• 제목/요약/키워드: organization audit

검색결과 84건 처리시간 0.025초

신뢰성 있는 전자기록관리기관 감사인증도구 개발에 관한 연구 (Development Process and Methods of Audit and Certification Toolkit for Trustworthy Digital Records Management Agency)

  • 이해영;김익한;임진희;심성보;조윤선;김효진;우현민
    • 기록학연구
    • /
    • 제25호
    • /
    • pp.3-46
    • /
    • 2010
  • 전자기록관리는 수많은 사회적 기술적 요소가 상호작용하는 하나의 시스템이다. 신뢰받는 상태를 계속 유지하기 위해 전자기록관리기관은 감사와 인증의 정규적인 수행이 필요할 것이다. 이에 따라 개별 전자기록관리기관에서는 스스로의 신뢰도를 지속적으로 평가해보는 도구로 사용할 수 있고 스스로의 환경과 시스템을 자체 평가하여 부족한 부분도 파악할 수 있게 하는 도구의 필요성이 생겼다. 본 연구의 목적은 OAIS 참조모형(ISO 14721)과 영국 UKDA와 TNA의 자가진단보고서, TRAC 및 DRAMBORA 등 4개 표준과 국제모범사례를 분석하고, MoReq2와 현행 국내 법령 및 표준 등을 종합, 분석하여 자체인증도구를 개발하고자 하는 것이었다. 본 연구에서는 이 인증도구의 개발과정과 전체적인 틀을 기술함으로써, 타 기관에서도 기관의 특성에 따라 이러한 도구를 개발하고 자체적으로 활용할 수 있는 개발방법론을 제시하고자 하였다. 본 연구의 진행 결과, (기관) 운영관리, 분류체계 및 기준정보 관리, 입수, 등록 기술, 저장 보존, 처분, 서비스, 검색도구 제공, 시스템 관리, 접근통제 보안, 모니터링 감사증적 통계, 위험관리 등 총 12개 영역으로 진단영역이 확정되었다. 설정된 12개 영역 각각에 대해 각 영역별로 프로세스 맵 또는 기능차트 등을 만들고 업무기능을 분석한 후, 영역별 주요 업무기능 단위를 중심으로 구성된 54개의 '평가지표'가 도출되었다. 각 평가지표 별로 실제 자가진단을 시행할 수 있는 측정 가능하고 증빙이 가능하도록 작성한 208개의 '평가세부지표'를 도출하였다. 본 연구의 결과물로 생성된 이 지표는 전자기록관리기관의 감사인증도구로 사용될 수 있어, 기관 스스로 정기적으로 자가진단을 실행하는 데에 활용함으로써, 발견된 미비점을 보완하고 향후 기관의 발전 전략에 반영할 수 있다.

최고경영자를 위한 기업 정보보호 거버넌스 모델에 대한 연구 (The Study on Corporate Information Security Governance Model for CEO)

  • 김도형
    • 융합보안논문지
    • /
    • 제17권1호
    • /
    • pp.39-44
    • /
    • 2017
  • 기존의 기업 정보보호 활동은 정보보호 조직 중심이 이었으며, 최고경영자는 정보보호와 기업경영은 별개의 것이라고 생각한다. 하지만 각종 보안사고가 끊임없이 발생하고 있으며, 이에 대응하기 위해서는 정보보호 조직만의 활동이 아니라 기업경영 측면에서의 정보보호 활동이 필요하다. 본 연구에서는 기존에 제시된 기업 거버넌스 및 IT거버넌스 등을 살펴보고 기업의 정보보호 활동에 기업의 비즈니스 목표와 경영진의 목표를 반영할 수 있는 정보보호 거버넌스 모델을 제시하고자 한다. 본 논문에서 제시하는 정보보호 거버넌스 모델은 계획 단계에서부터 최고경영자의 참여를 유도하여 정보보호 목표를 수립한다. 정보보호 목표에 따라 정보보호 계획 수립, 정보보호체계를 구축 및 운영하고, 컴플라이언스 감사, 취약점 분석 및 리스크 관리 등을 통해 그 결과를 최고경영자에게 보고함으로써 기업의 정보보호 활동을 강화할 수 있다.

Corporate Governance and Earnings Management: A Study of Vietnamese Listed Banks

  • TRAN, Quoc Thinh;LAM, To Trang;LUU, Chi Danh
    • The Journal of Asian Finance, Economics and Business
    • /
    • 제7권12호
    • /
    • pp.389-395
    • /
    • 2020
  • Earnings management is a matter of concern for organizations because it affects the interests of stakeholders. This reduces the quality of information on financial statements of the organizations when the organization performs earnings management behavior. The objective of the article is to examine the impact of corporate governance on earnings management of all Vietnamese listed banks from 2015 to 2019. The article uses time-series data and ordinary least square (OLS) with Eviews 10.0 software to test the regression model. The agency and asymmetry information theory is used to explain the relationship between corporate governance and earnings management. The study results show that two variables - the foreign members of the board of directors and audit committee - have an opposite effect on earnings management behavior of Vietnamese listed banks. Therefore, the managers of listed banks need to raise awareness to express responsibility for honest and reasonable information on the financial statements. This creates trust and credibility for stakeholders. Moreover, Central bank of Vietnam should monitor regularly and enforce strict sanctions to limit earnings management behavior of listed banks. This contributes to improving the quality of accounting information in the Vietnamese banking sector to meet the trend of international economic integration.

정보시스템 서비스 평가를 위한 측정모형의 개발 및 실증적 검증 : 중국 SI 기업 사례 (The Measurement Model for the Evaluation of Information Systems Service : The Case of Chinese SI Company)

  • 이상재;임규건
    • 한국IT서비스학회지
    • /
    • 제10권2호
    • /
    • pp.141-162
    • /
    • 2011
  • The controls of Information Systems (IS) have been an more critical issue controls as the sophistication and integration of IS is more proceeded. ITGI (The Information Technology Governance Institute) of ISACA (Information Systems Audit and Control Association) has suggested COBIT (Control Objectives for Information and related Technology) and this has been widely recognized the evaluation model of IS controls. In COBIT, IS was evaluated in terms of process, information quality, and IT resources. This study used COBIT in order to suggest and empirically test an evaluation model of IS service. The data was collated from one major Chinese SI (Systems Integration) company in four domains of processes : planning and organization, acquisition and implementation, delivery and support, and monitoring. Seven factors are extracted using an exploratory factor analysis as follows : Overall IT planning process, technological assessment process in IT planning of IT, cost-benefit assessment process in IT planning, implementation process, support process, monitoring process, post-implementation evaluation process. The results of confirmatory analysis of three alternative measurement models indicated that the measurement model with one inherent or conceptual variable has greater model fitness than the other models. This study suggests the logical and general way to test and apply COBIT in evaluating IS services.

은행 IT 인력의 정보보호 정책 준수에 영향을 미치는 정보보호 대책에 관한 연구 (A Study on the Information Security Measures Influencing Information Security Policy Compliance Intentions of IT Personnel of Banks)

  • 심준보;황경태
    • Journal of Information Technology Applications and Management
    • /
    • 제22권2호
    • /
    • pp.171-199
    • /
    • 2015
  • This study proposes the practical information security measures that help IT personnel of banks comply the information security policy. The research model of the study is composed of independent variables (clarity and comprehensiveness of policy, penalty, dedicated security organization, audit, training and education program, and top management support), a dependent variable (information security policy compliance intention), and moderating variables (age and gender). Analyses results show that the information security measures except 'clarity of policy' and 'training and education program' are proven to affect the 'information security policy compliance intention.' In case of moderating variables, age moderated the relationship between top management support and compliance intention, but gender does not show any moderating effect at all. This study analyzes information security measures based solely on the perception of the respondents. Future study may introduce more objective measurement methods such as systematically analyzing the contents of the information security measures instead of asking the respondents' perception. In addition, this study analyzes intention of employees rather than the actual behavior. Future research may analyze the relationship between intention and actual behavior and the factors affecting the relationship.

국가정보화의 통합적 관리체계를 위한 역할 모형에 관한 연구 (A Study on the Role Model of an Integrated Management System for Government Informatization)

  • 임성묵
    • 한국국방경영분석학회지
    • /
    • 제32권1호
    • /
    • pp.159-175
    • /
    • 2006
  • 본 연구에서는 우리나라 차세대 전자정부 추진 목표로 완전 통합 단계의 달성을 상정하고, 그 방안으로 국가정보기술원의 역할모형을 제시하였다. 국가정보기술원은 정부가 추진하는 모든 정보화사업이 일관성 있고, 효율적으로 진행될 수 있도록, 국가정보화에 필요한 전반적인 기능들을 섭렵하여 지원하는 전담기관으로, 정보화기획, 정보화사업관리, 정보자원 운영, 국가표준관리, 감리 및 평가 등의 기능을 수행한다. 본 연구에서 제시된 국가정보기술원의 역할 모형은 정부의 정보자원 관리운용체계를 혁신하고, 유지하는데 필요한 기능을 충분히 수행할 수 있을 것으로 기대된다.

철도차량 개발과정에서의 소음관리방안 (Noise Assurance Plan in the Project for Design a New Rolling Stock)

  • 정경렬;김경택;이병현
    • 한국소음진동공학회:학술대회논문집
    • /
    • 한국소음진동공학회 2003년도 춘계학술대회논문집
    • /
    • pp.542-548
    • /
    • 2003
  • This paper describes an overall Noise Assurance Plan(NAP) in the project for developing a new rolling stock. In this paper, the procedure for implementing noise control activities for each development stage on the basis of the NAP is also described. The NAP was developed by KITECH(Korea Institute of Industrial Technology) and ODS(${\Phi}$degaard & Danneskiold-Samsoe in DENMARK). Generally, the main objective of NAP is that noise assurance plan applies to the establishment of organization and personnel's roles and responsibilities, set-up of overall procedure and internal audit program. Here, a few comments are made to the deviations of the actual procedure(G7 Project) relative to the suggested NAP presented. The major difference between the suggested NAP and the actual procedure was the late involvement of the noise consultant resulting in suggestions for design improvements could not be implemented due to the advanced stage of the design. Similarly, the important task of preparing sub-supplier specifications was performed. The proposed NAP will be an efficient tool for noise management in the R&D project for new rolling stock. Specially, in case that several companies and institutes are involoved in the R&D team

  • PDF

Fraud Scenario Prevalent in the Banking Sector: Experience of a Developing Country

  • Bhasin, Madan Lal
    • 동아시아경상학회지
    • /
    • 제4권4호
    • /
    • pp.8-20
    • /
    • 2016
  • Banks are the engines that drive the operations in financial sector, money markets and growth of economy. With growing banking industry in India, frauds in Banks are increasing and fraudsters are becoming more sophisticated and ingenious. Shockingly, banking industry in India dubs rising fraud as "an inevitable cost of doing business." As part of study, a questionnaire-based survey was conducted in 2012-13 among 345 Bank employees "to know their perception towards bank frauds and evaluate factors that influence the degree of their compliance level." The study reveals, "there are poor employment practices and lack of effective employee training; usually over-burdened staff, weak internal control systems, and low compliance levels on the part of Bank Managers, Offices and Clerks. Although banks cannot be 100% secure against unknown threats, a certain level of preparedness can go a long way in countering fraud risk. Internal audit professionals should play an integral role in organization's fraud-fighting efforts. Some other promising steps are: educate customers about fraud prevention, make application of laws more stringent, leverage the power of data analysis technologies, follow fraud mitigation best practices, and employ multipoint scrutiny.

Cloud-Based Accounting Adoption in Jordanian Financial Sector

  • ELDALABEEH, Abdel Rahman;AL-SHBAIL, Mohannad Obeid;ALMUIET, Mohammad Zayed;BANY BAKER, Mohammad;E'LEIMAT, Dheifallah
    • The Journal of Asian Finance, Economics and Business
    • /
    • 제8권2호
    • /
    • pp.833-849
    • /
    • 2021
  • Cloud accounting represents a new area of accounting information systems. Past research has often focused on accounting information systems and its antecedents, rather than factors that adopt cloud accounting system. The purpose of this paper is to explain the factors that influence the adoption of cloud accounting in the financial sectors. This paper applied the technology acceptance model (TAM), technology-organization-environment, and the De Lone and Mc Lean model, coupled with proposed factors relevant to cloud accounting. The proposed model was empirically evaluated using survey data from 187 managers (financial managers, IT department managers, audit managers, heads of accounting departments, and head of internal control departments) in Jordanian bank branches. Based on the SEM results, top management support, organizational competency, service quality, system quality, perceived usefulness, and perceived ease of use had a positive relationship with the intention of using cloud accounting. Cloud accounting adoption positively affected cloud accounting usage. This paper contributes to a theoretical understanding of factors that activate the adoption of cloud accounting. For financial firms in general the results enable them to better develop cloud accounting framework. The paper verifies the factors that affect the adoption of cloud accounting and the proposed cloud accounting model.

공기업 해외발전 EPC 사업 진출 시 조직성향에 따른 위험관리 방안에 관한 연구 (A Proposal for Risk Management according to Organizational Tendency for the Overseas EPC Projects of Public Company)

  • 장형식;구일섭
    • 대한안전경영과학회지
    • /
    • 제24권2호
    • /
    • pp.67-76
    • /
    • 2022
  • Power generation construction projects involving large amounts of capital can affect the survival of a company along with huge economic losses in the event of a business failure. In general, private companies are organizations with challenging risk taking tendencies while public companies have a risk averse tendency to avoid risk, so these differences in organizational tendencies make it difficult to respond to risk. In particular, public companies are more likely to fail than private companies because they choose the contradiction of risk picking to enter overseas markets with high uncertainty despite their tendency to risk averse due to the nature of the organization. Therefore, these organizations need risk management techniques that reflect a risk-averse strategy. Accordingly, this paper analyzes the risk management research papers of the existing overseas development EPC business in order to find the risk management techniques related to the organizational tendencies of public companies and proposes "establishing a performance audit system for risk management of the organizational tendencies of public companies" as a way to extract the risk factors through the examples of overseas development projects of public companies and to manage the organizational tendencies of public companies that affect them.