Evaluating the effectiveness of information systems audit

Abstract

As organizations perceive the important roles of information in the era of informatization, they try to implement information systems to manage their daily business transactions in both the private and the public sectors. Thus, organizations become dependent on information systems and this increasing dependence has created serious concerns about IS audits. Recently, the IS audit has become one of the most indispensable tools to prevent irregularities and errors of information systems, and ensure both system and information quality. Still before organizations introduce IS audit functions, they are naturally curious about whether it is effective or not, especially from an economic point of view. If IS audit is compulsory but ineffective, costs will increase and the IS audit will become an obstacle to transactions. Thus it is important to assess whether a compulsory IS audit is effective enough to afford compensation for losses or inconveniences that accompany it. By addressing this issue, we can uncover how successful audit functions affect IS implementation and resource management in organizations. In this respect, this paper examines the effectiveness of IS audit by comparing differences in effectiveness and efficiency of IS performance between audited systems and non-audited systems in the public sector. We then investigate differences in extra costs for planning developing, operating, and maintaining information systems. Lastly, this study researches which factors of IS audit affect its effectiveness. These factors enable us to document the empirical effects of IS audit-effects which can then be used to justify investment in IS audit. Finally, through empirically quantified evidence to support the institutionalization of IS audit, we suggest a practical guideline.