Study On Design Of Information System Audit Framework Of China Life Insurance Company On COBIT

With significant development in information technology, information system, as a major power improving society, has found broad practical applications. Therefore, it is of enterprises big interest to efficiently protect the information safety of the system when carrying out information system audit while ensuring normal operating and management activity of the enterprise. This paper aims to summarize a COBIT based audit framework to efficiently monitor risk factors from multi-levels of information system and promote health development of enterprise IT system, by incorporating traditional methods that have been utilized in information system audit and considering the actual condition faced by domestic life insurance company.This paper starts from the concept of information system audit, review the history about the theory of development of information system audit at home and abroad, while the introduction of dominant in the field of information security of COBIT theory, introduces its overall structure and operation principle, and the guiding role of information system audit. Then from the company’s overall environment, information construction and information audit carried out three aspects of domestic life insurance companies face the risk of information system, points out the existing problems of traditional auditing mode. The fourth chapter began to focus from the general control audit and control system of the two aspects of the audit, based on the COBIT theory of the CLIC information system audit framework design concept:the IT activity process based audit framework, to risk control points of each process contains the basic elements, to ensure that the important field of content to basic coverage of IT activity, including210IT processes and214risk control points. Subsequent to the econometric method, the evaluation model is established by means of the quantitative relationship between the results of the audit, audit results and risk control analysis, studies the framework of performance audit and improving the degree of; with specific audit case, analysis framework for project practical significance. Finally from the involves two aspects and the actual effect evaluation based on the theory of COBIT CLIC information system audit framework, and also points out the imperfections, improved until follow-up study.