As business environments become more complex, the possibility of receiving unreliable information increases. Information risk is the chance that information used by decision makers may be inaccurate. Following are some causes of information risk:
The most common way for decision makers to reduce information risk is to rely upon information that has been audited by an independent party. Because information users generally do not have the time or ability to verify information for themselves, they depend on auditors for accurate and unbiased judgments. Even if decision makers wanted to verify the information, it may be difficult to do so when the financial information is contained in computerized accounting systems. These are the main reasons that a discussion of information-based processing and the related audit function are included in the study of accounting information systems.
Various risks are created by the existence of IT-based business processes. For example, because the details of transactions are often entered directly into the computer system, there may be no paper documentation maintained to support the transactions. This is often referred to as the loss of audit trail visibility because there is a lack of physical evidence to visibly view. There is also a greater likelihood that data may be lost or altered due to system failure, database destruction, unauthorized access, or environmental damage. In addition, IT systems do many tasks that previously were manually performed by humans. Since IT systems, rather than humans, do these tasks, there are increased internal control risks, such as a lack of segregated duties and fewer opportunities to authorize and review transactions.
Despite the risks, there are important advantages to using IT-based systems. Internal controls can actually be enhanced if care is exercised in implementing these systems. Computer controls can compensate for the lack of manual controls. In addition, if programs are tested properly before being activated, the risk of human error (such as a mathematical and/or classification mistake) is virtually eliminated because computers process all information consistently.
In addition to internal control enhancements, IT-based processes provide higher quality information to management. Information is higher quality when it is supplied in a timely manner and administered effectively. When high-quality information is used to make decisions, the result is more effective management.