DOI QR코드

DOI QR Code

IS Audit Framework Development through e-Gov's RFID/USN Project in South Korea

정보시스템 감리 프레임워크 개발:한국 전자정부의 RFID/USN 프로젝트 개발을 통해서

  • 김소정 (국립 싱가포르 대학교 경영대학) ;
  • 구철모 (경희대학교 호텔관광대학) ;
  • 고창은 (북 텍사스 주립대학교 경영대학)
  • Received : 2013.07.26
  • Accepted : 2013.12.03
  • Published : 2013.12.31

Abstract

We introduced a framework of information systems audit methodology and applied to IS projects based on RFID/USN in six public organizations in South Korea. An analysis of five IS implementation projects shows the iterative technical specific risks are disclosed. The key 14 risk factors categorized into 4 classifications (Project Management, application, database, system architecture) which are based on the established IT audit framework in order to extend to the technology (RFID/USN) specific framework and apply to the other case as well. The implications of these findings for audit research and practice are discussed.

Keywords

References

  1. Anon, "Research on Korean IT market", available at http://www.krgweb.com/, (accessed 2010).
  2. Bacon, C. J., "The Use of Decision Criteria in Selecting Information Systems/Technology Investments", MIS Quarterly, (1992), pp.335-353.
  3. Benbast, I., Godstein. D. K, Mead, M., "The case research strategy in studies of information systems", MIS Quarterly, Vol.11, No.1(1987) pp.365-386.
  4. Bedard, J. et al., "Information Systems Risk and Audit Planning", International Journal of Auditing, Vol.9, No.2(2005), pp.147-163. https://doi.org/10.1111/j.1099-1123.2005.00267.x
  5. Blackburn et al., C. C. Blackburn, C. L. Augustine, R. Li, R. P. Harvey, M.A. Malin, R. L. Boyd, J. F. Miller, and G. Morahan, "The nu gene acts cell-autonomously and is required for differentiation of thymic epithelial progenitors", 1996.
  6. Cho, I., "Information Systems Audit Legislation Passed in Korea. Information Systems Control Journal Online", (2008), pp.1-6.
  7. Debreceny, R. S. and G. L. Gray, "IT Governance and Process Maturity:A Multinational Field Study", Journal of Information Systems, Vol.27, No.1(2013), pp.157-188, doi : 10.2308/isys-50418.
  8. Ellis, D., R. Barker, S. Potter, and C. Pridgeon, "Information audits, communication audits and information mapping", International Journal of Information Management Vol.13(1993), pp.134-151. https://doi.org/10.1016/0268-4012(93)90079-J
  9. Faraj and Sproull, "Coordination expertise in software development team", Management Science, Vol.46, No.12(2000), pp.1554- 1568. https://doi.org/10.1287/mnsc.46.12.1554.12072
  10. Gilhooley, I. A., "Auditing Computerized Systems", EDPACS : The EDP Audit, Control and Security Newsletter, Vol.9 No.8(1982), pp.1-8.
  11. Grabski, S., J. H. Reveau, and S.A. West, "Comparison of Judgment, Skills, and Prompting Effects between Auditors and Systems Analysts", MIS Quarterly, Vol.11, No.2 (1987), pp.151-161. https://doi.org/10.2307/249356
  12. Harter, D., M. Krishnan, and S. Slaughter, "Effects of process maturity on quality, cycle- time, and effort in software product development", Management Science, Vol.46, No.4(2000), pp.451-466. https://doi.org/10.1287/mnsc.46.4.451.12056
  13. Kim, C., "Research on actual status of IS Audit in the public sector, NIA, National Information society Agency", 2000.
  14. Kim, C., "The IS Auditor Basic Education and Professional Education Textbook", NIA, National Information Society Agency, 2007.
  15. Lainhart, J. W., "Cobit:A Methodology for Managing and Controlling Information and Information Technology Risks and Vulnerabilities", Journal of Information Systems, Vol.14(2000), pp.21-25. https://doi.org/10.2308/jis.2000.14.s-1.21
  16. Lee, C., "The Study on the effects of IT audit in the national administration network project", NIA, National Computerization Agency, 1992.
  17. Nidumolu, S., "The Effect of Coordination and Uncertainty on Software Project Performance: Residual Performance Risk as an Intervening Variable", Information Systems Research, Vol.6, No.3(1995), pp.191- 219. https://doi.org/10.1287/isre.6.3.191
  18. Nidumolu, S. R., "A Comparison of the Structural Contingency and Risk-Based Perspectives on Coordination in Software-Development Projects", Journal of Management Information Systems, Vol.13, No.2 (1996), pp. 77-113. https://doi.org/10.1080/07421222.1996.11518124
  19. Park, S., "The Study of the measure of IT audit efficacy", NIA, National Computerization Agency, 1998.
  20. Ridley, G., J. Young and P. Carroll, "COBIT and its Utilization : A Framework from the Literature, Proceedings of the 37th Hawaii International Conference on System Sciences", 2004.
  21. Rittenberg and G. B. Davis, "The Roles of Internal and External Auditors in Auditing EDP Systems", Journal of Accountancy, (1977), pp.51-58.
  22. Rittenberg, L. and P. Charles, "The Internal Auditor's Role in MIS Developments", MIS Quarterly, Vol.2, No.4(1978), pp.47-57. https://doi.org/10.2307/248904
  23. Seo, S., "The ISA PR Material", NIA, National Computerization Agency, 2001.
  24. Seo, S., "A study on the Effectiveness of Information Systems Audit", NIA, National Computerization Agency, 2002.
  25. Seo, S., "A Study on the Enhancement of the IS Audit Framework", NIA, National Computerization Agency, 2003.
  26. Sun, L., R. P. Srivastava, and T. J. Mock, "An Information Systems Security Risk Assessment Model under the Dempster-Shafer Theory of Belief Functions", Journal of Management Information Systems, Vol.22, No.4 (2006), pp.109-142. https://doi.org/10.2753/MIS0742-1222220405
  27. Weber, R., "Information systems control and audit", New York : Prentice Hall, 1998
  28. Weiss, I. R., "Auditability of Software : A Survey of Techniques and Costs", MIS Quarterly, (1980), pp.39-50.
  29. Wu, R. C., "The information systems auditor's review of the systems development process and its impact on software maintenance efforts", Journal of Information Systems Spring, (1992), pp.1-13.
  30. Yin, R. K., "Case Study Research : Design and Methods. 2nd Edition", CA: Sage Publication, 1994.