• Journal of Information Technology Services
• /
• v.5 no.3
• /
• pp.121-135
• /
• 2006

With the growth and maturation of IT industry, the necessity of audit about development, maintenance and management of high-quality information system is gradually increasing. In addition, the necessity of inner auditing system, which could totally verify and evaluate the effectiveness of project according to the characteristics of organization conducting information-oriented business, also being proposed. Government offices including Korea Institute of Science and Technology(KISTI) collectively controlling nationwide science-technology related information have no guiding principle or organization within themselves even though performing information-oriented businesses are becoming more bigger and complicated. In this paper, we propose scheme for devising framework, which can audit construction and operation of knowledge information, check list and guideline. In addition, we present concrete ways for adapting these schemes to institutes which manage science-technology knowledge information. Audit framework consists of points of time in audit, audit domain and audit criterion. Points of time in audit are defined as three phases as followings: pre-audit, in-progress audit and post-audit. Audit domain includes 16 detail audit domains and especially we set 11 check items and 40 detail investigation items for database implementation business. We expect that management level of science-technology implementation business of organizations using this research result will increase and they could offer high-quality information service.

• Journal of Information Technology Services
• /
• v.11 no.2
• /
• pp.197-211
• /
• 2012

This paper describes how to derive audit criterion, audit domain, detail technology, and functional check items which are core of hospital information system, consisting of OCS, EMR, and PACS. Using the check items listed above, we investigated the objective validity for the construction audit of hospital information system. As a result, the derived audit criterion, audit domain, detail technology, and functional check items were verified as check items for audit. Since using the current audit check items of public area is insufficient to construct efficient, reliable, and stable hospital information system, we suggest adopting the hospital information system audit area, audit check items, and process that are presented in this paper.

• Journal of Information Technology Services
• /
• v.4 no.2
• /
• pp.23-32
• /
• 2005

Information system audit of Korea is different from that of the United States of America, Japan and so on. Information system audit improves the quality of information system. Information system audit of Korea carried out administrative branches. Recently Public sides required ordinary audit frequently. The reason is that the risk of information system project has increased. Examined closely relation between audit quality and audit style such as ordinary audit, fixed period audit, residence audit, and responsibility audit. And, wished to examine closely relation between audit quality and customer satisfaction. As research result, being effect factor that audit style keeps in mind in audit quality, also, audit quality in audit satisfaction, and was proved that exert effect that ordinary audit, report to the responsibility audit or sense of responsibility state keeps in mind in audit satisfaction.

• Journal of Information Technology Services
• /
• v.8 no.4
• /
• pp.87-101
• /
• 2009

The current information system audit merely inspects a web based information system by focusing on checking items that are extracted from structured and information engineering model and object-oriented component model. As a result, the checking item of web contents and design is inadequate. This paper aims to extract audit framework in order to strengthen the audit of web contents and design during the development of the web based information system and to suggest checking items based on audit framework. For this, the web development process and web site evaluation model were studied, compared, and analyzed with the current information system development audit. From a result of the survey, it was found that the adequacy of the suggested audit framework and audit checking items is above the average value. It is believed that the suggested audit framework is helpful for the audit of web based information system.

• Journal of Information Technology Services
• /
• v.11 no.2
• /
• pp.213-228
• /
• 2012

The construction of the Geographical Information System(GIS) is continuously in progress, and with the diversification and complication of the system, the importance of its audit is further deepened. At this point in time, the information system audit has been obligatory as it has been stipulated in law, and the GIS audit has come to follow the criterion of the information system audit since it belongs to the information system audit category. However, it was found that there was a difference between the current information system audit standard and the former GIS audit standard, and the audit checking items for the efficient GIS audit is necessary. For this reason, this paper surveyed the characteristics of GIS in accordance with this necessity, analyzed the GIS audit checking items found in the audit performance guideline of the GIS audit standard, and studied the GIS development methodology through the related literature. In addition, this paper also elicited and proposed the audit checking items for the efficient GIS audit based on the findings of this paper. Finally, this paper confirmed the efficiency of the GIS audit checking items proposed here through the comparison of the actual cases of GIS audits.

• Journal of Information Technology Services
• /
• v.15 no.1
• /
• pp.113-129
• /
• 2016

Recently, as Information System projects tend to be more complex, the importance of Information System Audit increases. In the same context, the need for the resident IS Audit also increases, which is supposed to deal with the possible risks and urgent issues by providing the appropriate support and timely coordination during IS project. Basically, for the effective IS Audit, the IS audit team members should be able to understand such a business context as work characteristics, business knowledge, goals, and culture of the organization. The audit team members should also be able to share the various knowledge of Information Technology and audit procedure with the owner of the project. Especially, for the resident audit, it is more important to fill the gaps in expertise between project owner and audit team. However, any studies on the need of common knowledge base (knowledge complementarities) in the IS audit have not been done so far. The purpose of this study is to analyze whether the knowledge complementarity based on inter-organizational communication between the project owner and audit team members makes an effect on the fidelity and performance of IS audit. In order to do this, the relationship among inter-organizational communication and knowledge complementarity, the fidelity of IS audit service, and performance of IS audit has been analyzed, using Structural Equation Model. The result shows that all the relationship is significant, which means that knowledge complementarity between the two different interest groups should be an effective factor on the fidelity and performance of IS audit. This result implies that, for better quality of IS Audit service, how to acquire the knowledge complementarity between the project owner and Audit team should be considered seriously as well as systematically in the process of IS Audit.

• Journal of Advanced Navigation Technology
• /
• v.18 no.6
• /
• pp.609-618
• /
• 2014

Information system audit, by checking overall matters about constructing and managing information system, has to contribute to improvement of information system's quality and improving performance of projects. For this, an auditor has to present objective corroborative facts which back up result of audit and ways of improvement, but in reality, general(especially businessmen's) cognition is that audit is biased by way too subjective opinions. Local experience and theoretical research until now propose that tools of automating audit will be an active means of systematically collecting and proposing these objective evidences of audit. This research not only verified that in the field of audit, phenomenon of technology application can be explained and predicted by applying TAM, but it also contributed in extending theoretical base on information technology and audit by distinguishing several characteristics which appear in the process of the model's application and analysis.

• Journal of Information Technology Services
• /
• v.11 no.4
• /
• pp.107-121
• /
• 2012

The core infra-technology in the ubiquitous era, RFID which has taken action from the public institution with the pilot projects as well as the practical projects is gradually extending its spectrum to the private enterprises. Along with its expansion, the audit required on the RFID-based information system is also growing in the industry. Especially, since RFID-based information systems, especially compared to other information systems, are likely to be exposed to many threats, the security audit for them is being emphasized. This paper suggests security audit checking items for the RFID-based information system, which can be used to perform the efficient security audit. The security audit checking items consist of eight basic checking items, each of which consists of detailed review items and can be applied for each building steps of the system(analysis, design, implementation, testing, and development). Finally, this paper confirmed the efficiency of the security audit checking items proposed in this paper through survey by the experienced auditors and analysis of practical audit cases.

• Journal of Information Technology Applications and Management
• /
• v.25 no.3
• /
• pp.29-41
• /
• 2018

The purpose of constructing university information system is for improvement in diversification and throughput of information, streamlines business processes, rapid exchange of information, sharing of information, decision-making information, and securing educational facilities. Similar to business information technology system, university information system does not have a review system for sharing and overlapping investment of information. Due to the lack of project management for outsourcing and vulnerability of system suitability, system audit is absolutely needed for the university information system. This paper especially focuses on an operational phase in the audit of university information system. Additionally, we proposed operating model and checklists of the university information system based on Management Guidelines of ITIL V3 Operational and Information System. We derived the checklists of operation audit by each domain of service strategy, service design, service transition, service operation, and continual service improvement. As the result, this study appear to have more than average satisfaction the suitability results were.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.16 no.2
• /
• pp.1403-1413
• /
• 2015

An information System Audit by the recognition of a problem and suggestions for solutions for overall matters about constructing and managing information systems is needed in order to contribute to the improvement of an information system's quality and improving the performance of projects. In reality, however, the general cognition is that audit is biased by subjective opinions. For this, an auditor needs to measure the level of recognition of the usability and convenience of the technologies of automating audit by applying TAM in the information system audit, and to analyze the relationship with recognition and availability of the interested parties for the technology (tool) of the audit. By the hypothesis verification result, an auditor needs to present objective corroborative facts that back up the level of recognition and usability for the information technology in the field of audit. This study verified that the phenomenon of technology application can be explained and predicted by applying TAM in the field of audit. Through an empirical study of the recognition level of audit and contractor, the developer suggests that the audit plan stage is similar to the audit corrective action stage, but the audit action stage is different from the audit review stage. This research can verify the audit technology preferred for the availability and intention of use and usability.