• Journal of Korea Spatial Information System Society
• /
• v.2 no.2 s.4
• /
• pp.5-23
• /
• 2000

Since 1995, national and local governments have competitively initiated many and large GIS projects and audit for the projects becomes an important issue. So far, the audit in the Information Technology(IT) area has tried to deal with the issue but ineffectiveness has been found for the successful GIS project management. Effective auditing is a critical element for the project management. In order to establish a proper audit model for the GIS projects and to promote auditing activities in the projects, this study constructs two hypotheses and tries to prove them. The hypotheses are as follows : 1) For a good audits model for GIS, unique characteristics of a GIS project audit items and the scope of the audit need to be identified. 2) The scope of audit needs to be classified according to the requests from tasks in the projects. To prove the hypotheses, this study analyzes positive aspects of audit in IT and construction projects, clarifies the audit items in GIS projects by comparing with them, and classifies the scope of the GIS audit based on various types of GIS projects. As a results, 5 types of the GIS audit are identified : (1) audit for project management, (2) audit focused on IT, (3) audit characterized by GIS technologies, (4) GIS database audit and (5) consulting services for critical problems in the projects. In addition, 4 criteria in classifying the GIS projects are suggested for the GIS audit. The 4 criteria are domain, scope, duration, and GIS applications technologies. Especially, GIS technology considered in this study includes GIS software, methodologies for GIS development, GIS database and quality control of GIS data, which are not usually reflected in the existing studies about in GIS audit. Because the GIS audit depends on a type of GIS projects, scopes of the audit can be flexibly reconstructed in accordance with the types of GIS projects. This is a key to effective and realistic audit for the future GIS projects. Strategies for effective GIS audit are also proposed in terms of the following: GIS project management, goal establishment in each audit stage, documentation from GIS audit, timing strategies for intensive GIS audit, and designing team structure.

• Journal of Internet Computing and Services
• /
• v.17 no.6
• /
• pp.123-131
• /
• 2016

Process mining in big data environment utilize a number of data were generated from the business process. It generates lots of knowledge and insights regarding implementation and improvement of the process through the event log of the company's enterprise resource planning (ERP) system. In recent years, various research activities engaged with the audit work of company organizations are trying actively by using the maximum strength of the mining process. However, domestic studies on applicable sales auditing system for the process mining are insufficient under big data environment. Therefore, we propose process-mining methods that can be optimally applied to online and traditional auditing system. In advance, we propose continuous monitoring information system that can early detect and prevent the risk under the big data environment by monitoring risk factors in the organizations of enterprise. The scope of the research of this paper is to design a pre-verification system for risk factor via practical examples in sales auditing. Furthermore, realizations of preventive audit, continuous monitoring for high risk, reduction of fraud, and timely action for violation of rules are enhanced by proposed sales auditing system. According to the simulation results, avoidance of financial risks, reduction of audit period, and improvement of audit quality are represented.

• Management & Information Systems Review
• /
• v.35 no.3
• /
• pp.231-247
• /
• 2016

This study, according to the amendment of the Act on External Audit, on the basis of the number of input auditors, the content of auditing, and audit times as additional informations, calculates the average of the samples listed companies with assets of one hundred billion KRW. However, since the actual number of the subject corporations of which asset is 100 billion KRW is small, it is difficult to extract data with reference to this asset size. Therefore, the samples were extended to 50 corporations of which asset is 10% less than 100 billion KRW and other 50 more corporations of which asset is 10% more than 100 billion KRW. As a result, a total of 100 corporations were included as samples. To calculate the average of the audit times, a t-test was performed between the two groups. The result of the t-test showed that there is not a significant difference between the two groups. According to the analytical results of the t-test, the average of the number of input auditors and the average of audit times were calculated with respect to all the 100 samples. A further analysis showed that the average of audit content in the present study was compared with the estimated values in the study of Mun (2016). Although the results of this study may not be the optimal number, they may be used as a fundamental index which may be compared with the audit times and the audit fees in the current audit market where there is not an available reference. In addition, the amendment of the Act on External Audit may enhance the independence of auditors and the transparency of accounting system when compared with the previous system where only the total audit times were disclosed.

• KIPS Transactions on Software and Data Engineering
• /
• v.9 no.11
• /
• pp.351-356
• /
• 2020

With the spread of COVID-19 infections, the need for next-generation learning management system for undact education is rapidly increasing, and the Ministry of Education is planning future education through the establishment of fourth-generation NEIS. If the fourth-generation NEIS System is well utilized, there are advantages such as providing personalized education services and activating the use of educational data, but a solution to the illegal access problem in an access control environment where strict authorization is difficult due to various user rights. In this paper, we propose a blockchain-based access control audit system for next-generation learning management. Sensitive personal information is encrypted and stored using the proposed system, and when the auditor performs an audit later, a secret key for decryption is issued to ensure auditing. In addition, in order to prevent modification and deletion of stored log information, log information was stored in the blockchain to ensure stability. In this paper, a hierarchical ID-based encryption and a private blockchain are used so that higher-level institutions such as the Ministry of Education can hierarchically manage the access rights of each institution.

• Communications for Statistical Applications and Methods
• /
• v.17 no.5
• /
• pp.745-753
• /
• 2010

Compared to the U.S. Government Accountability Office(GAO) and the U.K. National Audit Office(NAO), the Board of Audit and Inspection of Korea(BAI) has not laid a rather solid system for effective assessment and judgment on the reliability of computer-processed data used as audit evidence in its public auditing activities. Accordingly, based on the experiences of GAO and NAO, this study suggests criteria and methods as the key elements of the methodological framework for assessing the reliability of information system data. Then, the usefulness and effectiveness of the criteria and techniques for assessing data reliability were tested and proved by applying to the analysis of allotment for mandatory disabled employment data that have been computer-processed and managed by the Korea Employment Agency for the Disabled(KEAD).

• Journal of KIISE:Software and Applications
• /
• v.35 no.2
• /
• pp.105-117
• /
• 2008

Generally, project audit provides the service which accomplishes a project successfully by checking the management activity of information system project, indicating a controversial point and reflecting the improvement issues based on project audit check list. In addition, the projects are managed by using the project management maturity model based on process. However, the effect is not big as we except projects performance of real world. In this paper. to solve these problems, the project management maturity evaluation model which is connected with project audit check list and organizational maturity model survey items is designed. Thus, we propose the model which can improve the project performance through the project evaluation of customer's project and development part and the evaluation of organization level as we design that it is possible to not only audit the project but also evaluate it before and after the project.

• Proceedings of the Korean Association of Geographic Inforamtion Studies Conference
• /
• 2002.03b
• /
• pp.11-24
• /
• 2002

Many GIS systems are not to be trusted becuase many GIS project managers often fail to notice importance of GIS data Construction. With this reason, it is a lively discussion on GIS administration system's adaption. The definition of GIS administration system is not clear, but GIS administration system generally is devided information system administration, audit guideline for the data construction of GIS. Audit guideline for the data construction of GIS. GIS data construction's goals are logical and reasonable action policy of GIS data construction in widespread filed, the other goal is creation of product to the purpose exactly. Audit guideline for the data construction of GIS is composed of optimum of GIS data construction's planning, optimum of GIS data construction's activity, optimum of GIS data quality management, optimum of consultations of GIS data construction, GIS data audit. GIS data audit is the phase of detection product's potential error in each level. GIS data audit is composed of filed examination or filed verification, examination with the naked eye, screen verification, program verification, auto verification. GIS information system's efficiency is linked with auto verification system's function variety, accuracy. this paper offer introduction of Audit guideline for the data construction of GIS, efficient auto verification program

• Journal of KIISE:Computing Practices and Letters
• /
• v.10 no.2
• /
• pp.146-155
• /
• 2004

Currently most of commercial operating systems contain a high-level audit feature to increase their own security level. Linux does not fall behind the other commercial operating systems in performance and stability, but Linux does not have a good audit feature. Linux is required to support a higher security feature than C2 level of the TCSEC in order to be used as a server operating system, which requires the kernel-level audit feature that provides the system call auditing feature and audit event. In this paper, we present LxBSM, which is a kernel module to provide the kernel-level audit features. The audit record format of LxBSM is compatible with that of Sunshield BSM. The LxBSM is implemented as a loadable kernel module, so it has the enhanced usability. It provides the rich audit records including the user-level audit events such as login/logout. It supports both the pipe and file interface for increasing the connectivity between LxBSM and intrusion detection systems (IDS). The performance of LxBSM is compared and evaluated with that of Linux kernel without the audit features. The response time was increased when the system calls were called to create the audit data, such as fork, execve, open, and close. However any other performance degradation was not observed.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.3 no.4
• /
• pp.35-42
• /
• 2010

This paper reviews the current studies about the current secure OS, security module and SELinux, and suggests Linux access control module that uses the user discriminating authentication, security authority inheritance of subjects and objects, reference monitor and MAC class process and real-time audit trailing using DB. First, during the user authentication process, it distinguishes the access permission IP and separates the superuser(root)'s authority from that of the security manager by making the users input the security level and the protection category. Second, when the subjects have access to the objects through security authority inheritance of subjects and objects, the suggested system carries out the access control by comparing the security information of the subjects with that of the objects. Third, this system implements a Reference Monitor audit on every current events happening in the kernel. As it decides the access permission after checking the current MAC security attributes, it can block any malicious intrusion in advance. Fourth, through the real-time audit trailing system, it detects all activities in the operating system, records them in the database and offers the security manager with the related security audit data in real-time.

• Management & Information Systems Review
• /
• v.36 no.1
• /
• pp.1-19
• /
• 2017

One of the methods of securing the reliability of accounting information is maintaining high audit quality. The first step of improving audit quality is lowering audit engagement risks. Thus, this study analyzed the relationship between the characteristics of accounting firms and audit engagement risks based on the Bayesian Network. For this, Markov Blanket, the minimum explanatory variable set, which affects audit engagement risks, was presented, and based on the drawn causal relationship, sensitivity analysis was conducted to verify the characteristics of accounting firms, which affect audit engagement risks. The existing preceding research that used multiple regression analysis presumes the linearity between explanatory variables and dependent variables, so there was a limit in drawing the relationship between explanatory variables. Therefore, this study figured out the interdependence between variables using the General Bayesian Network and examined the impact that each variable has finally on audit engagement risks that affects the audit quality. The results of this study would greatly contribute to improving the efficiency of the supervisory task by allowing a supervisory institution to identify an accounting firms that does not manage audit engagement risks properly and to improve the supervision of the accounting firms in advance. In addition, this study will be used as a reference when a supervisory institution would improve the system related to audit quality by presenting the characteristics of accounting firms related to the audit quality.