Information Systems Audit and Information Systems Management
The so-called information systems audit (also known as IS Audit) is, auditors entrusted or authorized to collect and evaluate evidence to determine whether a computer system (information system) is valid so that the protection of assets, maintaining data integrity and efficient completion of organization the activities of the process target. It includes information systems to external audit verification goal - that of the audited units to protect assets, information system security and data integrity verification, but also contains the internal audit management objectives - that not only protect the assets of the audited information systems security and data integrity but also the effectiveness of information systems goals.
Information Systems Management, according to Ministry of Information Industry, "Provisional Regulations on Management Information System" means the qualifications established by law and have the corresponding information systems engineering supervision unit, commissioned by the owners of units, according to state laws and regulations, technical standards and information systems engineering Management contracts, information systems engineering project supervision and management.
Information Systems Audit and Information Systems Management can serve the information technology and reduce information technology investment risk. Management Information System is not foreign concepts presented in our concept is borrowed construction supervision, and information systems audit is the beginning of the 21st century, introduced from abroad to the domestic.
IS Audit and Supervision Development
鈼?Information System Audit
Information Systems Audit and first known as the audit is the financial accounting area with computer applications Er production of, as the traditional 璐㈠姟 audit services of one kind of auxiliary tools, customer Dianzi 鍖?accounting data processing and analysis, audit the financial statements provide services.
With the application of computer technology, expanding the scope of, the computer being audited every part of the increasing influence of business, computer auditing the contents of concern from a simple electronic processing, extends to the computer system reliability, security nature to understand and evaluation. The explosive development of information technology has changed the economic, social and cultural structure and operation mode, e-commerce, Internet banking, network security, e-government appeared in succession, the role of information resources into full play. People live, work more and more dependent on information technology. Use of information technology information systems attack rivals, steal secrets through the network of illegal possession of wealth, especially the phenomenon of digital wealth increased, disrupting normal economic order in the country. This makes people more concerned about the transmission of information network security, integrity and true concern for production, processing, transmission of information system security, reliable, effective, concern how companies assess their risks and how to take measures to prevent and control.
Because of technical limitations and other reasons, the information users are neither verified the quality of information, an urgent need for an independent third party out of the face of the confidentiality of information (Confidentiality), integrity (Integrity), non-repudiation of transactions (Non- -Repudiation), counterparty authentication (User Authentication), the system is safe and effective to make such identification, with reasonable protection of the interests of information users. Meanwhile, the process of enterprise information professionals also need to control information system risks and enhance efficiency of information services. True sense of the information systems audit came into being.
Today's information systems audit of the business has exceeded audit of financial statements for the scope of service, in many major accounting firm within the information systems audit has become an independent in the range of services provide to the outside of the department.
鈼?Management Information System
Since the 20th century and 90 years, from central to local, from government to enterprises, have invested heavily in information engineering development and information systems development, but which really An schedule, quality requirements, the investment budget completed, and the user (Owners ) satisfaction, only a very small number, less than 20%. Even better, some Gaode projects, more or less some problems. These problems seriously affect the quality of information engineering projects and progress, not only damaged the two sides signed the contract (the construction unit and construction unit) of interest, returned to the state and society caused many unnecessary losses.
Information system for the protection of the interests of the contracting parties, to ensure that national information construction and information industry more healthy and orderly development, "Information Systems Management," is adopted.
Ministry of Information Industry since 2002 have issued the "Provisional Regulations on Management Information System", "Information Systems Management, the qualification management approach" and "Information Systems Management Engineer Qualification Regulations." Regulations and management practices for more than clear that the supervision of the scope and content of supervision, supervision units and the rights and obligations of supervision engineers, supervision units for qualification, evaluation and approval of management practices, supervision engineers and other eligible management practices. IS Audit and Supervision difference
From both the concept and practice of summing up domestic and international perspective, Information Systems Audit and Information Systems Management major difference between the reflected in the role of clients, working methods, themes and aspects.
鈼?different role
Audit the financial statements similar to the role of information systems audit include:
First, the authentication function. The forensic audit of the role of information systems is through the audit, reasonable assurance that the audited information systems and processing the information generated by the authenticity, integrity, reliability, consistency and policy compliance. Information systems auditors in their independent capacities, on the audited information system and its output of information audit, to identify all errors and fraud, is to maintain normal economic order, e-commerce era important means necessary.
Second, the catalytic role. Promoting value reflected in two aspects, one can refer to the information system audit Cu Jinbei audit Danwei more effective integration into the socio-economic life, Zhong; two is that the audit can be audited for improving internal controls, to strengthen Guan Li, Tigao Information System Implementation organizational goals of efficiency, effectiveness.
From the first point of view, information systems auditors in the completion of audit, audit certification, that the audit report to certify the audited information is true, complete and reliable. Auditors that can enhance people's confidence in their information.
With the popularization of network technology, business information, online and real-time disclosure is not to reverse the inevitable trend. Information systems auditors can online, real-time identification based on information provided on the use of information in terms of all relevant bodies is of great value.
From the second perspective, information systems audit during the audit found that the control of defects or flaws, can audit report, management letter or other form of audit report to the principal unit of management authorities, and put forward proposals to solve the problem, thus contributing to improve the management of the audited unit level, to improve economic efficiency.
Third, the advisory role. The development of information technology management organization to provide the technical means to change, organizational flattening, job enrichment and other management changes should be achieved through information technology. Information technology is a trend, but information technology is risky. To reduce the risk of information technology, information systems auditors can with their expertise and practical experience, fiduciary or active service manager in the audited entity or business, and in the process of enterprise information to help businesses improve the internal control system, for system diagnostics; according to business needs, determine objectives and content of information, choose the right software products; helping enterprises to adjust Xianyou of Guan Li structure and process or 淇敼 software products so that they better meet the management of Xu Qiu.
And information systems audit is different from the role of information system project include:
First, the role of supervision and control. Management Information System can help the owner will even reasonable assurance that the project's quality, progress, investment, and reasonably, objectively handle the relationship between them. In the whole process of project construction, supervision units based on state laws and related technical standards, compliance with the law, fairness, impartiality, independence, the process of building the information system, supervision and control, in ensuring quality, safety and effectiveness of the premise under reasonable arrangements progress and investment.
Second, the rational coordination of the construction unit owners of units and the relationship between, this is a major work of supervision. In the information system construction, a lot of time units and construction unit owners in a number of issues in dispute, the owners want to unit and construction unit of the project by a third party in the engineering, design, implementation, inspection, maintenance and other effects of all the various stages of be fair, appropriate and authoritative assessment, which requires coordination and supervision units to protect their work smoothly. Coordination is also needed within the system and the system of external relations, relations between the non-contractual factors, to ensure the smooth implementation of the project.
鈼?business scope and purpose of the different
First, the information system project is a unit of information systems engineering supervision qualification, acceptance of the construction unit of the commission, according to the relevant provisions of state and city, and information systems engineering and construction standards and engineering construction, supervision contracts, the quality of the information system, progress and investment supervision. Mainly used in information engineering construction phase.
Information systems audit is to obtain and evaluate a proof to determine whether information systems can ensure the security of assets, data integrity and the efficient use of organizational resources and be effective in the process of achieving organizational goals. It is based on the organization's strategic objectives for the effective implementation of organizational strategic goals and to take all effective activities. Its business scope includes all areas related to information systems.
Second, the information system project is designed to ensure construction quality, progress and investment to meet the construction requirements. With the completion of the project supervision activities end. Supervision is concerned that the project construction quality, cost and schedule.
The purpose of the information systems audit is reasonable assurance that information security system Nenggou protect assets, data of Wan Zheng, effective De achieve Zuzhimubiao system and make efficient use of organizational Zi Yuan, 鍏?core focus is to protect assets and information systems efficiency, effectiveness. Includes not only the audit of the construction process, more importantly, the operation of information systems audit, the audit report issued to the public, forensic information system's ability to protect corporate assets safe, its formation, the message is complete, the entire system is effectively achieve organizational goals and efficient use of organizational resources. As long as the information system in operation, the audit activity has always existed.
In addition, information systems engineering supervision of the process is visible, that is, the project cost, schedule and quality objectives deviations are visible, timely, correct and easier. But the information systems audit of the information system security, reliability and validity of the identification is invisible, this is precisely the complexity of information systems than the main reason for the project. Information system is completed, it is only the beginning of information, some of China's information construction in case of failure, not the information system does not build, operation and maintenance period is often a problem. Therefore, from this perspective, information systems, information systems audit is to ensure the quality of the effective methods.
鈼?serve different
We can know from the definition of audit services audit forensic identification people, information, information providers, users and the tripartite agreement, that person entrusted by the authentication or authorization, the provider of the information audit, and quality of information provided on its information- used to provide forensic reports. Therefore, the object of audit services is all the information users, including the audited shareholders, creditors, management, government agencies and the general public. As shown in Figure 1 of their relationship.
Figure 1 diagrams the Information Systems Audit Services
Construction supervision services on both sides of the contract. Construction unit and construction unit after the signing of construction contracts, the relationship between the two is equivalent to the exchange relationship, that the construction of units to be delivered on time and quality levels established engineering, physical development, the construction unit to be paid on time is equivalent to the works. Supervision units commissioned after construction units, as the engineering contract for negotiation who, it is to implement the principles of project contracts as "equal treaty" as a contract management and engineering models were paid to sign and acknowledge, its implementation principle is equivalent to the exchange. Therefore, the supervision unit is to serve the interests of both sides, not just for the Client - the construction unit services. As shown in Figure 2 of their relationship.
Figure 2 Diagram Information System Management Services
鈼?work of the main different
Information systems audit subject, including internal audit and external audit of the main subject. When the auditors are an integral part of the audit unit, known as internal audit, its main duty is to collect evidence to determine effectiveness of the system and the use of resources. When the auditor is independent of the audited units, known as the external auditing of the important roles of the audited units is concerned about the security of information assets, real and complete. The only independent supervision of the main building units and construction units, as an external independent third party involved in the project construction.
鈼?different methods
Audit method is to collect evidence of methods, including inspection, observation, analysis of complex inquiries and circularization so on, and using statistical techniques, computer technology to complete the collection and evaluation of evidence. Supervision is to use project management techniques, including cost accounting control, network diagrams and implement quality control methods, the project "one two three control coordination."
Strengthening of information systems audit is a priority
From the above comparison, I believe that:
First, the role of information systems audit is no substitute for the information process only supervision is not enough to carry out the audit, which is the information age needs.
E-commerce and traditional value chain to customer-centric changes in the value chain has changed auditors are engaged in traditional assurance services. Supply chain management processes and procedures - such as inventory demand planning, purchase orders, sales orders, shipping notices and other cash expenditures, through the information system is electronic processing, review and assessment of the integrity of transaction data and reliability, real-time control of the transaction data as necessary. When the company started with new trade partners (instead of the previous trading partners) to exchange information and conduct transactions, trading partners and transaction processing system reliability must be assessed. Auditors may also need to evaluate the reliability of trading partners of customers and integrity. Also engaged in e-commerce companies have their internal Control Extensions to the transaction processing system for all 鏂归潰 because the system and including trade partners Zainei the other systems are closely linked. E-commerce systems of internal control assessment and risk management are also inseparable from the Information Systems Audit. None of the information system project can be completed.
Second, in our active information system audit.
First of all, we need to increase the Information Systems Audit and publicity so that people understand what information systems audit, the reason for the Information Systems Audit.
Second, we should vigorously develop an information systems auditor. Audit of information systems business, there are two forces can tap: First, traditional auditors. Certified Public Accountant in the implementation of the traditional financial statements of assurance services has a long-lasting reputation and experience. In providing information systems and electronic data quality forensic and advisory services, accounting firms face competition for the market convinced he is the best candidate for the implementation of this business, accountants also need to: improve the technical capacity to learn; to continue to defend their available as separate, the role of trusted third party; Bixu transport information technology and network technology skills with traditional assurance services; must Tuozhan to system reliability, confirmed and influenced by the risk analysis, and site certification of the business . Second, information technology consulting in IT technical staff. In the age of electronic commerce, transactions are mostly done automatically by the system, people involved in small, less audit trail exists, in such conditions, the audit must be conducted through the information system. IT technical personnel with the appropriate technical skills.浣嗕粬浠湪閴磋瘉甯傚満杩樼己涔忎細璁″笀浜嬪姟鎵?殑鐙珛銆佸瑙傘?鍏鐨勪俊瑾夛紝缂轰箯瀵圭鐞嗕笌鍐呴儴鎺у埗璁よ瘑銆佽瘎浠风殑缁忛獙锛岀己灏戝璁$殑鐞嗚涓庢妧鑳姐?鍥犳锛孖T鎶?湳浜哄憳浠庝簨淇℃伅绯荤粺瀹¤涓氬姟锛岃琛ュ厖瀹¤鐞嗚鐭ヨ瘑锛屽浼氱敤瀹¤鐨勭洰鍏夛紝鍏虫敞淇℃伅鎶?湳鐨勬晥鐩婏紝浠庣鐞嗘帶鍒惰搴︼紝鑰岄潪绾妧鏈搴︽?鑰冮棶棰樸?
銆??姝ゅ锛岃灏藉揩褰㈡垚琛屼笟绠$悊鍒跺害瑙勮寖銆傚浠庝簨鐢靛瓙鍟嗗姟鐨勪紒涓氬繀椤荤粡杩囧璁°?涓婂競鍏徃鐨勪俊鎭郴缁熷繀椤荤粡杩囧璁°?缃戜笂閾惰瑕佸璁$瓑锛屽?閴翠細璁″笀涓氱殑缁忛獙锛屽淇℃伅绯荤粺瀹¤鑱屼笟鐨勮嚜寰嬭鑼冨紑灞曠爺绌讹紝鍖呮嫭璧勬牸鑰冭瘯鍒跺害銆佽亴涓氶亾寰枫?鎵т笟瑙勮寖涓庢儵鎴掔瓑锛屼娇鎴戝浗淇℃伅绯荤粺瀹¤浜嬩笟鍦ㄥ仴搴疯鑼冪殑杞ㄩ亾涓婂揩閫熷彂灞曘?
相关链接:
MOD converter
MOD to MPG
Win7 security measures: USD 5,000 penalty to steal a set of
NEWS about Help Tools
DAT to MP4
New Cataloging
Easy HTML Tools
Automation is everywhere
Trace Mobile Phone Number How To Trace Cell
New Curriculum For Primary And Secondary Breakthrough Multi-media Teaching
World Cup counterparts: Illustrator drawing three cases of Football
Maxthon Filter Floating Flash Ads All Captures
DVD selection, CD Disc reading speed important?
"Digital Tobacco" to Me
. NET Framework basic requirements (. NET1.1)
Axis celebrate the 25th anniversary of the company