magistrsko delo Management informacijskih sistemov, Kakovost in varnost informacijskih sistemov
Abstract
V magistrski nalogi je predstavljen proces notranjega nadzora v informacijskem sistemu korporacije. Opisan je okvir notranjega nadzora, projekt implementacije sistema notranjega nadzora in njegove komponente. Predstavljene so najpomembnejše smernice, okviri in standardi na področju notranjega nadzora, med drugim okvirja COSO in COBIT ter zakon Sarbanes-Oxley. Ker so napotki razmeroma splošni, smo se pri vseh osredotočili na dele, ki se nanašajo na notranji nadzor v informacijski dejavnosti.
Prikazana je implementacija sistema notranjega nadzora na področju uporabniških pravic v informacijskem sistemu konkretnega podjetja, ki deluje v jugo-vzhodni evropski regiji. Vpeljana je korporacijska politika in procedure na področju dodajanja, odvzemanja in spreminjanja uporabniških dostopov v sistemu ERP Microsoft Navision Dynamics. Še posebej smo preverili ločitev dolžnosti in prekomerne dostopne pravice v vseh procesih, ki pomembno vplivajo na finančna poročila in bilanco podjetja. Izvedli smo notranjo revizijo uporabniških dostopov in preverili delovanje notranjega nadzora, učinkovitost sistema notranjega nadzora in sodelovanje med oddelki pri zagotavljanju notranjega nadzora v informacijskemu sistemu podjetja. Rezultati pregleda so omogočili oceno trenutnega stanja in izdelavo na dejstvih temelječih predlogov ter usmeritev za izboljšanje procesov notranjega nadzora. Implementirali smo proces rednih notranjih revizij, ki omogočajo pregled stanja in izvedbo preventivnega načrta pred prihodom korporativnih ali zunanjih revizorjev. Predlagali smo implementacijo podpornega informacijskega sistema, ki bi podpiral delovni in dokumentni tok v procesu, uvedbo digitalnega podpisa in avtomatizacijo sistemskih poročil za pregled uporabniških pravic. Dokumentni sistem, ki omogoča digitalno podpisovanje, bi povečal učinkovitost notranjega nadzora in olajšal upravljanje z nadzorno dokumentacijo. Avtomatizirana sistemska poročila pa bi zmanjšala število človeških napak pri izvedbi revizije in omogočala pogostejše preglede in revizije brez dodatnih obremenitev zaposlenih v informatiki.
Keywords
notranji nadzor;informacijski sistem;revizija informacijskih sistemov;
Data
Language: |
Slovenian |
Year of publishing: |
2014 |
Typology: |
2.09 - Master's Thesis |
Organization: |
UM FOV - Faculty of Organizational Sciences |
Publisher: |
[P. Godec] |
UDC: |
004 |
COBISS: |
7402259
|
Views: |
1740 |
Downloads: |
148 |
Average score: |
0 (0 votes) |
Metadata: |
|
Other data
Secondary language: |
English |
Secondary title: |
Organization of internal controlling in corporate information system |
Secondary abstract: |
The process of internal controls in the corporate information system is presented in the master’s thesis. The purpose of internal controls and the project of implementation of internal control system and its components are presented. The most important guidelines, frameworks and standards in the area of internal controls are summarised as well as frameworks of COSO, COBIT and Sarbanes-Oxley law. All the frameworks provide the rather general guidelines so we focused on the sections that are related to the internal controls in information technology.
The implementation of internal control system in the process of user accesses in the information system in the corporate company present in South-East European region was realised. The corporate politics and procedures for granting, removing and changing the user accesses in ERP system Microsoft Navision Dynamics are deployed. The controlling segregation of duties and excessive accesses in all the processes in the company that have the impact to financial reporting and balance sheet are highlighted. We performed the internal revision of user accesses in the system and verified the internal controls, checked the efficiency of internal control system and cooperation between various departments to ensure the internal control system in information technology is working properly. The results of the revision have enabled the assessment of the current state and development of fact based guidelines and proposals for improvements in internal controls related proceses. We implemented the process of regular internal revisions that can help us evaluate the current state and start with preventive action plan before the corporate or external audit. We suggested the implementation of information system that can support work and document flow, use of digital signature and automation of system report for reviewing the user accesses. Document information system, that includes digital signing, would increase the efficiency of internal controls and improve the control documentation management process. Automation of user access system reports would decrease the number of human errors during the revisions and enable more frequent checks and revisions without additional effort by the information technology employees. |
Secondary keywords: |
internal control;information system;revision of information systems;user access;segregation of duties; |
URN: |
URN:SI:UM: |
Type (COBISS): |
Master's thesis |
Thesis comment: |
Univ. v Mariboru, Fak. za organizacijske vede |
Pages: |
106 f. |
ID: |
8680587 |