Risk reflects the potential, the likelihood, or the expectation of events that could adversely affect earnings or capital. Management uses MIS to help in the assessment of risk within an institution. Management decisions based upon ineffective, inaccurate, or incomplete MIS may increase risk in a number of areas such as credit quality, liquidity, market/pricing, interest rate, or foreign currency. A flawed MIS causes operational risks and can adversely affect an organization’s monitoring of its fiduciary, consumer, fair lending, Bank Secrecy Act, or other compliance-related activities.
Since management requires information to assess and monitor performance at all levels of the organization, MIS risk can extend to all levels of the operations. Additionally, poorly programmed or non-secure systems in which data can be manipulated and/or systems requiring ongoing repairs can easily disrupt routine work flow and can lead to incorrect decisions or impaired planning.
- Assessing Vulnerability to MIS Risk
To function effectively as an interacting, interrelated, and interdependent feedback tool for management and staff, MIS must be “useable.” The five elements of a useable MIS system are: timeliness, accuracy, consistency, completeness, and relevance. The usefulness of MIS is hindered whenever one or more of these elements is compromised. Timeliness, to simplify prompt decision making, an institution’s MIS should be capable of providing and distributing current information to appropriate users. Information systems should be designed to expedite reporting of information.
The system should be able to quickly collect and edit data, summarize results, and be able to adjust and correct errors promptly.
A sound system of automated and manual internal controls must exist throughout all information systems processing activities. Information should receive appropriate editing, balancing, and internal control checks. A comprehensive internal and external audit program should be employed to ensure the adequacy of internal controls.
To be reliable, data should be processed and compiled consistently and uniformly. Variations in how data is collected and reported can distort information and trend analysis. In addition, because data collection and reporting processes will change over time, management must establish sound procedures to allow for systems changes. These procedures should be well defined and documented, clearly communicated to appropriate employees, and should include an effective monitoring system.
Decision makers need complete and pertinent information in a summarized form. Reports should be designed to eliminate clutter and voluminous detail, thereby avoiding “information overload.”
Information provided to management must be relevant. Information that is inappropriate, unnecessary, or too detailed for effective decision making has no value. MIS must be appropriate to support the management level using it. The relevance and level of detail provided through MIS systems directly correlate to what is needed by the board of directors, executive management, departmental or area mid-level managers, etc. in the performance of their jobs.
- Achieving Sound MIS
The development of sound MIS is the result of the development and enforcement of a culture of system ownership. An “owner” is a system user who knows current customer and constituent needs and also has budget authority to fund new projects. Building “ownership” promotes pride in institution processes and helps ensure accountability.
Although MIS does not necessarily reduce expenses, the development of meaningful systems, and their proper use, will lessen the probability that erroneous decisions will be made because of inaccurate or untimely information. Erroneous decisions invariably misallocate and/or waste resources.
This may result in an adverse impact on earnings and/or capital. MIS which meets the five elements of usability is a critical ingredient to an institution’s short- and long-range planning efforts. To achieve sound MIS, the
INFORMATION SYSTEMS DESIGN AND PROGRAMMING
organization’s planning process should include consideration of MIS needs at both the tactical and strategic levels. For example, at a tactical level MIS systems and report output should support the annual operating plan and budgetary processes. They should also be used in support of the long term strategic MIS and business planning initiatives. Without the development of an effective MIS, it is more difficult for management to measure and monitor the success of new initiatives and the progress of ongoing projects. Two common examples of this would be the management of mergers and acquisitions or the continuing development and the introduction of new products and services. Management needs to ensure that MIS systems are developed according to a sound methodology that encompasses the following phases:
- Appropriate analysis of system alternatives, approval points as the system is developed or acquired, and task organization.
- Program development and negotiation of contracts with equipment and software vendors.
- Development of user instructions, training, and testing of the system. Installation and maintenance of the system. Management should also consider use of “project management techniques” to monitor progress as the MIS system is being developed. Internal controls must be woven into the processes and periodically reviewed by auditors. Management also should ensure that managers and staff receive initial and ongoing training in MIS.
In addition, user manuals should be available and provide the following information:
- A brief description of the application or system.
- Input instructions, including collection points and times to send updated information.
- Balancing and reconciliation procedures.
- A complete listing of output reports, including samples.
Depending on the size and complexity of its MIS system, an institution may need to use different manuals for different users such as first-level users, unit managers, and programmers.
Vulnerability and risk are the twin worries of system designers and developers concerning their MIS designed systems. System analysts and designers pay considerable attention to the robustness of their systems in order to ensure a greater degree of confidence in the security of their designed systems.