Importance Of Internal Control In Information System

Words: 1428
Pages: 6

INTRODUCTION
Rationale
Some organizations have failed to magnify undesirable effects and disregard the importance of an internal control which maintains the quality of an enterprise’s information at a maximum level. With this understatement, cyber-attacks both from the internal and external environment becomes more successful in penetrating information systems and retained to be undetected because of the lack of control activities and lack of monitoring on implemented internal controls.
Information is an essential business resource of any enterprise which serves many purposes. Information can be used for performance evaluation, identifying threats and opportunities, it defines enterprise’s strengths and weakness, and most importantly it is
…show more content…
When internal control is weak, challenges will come to exist in the entity’s operation like the susceptibility of an entity to be penetrated by cyber-attacks. But the responsibility of formulating an effective internal control will always accrue to the organization, hacktivists will always crack whenever they want same as true to saboteurs, as long as there is an opportunity, they will grab it to gain financial and/or personal advantage. According to the Auditing and Assurance Standards Council (2007), control environment as a component of internal control plays an important role in order for an enterprise’s internal control to become effective, for it sets a tone that will stimulate its employees to behave in accordance with the ethical principles and to abide with the enterprise’s policies. With an effective control environment, the enterprise can reasonably prevent misconduct due to the exercise of unethical practices and address issues related to internal cyber-attacks or sabotage. In connection to the above issues, this technical paper shall identify the main reasons why do hacktivists has the ability to gain unauthorized access to an enterprise’s information system. This paper will also identify the real cause or where should the blame for this circumstances accrue, whether it is because of the entity and its ineffective internal control or it is in the fast development of technology and for that reason they cannot cope up with this development or the real problem is with the hacktivists and saboteurs and to the hacktivists and saboteurs alone. Also, this identifies the adequacy of the policies and provisions in order to expect a certain behavior from employees and to identify whether the problem exists on the