Design on Fixed Quantity Analytical Model for Information System Audit

정보시스템 감리의 정량화 분석 모델 설계

  • Received : 2010.11.05
  • Accepted : 2010.11.29
  • Published : 2011.02.28


This thesis suggests fixed quantity model and detailed performance procedures of an information system audit. In addition, an identification of the check-items with high operating risk and factors that might lead to serious effects on the business are made. Then, this thesis proposes the information system audit model that can grant priorities. By using this model, the orderer can evaluate objectively with digitized mark. The model can improve the effectiveness, reliability, and objectivity of the audit by minimizing the discrepancies of different opinions about audit evaluation results between auditee and the orderer. The proposed model is adapted to an application system and audit projects of the database construction. As a result, the model has received an equal mark from the result of the general reviews, thus the propriety of the proposed model was verified.


Information System Audit;Fixed Quantity Model;Detailed Performance Procedures;Digitized Mark


  1. ISACA Korea chapter, CoBIT 4.0 한글판, 2006.
  2. 정보통신부, 정보시스템 감리기준, 정보통신부 고시 제 2006-42호, 2006.
  3. 정보통신부, 정보시스템 감리기준, 정보통신부 고시 제1999-104호, 1999.
  4. 한국정보사회진흥원, 공공부문 정보보호 아키텍처 구성 방안 연구, 2004.
  5. 한국정보사회진흥원, 정보시스템 보안/통제 감리지침 연구, 1998.
  6. ISO/IEC 12207, Information Technology : Software Life Cycle Processes, 1995(8).
  7. 정보사회진흥원, ITA법 시행에 따른 정보시스템감리, 2008.
  8. 정보통신부, 정보시스템의 효율적 도입 및 운영등에 관한 법률, 법률 제7816호, 2005.
  9. 최영진, 정보시스템 개발프로젝트에서 감리 효과성에 관한 실증적 연구, 2004.
  10. 한국정보사회진흥원, 정보시스템 감리 제도발전과 품질향상을 위한 핵심성공요인과 개선방안 연구, 2001.
  11. 한국정보사회진흥원, 정보시스템 감리 프레임워크 발전방안 연구, 2003.
  12. ISO/IEC 27001, International standard - Information technology - Security techniques - Information security management systems - Requirements, 2005.
  14. Project Management Institute, Guide to the Project Management Body of Knowledge, 4/e : (Pmbok Guide), Project Management Institute, 2008.
  15. Ingrid B. Ottevanger, “A Risk-Based Test Strategy”, STEN, 2008.