A Case Study on IS Internal Auditing in Organization

• Main Authors: Chia-chieh Cheng, 鄭家杰
• Other Authors: Yi-Wen Fan
• Format: Others
• Language: zh-TW
• Published: 2012
• Online Access: http://ndltd.ncl.edu.tw/handle/52298764062672996681

碩士 === 國立中央大學 === 資訊管理學系碩士在職專班 === 100 === Enterprises increasingly rely on the information systems for daily operation. As the scale of business grows, the numbers of IT servers and network equipments have also increased and become more complicated. Therefore, lots of IT fraud cases occur in recent years worldwide. And, these frauds not only cause economic loss but also affected the reputation of the enterprises, negatively impacting enterprise impression among the community. Most of IT fraud cases take advantage of the deficiency of internal control. Given the computing capability and the fast pace of the network, auditing staffs are unable to cope with the frauds and come up with timely remedies. This study uses the case company as an example. Through interviews with relevant IT professionals and auditing staffs to understand the current situation and the problems first and the collections of related regulations and documents later, the study has discussed how to use SIEM systems to help IT professionals and auditing staffs to do the internal control and auditing on the information of the organizations well. Using the actually collected primary data from the business operation that has imported SIEM systems to the organizations as the base and the secondary data as supplements, the data collection, analysis and sorting are conducted. Besides, after importing SIEM systems to the organizations, there are interviews with the people mentioned above in order to know whether it really has essential contribution to the internal control and auditing of the case company. In addition, it also points out careful matters that are needed to be followed up afterwards. This study has conducted the analysis of the results in the improvements of the internal control and auditing systems of the enterprises by using the computer auditing techniques and it is expected that it can provide relevant IT professionals and auditing staffs a direction of the reference and the matters needed to be watched in order to enhance the quality of the auditing, lower the risks of the information security and strengthen the internal control. On the passive side, it includes fraud prevention, asset assurance, the reliability and the authenticity of the financial information, etc. On the aggressive side, it includes the improvements on the operating performance of the organization, the reduction of the operational risks and the increase of the use efficiency of limited resources, etc.