• 한국시스템다이내믹스연구
• /
• 제12권3호
• /
• pp.25-46
• /
• 2011

Recently, performance auditing system of governmen is carried out as most promising framework of government audit. Performance audit by the Board of Audit and Inspection of Korea involves assessing the causes and effects of government policies, programs, and Institutions with the criteria of economy, efficiency, effectiveness. Performance auditing will contribute to strengthening the values of objective assessments of whether public resources are responsibly and effectively managed to achieve intended results. Nevertheless, there seems to be a problems appears in implementation of audit. That is the problems of tendency return to legitimacy audit which is result from the lack of strong approach and methodology. So, this study purpose to developing stronger audit concepts and methods that add to the process and framework of traditional performance auditing system. First, this study evaluates the limitation of current performance auditing system with the perspective of systems thinking. Second, this study analyzes the process and method of current system and develop the conceptual model of the Dynamics Audit System using the system dynamics methodology, which focused on the appropriate auditing process and framework.

• 정보보호학회논문지
• /
• 제18권1호
• /
• pp.139-148
• /
• 2008

정보기술의 발전은 비즈니스 환경의 변화는 물론 대형 산업 시설의 자동화에 많은 변화를 가져왔다. 전력, 수자원, 에너지, 교통, 통신, 등은 국가의 안보와 국민 생활의 안정 그리고 국가 경제발전의 기반을 형성하는 국가의 주요 기반시설이며 이들 모두 산업제어 시스템에 의해 통제되고 있다. 또 비즈니스 환경의 변화는 조직의 모든 시스템을 통합하고 있어 경영정보시스템과 산업제어 시스템의 통합이 이루어지고 있다. 이에 따라 산업제어 시스템의 표준화와 개방형 시스템으로 전환이 이루어지고 있어 더욱 보안의 중요성이 커지고 있다. 제어시스템 보안에 대한 연구가 기술, 관리, 환경 등 다양한 분야에서 추진되고 있다. 그럼에도 제어시스템 감사에 대한 연구는 아직 미약하다. 정부는 최근 정부 및 주요 공공 시스템에 대한 정보시스템 감리를 의무화하여 안정성, 효율성, 효과성을 평가하고 있다. 또 주요정보통신기반시설에 대해서는 취약점 분석을 하고 그 개선 작업을 하도록 의무화하고 있다. 그럼에도 제어시스템에 대한 감리를 하지 않고 있고 제어시스템에 대한 보안 아키텍처나 감리 프레임워크도 준비되어 있지 않다. 본 연구는 제어시스템 감리를 위한 정보보안 아키텍처와 정보보안 감리 프레임워크를 제시하여 감리의 기반을 마련하였다.

• 산경연구논집
• /
• 제6권1호
• /
• pp.37-40
• /
• 2015

Purpose - Investors, creditors, governments, and others make decisions using reasonable information provided by others. In many cases, the users of this information have goals and objectives conflicting with those of the information's producers, indicating the need for external auditors. Research design, data, and methodology - Competition in auditing has noticeably intensified globally, especially in developed countries. This means that auditors are striving to increase the efficiency of their methods. In recent years, risk-based auditing has become prominent among these efforts. In risk-assessment auditing, the auditor may directly affect the effectiveness and efficiency of the audit. Results - As a central framework, the risk assessment process improves audit quality and effectiveness such that the audit will lead to necessary changes. Previous studies have shown that risk assessment affects the nature, timing, and content of audit procedures. Conclusions - In the planning stage of an audit, audit risk assessment may identify any inappropriate or inefficient distribution of resources or determine whether the results of an audit will be ineffective or incorrect. Thus, assessing audit risk is a critical task.

• 경영정보학연구
• /
• 제8권1호
• /
• pp.223-239
• /
• 2006

디지털 경제 시대에 있어 정보시스템은 기업의 경쟁 우위 확보 차원을 넘어 생존의 차원에서 필요성을 인정 받고 있다. 기업은 신규 개발 또는 ERP 도입을 통해 정보시스템을 개발하고 이를 기반으로 사업을 추진하고 확장해야 하는 것이다. 그러나, 이러한 정보시스템의 성공적 운영에는 많은 현실적 문제가 있음을 인식해야 할 것이다. 특히, 중소기업의 경우 정보 시스템 운영 단계에서 많은 문제가 노출되어 운영에 차질이 생기거나 운영 자체를 포기하는 사례가 발생하고 있다. 본 논문은 중소기업의 성공적인 정보화 지속을 위해 효과적인 정보시스템 유지보수와 진화 관리를 위한 프레임웍을 제시하고자 한다. 사례 연구를 통해 설계된 프레임웍은 서비스 프레임웍, 감사 프레임웍, 위험관리 프레임웍 등으로 구성되어 있으며 중소기업의 정보화를 지속적으로 구현할 수 있는 정보시스템의 효과적인 운영 체제 구축에 활용될 수 있을 것으로 기대된다.

• 서비스연구
• /
• 제7권3호
• /
• pp.21-36
• /
• 2017

최근 정보화 사업이 대형화, 지능화, 융합화되고 있지만 이를 관리 및 감독하는 정보시스템 감리 제도와 사업관리(PMO) 제도는 업무 범위가 중복되거나 경계가 명확하지 않은 부분이 많아 발주기관의 용역 선정에 어려움이 발생하고 있다. 독립성, 품질성, 경제성, 책임성이 개선된 사업관리 및 감리 프레임워크가 요구되며, 이에 따라 정보시스템 감리협회에서는 대략적인 프로세스가 구조화된 정보화 사업 종합관리 프레임워크를 제안하여 사업관리 및 감리 제도를 발전적으로 개편하려는 움직임을 보인다. 본 논문에서는 사업 초기의 발주활동에서부터 사후단계인 운영활동까지 전 단계에 걸친 정보화 사업 종합관리 프레임워크를 소개하고 기존의 관리제도와의 비교분석을 통해 업무 범위를 확인한다. 또한 기존제도와 유사제도를 분석해 감리제도와 PMO 제도 통합의 당위성을 살펴본다. 최종적으로 BSC 성과관리 지표를 기반으로 구현된 COBIT5의 IT 목표 틀을 평가도구로 활용해 종합관리 프레임워크의 적정성을 분석한다. 분석 결과는 정보화 사업의 담당자들이 종합관리 프레임워크의 실무적인 적용에 앞서 그 특성을 이해하는 데 도움이 될 것으로 기대한다.

• 디지털산업정보학회논문지
• /
• 제6권2호
• /
• pp.233-245
• /
• 2010

This paper proposes security architecture, security audit framework, and audit check item. These are based on the security requirement that has been researched in the information system audit. The proposed information security architecture is built in a way that it could defend a cyber attack. According to its life cycle, it considers a security service and security control that is required by the information system. It is mapped in a way that it can control the security technology and security environment. As a result, an audit framework of the information system is presented based on the security requirement and security architecture. The standard checkpoints of security audit are of the highest level. It was applied to the system introduction for the next generation of D stock and D life insurance company. Also, it was applied to the human resources information system of K institution and was verified. Before applying to institutions, system developers and administrators were educated about their awareness about security so that they can follow guidelines of a developer security. As a result, the systemic security problems were decreased by more than eighty percent.

• The Journal of Asian Finance, Economics and Business
• /
• 제7권2호
• /
• pp.43-52
• /
• 2020

The paper investigates the mechanism through which corporate credit ratings affect dividend payments by decomposing the mean difference of dividends into a part that is explained by the determinants of dividends and a residual part that is contributed by the pure credit group effect, in the framework of the traditional dividend model of Fama and French (2001). Historically, better credit rated firms have shown consistently higher propensity to pay dividends especially during the economic crisis period. According to the counter-factual decomposition technique of Jann (2008), better rated firms are more responsive to the firm characteristics that have positive impact on dividends and poor rated firms are more responsive to the negative dividend predictors. As a result, good (bad) credit ratings make corporate managers become more bold (timid) in their dividend payments and they tend to pay more (less) dividends than what their firm characteristics prescribe. The degree of information asymmetry increases for the poor group firms during crisis periods and they attempt to reserve more cash in preparation for future investments. The decomposition results suggest that the credit group effect can potentially exceed the effect of firm characteristics because firms of different credit ratings can respond to the very same firm characteristics in a different manner.

• The Journal of Asian Finance, Economics and Business
• /
• 제8권12호
• /
• pp.183-189
• /
• 2021

Transfer pricing is a matter of concern for countries. It affects the interests of the parties involved in the commercial transaction. Through manipulation of prices in transactions, businesses take advantage of tax rates in a country to adjust profits for economic gain. This affects the fairness and rationality of economic transactions between related parties. The article uses a two-year time series from 2018 to 2019 of 50 foreign direct investment enterprises in Vietnam. The article uses ordinary least squares to test the hypotheses of the research model. The article uses four independent variables related to ownership structure affecting transfer pricing decisions including total ownership, organization ownership, concentration ownership, and area ownership. Research results show that two variables have a positive influence on transfer pricing decisions including total ownership and organization ownership. Organization ownership has a higher degree of influence than total ownership. To be able to control transaction activities related to transfer pricing, Vietnam's state management agencies need to pay attention to perfecting the legal framework based on supplementing and amending regulations related to transfer pricing. Legal regulations need to be regulated based on international common practices to ensure uniformity on a global scale.

• 한국IT서비스학회지
• /
• 제5권3호
• /
• pp.121-135
• /
• 2006

With the growth and maturation of IT industry, the necessity of audit about development, maintenance and management of high-quality information system is gradually increasing. In addition, the necessity of inner auditing system, which could totally verify and evaluate the effectiveness of project according to the characteristics of organization conducting information-oriented business, also being proposed. Government offices including Korea Institute of Science and Technology(KISTI) collectively controlling nationwide science-technology related information have no guiding principle or organization within themselves even though performing information-oriented businesses are becoming more bigger and complicated. In this paper, we propose scheme for devising framework, which can audit construction and operation of knowledge information, check list and guideline. In addition, we present concrete ways for adapting these schemes to institutes which manage science-technology knowledge information. Audit framework consists of points of time in audit, audit domain and audit criterion. Points of time in audit are defined as three phases as followings: pre-audit, in-progress audit and post-audit. Audit domain includes 16 detail audit domains and especially we set 11 check items and 40 detail investigation items for database implementation business. We expect that management level of science-technology implementation business of organizations using this research result will increase and they could offer high-quality information service.

• Asia pacific journal of information systems
• /
• 제24권4호
• /
• pp.417-441
• /
• 2014

Organizations need to exhibit characteristics of agility to stay ahead of their competitors and to survive in dynamic environments. One major concern for organizations is how to implement Information Systems (ISs) to enhance their agility. Organizations tend to spend too many resources to change their entire IS instead of only the components that cause problems without exactly knowing whether it enables or suppress organizational agility. To address these shortcomings and practical issues, we provide a framework to assess organizational agility and to diagnose a problem related to IS. By applying this prototype of the Agility Framework, we were able to diagnose a problem that the department of Management Control and Information Systems at the Universidad de Chile had and planned actions for them to improve its organizational agility with a course scheduling system, eClasSkeduler. This action research, which took more than 25-month for the first cycle, further develops the Agility Framework, which not only provides a way to link IS with organizational functions but also illustrates how to use it to diagnose a situation and plan actions for improving organizational agility through an information system.