Understanding MIS risk

Risks Associated With MIS

Risk reflects the potential, the likelihood, or the expectation of events that could adversely affect earnings or capital. Management uses MIS to help in the assessment of risk within an institution. Management decisions based upon ineffective, inaccurate, or incomplete MIS may increase risk in a number of areas such as credit quality, liquidity, market/pricing, interest rate, or foreign currency. A flawed MIS causes operational risks and can adversely affect an organization's monitoring of its fiduciary, consumer, fair lending, Bank Secrecy Act, or other compliance-related activities. Since management requires information to assess and monitor performance at all levels of the organization, MIS risk can extend to all levels of the operations. Additionally, poorly programmed or non-secure systems in which data can be manipulated and/or systems requiring ongoing repairs can easily disrupt routine work flow and can lead to incorrect decisions or impaired planning.

Assessing Vulnerability To MIS Risk

To function effectively as an interacting, interrelated, and interdependent feedback tool for management and staff, MIS must be "useable." The five elements of a useable MIS system are: timeliness, accuracy, consistency, completeness, and relevance. The usefulness of MIS is hindered whenever one or more of these elements is compromised.

Timeliness

To simplify prompt decision making, an institution's MIS should be capable of providing and distributing current information to appropriate users. Information systems should be designed to expedite reporting of information. The system should be able to quickly collect and edit data, summarize results, and be able to adjust and correct errors promptly.

Accuracy

A sound system of automated and manual internal controls must exist throughout all information systems processing activities. Information should receive appropriate editing, balancing, and internal control checks. A comprehensive internal and external audit program should be employed to ensure the adequacy of internal controls.

Consistency

To be reliable, data should be processed and compiled consistently and uniformly. Variations in how data is collected and reported can distort information and trend analysis. In addition, because data collection and reporting processes will change over time, management must establish sound procedures to allow for systems changes. These procedures should be well defined and documented, clearly communicated to appropriate employees, and should include an effective monitoring system.

Completeness

Decision makers need complete and pertinent information in a summarized form. Reports should be designed to eliminate clutter and voluminous detail, thereby avoiding "information overload."

Relevance

Information provided to management must be relevant. Information that is inappropriate, unnecessary, or too detailed for effective decision making has no value. MIS must be appropriate to support the management level using it. The relevance and level of detail provided through MIS systems directly correlate to what is needed by the board of directors, executive management, departmental or area mid-level managers, etc. in the performance of their jobs.