The value of information comes from its relevance, usefulness/usability and integrity, which can be assessed against the purpose for which the information is produced.
Decisions are affected by information. One of the key components of good decision-making, monitoring and control is information integrity.
Boritz (IS practitioners’ views on core concepts of information integrity. International Journal of Accounting Information Systems 6:260-279, 2005) contends that information integrity is not an isolated attribute, but draws on several other attributes (or, as he refers to them, concepts).
The research of Bovee et al. (2003) produced four attributes of information quality and related them to the process of how information is created.
They describe three of these attributes (accessibility, interpretability and relevance) as extrinsic (immaterial, insignificant, nonessential) in nature.
However, the fourth attribute, integrity, they claimed was intrinsic (material, central, essential) in nature when related to the process of how information is created.
Bovee et al. (2003) in their paper: A conceptual framework and belief-function approach to assessing overall information quality published in International Journal of Intelligent Systems 18(1):51-74 define the four sub-attributes of integrity, which is intrinsic to how information is made, in this way:
- Accuracy
This information conforms to the real-world or conceptual items of interest to the user. It is typically considered to be error free.
- Completeness
Refers to having all required parts or having enough information for decision making.
- Consistency
Requires that multiple recordings of the values for any of the attributes be consistent across time and space. To be consistent, these values must be the same in all cases.
- Existence
This is an important intrinsic element of information used in auditing. If one needs to validate information, Bovee et al. (2003) claim that the information would need to meet any tests of existence that there are no false or redundant entities, fields or values.
Informed decision-making requires that information is from a reliable source, accurate, understandable, timely, intact, balanced and sufficient.
Therefore, it is essential to have measures in place that ensure that the information used to make decisions has integrity.
If the information lacks quality, this has a natural effect on the outcomes of the decisions and, therefore, the decisions ultimately lack quality.
To ensure fact-based decision making, one would require assurances as to the condition of the information when the decisions are made. If decisions are made in real time, based on real-time information, one would require real-time assurances.
An information problem may or may not be an integrity problem; nevertheless, depending on its size and other ripple effects, it could lead to an information integrity failure.
An integrity problem will almost always result in an information problem, and thus, sooner or later will lead to an information integrity failure.
It is not a question of if, but when, a person with questionable ethics will choose to misrepresent something.
The concept of information integrity provides a comprehensive framework and foundation for us to recognize how best to characterize this important risk.
Once the sources of information integrity risk are understood, we can evaluate better the adequacy of internal control systems within their respective organizations.
Various risks that can impact information integrity exist throughout the information lifecycle (begin when the record is created or received. Later, it covers its usage, storage, retrieval and maintenance. At the final stage of the lifecycle is disposition and destruction or permanent retention in accordance with the organization’s records retention schedule) and increase the possibility of material errors and omissions in information leading to erroneous or sub-optimal decisions arising from the use of the information. Certain factors such as the inherent nature of the system, complexity, and malicious intentions can magnify those risks. These factors must be given special consideration.