DOI QR코드

DOI QR Code

A Quantitative Method for Quality Improvement of Information System Audit Evaluation

정보시스템 감리평가 품질 향상을 위한 정량화 방법

  • 이기영 (을지대학교 의료IT마케팅학과) ;
  • 김영호 ((주)한국IT감리컨설팅) ;
  • 한기준 (건국대학교 컴퓨터공학부)
  • Received : 2012.01.18
  • Accepted : 2012.03.01
  • Published : 2012.04.30

Abstract

As a result of the compulsory of information system audit and a rise in audit demand, the quality improvement of information system audit is being emphasized. However, since the current information system audit heavily depends on the auditor's experience, skill, and subjective judgments, it incurs distrust in the objectivity and reliability of audit results from audit interest person. Furthermore, so far research activities aimed at securing the objectivity and reliability of audits have not been adequately carried out. Therefore, this paper presents a quantitative method for information system audit evaluation in order to contribute to the quality improvement of overall information system audit through securing compliance, objectivity, and reliability of information system audit. The quantitative method is largely composed of two sectors, such as evaluation areas and items, scores calculation for evaluation items, and can generally apply the information system audit standard to information system audit evaluation.

정보시스템 감리의 의무화와 감리수요의 증가에 따라 정보시스템 감리의 품질 향상이 중요시되고 있으나, 현행 정보시스템 감리는 감리원의 경험 및 기술력, 그리고 주관적인 판단에 의존하는 바가 크며, 감리 이해 관계자로부터 감리결과에 대한 객관성및 신뢰성에 대한 불신감을 초래하고 있다. 더구나 지금까지 감리 객관성 및 신뢰성 확보를 위한 관련 연구 활동은 매우 미흡한 실정이다. 이에 본 논문에서는 정보시스템 감리평가를 위한 정량화 방법을 제시함으로써 정보시스템 감리의 준거성 객관성 신뢰성의 확보 및 향상을 통하여 전반적으로 감리의 품질향상에 기여하고자 한다. 본 논문에서 제시한 정량화 방법은 크게 평가영역 및 평가항목, 평가항목 점수산정의 2가지 영역으로 구성되어 있으며, 정보시스템 감리기준을 범용적으로 정보시스템 감리평가에 적용할 수 있는 정량평가 방법이다.

Keywords

References

  1. Whang, I.S., "Problems and Improvement Plan of Information System Audit Framework," Proceedings of Information System Audit Symposium, Korea Association of Information System Audit, pp.3-22, 2005,
  2. Lee, B.M., Rim, J.G., Kwon, H.J., Kwon, M.S., and Kwon, Y.I., "The Establishment of IT Audit+ and Direction for Increasing its Market," Proceedings on Spring Conference, Korea Society of IT Services, pp.279-284, 2011.
  3. Ministry of Information and Communication, "Information System Audit Standards," MIC Notice No.2006-42, 2006.
  4. Ministry of Public Administration and Security, "Information System Audit Standards," MPAS Notice No.2010-85, 2010.
  5. National Information Society Agency, "Final Report on Operating Status Survey of 2010 Information System Audit System," 2010.
  6. Ministry of Information and Communication, "The Act on the Introduction and Operation for Efficiency of Information System," No.7816, 2005.
  7. National Information Society Agency, "A Study on the Plan for Development of Information System Audit Framework," 2003.
  8. National Information Society Agency, "Information Business Audit Order Management Guide," 2011.
  9. National Information Society Agency, "A Study on the Ensuring Plan for Audit Trail and Evaluation Methods," 1999.
  10. National Information Society Agency, "The Critical Success Factors and Action Plan for the Improvement of Information System Audit," 2000.
  11. National Information Society Agency, "A Study on Measures for Improvement of Standards and Writing Guidelines for Review Opinion of Information System Audit," 2003.
  12. Kim, D.S., and Kim, H.S., "Applying a Quantitative Model on Information System Security Audit Evaluation for Improving Audit Quality," Information Technology and Database Journal, No.11-2, pp.45-64, 2004.
  13. National Information Society Agency, "A Study on Evaluating the Effectiveness of Information Systems Audit," 1998.
  14. National Information Society Agency, "A Study on the Effectiveness Analysis System for Information System Audit," 2001
  15. Ministry of Public Administration and Security, "Electronic Government Act," No.10012, 2010.
  16. Frank, V.L., and Soligen, R.V., "Adopting GQM-Based Measurement in an Industrial Environment," IEEE Software, pp.78-86, 1998.
  17. National Information Society Agency, "A Performing Audit Guide for Information Business," 2011.
  18. Korea IT Industry Promotion Agency, "A Study on Analysis of Relevance for Process Capability and SW Development Performance," 2004.
  19. Goethert, W., and Fisher, M., "Deriving Enterprise-Based Measures Using the Balanced Scorecard and Goal-Driven Measurement Techniques," SEI Technical Note, 2003.
  20. National Information Society Agency, "Information System Audit Inspection Guide V2.0," 2007.