Relative importance analysis of inter-IS audit evaluation standards (Korea)

Abstract

As a scale of the IS (Information System) becomes larger and level of dependence in creases, it becomes more important to examine and prevent potential risk factors that would occur during the development or operation process. Korean government introduced IS audit system in 2006 for stable development and efficient management. According to this law, every company who develop program for any Korean government branch over $500,000 is required to be audited. This audit system consists of 7 audit fields, 16 processes, 32 sub-areas, and 167 audit items. However, several problems have been raised that these criteria are unnecessarily fragmented and some of them are being overlapped thereby becoming inefficient as well as inconsistent. Therefore, this audit system needs to be evaluated as user demand level improves and software development environment changes rapidly. In this research, Korean IS audit items are prioritized using constant-sum method in order to identify their relative importance.