Para 3.22.23 — MSO (Audit)

MSO (Audit)mso-audit

3.22.23 The auditor has to review the adequacy of the administrative procedures and controls used by the auditee organisation when considering and deciding upon the acquisition of computer facilities. For this purpose, he has to ascertain whether:
(i) a sound administrative structure is available to enable a proper analysis of the requirements of computer facilities;
(ii) the acquisition procedures are effective in facilitating the formulation of a viable computing policy and strategy; and
(iii) the processes of evaluation and selection ensure that the requirements of the organisation are met in the most effective and efficient manner.

What This Means

When auditing computer facility acquisitions, the auditor must review whether the organisation has a sound administrative structure for analysing requirements, whether acquisition procedures facilitate a viable computing strategy, and whether the evaluation and selection process ensures requirements are met in the most effective and efficient manner.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Key Points

1Check for a sound administrative structure to analyse computer requirements
2Acquisition procedures should facilitate viable computing policy and strategy formulation
3Evaluation and selection must ensure organisational needs are met effectively and efficiently
4Administrative controls used during acquisition decisions must be reviewed
5All three aspects — structure, procedure, and evaluation — must be adequate

Practical Example

A department purchased Rs 2 crore worth of servers without a formal needs assessment. The auditor finds that no IT steering committee existed, the purchase was initiated by one officer without evaluating alternatives, and the servers' capacity is double what the department needs for the next five years. The audit report highlights all three failures: no administrative structure, no proper procedure, and no effective evaluation.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Frequently Asked Questions

What is a sound administrative structure for IT acquisition?▼

It typically includes an IT steering committee with representatives from user departments, IT specialists, and finance. This body ensures that IT acquisitions are properly planned, justified, evaluated, and aligned with the organisation's objectives.

What does 'viable computing policy and strategy' mean?▼

A viable computing policy defines the organisation's approach to IT — what to computerise, when, and how. A strategy translates this into actionable plans with timelines, budgets, and milestones. Together, they ensure IT investments are purposeful, not ad-hoc.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Para 3.22.23 — MSO (Audit)

Original Rule Text

What This Means

Key Points

Practical Example

Frequently Asked Questions

Related Rules