• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.2
• /
• pp.233-245
• /
• 2010

This paper proposes security architecture, security audit framework, and audit check item. These are based on the security requirement that has been researched in the information system audit. The proposed information security architecture is built in a way that it could defend a cyber attack. According to its life cycle, it considers a security service and security control that is required by the information system. It is mapped in a way that it can control the security technology and security environment. As a result, an audit framework of the information system is presented based on the security requirement and security architecture. The standard checkpoints of security audit are of the highest level. It was applied to the system introduction for the next generation of D stock and D life insurance company. Also, it was applied to the human resources information system of K institution and was verified. Before applying to institutions, system developers and administrators were educated about their awareness about security so that they can follow guidelines of a developer security. As a result, the systemic security problems were decreased by more than eighty percent.

• Journal of Information Technology Services
• /
• v.11 no.4
• /
• pp.107-121
• /
• 2012

The core infra-technology in the ubiquitous era, RFID which has taken action from the public institution with the pilot projects as well as the practical projects is gradually extending its spectrum to the private enterprises. Along with its expansion, the audit required on the RFID-based information system is also growing in the industry. Especially, since RFID-based information systems, especially compared to other information systems, are likely to be exposed to many threats, the security audit for them is being emphasized. This paper suggests security audit checking items for the RFID-based information system, which can be used to perform the efficient security audit. The security audit checking items consist of eight basic checking items, each of which consists of detailed review items and can be applied for each building steps of the system(analysis, design, implementation, testing, and development). Finally, this paper confirmed the efficiency of the security audit checking items proposed in this paper through survey by the experienced auditors and analysis of practical audit cases.

• Journal of Information Technology Services
• /
• v.5 no.2
• /
• pp.59-78
• /
• 2006

This research is to suggest the factor which is effecting on the information system audit fidelity in the perspective of audit procurer, to develop the measure to evaluate it, to investigate the audit performance and project performance for comparison the audit fidelity between the audit teams. As the analysis results, we found that the audit service factors can be divided to the expert knowledge of auditor and the project attributes itself. It means these factors are the major measures for the audit fidelity. In this research, the hypothesis of this study model is verified throughout the factor and corelation analysis, and the structured equation model is applied. Analysis results show that all relations between the factors are significant statistically. The audit service factors has an effect on audit fidelity. Also the information system audit fidelity can be affect on the project performance, audit performance and customer satisfaction. So, in conclusion, we need to judge closely the audit service factors affecting the audit fidelity for the enhancement of the project performance, audit performance and customer satisfaction.

• Asia pacific journal of information systems
• /
• v.5 no.1
• /
• pp.112-128
• /
• 1995

The information system control includes organizational structure, control mechanism, and management tools which contribute to accomplish the goals of information system: asset safeguarding, data integrity, effectiveness, and efficiency. Information system audit is the process to evaluate whether the information system accomplishs the goals. Information system auditor examine the reliability of information system control and suggest recommendations to improve the information system control. Both information system control and information system audit activities contribute to prevent and detect the computer crime for the organization. This paper proposes a causal model of information system control/audit and the perceived risk of computer crime, and tests the model using a survey on 38 financial institutions in Korea. Statistical results show that information system control and audit significantly reduce the computer crime risk perceived by the user group. The general control has a stronger impact than the application control. In addition, it turns out that the greater the deviation between the importance and the actual level of information system control is, the higher the perceived risk of computer crime is.

• Journal of Information Technology Applications and Management
• /
• v.11 no.2
• /
• pp.45-64
• /
• 2004

Many researchers have proved that information systems auditing is a very effective tool for improving information systems quality. However, information system auditing in Korea still includes many subjective judgements. This study deals with applying a quantitative model to improve information system auditing quality on security domain. First of all, we have looked at previous researches on information systems audit, especially on security audit. Based on this survey, we have come up with solutions to improve the evaluation efficiency on security audit. We have merged the security audit guidelines of NCA and KISA, and developed a quantified evaluation scheme. We have proved the validity of this model by interviews with experts and by case studies.

• Journal of the Korean Professional Engineers Association
• /
• v.34 no.4
• /
• pp.65-68
• /
• 2001

The role of information system(IS) audit is growing more important according to rapid change of Information technology. This article is to introduce what is IS audit, purpose and effect of IS audit. Now most clients of private IS audit services companies are the public sector. Korean public sectors invest a lot of money to build or implement their information system. Most of their systems are developed by system intergration companies. But they do not have professional engineers to evaluate and review outsourced information system. Therefore they must use outside private professional engineers for sysem auditing. We, including writer, established the first IS audit sevice company in Korea on September in 1997. After that about 15 IS audit service companies are established until now. The effect of IS audit is highly evaluated In public sector by the clients Most clients think IS audit service contributed to upgrade the quality of software and standard the methodology of developing system

• Journal of Information Technology Services
• /
• v.15 no.1
• /
• pp.113-129
• /
• 2016

Recently, as Information System projects tend to be more complex, the importance of Information System Audit increases. In the same context, the need for the resident IS Audit also increases, which is supposed to deal with the possible risks and urgent issues by providing the appropriate support and timely coordination during IS project. Basically, for the effective IS Audit, the IS audit team members should be able to understand such a business context as work characteristics, business knowledge, goals, and culture of the organization. The audit team members should also be able to share the various knowledge of Information Technology and audit procedure with the owner of the project. Especially, for the resident audit, it is more important to fill the gaps in expertise between project owner and audit team. However, any studies on the need of common knowledge base (knowledge complementarities) in the IS audit have not been done so far. The purpose of this study is to analyze whether the knowledge complementarity based on inter-organizational communication between the project owner and audit team members makes an effect on the fidelity and performance of IS audit. In order to do this, the relationship among inter-organizational communication and knowledge complementarity, the fidelity of IS audit service, and performance of IS audit has been analyzed, using Structural Equation Model. The result shows that all the relationship is significant, which means that knowledge complementarity between the two different interest groups should be an effective factor on the fidelity and performance of IS audit. This result implies that, for better quality of IS Audit service, how to acquire the knowledge complementarity between the project owner and Audit team should be considered seriously as well as systematically in the process of IS Audit.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.17 no.32
• /
• pp.297-308
• /
• 1994

In the information system, there are many fields that used by decision making support system. Nowadays, the reasons that the need of the decision making system in audit is increased, are as follows. \circled1 The increased of competitiveness in audit environment \circled2 The rapid replenishment of computer hardware and computer system in corporations. The purposes of this study are as follows. \circled1 The connection of Internal management assess results and practical examination. \circled2 In the making of audit opinion, the establish of non-measure and evaluate logic. \circled3 The suggestion of knowledge base structure about the audit task. \circled4 The development of prototype system for the accounting audit expert system. The expected usefulness of accounting audit expert system development are as follows. \circled1 Audit time may be saved \circled2 The consistence of opinion will be increased \circled3 The elevation of audit technique \circled4 The decreased of audit risk \circled5 In the decision making rationlization of accounting information users, it will be proved as usefulness.

• Journal of the Society of Disaster Information
• /
• v.19 no.1
• /
• pp.204-215
• /
• 2023

Purpose: In this study, it was proposed a plan to build the Continuous Preventive Audit System in the military Organization with the expectation that we will develop an efficient audit method under the rapidly changing audit and work environment in the future. Method: it was examined the realities and problems of the military self-audit, the cases of the Continuous Preventive Audit System currently being used by government departments and institutions and internal control inspection of the information system of the Foreign Audit Office. Result: Government departments, agencies, and foreign auditors have established a Continuous Preventive Audit System to overcome the problems and limitations of their own audits, ensuring accounting accident prevention and audit work efficiency and are focused on auditing internal controls of information systems. Conclusion: In the future, more specific studies on the design of detailed scenarios for each function of defense work and the research and analysis on the improvement of defense information system should be followed for the establishment and settlement of a more specific Continuous Preventive Audit System.

• Journal of Information Technology Applications and Management
• /
• v.11 no.2
• /
• pp.167-178
• /
• 2004

Different from traditional development methodologies like waterfall model, the CBD (component based development) methodology relies on a building block approach in the design and development of information system. The audit procedure and checklist for the traditional IS development methodology are required to be modified to be suitable for CBD. This research reviewed IS audit guidelines for the existing development process and analyzed multiple projects that employed the by component based development process. For the purpose of this study, we chose a governmental project and a next-generation IS project of a financial agency as sample cases. By comparing existing IS audit checklists and items actually reviewed in audit projects, this study identified appropriate check items for the CBD-centric audit program. New items were proposed as additional items such as project control in management phase, usage case and conceptual model establishment, component evaluation and design, in implementation phase, and so forth. The result of the research provides new guidelines for the audit CBD projects for the purposed of increased efficiency and qualify of application development projects.