Research Of Information System Audit Based On COBIT

With the growing popularity of ERP, Information system has been used widely by many corporations, which makes companies depend on information system increasingly. As the business environment is highly competitive and rapidly changing, IT can improve the level of business management, product quality and the service level. However, the IT risks still exist. When the information system stops running, the data of the company will lose its support and protection, which may bring huge loss. Therefore, the information systems should be audited to ensure its reliability, safety and effectiveness. The information system audit will be necessary and welcome.In fact, information system audit has become popular all over the world, especially in the USA and Europe countries. The corresponding standards of information system audit have also been published, such as COBIT, GTAG, GAIT, FISCAM, ITIL, BS7799, COSO and other criteria. However, in China, the companies are unfamiliar with the Information System Audit. The research of Information System Audit is just beginning. Besides, the research of the methods of Information System Audit is seldom. Most Chinese scholars’ research is still about the introduction of information system audit.Since COBIT is relatively comprehensive, mature and recognized highly, this paper is based on COBIT to research the standard of information system audit. This article briefly describes the content of the development of COBIT, the five principles and process reference models, meantime it points out the advantages and disadvantages of COBIT. Besides, this paper designs a COBIT-based information systems audit standard considering the actual situation of Chinese enterprises’ information system, which proceeds from the perspective of the life cycle of information system. The life cycle of information system can be divided into four parts:plan, design, support and maintain. And COBIT contains four similar parts:planning and organization, acquisition and implementation, delivery and support, monitoring and evaluation.Therefore, the COBIT’s four domains,34 processes can be embedded into four stages of information system to become to key points of audit process. And the audit process for each key point can also be set its own audit focus. Also, by using the COBIT maturity model, the condition of the enterprise’s information system can be evaluated better. After designing the norms of information systems audit, the paper also take a company for example. The company’s information system was been audited and some problems were been found. Besides some advises were been put forward to solve the problems.Finally, this paper looks forward to the future of information system audit. Research on information system audit has just started in China, but auditors face a number of problems of information system audit in the field of operation every year. Hence the auditors urgently need a standard of information system audit and methods for information system audit. Therefore, information systems audit has good prospects in China, especially when XBRL becomes popular. Information system audit will be a primary audit process to the corporations. In the development of information systems audit, two aspects should be focused on:the norms and personnel. The norms of information system audit should be built and the personnel should be trained.