• Journal of Information Technology Services
• /
• v.12 no.4
• /
• pp.219-234
• /
• 2013

We introduced a framework of information systems audit methodology and applied to IS projects based on RFID/USN in six public organizations in South Korea. An analysis of five IS implementation projects shows the iterative technical specific risks are disclosed. The key 14 risk factors categorized into 4 classifications (Project Management, application, database, system architecture) which are based on the established IT audit framework in order to extend to the technology (RFID/USN) specific framework and apply to the other case as well. The implications of these findings for audit research and practice are discussed.

• The Journal of the Korea Contents Association
• /
• v.11 no.3
• /
• pp.84-99
• /
• 2011

As the integrated and large-scale information is extended due to an advanced information system, a possibility of leaking out privacy increases as the time passes by. As a result, the necessity of using a privacy impact assessment (PIA) is emphasized because it can analyze and minimize the element of invasion of privacy. However, an essential audit for personal information protection is not fulfilled because most of the information system audit supervises over physical, managerial, and technical security items of system architecture area so that general items are the only things being checked. Consequently, this paper proposes that in order to minimize the invasion of personal information, the privacy impact assessment should be done. It also presents a procedure and method of personal information protection audit according to the result of the assessment. After applying the suggested method to two projects, it was confirmed that the improvements for protecting personal information were drawn from this paper.

• The Journal of Asian Finance, Economics and Business
• /
• v.7 no.3
• /
• pp.137-148
• /
• 2020

The purpose of this study is to investigate factors influencing risk assessment of material misstatement in Vietnamese enterprises listed on stock market. Expert interview method was conducted to discover the scales for three variables including information system, trademark, and risk assessment of material misstatement. Survey method was used to examine the impacts of eight factors on risk assessment of material misstatement. Data is collected from 317 auditors who have excellent experience in auditing financial statements of companies listed on stock market. Then, data is processed by descriptive statistics, reliability analysis, factor extracted analysis, correlative regression analysis, and analysis variance of residual change. The research findings showed that business characteristic, stakeholder pressure, and economic environment have positive relationships with risk assessment of material misstatement. Three variables including operation control and monitor, control environment, and information system negatively affect to risk assessment. Specially, business characteristic and information system, which are elements in internal control, have strongest impact on risk assessment. One the other hand, assessment of internal control plays an important role not only in the audit plan stage but also throughout the stages of the audit implementation and ending. Therefore, appropriate solutions are proposed to carry out all audit stages.

• Journal of Korea Spatial Information System Society
• /
• v.7 no.2 s.14
• /
• pp.15-27
• /
• 2005

The purpose of this study is to present a methodology of GIS audit system which fully reflects standardization regarding GIS. With the recognition of the problems stemming from data exchange, building costs, and budget waste, this study utilized the standardization for evaluation factors of GIS audit. After analyzing the advantages and disadvantages of current audit methodology, this study pointed out the importance of audit, then presenting main audit factors followed by analyzing national standardization and extracting contents of audit to be added into the existing auditing items. Through the analysis of different types and characteristics, and both advantages and disadvantages of GASP, this study identifies and introduces a highly improved and practical methodology called Modified-GASP (M-GASP) that is basically set to be complementary and supplementary to GASP. Ultimately, the result of this study will support the higher degree of efficiency, stability, and extendability of GIS system, not to mention of strengthening the competitiveness of organizations involved.

• Journal of Digital Convergence
• /
• v.12 no.1
• /
• pp.229-239
• /
• 2014

Smartwork technology, using teleworking, smartwork centers and mobile terminal, provides a flexible work environments without constraints of time and space. Smartwork system to increase the work efficiency has the information protection threats according to their convenience. Thus, in order to build smartwork, it is proper to provide information protection audit to help ensure the information protection. In this paper, we have proposed an infortaion protection audit model at the practical and technical level for building a smartwork environment. We were classified as a terminal, network and server area for information protection, and derived a professional information protection check items. Further, by establishing a smartwork information protection audit time to map ISMS control items, we have proposed an audit model so that it is possible to improve the security and efficiency. It also verified whether the proposed model is suitable or not by doing a survey if deduced audit domain and check items correspond with the purpose of the smartwork information protection audit to auditors and IT specialists. As the result, this study was 97% satisfaction out of 13 check items.

• Information Systems Review
• /
• v.11 no.1
• /
• pp.85-106
• /
• 2009

Current trend of audit is to check the physical aspects of developed information system, such as checking the budget constraints, time constraints or functional fluency etc. However, ultimate goal of information system is to help the organization to achieve the competency over their competitors. Also, there are three different interest groups in system auditing, like audit requesting group, audited group and audit group, who may have different points of interests in auditing. Current auditing process, however, ignores this point, and so does not check the differences between three groups. This study tries to develop new auditing method to cure these two problems. Contributions of this study may be summarized as follows. First, Redefine Information Systems Audit from a service point of view. Second, Divide the audit related person into three groups, and their different needs toward the information system was analyzed. Third, Analyze and compare the main interests of three groups, and weights of each groups to each indexes were calculated. Fourth, Fuzzy theory was applied to quantify the qualitative answers, which may minimize the ambiguity of questionnaire replies.

• Proceedings of the IEEK Conference
• /
• 1998.10a
• /
• pp.269-272
• /
• 1998

The disks containing all the system software-OS(Operating System), application program, and DB(Data Base)-happen to be broken. This happens not only to general computer systems but also to electronic switching system. In the electronic switching system, this causes the essential data and software needed for operating the system to be damaged and is fatal to services, so that they should be recovered as soon as possible. Especially the data, having the information of subscriber, trunk, prefix, and system configuration should be receovered preferentially. To manage this situation, the system should let the operator know that the data are damaged and recover the damaged data. This paper shows a way of recovering this damaged data, the object data of audit, the structure of DBMS and the implementation of audit in the case of the domestic high capacity electronic switching system, TDX-10A.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.79-90
• /
• 2017

If digital forensic investigators can utilize file access logs when they audit insider information leakage cases or incident cases, it would be helpful to understand user's behaviors more clearly. There are many known artifacts related to file access in MS Windows. But each of the artifacts often lacks critical information, and they are usually not preserved for enough time. So it is hard to track down what has happened in a real case. In this thesis, I suggest a method to utilize SACL(System Access Control List) which is one of the audit functions provided by MS Windows. By applying this method of strengthening the Windows's audit settings, even small organizations that cannot adopt security solutions can build better environment for conducting digital forensic when an incident occurs.

• The Journal of Industrial Distribution & Business
• /
• v.10 no.5
• /
• pp.77-86
• /
• 2019

Purpose - The present study examined the reliability of accounting information based on the pay slice (CPS) information of chief executive officers (CEOs) in the service industry. The difference in the size of CPS under the capitalist system can be used as an index to gauge the influence of top management. Research design, data, and methodology - In accordance with the amendment of the Financial Investment Services and Capital Market Act in 2013, the pay information of individual registered executives with annual salary of more than 500 million won has been disclosed. The sample of the current study is 232 companies listed on the Korea Exchange excluding financial services from 2013 to 2015, when the individual pay-slice information for registration officers was published in the business report in accordance with the revision of the Capital Market Act. The financial data required for this study were extracted from the FnGuide and the TS-2000. With the data, we tested the relationship between CPS and accounting information reliability through a linear regression analysis. Results - The first result showed that the relationship between the CPS and human resource in internal accounting control system in the service industry is significantly negative only with the accounting department personnel. This result implied that the CEO can negatively affect the retention of the accounting department in the firm. Second, both the CPS and quality of audit in the service industry are negatively related both to audit fees and to audit time. Nonetheless, the relationship between the number of the auditor and the CPS is insignificant. This result indicated that the CEO can negatively affect audit fees and audit time of external auditors. The results of the present study suggested that CPS information may have a negative impact on the reliability of accounting information. Conclusion - This study is the first study to examine the reliability of CPS and accounting information for the service industry in terms of human resources in internal accounting control system and audit quality. Therefore, the present study is expected to provide some useful information to economic decision-making of various external parties for service firms.

• Information Systems Review
• /
• v.10 no.3
• /
• pp.155-183
• /
• 2008

Current trend of audit is to check the physical aspects of developed information system, such as checking the budget constraints, time constraints or functional fluency etc. However, ultimate goal of information system is to help the organization to achieve the competency over their competitors. Also, there are three different interest groups in system auditing, like audit requesting group, audited group and audit group, who may have different points of interests in auditing. Current auditing process, however, ignores this point, and so does not check the differences between three groups. This study tries to develop new auditing method to cure these two problems. Contributions of this study may be summarized as follows. First, Introduce the new indexes that can check the possibility that the information system may contribute the competency of organization. Also check the feasibility of indexes through Fuzzy AHP. Second, Divide the audit related person into three groups, and their different needs toward the information system was analyzed. Third, Analyze and compare the main interests of three groups, and weights of each groups to each indexes were calculated. Fourth, Fuzzy theory was applied to quantify the qualitative answers, which may minimize the ambiguity of questionnaire replies.