Research On Construction And Application Of Information System Audit Evaluation Index System Of Company A

With the continuous development of information technology,information systems are widely used in various industries because they can improve enterprise management and market competitiveness and support enterprise market segmentation strategies.In 2019,the Ministry of Finance issued the Circular on Promoting Fair Competition in Government Procurement to Optimize the Business Environment,which sets clear standards for suppliers to government public resource tenders.Company A is a provider of one-stop office total solutions for enterprises and institutions nationwide.in order to seize the opportunity of development,Company A has carried out large-scale information construction in a short period of time,and successively launched and replaced several information systems to support the company’s business strategy.However,before and after the launch and replacement of information systems,Company A did not build and apply the information system audit evaluation index system,which led to irregularities in the process of system launch and replacement,non-compliance in business process planning and processing,conflicts of authority,data security and other problems.Obviously,it is necessary to build and apply the information system audit evaluation index system,which can reveal the problems of information system and evaluate the effectiveness and security of information system,and help the enterprise to operate stably in the long term.This paper takes Company A as the research object,and through researching the basic situation of Company A,the current situation of information system and the current situation of information system audit,we analyze the audit requirements of its information system and find that there may be problems at three levels: information management control,general control and application control at the organizational level.On this basis,this paper constructs the framework of information system audit evaluation index system of Company A from the above three levels based on the content of Internal Auditing Standard No.2203-Information System Audit and Internal Auditing Practice Guideline No.3205-Information System Audit,combined with the results of audit requirement analysis,while screening the indexes by issuing questionnaires to relevant experts,and then determining the weight of each index with the help of hierarchical analysis.By setting audit objectives,selecting audit methods,preparing for audits,and using the information system audit evaluation system to perform audits at three levels: organizational level information management control,general control and application control,it was found that in the organizational level information management control,Company A did not plan information security management positions and conduct employee security training,resulting in irregularities in the development and on-line process of the T3 system at the general control level,and problems in the planning and processing of business processes of the T3 system at the application control level,resulting in discrepancies in data and reducing data validity.In addition,this paper also enriches research cases for information system audit practitioners and related scholars,and enhances the applicability and practicality of relevant theoretical bases.