Could a system of corporate governance, including internal control, have prevented the tragedies of September 11? Controls that might have prevented the hijackings and crashes are beyond the scope of this text. But, there are controls that would have prevented some of the resulting business losses. In many cases, existing controls, especially contingency plans, did assist in minimizing the impact on companies located at the WTC. There are also controls that could have prevented the accounting scandals at Enron. This chapter and Chapter 9 emphasize the importance of effectively controlling business processes to prevent such events or to minimize the losses that result from them. These chapters provide a solid foundation for later study of controls for specific business processes covered in Chapters 10 through 14.
Let’s consider how this chapter addresses our three themes. First, consider how important controls are to organizations that are tightly integrated internally—such as with enterprise systems—or have multiple connections to its environment—such as when they conduct e-business. Management must be confident that each component of the organization performs as expected and interacts well with related components or chaos will prevail. Second, organizations engaged in e-business must have control processes in place to reduce the possibilities of fraud and other disruptive events and to ensure compliance with applicable laws and regulations. For example, when engaged in Internet-based commerce, an organization may need to comply with relevant privacy regulations. Or, they may need to replace the infrastructure—Web sites, communications, and so on—in the event of tragedy. Finally, recognize that the success of most organizations today is partly determined by their ability to employ their technology resources effectively. In the second half of this chapter we discuss the control process—the management practices—that can ensure that an organization’s technology resources are directed at achieving the organization’s objectives, and that those resources remain available after events such as those on September 11.
- To explain why business organizations need to achieve an adequate level of internal control
- To explain the importance of internal control to organizational and IT governance, and business ethics
- To enumerate IT resources and explain how difficult it is to control them
- To describe management fraud, computer fraud, and computer abuse
- To describe the major IT control processes organizations use to manage their IT resources
- To identify operations and information process control goals and categories of control plans