Abstract:
Information systems take its crucial role in the heart of business life today. Most of the business operations are held via information technology. Achievement of business objectives are strictly related with information systems (IS) internal control system in order to create effective and efficient business processes. It is very important for organizations to prevent undesirable events and operate activities effectively and efficiently in achieving business objectives. Fraud events took place in some of reputable organizations and the reasons for these events are concluded to be the lack of risk management and effective internal control system. After these fraudulent events in organizations, frameworks developed to manage risks and reconstruct their internal control systems. Designing an effective risk management and an internal control system is proposed as a solution for more effective and efficient operations. Recently, information systems became very important in operational activities since most of them are done by information technology. This dependency forced organizations to manage risks related with information systems and establish an IS internal control system. Control objectives for minimizing risks, their control practices and test steps of these controls are provided in reference guides. Control objectives are located under the IS processes. Risk and control specialists deal with risks in these processes and controls to minimize them. They are expected to work on making organizations compliant with related laws and regulations as well as internal policies and rules by designing controls. Several information can be found about importance of complying with the standards, frameworks, IS internal control system, control objectives, control practices. However, studies lack the answer for “How” to design internal control system in compliance with related frameworks and standards. This thesis provides an answer for the question of “How to design IS internal control system?” In this study “Control Self-Assessment Method” is proposed as an effective method by mentioning essential critical IS processes. Control Self-Assessment method is selected since it provides a flexible solution which is especially appropriate for designing an internal control system to achieve changing objectives of the companies.