Primary navigation:

QFINANCE Quick Links
QFINANCE Reference
Add the QFINANCE search widget to your website

Home > Performance Management Best Practice > The Case for Continuous Auditing of Management Information Systems

Performance Management Best Practice

The Case for Continuous Auditing of Management Information Systems

by Robert E. Davis

This Chapter Covers

  • Managers should concentrate on making business decisions based on management information systems that reduce the risk of inappropriate responses to the entity’s environment.

  • Since management is responsible for the entity’s controls, it should have the means to determine, on an ongoing basis, whether selected controls are operating as designed.

  • Continuous auditing is an uninterrupted monitoring approach that allows IT auditors to examine controls on an ongoing basis and to gather selective audit evidence through the computer for timely opinions.


Management information systems represent the aggregation of personnel, computer hardware and software, and associated policies and procedures, allowing data processing to generate information that can be used for decision-making. Corporations typically have management information systems with specific objectives designed to comply with external and internal business requirements. In this context, management information systems can exist at three configuration levels: decision support systems, expert systems, and continuous monitoring systems. Through an understanding of the development and deployment of these technologies, a case can be made for the continuous auditing of management information systems.

Considering the impact on decision processes, automated management information systems necessitate a higher degree of reliability and integrity than other information technology deployments. This is a result of the common need to extract system-generated information as opposed to manually created information to aid in making business decisions. Hence, corporate auditors need to convey timely opinions on both the quality of management information systems and the information produced by management information systems utilizing continuous assurance techniques. On the benefit side, employing continuous auditing can reduce the risk of management initiating inappropriate actions based on faulty logic and/or data.

Back to Table of contents

Further reading


  • Akerkar, Rajendra, and Priti Sajja. Knowledge-Based Systems. Sudbury, MA: Jones & Bartlett, 2009.
  • Davis, Robert E. Assuring IT Legal Compliance. Los Gatos, CA: Smashwords, 2011.
  • Higson, Andrew. “Effective financial reporting and auditing: Importance and limitations.” In QFINANCE: The Ultimate Resource. 3rd ed. London: Bloomsbury, 2012; pp. 338–340. Online at:
  • Laudon, Ken, and Jane Laudon. Management Information Systems. 11th ed. Upper Saddle River, NJ: Prentice Hall, 2009.
  • Mainardi, Robert L. Harnessing the Power of Continuous Auditing: Developing and Implementing a Practical Methodology. Hoboken, NJ: Wiley, 2011.
  • O’Brien, James, and George Marakas. Management Information Systems. 9th ed. New York: McGraw-Hill, 2008.
  • Seref, Michelle M. H., Ravindra A. Ahuja, and Wayne L. Winston. Developing Spreadsheet-Based Decision Support Systems. Charlestown, MA: Dynamic Ideas. 2007.


  • Verver, John. “Risk management and continuous monitoring.” AuditNet (March 2003). Online at: [PDF].


  • Institute of Internal Auditors. “Continuous auditing: Implications for assurance, monitoring, and risk assessment.” White paper. 2005. Online at: [PDF].


Back to top

Share this page

  • Facebook
  • Twitter
  • LinkedIn
  • Bookmark and Share