Business operations consist of all other functions within an organization besides those in the computer operations area. Business operations areas typically provide input data to the computer operations area and utilize the resulting output in their daily processes. Business operations audits should include assessments of the adequacy of internal controls pertaining to all significant aspects of the particular process under consideration. Obviously, the number and types of internal controls in a business operation will vary greatly depending on the type of business or process being audited. In the operating environments of almost every organization, there are many end-user IS controls. These controls must function in tandem with traditional centralized computer operations controls to adequately protect the organization against unauthorized system access and to help ensure that business operations are being carried out in an efficient and effective manner. In other words, internal controls in centralized computer operations areas complement those in business operating units, and vice versa. Neither can function effectively without the other. As mentioned at the beginning of this chapter, computer operations and business operations together comprise the IS operations of an organization. It is true that an organization's internal control environment is only as strong as its weakest component.

Information systems controls existing in business operating environments ...

Get Auditing Information Systems, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.