9
c. Safeguarding of Assets
“Loss of assets is typically one of the most visible risk an organization can face and
typically these
lead to the implementation of the most visible controls, such as locks
on doors, safes, security guards and so forth. In an IS-dependent organization asset
control may also include non-tangibles such as dual custody, segregation of duties,
and computer authentication techniques. Few organizations would be
in position to
declare the information held as a corporate asset on the balance sheet. Nevertheless,
the corporate information warehouse may be the largest asset the organization can
claim
if
leveraged
appropriately.
In addition,
for many
organizations
the
financial
records
held
within
the
computer systems
are
indeed
actual
assets
in
that, for
example, the total value of inventory is commonly taken to be whatever the computer
system says the inventory value is. Similarly, debtors and creditors valuations are
largerly based upon the information contained within the appropriate computer
systems.”
d. Effectiveness and Efficiency of Operations
“Effectiveness involves the achievement of established objectives and should be the
ultimate focus of all operations and controls. Many
information systems, at the time
of the original design, were focused upon achieving
the
corporate
objectives.
Over
time these objectives may have changed
and the information
system
may
become
counter-productive to achieving
those
objectives.
Computer
systems
therefore
required
constant
monitoring
as
to
their
alignment
with
corporate
strategic
directions and intent.”
 |