• The Journal of Industrial Distribution & Business
• /
• v.6 no.3
• /
• pp.5-8
• /
• 2015

Purpose - This article's aim is to examine how the utilization of existing and future decision-support systems will lead to a change in the auditing process. Research design, data, and methodology - An information system is a special decision-support system that combines information obtained from various sources and communicates among them to help in assessing appropriate complex financial decisions. This paper analyzes techniques such as data and text mining as components of decision-support systems to be used in the auditing process. Results - We present views about how existing decision-support systems will lead to a change in audits. Auditors, who currently collect significant data manually, will in the future move towards management through complex decision-support systems. Conclusions - Although some internal audit functions are integrated into systems of continuous monitoring, the use of such systems remains limited. Thus, instead of multiple decision-support systems, a unified decision-support system can be deployed for this that includes sensors integrated within a company in different contexts (e.g., production, sales, and accounting) that continually monitors violations of controls, unusual patterns, and unusual transactions.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.11
• /
• pp.2381-2390
• /
• 2011

This paper presents the effective and detailed secure monitoring method being used based on Secure OS. For this, the detailed secure log of process, object, user's command and database query in task server are collected by 3 kinds of log collecting module. The log collecting modules are developed by ourselves and contained as constituents of security system. Secure OS module collects process and system secure log of objective unit, Backtracker module collects user's command session log, SQLtracker module collects database query in details. When a system auditor monitors and traces the behaviour of specified user or individual user, the mutual connection method between the secure logs can support detailed auditing and monitering effectively.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.8
• /
• pp.1818-1824
• /
• 2015

Cloud computing draws attention as an application to provide dynamically scalable infrastructure for application, data and file storage. An untrusted remote server can cause a variety of problems in the field of data protection. It may process intentionally or involuntarily user's data operations(modify, insert, delete) without user's permission. It may provide false information in order to hide his mistakes in the auditing process. Therefore, it is necessary to audit the integrity of data stored in the cloud server. In this paper, we propose a new data auditing system that can verify whether servers had a malicious behavior or not. Performance and security analysis have proven that our scheme is suitable for cloud computing environments in terms of performance and security aspects.

• Information Systems Review
• /
• v.10 no.3
• /
• pp.155-183
• /
• 2008

Current trend of audit is to check the physical aspects of developed information system, such as checking the budget constraints, time constraints or functional fluency etc. However, ultimate goal of information system is to help the organization to achieve the competency over their competitors. Also, there are three different interest groups in system auditing, like audit requesting group, audited group and audit group, who may have different points of interests in auditing. Current auditing process, however, ignores this point, and so does not check the differences between three groups. This study tries to develop new auditing method to cure these two problems. Contributions of this study may be summarized as follows. First, Introduce the new indexes that can check the possibility that the information system may contribute the competency of organization. Also check the feasibility of indexes through Fuzzy AHP. Second, Divide the audit related person into three groups, and their different needs toward the information system was analyzed. Third, Analyze and compare the main interests of three groups, and weights of each groups to each indexes were calculated. Fourth, Fuzzy theory was applied to quantify the qualitative answers, which may minimize the ambiguity of questionnaire replies.

• Journal of Internet Computing and Services
• /
• v.17 no.6
• /
• pp.123-131
• /
• 2016

Process mining in big data environment utilize a number of data were generated from the business process. It generates lots of knowledge and insights regarding implementation and improvement of the process through the event log of the company's enterprise resource planning (ERP) system. In recent years, various research activities engaged with the audit work of company organizations are trying actively by using the maximum strength of the mining process. However, domestic studies on applicable sales auditing system for the process mining are insufficient under big data environment. Therefore, we propose process-mining methods that can be optimally applied to online and traditional auditing system. In advance, we propose continuous monitoring information system that can early detect and prevent the risk under the big data environment by monitoring risk factors in the organizations of enterprise. The scope of the research of this paper is to design a pre-verification system for risk factor via practical examples in sales auditing. Furthermore, realizations of preventive audit, continuous monitoring for high risk, reduction of fraud, and timely action for violation of rules are enhanced by proposed sales auditing system. According to the simulation results, avoidance of financial risks, reduction of audit period, and improvement of audit quality are represented.

• Journal of KIISE:Computer Systems and Theory
• /
• v.32 no.6
• /
• pp.279-287
• /
• 2005

File integrity checking is the most reliable method to examine integrity and stability of system resources. It is required to examine the whole data whenever auditing system's integrity, and its process and result depends on administrator's experience and ability. Therefore the existing method is not appropriate to intrusion response and recovery systems, which require a fast response time. Moreover file integrity checking is able to collect information about the damaged resources, without information about the person who generated the action, which would be very useful for intrusion isolation. In this paper, we propose rtIntegrit, which combines system call auditing functions, it is called Syswatcher, with file integrity checking. The rtlntegrit can detect many activities on files or file system in real-time by combining with Syswatcher. The Syswatcher audit file I/O relative system call that is specified on configuration. And it can be easily cooperated with intrusion response and recovery systems since it generates assessment data in the standard IDMEF format.

• Information Systems Review
• /
• v.11 no.1
• /
• pp.85-106
• /
• 2009

Current trend of audit is to check the physical aspects of developed information system, such as checking the budget constraints, time constraints or functional fluency etc. However, ultimate goal of information system is to help the organization to achieve the competency over their competitors. Also, there are three different interest groups in system auditing, like audit requesting group, audited group and audit group, who may have different points of interests in auditing. Current auditing process, however, ignores this point, and so does not check the differences between three groups. This study tries to develop new auditing method to cure these two problems. Contributions of this study may be summarized as follows. First, Redefine Information Systems Audit from a service point of view. Second, Divide the audit related person into three groups, and their different needs toward the information system was analyzed. Third, Analyze and compare the main interests of three groups, and weights of each groups to each indexes were calculated. Fourth, Fuzzy theory was applied to quantify the qualitative answers, which may minimize the ambiguity of questionnaire replies.

• Journal of Information Technology Applications and Management
• /
• v.11 no.4
• /
• pp.147-167
• /
• 2004

This study was empirically performed to demonstrate the development propensity and quality of the public software projects in Korea. Tile sample employed in this study contains 168 auditing reports on 107 public software projects which were carried out in the period of 1998 to 2003. The important findings of this study can be summarized as follows. The quality issue in the development process is getting more important with the lapse of time. In addition, the importance of end users' conveniency increases from year to year. Although the Pareto Principle(20 : 80 principle) is not applied strictly, most problems are caused by a few items. Finally, we find evidence that the overall Quality of public softwares is positively influenced by the information system auditing.

• The Journal of Asian Finance, Economics and Business
• /
• v.9 no.2
• /
• pp.93-102
• /
• 2022

The goal of this study was to see how big data analytics (BDA) affected external audit procedures in the Middle East. The measurement model and structural model of this investigation were evaluated using PLS-SEM (3.3.3). The study sample members were (361) auditors who work in auditing companies in Kuwait, Saudi Arabia, the United Arab Emirates, Jordan, Bahrain, Egypt, Lebanon, and Iraq. A questionnaire was chosen to the study sample members electronically, and the study sample members were (5093) auditors who work in auditing companies in Kuwait, Saudi Arabia, the United Arab Emirates, Jordan, Bahrain, Egypt, Lebanon, and Iraq. To choose the sample, the researchers used a stratified random sampling procedure. The findings show that BDA has an impact on audit procedures at all phases of the auditing process, where it contributes to information delivery that helps auditors understand the client's internal and external environments, which in turn influences the choice to accept the audit assignment. Furthermore, by providing essential information, BDA enables auditors to simply run analytical procedures, estimate client risks, and understand and evaluate the internal control system. As a result, auditors must develop their abilities in the BDA field, as it adds to the creation of additional value for both auditors and their clients.

• Journal of Korea Society of Industrial Information Systems
• /
• v.15 no.5
• /
• pp.273-286
• /
• 2010

The main purpose of this study was to demonstrate the most common characteristics of the small and medium system integration companies in performing IT projects. In this study, 388 auditing reports on the 194 IT projects which were carried out by the small and medium size manufacturers from 2006 to 2009 were employed and surveyed. This survey revealed that the schedule management was the most neglected item in the project management area, the test planning and action was the most neglected item in the development and coding area, and the manual preparation for users and operators was the most neglected item in the operation and maintenance area. Consequently these three most neglected items were considered as the most common characteristics of the small and medium system integration companies in performing IT projects.