• 한국IT서비스학회지
• /
• 제5권3호
• /
• pp.121-135
• /
• 2006

With the growth and maturation of IT industry, the necessity of audit about development, maintenance and management of high-quality information system is gradually increasing. In addition, the necessity of inner auditing system, which could totally verify and evaluate the effectiveness of project according to the characteristics of organization conducting information-oriented business, also being proposed. Government offices including Korea Institute of Science and Technology(KISTI) collectively controlling nationwide science-technology related information have no guiding principle or organization within themselves even though performing information-oriented businesses are becoming more bigger and complicated. In this paper, we propose scheme for devising framework, which can audit construction and operation of knowledge information, check list and guideline. In addition, we present concrete ways for adapting these schemes to institutes which manage science-technology knowledge information. Audit framework consists of points of time in audit, audit domain and audit criterion. Points of time in audit are defined as three phases as followings: pre-audit, in-progress audit and post-audit. Audit domain includes 16 detail audit domains and especially we set 11 check items and 40 detail investigation items for database implementation business. We expect that management level of science-technology implementation business of organizations using this research result will increase and they could offer high-quality information service.

• 한국IT서비스학회지
• /
• 제5권2호
• /
• pp.59-78
• /
• 2006

This research is to suggest the factor which is effecting on the information system audit fidelity in the perspective of audit procurer, to develop the measure to evaluate it, to investigate the audit performance and project performance for comparison the audit fidelity between the audit teams. As the analysis results, we found that the audit service factors can be divided to the expert knowledge of auditor and the project attributes itself. It means these factors are the major measures for the audit fidelity. In this research, the hypothesis of this study model is verified throughout the factor and corelation analysis, and the structured equation model is applied. Analysis results show that all relations between the factors are significant statistically. The audit service factors has an effect on audit fidelity. Also the information system audit fidelity can be affect on the project performance, audit performance and customer satisfaction. So, in conclusion, we need to judge closely the audit service factors affecting the audit fidelity for the enhancement of the project performance, audit performance and customer satisfaction.

• International Journal of Advanced Culture Technology
• /
• 제9권1호
• /
• pp.210-217
• /
• 2021

In the case of an agile-based project, it was inadequate to perform a comprehensive inspection and evaluation on the establishment and operation of an information system by performing audit only with the audit and inspection elements provided by the existing information system audit and inspection system. In particular, in the case of the test activity area, it was necessary to improve the test activity audit check items to comprehensively check the agile-based development process by applying the existing audit system. To this end, a test activity improvement check model of the agile methodology audit model was presented by applying the repetition concept, a characteristic of the agile methodology. In order to empirically verify the model of this study, a survey was conducted for auditors and designers/developers who have experience in performing agile-based projects and auditing information systems. As a result of the questionnaire on the integrated test and system test in the test stage, more than 70% of the respondents were found to be suitable. More than 80% of the respondents judged that it was appropriate as a result of the questionnaire on "improvement and regression test progress according to integrated test and system test results" and "integrated test and functional actions of components and subsystems".

• 제어로봇시스템학회:학술대회논문집
• /
• 제어로봇시스템학회 2005년도 ICCAS
• /
• pp.1602-1605
• /
• 2005

An audit tracer is one of the last ways to defend an attack for network equipments. Firewall and IDS which block off an attack in advance are active way and audit tracing is passive way which analogizes a type and a situation of an attack from log after an attack. This paper explains importance of audit trace function in network equipment for security and defines events which we must leave by security audit log. We design and implement security audit system for secure router. This paper explains the reason why we separate general audit log and security audit log.

• 한국IT서비스학회지
• /
• 제15권1호
• /
• pp.113-129
• /
• 2016

Recently, as Information System projects tend to be more complex, the importance of Information System Audit increases. In the same context, the need for the resident IS Audit also increases, which is supposed to deal with the possible risks and urgent issues by providing the appropriate support and timely coordination during IS project. Basically, for the effective IS Audit, the IS audit team members should be able to understand such a business context as work characteristics, business knowledge, goals, and culture of the organization. The audit team members should also be able to share the various knowledge of Information Technology and audit procedure with the owner of the project. Especially, for the resident audit, it is more important to fill the gaps in expertise between project owner and audit team. However, any studies on the need of common knowledge base (knowledge complementarities) in the IS audit have not been done so far. The purpose of this study is to analyze whether the knowledge complementarity based on inter-organizational communication between the project owner and audit team members makes an effect on the fidelity and performance of IS audit. In order to do this, the relationship among inter-organizational communication and knowledge complementarity, the fidelity of IS audit service, and performance of IS audit has been analyzed, using Structural Equation Model. The result shows that all the relationship is significant, which means that knowledge complementarity between the two different interest groups should be an effective factor on the fidelity and performance of IS audit. This result implies that, for better quality of IS Audit service, how to acquire the knowledge complementarity between the project owner and Audit team should be considered seriously as well as systematically in the process of IS Audit.

• 산업경영시스템학회지
• /
• 제12권19호
• /
• pp.89-98
• /
• 1989

This research addresses the most sophisticated level of complexity of current electronic data processing(EDP) technology realtime, distributed data base(DDB) system. The major objective is to develop guidelines for the control and audit of these sophisticated system, since the control and audit philosophies, control features, and audit techniques applicable to traditional EDP systems are no longer fully appropriate for, or relevant to, these stat-of-art systems. An attempt is made to develop an internally consistent audit and control Conceptual Framework summarizing and integrating the material developed in this research, which then leads into the analysis of the control and audit model.

• 디지털융복합연구
• /
• 제12권3호
• /
• pp.37-53
• /
• 2014

지방자치단체에 의한 감사는 지방자치단체의 내부 통제를 개선하고 자신들의 정책을 진단하여 관리능력을 향상시키며 정책 오류를 예방하는 역할을 한다. 그러나 자기기관 감사와 검사 수준은 매우 낮은 실정이다. 이는 전문가 수준의 직원보다 빈번한 순환 보직으로 실무 경험이 미흡한 감사요원을 배치하기 때문이다. 이러한 문제를 극복하고 지방자치단체의 자체감사기능을 강화하기 위하여 여러 가지 감사환경을 고려한 솔루션으로 새로운 시스템을 제안한다. 본 연구는 지방감사의 문제점을 찾아 자체 감사평가시스템의 새로운 체계를 제시하였다. 자체전자감사평가시스템은 자체기관 감사 및 검사를 강화하여 궁극적으로 지방정부의 역량을 강화시킬 것이다.

• 기술사
• /
• 제34권4호
• /
• pp.65-68
• /
• 2001

The role of information system(IS) audit is growing more important according to rapid change of Information technology. This article is to introduce what is IS audit, purpose and effect of IS audit. Now most clients of private IS audit services companies are the public sector. Korean public sectors invest a lot of money to build or implement their information system. Most of their systems are developed by system intergration companies. But they do not have professional engineers to evaluate and review outsourced information system. Therefore they must use outside private professional engineers for sysem auditing. We, including writer, established the first IS audit sevice company in Korea on September in 1997. After that about 15 IS audit service companies are established until now. The effect of IS audit is highly evaluated In public sector by the clients Most clients think IS audit service contributed to upgrade the quality of software and standard the methodology of developing system

• 한국재난정보학회 논문집
• /
• 제19권1호
• /
• pp.204-215
• /
• 2023

연구목적: 본 연구는 향후 급변하는 감사 및 업무 환경에서 효율적인 감사방법을 개발할 수 있 군 조직내 예방적 감사체계 구축방안을 연구하는 것이다. 연구방법: 군 자체감사의 실태와 문제점, 현재 정부 부처 및 기관에서 사용하고 있는 지속적 예방감사제도 사례, 외국 감사원 정보시스템 내부통제점검 등을 살펴보았다. 연구결과: 본 연구에서는 군사감사제도의 문제점을 극복하기 위하여 정부부처, 기관 등이 활용하는 지속적 예방감사제도를 벤치마킹하여 군내 지속적 예방감사제도를 구축하는 방안을 제안하였다. 결론: 상시 예방 감사 시스템사업의 한계성 및 사업효과의 신뢰성을 고려하여 육군을 시험사업으로 추진하고 이어서 해군·공군·해병대로 사업을 점진적으로 확대해야 할 것이다.

• 한국IT서비스학회지
• /
• 제11권4호
• /
• pp.107-121
• /
• 2012

The core infra-technology in the ubiquitous era, RFID which has taken action from the public institution with the pilot projects as well as the practical projects is gradually extending its spectrum to the private enterprises. Along with its expansion, the audit required on the RFID-based information system is also growing in the industry. Especially, since RFID-based information systems, especially compared to other information systems, are likely to be exposed to many threats, the security audit for them is being emphasized. This paper suggests security audit checking items for the RFID-based information system, which can be used to perform the efficient security audit. The security audit checking items consist of eight basic checking items, each of which consists of detailed review items and can be applied for each building steps of the system(analysis, design, implementation, testing, and development). Finally, this paper confirmed the efficiency of the security audit checking items proposed in this paper through survey by the experienced auditors and analysis of practical audit cases.