I.B.5 Information Systems Reporting
A variety of systems can provide management with the information necessary to manage an institution effectively. These systems are often referred to as management information systems, decision support systems, and risk control self-assessments, to name just a few. While the precise definitions vary, these information systems are used by management to assess the performance of the business, report on the risks and challenges it faces, and assist management in the successful operation of the business.
Management should design its information systems to do the following:
- Provide management with information that is timely, accurate, consistent, complete, and relevant.
- Provide an objective system for recording and aggregating information.
- Provide key risk performance trends and indicators; and measure performance against risk tolerances.
- Support the institution's strategic plan.
- Ensure the confidentiality, integrity, and availability of data.
- Reduce labor-intensive manual activities.
- Enhance communication among staff.
Information systems reporting supplies decision makers with facts, supports and enhances the overall decision-making process, and can improve job performance throughout an institution. At the most senior levels, information systems reporting provides the data and information to help the board and management make strategic decisions. At other levels, information systems reporting allows management to monitor the institution's activities and distribute information to staff, customers, and members of management.
Advances in technology have increased the volume of data and information available to management and directors for planning and decision making. Because report generation systems can rely on manual data entry or extract data from many different financial and transaction systems, management should establish appropriate control procedures to ensure that data and information are correct and relevant. Because information systems reporting can originate from multiple technology platforms, the controls should be designed to maintain the integrity of the information and the processing environment.
To function effectively as a feedback tool for management and staff, information systems reporting should meet five essential elements:
- Timeliness: To facilitate prompt decision making, an institution's information systems should be capable of providing and distributing current information to appropriate management or staff.
- Accuracy: A sound system of automated and manual internal controls should exist to ensure the validity of the information and should include appropriate editing, balancing, and internal control checks.
- Consistency: To be reliable, data should be processed and compiled in a uniform manner. Variations in data collection and reporting methods can distort information and trend analysis.
- Completeness: Reports should contain the necessary information to inform decision makers without voluminous detail.
- Relevance: Information systems should provide current, applicable, and actionable information.
In a complex institution, information systems reporting can be highly structured and automated. In a less complex institution, it can be informal and less dependent on sophisticated technology systems. Institution management should adopt information systems reporting capabilities commensurate with the size and complexity of the institution.
I.B.4 Business Continuity
I.B.6 Planning IT Operations and Investment