• Journal of Information Technology Services
• /
• v.8 no.4
• /
• pp.87-101
• /
• 2009

The current information system audit merely inspects a web based information system by focusing on checking items that are extracted from structured and information engineering model and object-oriented component model. As a result, the checking item of web contents and design is inadequate. This paper aims to extract audit framework in order to strengthen the audit of web contents and design during the development of the web based information system and to suggest checking items based on audit framework. For this, the web development process and web site evaluation model were studied, compared, and analyzed with the current information system development audit. From a result of the survey, it was found that the adequacy of the suggested audit framework and audit checking items is above the average value. It is believed that the suggested audit framework is helpful for the audit of web based information system.

• KIPS Transactions on Software and Data Engineering
• /
• v.8 no.5
• /
• pp.179-186
• /
• 2019

Information system audit, which provides effective diagnosis and inspection of IT governance, is applied to all aspects from planning to development and operation. However, there is a difficulty in carrying out the audit because the system for the specialized university IT project is not developed. Therefore, it is necessary to set the internal system as the audit-based application framework in order to apply it to university IT governance. In this paper, we propose a audit-based application framework of university information system developed for university. The framework has a difference from the existing audit system. By using this framework, it is possible to present a standard for the university IT project and easily approach and use it in the field. And it can be used for direct audit through this framework in the level of the auditor as well as the HQ admin. The framework categorizes the audit into three major dimensions and suggests a method that can be applied to the university information system audit through the UAFP(University Audit Framework Process) and quality assurance.

• Korean System Dynamics Review
• /
• v.12 no.3
• /
• pp.25-46
• /
• 2011

Recently, performance auditing system of governmen is carried out as most promising framework of government audit. Performance audit by the Board of Audit and Inspection of Korea involves assessing the causes and effects of government policies, programs, and Institutions with the criteria of economy, efficiency, effectiveness. Performance auditing will contribute to strengthening the values of objective assessments of whether public resources are responsibly and effectively managed to achieve intended results. Nevertheless, there seems to be a problems appears in implementation of audit. That is the problems of tendency return to legitimacy audit which is result from the lack of strong approach and methodology. So, this study purpose to developing stronger audit concepts and methods that add to the process and framework of traditional performance auditing system. First, this study evaluates the limitation of current performance auditing system with the perspective of systems thinking. Second, this study analyzes the process and method of current system and develop the conceptual model of the Dynamics Audit System using the system dynamics methodology, which focused on the appropriate auditing process and framework.

• Journal of Information Technology Services
• /
• v.5 no.3
• /
• pp.121-135
• /
• 2006

With the growth and maturation of IT industry, the necessity of audit about development, maintenance and management of high-quality information system is gradually increasing. In addition, the necessity of inner auditing system, which could totally verify and evaluate the effectiveness of project according to the characteristics of organization conducting information-oriented business, also being proposed. Government offices including Korea Institute of Science and Technology(KISTI) collectively controlling nationwide science-technology related information have no guiding principle or organization within themselves even though performing information-oriented businesses are becoming more bigger and complicated. In this paper, we propose scheme for devising framework, which can audit construction and operation of knowledge information, check list and guideline. In addition, we present concrete ways for adapting these schemes to institutes which manage science-technology knowledge information. Audit framework consists of points of time in audit, audit domain and audit criterion. Points of time in audit are defined as three phases as followings: pre-audit, in-progress audit and post-audit. Audit domain includes 16 detail audit domains and especially we set 11 check items and 40 detail investigation items for database implementation business. We expect that management level of science-technology implementation business of organizations using this research result will increase and they could offer high-quality information service.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.2
• /
• pp.233-245
• /
• 2010

This paper proposes security architecture, security audit framework, and audit check item. These are based on the security requirement that has been researched in the information system audit. The proposed information security architecture is built in a way that it could defend a cyber attack. According to its life cycle, it considers a security service and security control that is required by the information system. It is mapped in a way that it can control the security technology and security environment. As a result, an audit framework of the information system is presented based on the security requirement and security architecture. The standard checkpoints of security audit are of the highest level. It was applied to the system introduction for the next generation of D stock and D life insurance company. Also, it was applied to the human resources information system of K institution and was verified. Before applying to institutions, system developers and administrators were educated about their awareness about security so that they can follow guidelines of a developer security. As a result, the systemic security problems were decreased by more than eighty percent.

• Journal of Information Technology Services
• /
• v.12 no.4
• /
• pp.219-234
• /
• 2013

We introduced a framework of information systems audit methodology and applied to IS projects based on RFID/USN in six public organizations in South Korea. An analysis of five IS implementation projects shows the iterative technical specific risks are disclosed. The key 14 risk factors categorized into 4 classifications (Project Management, application, database, system architecture) which are based on the established IT audit framework in order to extend to the technology (RFID/USN) specific framework and apply to the other case as well. The implications of these findings for audit research and practice are discussed.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.4
• /
• pp.107-118
• /
• 2010

The user interface is the medium, which provides the users to have an access to the web-based information system. The user interface is the means of improving usability and accessibility for the user, as well as being the core component in the web-based information system. In this paper, the audit framework of the user interface was developed to upgrade the usability and accessibility; it was based on the three basic components of the current audit framework in the web-based information system. At the time of an audit, the UI process of the 'Analysis', 'UI Design', 'UI Production', and 'Test' was defined, which was analyzed through the web development methodology. Also, for the area of an audit, the 'Information', 'Design', and 'Technology' were defined by the analysis of the components that makes up the user interface, From the view of an audit, the standard criteria of an assessment were set as 'Usability', 'Accessibility', and 'Cross Browsing'. Through the framework that was proposed in this paper, practical audit applies the performed examples. By this, the efficiency of the proposed framework was verified.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.12 no.19
• /
• pp.89-98
• /
• 1989

This research addresses the most sophisticated level of complexity of current electronic data processing(EDP) technology realtime, distributed data base(DDB) system. The major objective is to develop guidelines for the control and audit of these sophisticated system, since the control and audit philosophies, control features, and audit techniques applicable to traditional EDP systems are no longer fully appropriate for, or relevant to, these stat-of-art systems. An attempt is made to develop an internally consistent audit and control Conceptual Framework summarizing and integrating the material developed in this research, which then leads into the analysis of the control and audit model.

• Journal of Information Technology Services
• /
• v.11 no.2
• /
• pp.197-211
• /
• 2012

This paper describes how to derive audit criterion, audit domain, detail technology, and functional check items which are core of hospital information system, consisting of OCS, EMR, and PACS. Using the check items listed above, we investigated the objective validity for the construction audit of hospital information system. As a result, the derived audit criterion, audit domain, detail technology, and functional check items were verified as check items for audit. Since using the current audit check items of public area is insufficient to construct efficient, reliable, and stable hospital information system, we suggest adopting the hospital information system audit area, audit check items, and process that are presented in this paper.

• Communications for Statistical Applications and Methods
• /
• v.17 no.5
• /
• pp.745-753
• /
• 2010

Compared to the U.S. Government Accountability Office(GAO) and the U.K. National Audit Office(NAO), the Board of Audit and Inspection of Korea(BAI) has not laid a rather solid system for effective assessment and judgment on the reliability of computer-processed data used as audit evidence in its public auditing activities. Accordingly, based on the experiences of GAO and NAO, this study suggests criteria and methods as the key elements of the methodological framework for assessing the reliability of information system data. Then, the usefulness and effectiveness of the criteria and techniques for assessing data reliability were tested and proved by applying to the analysis of allotment for mandatory disabled employment data that have been computer-processed and managed by the Korea Employment Agency for the Disabled(KEAD).