Para 3.22.2 — MSO (Audit)

MSO (Audit)mso-audit

3.22.2 IT Audit is the process of collection and evaluation of evidence to determine whether a computer system has been designed to maintain data integrity, safeguard assets, allow the effective realization of organisational goals, and ensure efficient utilisation of resources. Data integrity relates to the accuracy and completeness of information as well as to its validity in accordance with the norms. An effective information system leads the organisation to achieve its objectives and an efficient information system uses minimum resources for this purpose. While evaluating the effectiveness of any system, the IT Auditor must be aware of the characteristics of the users of the information system and the decision-making environment in the auditee organisation.

What This Means

IT Audit is defined as the process of collecting and evaluating evidence to determine whether a computer system maintains data integrity, safeguards assets, helps achieve organisational goals, and uses resources efficiently. Data integrity means information is accurate, complete, and valid. The auditor must understand the users of the information system and the decision-making environment in the auditee organisation to properly evaluate system effectiveness.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Key Points

1IT Audit collects and evaluates evidence about computer systems
2Four key evaluation criteria: data integrity, asset safeguarding, goal achievement, resource efficiency
3Data integrity covers accuracy, completeness, and validity of information
4An effective system helps the organisation achieve its objectives
5An efficient system uses minimum resources for its purpose
6Understanding users and decision-making environment is essential

Practical Example

The IT auditor evaluating a district hospital's computerised patient management system checks data integrity (are patient records accurate and complete?), asset safeguarding (are patient data and medical records protected?), effectiveness (does the system help doctors access patient history quickly for better treatment decisions?), and efficiency (is the system achieving this with reasonable hardware and staffing costs?). They find that while data integrity is good, the system requires 4 data entry operators per shift when 2 would suffice with better interface design — indicating poor resource efficiency.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Frequently Asked Questions

What is the difference between effectiveness and efficiency in IT Audit?▼

Effectiveness is about achieving objectives — the system does what it is supposed to do. Efficiency is about doing it with minimum resources — hardware, software, staff, and money. A system can be effective but inefficient if it achieves its goals at excessive cost.

Why must the auditor understand the decision-making environment?▼

The value of an information system depends on how its outputs are used in decision-making. The auditor must understand who uses the information, what decisions depend on it, and how timely and accurate the information needs to be for those decisions.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Para 3.22.2 — MSO (Audit)

Original Rule Text

What This Means

Key Points

Practical Example

Frequently Asked Questions

Related Rules