As information systems are used in even the smallest entity these days, automated business processes introduce both opportunities and risks to large and small organisations - hence the need for a careful assessment of risks and controls.
Opportunities
The speed, at which organisations across the globe have embraced the use of information technology (IT) during the past 20 years, is evidence enough that the business, government and non-profit sectors have noticed the opportunities that come along with the use of automated systems. With the term “computer system” we also include the use of sophisticated networks, databases, the Internet, e-commerce functions, ERP systems, mobile applications and more.
Where used properly, information systems have resulted in higher effectiveness and efficiency in organisations. For example, medical scheme administrators have realized the power and benefits of EDI (Electronic Data Interchange) claim submissions. As a result, large South African schemes process the majority of their claims electronically today – without any human involvement. Higher accuracy in claim assessments and a smaller staff component count among the benefits experienced by these institutions.
Risks
Unfortunately, there is a downside to any opportunity, namely the inherent risks associated with the opportunity. Along with the opportunities that the use of IT systems brings, come the risks. A risk poses the threat of damage and loss to a business and, by the same token, IT risks have the potential of causing damage to and loss of automated systems and data, and eventually the business or organisation. The final impact of any risk that has materialized is, eventually, profit erosion. An e-commerce web site that has been hacked would experience negative publicity.
However, negative publicity will result in customer aversion, customer contraction, less sales and eventually less profit. IT risks should therefore be identified and controlled. Manual and automated controls should be implemented to prevent or detect the occurrence of identified risks and correct (minimize) the impact (damage and loss) of occurred risks.
Our Services
BDO’s services are therefore not only designed to assist clients in capitalizing on IT opportunities, but also to address all their relevant IT risks by evaluating the adequacy (control design effectiveness) and effectiveness (operating effectiveness) of their manual and automated controls - so as to control and reduce the occurrence as well as impact of potential risks.
We therefore provide the following services:
- Information System Audits
- Third party Assurance Audits
- IT Internal Audits
- Audit Data Analytics
- Project Assurance
- Data Privacy Reviews
- IT Governance Reviews
- BCM/DRP Reviews