures and
activities with the goal of highlighting any problems and recommending solutions.
2.1 Internal Audit
Internal Audit is an important tool for monitoring and managing quality, performance and
business systems. It also includes an objective assessment of gathered audit evidence
against criteria. Internal audits are adapted according to changing demands and can offer a
more comprehensive approach compared to the traditional method of inspecting.
Vital Pharmacy have to do a lot of collaboration with other companies such as suppliers and
contractors. Raw materials are often manufactured or supplied by others and development,
manufacturing and laboratory analysis can be outsourced to save costs Quality and
compliance audits e.g. contract laboratories, contract manufacturers and suppliers are done
to ensure the safety of the raw materials used in production, safety of the product and
accuracy of analysing methods, which the company is responsible for.
2.2 Steps in conducting an IS audit:
1. Previewing the environment
2. Understanding the Information Systems
3. Identifying the Audit Risks
4. Identifying Audit Evidence
5. Identify Key Control Points
6. Identify Control Weaknesses
7. Verifying integrity of computer files
8. Conduct Audit Tests
9. Concluding the Audit
3.0 Importance of audit in the organization.
Although technology provides opportunities for growth and development, it also represents
threats, such as disruption, deception, theft, and fraud. Auditing is critical for monitoring and
assuring that all of the business assets have been properly secured and safeguarded from
threats. It is also important for verifying that the business processes reflect the documented
policies and procedures.
Research shows that outside attackers threaten organizations, yet trusted insiders are a far
greater threat. Fortunately, technology also can provide protection from threats.
Threats are pote4ntials for vulnerabilities to turn into attacks on computer systems, networks,
and more. They can put individuals’ computer systems and business computers at risk, so
vulnerabilities have to be fixed so that attackers cannot infiltrate the system and cause
damage.
Threats can include everything from viruses, Trojans, back doors to outright attacks from
hackers.
From the context of Vital pharmacy, we can deduce the following:
1. Members can access valuable information as they can give advice about medical
products.
2. Changing of members can result in inconsistency of data integrity.
IT controls are essential to protect assets, customers, partners, and sensitive information;
demonstrate safe, efficient, and ethical behaviour; and preserve brand, reputation, and trust.
In today’s global market and regulatory environment, these things are too easy to lose.
3.1 When should IT risks and controls be assessed?
Always. IT is a rapidly changing environment that promotes process and organizational
change. New risks emerge at a rapid pace. Controls must present continuous evidence of their
effectiveness, and that evidence must be assessed and evaluated constantly.
1. Evaluates Risks and Protects Assets
An internal audit program assists management and pharmacists by identifying and prioritizing
risks through a systematic risk assessment. A risk assessment can help to identify any gaps in
the environment and allow for a remediation plan to take place. The internal audit program will
help to track and document any changes that have been made to the environment and ensure
the mitigation of any found risks.
Although technology provides opportunities for growth and development, it also represents
threats, such as disruption, deception, theft, and fraud. Auditing is critical for monitoring and
assuring that all of the business assets have been properly secured and safeguarded from
threats. It is also important for verifying that the business processes reflect the documented
policies and procedures.
Research shows that outside attackers threaten organizations, yet trusted insiders are a far
greater threat. Fortunately, technology also can provide protection from threats.
Threats are pote4ntials for vulnerabilities to turn into attacks on computer systems, networks,
and more. They can put individuals’ computer systems and business computers at risk, so
vulnerabilities have to be fixed so that attackers cannot infiltrate the system and cause
damage.
Threats can include everything from viruses, Trojans, back doors to outright attacks from
hackers.
From the context of Vital pharmacy, we can deduce the following:
1. Members can access valuable information as they can give advice about medical
products.
2. Changing of members can result in inconsistency of data integrity.
IT controls are essential to protect assets, customers, partners, and sensitive information;
demonstrate safe, efficient, and ethical behaviour; and preserve brand, reputation, and trust.
In today’s global market and regulatory environment, these things are too easy to lose.
3.1 When should IT risks and controls be assessed?
Always. IT is a rapidly changing environment that promotes process and organizational
change. New risks emerge at a rapid pace. Controls must present continuous evidence of their
effectiveness, and that evidence must be assessed and evaluated constantly.
1. Evaluates Risks and Protects Assets
An internal audit program assists management and pharmacists by identifying and prioritizing
risks through a systematic risk assessment. A risk assessment can help to identify any gaps in
the environment and allow for a remediation plan to take place. The internal audit program will
help to track and document any changes that have been made to the environment and ensure
the mitigation of any found risks.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
2. Security of Data
After assessing the risks mentioned above, IT audit control can be identified and assessed.
Therefore, it gives the pharmacy the opportunity to redesign or strengthen poorly designed
or ineffective controls, thus leading to improved security of IT data. Usually, a COBIT
framework of IT controls are used for IT auditing, but now even more advanced set of
technologies and tools are introduced, which even allows to detect internal and external
threats immediately and take a course of action automatically.
3. Enhances IT Governance
Last, but not the least, IT auditing serves a critical function in ensuring all your pharmacy’s
laws, regulations and compliances are met by all employees and of course the IT department
as well. This in turn improves IT governance, as the overall IT management has a strong
understanding of the controls, risks and value of a pharmacy’s technological environment.
4.0 Types of audits
There are three main types of audits that can be carried out in the pharmacy namely:
1. Process audit
The process audit evaluates business processes against predetermined standards. The
process audit performs the following:
• Evaluate performance against requirements such as time, accuracy, temperature,
composition and responsiveness.
• Examining resources such as materials, equipment and people such as pharmacists
that are involved in the business processes and the measures that are used to
determine performance of each process.
• Evaluate the adequacy and effectiveness of the process controls
2. Product audit
The product audit is an examination of all the products of the pharmacy. It checks
whether the products conform to their requirements such as specifications and
customer requirements. It ensures that the proper conditions are maintained where
products are kept.
3. System audit
A system audit is carried out to validate the integrity of the date and information
stored in the database of the information systems and their processing. The system
audit should guarantee the performance and security of the systems in terms of
privacy.
After assessing the risks mentioned above, IT audit control can be identified and assessed.
Therefore, it gives the pharmacy the opportunity to redesign or strengthen poorly designed
or ineffective controls, thus leading to improved security of IT data. Usually, a COBIT
framework of IT controls are used for IT auditing, but now even more advanced set of
technologies and tools are introduced, which even allows to detect internal and external
threats immediately and take a course of action automatically.
3. Enhances IT Governance
Last, but not the least, IT auditing serves a critical function in ensuring all your pharmacy’s
laws, regulations and compliances are met by all employees and of course the IT department
as well. This in turn improves IT governance, as the overall IT management has a strong
understanding of the controls, risks and value of a pharmacy’s technological environment.
4.0 Types of audits
There are three main types of audits that can be carried out in the pharmacy namely:
1. Process audit
The process audit evaluates business processes against predetermined standards. The
process audit performs the following:
• Evaluate performance against requirements such as time, accuracy, temperature,
composition and responsiveness.
• Examining resources such as materials, equipment and people such as pharmacists
that are involved in the business processes and the measures that are used to
determine performance of each process.
• Evaluate the adequacy and effectiveness of the process controls
2. Product audit
The product audit is an examination of all the products of the pharmacy. It checks
whether the products conform to their requirements such as specifications and
customer requirements. It ensures that the proper conditions are maintained where
products are kept.
3. System audit
A system audit is carried out to validate the integrity of the date and information
stored in the database of the information systems and their processing. The system
audit should guarantee the performance and security of the systems in terms of
privacy.
An information system audit does the following:
• Verification and evaluation of controls in the processing of information and
installation of systems.
• Verification of information objectively
• Examination of resources in terms of efficiency, effectiveness, computerization,
resources invested and profitability of each process.
5.0 Information gathering
What is information?
Information is the facts or knowledge that is obtained through investigation, study or
instruction. During an audit, information should be collected from the right person as well as
at the right time. Information should be relevant to the objectives, scope and criteria of the
audit. Information can be tacit or explicit. Tacit information includes insights, intuitions and
hunches whereas explicit information is that is documented in terms of memos, reports or
books.
5.1 Method of gathering audit information
Depending on the type of information that needs to be collected the auditor will choose the
auditing technique. The basic methods of auditing are:
1. Computer assisted audit techniques (CAATs)
CAATs is the use of computer tools to query business data to produce reports. An audit
software is used to carry out the tests of control and substantive procedures. The data
that are used to test the existence and effectiveness of the controls are normally
dummy transactions.
2. Interviews
The purpose of an interview is to evaluate the accuracy of the pharmacy’s record and
can be used to support other techniques such as observation. The auditor must
carefully choose the people to interview to get the right information.
For instance, the pharmacists can be interviewed to evaluate their skills and
knowledge. They may be asked questions about medical conditions and ability to
deliver advisory, diagnostic and treatment services.
3. Inspections
The auditor will have a good overall look of the pharmacy at first and then examine
specific items more closely. Condition of the places such as where medicines are kept
are examined carefully and documented.
• Verification and evaluation of controls in the processing of information and
installation of systems.
• Verification of information objectively
• Examination of resources in terms of efficiency, effectiveness, computerization,
resources invested and profitability of each process.
5.0 Information gathering
What is information?
Information is the facts or knowledge that is obtained through investigation, study or
instruction. During an audit, information should be collected from the right person as well as
at the right time. Information should be relevant to the objectives, scope and criteria of the
audit. Information can be tacit or explicit. Tacit information includes insights, intuitions and
hunches whereas explicit information is that is documented in terms of memos, reports or
books.
5.1 Method of gathering audit information
Depending on the type of information that needs to be collected the auditor will choose the
auditing technique. The basic methods of auditing are:
1. Computer assisted audit techniques (CAATs)
CAATs is the use of computer tools to query business data to produce reports. An audit
software is used to carry out the tests of control and substantive procedures. The data
that are used to test the existence and effectiveness of the controls are normally
dummy transactions.
2. Interviews
The purpose of an interview is to evaluate the accuracy of the pharmacy’s record and
can be used to support other techniques such as observation. The auditor must
carefully choose the people to interview to get the right information.
For instance, the pharmacists can be interviewed to evaluate their skills and
knowledge. They may be asked questions about medical conditions and ability to
deliver advisory, diagnostic and treatment services.
3. Inspections
The auditor will have a good overall look of the pharmacy at first and then examine
specific items more closely. Condition of the places such as where medicines are kept
are examined carefully and documented.
4. Reviewing documents
It is very time consuming for the auditor to review all the documents of the pharmacy.
Therefore, a random sample will be used, and those selected will be thoroughly
examined. Clarity of the documentations and changes are checked.
5. Observations
Observation allows the auditor to see how something is done under normal
circumstances. The auditor may observe the way the pharmacists are handling their
customers or who are the people that are involved in the data entry of databases and
the controls that have been set.
6. Exercises
The purpose of an exercise is to test something. It may be done on the personnel,
programs or equipment.
For example, the system of the pharmacy can be tested to check whether it saves data
correctly, and what will happen in case if the system crashes or shuts down. The
quality of the products sold may be checked.
6.0 Frequency of Doing an Information Systems Audit
There are 2 main types of audit that takes place in our pharmacy namely:
1. Routine Audit
The routine audit is conducted quarterly (every 3months) in our pharmacy as well as it is
considered as an automatic method IT teams use to perform auditing activities. This includes
control and risk assessments such a. This is done more frequently and is more about regular
maintenance, whereby technology plays a key role to help automate the identification of
certain patterns or anomalies our organization might be looking for.
2. Special Audit
A special audit takes place in our organization under a certain situation and uses advanced
technology to focus on a particular area once the event has occurred. This is important in
case of a data breach, as the breach might have taken place one day after the routine audit
has been performed. That is the next routine audit would occur in the next quarter which will
leave the business vulnerable till then. Instead, a special audit takes place after this or a similar
event to analyse the situation and the systems in order to implement or suggests fixes much
quicker.
It is very time consuming for the auditor to review all the documents of the pharmacy.
Therefore, a random sample will be used, and those selected will be thoroughly
examined. Clarity of the documentations and changes are checked.
5. Observations
Observation allows the auditor to see how something is done under normal
circumstances. The auditor may observe the way the pharmacists are handling their
customers or who are the people that are involved in the data entry of databases and
the controls that have been set.
6. Exercises
The purpose of an exercise is to test something. It may be done on the personnel,
programs or equipment.
For example, the system of the pharmacy can be tested to check whether it saves data
correctly, and what will happen in case if the system crashes or shuts down. The
quality of the products sold may be checked.
6.0 Frequency of Doing an Information Systems Audit
There are 2 main types of audit that takes place in our pharmacy namely:
1. Routine Audit
The routine audit is conducted quarterly (every 3months) in our pharmacy as well as it is
considered as an automatic method IT teams use to perform auditing activities. This includes
control and risk assessments such a. This is done more frequently and is more about regular
maintenance, whereby technology plays a key role to help automate the identification of
certain patterns or anomalies our organization might be looking for.
2. Special Audit
A special audit takes place in our organization under a certain situation and uses advanced
technology to focus on a particular area once the event has occurred. This is important in
case of a data breach, as the breach might have taken place one day after the routine audit
has been performed. That is the next routine audit would occur in the next quarter which will
leave the business vulnerable till then. Instead, a special audit takes place after this or a similar
event to analyse the situation and the systems in order to implement or suggests fixes much
quicker.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
6.1 When to perform a special audit?
• After a security breach or incident (e.g. unauthorized access, alteration to prices,
physical damage to Information systems, alteration to data about whether a
prescription is needed or not)
• After a system upgrade or new installation
• After changes to compliance laws (e.g. when a new law is implemented about which
medicines need a prescription and which medicines do not need a prescription.)
• When the business IT systems grows by more than 5 users (for e.g. when a new staff
joins in, their details needs to be inserted in the system. So, if more than 5 staff join
in a one month, it is bound to check whether the system is able to function properly)
• When the business had a business merger
• When the business had a digital transformation
• After a security breach or incident (e.g. unauthorized access, alteration to prices,
physical damage to Information systems, alteration to data about whether a
prescription is needed or not)
• After a system upgrade or new installation
• After changes to compliance laws (e.g. when a new law is implemented about which
medicines need a prescription and which medicines do not need a prescription.)
• When the business IT systems grows by more than 5 users (for e.g. when a new staff
joins in, their details needs to be inserted in the system. So, if more than 5 staff join
in a one month, it is bound to check whether the system is able to function properly)
• When the business had a business merger
• When the business had a digital transformation
1 out of 8
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.