Government Information System Audit Should Focus on E-government

Government information system audit, as the frontier field of computer audit carried out by national audit institutions has developed rapidly in recent years. However, it prefers state-owned financial institutions and large state-owned enterprises to e-government affairs. This paper reviews the e-government audit carried out by the top audit institutions of various countries, analyzes the problems in the construction and operation of e-government in China, according to which it puts forward that the audit of government information system should be put more on e-government at the present stage, and proposes suggestions on how to strengthen the audit of e-government information system by the national audit institutions. Keywords—Government audit; electronic government; information system auditing I. GOVERNMENT INFORMATION SYSTEM AUDIT AND E-GOVERNMENT Information system audit refers to the examination on auditee’ information system and its planning, research and development, implementation, operation, and maintenance, and the determination of its information security, effectiveness and economical efficiency of the system and whether the information system can effectively utilize organizational resources and help to realize the organizational goals . There are many organizations in China carrying information system auditing. Most of them are the state audit institutions, internal audit institutions, accounting firms, management consulting companies and other social intermediary organizations. According to the subjects of information system audit, they can be assorted into government, internal and social levels. The e-government in this paper, in the generalized sense, refers to the government investment information construction process and the formation of hardware and software information assets and services. In addition to the website of the government, e-government system also includes government key information construction projects like the “12 golden project” and various information system invested by the state for public services. Government information system audit, as a new frontier, on which national audit institutions carry out the computer audit, has been mainly focusing on the state-owned financial institutions and large state-owned enterprises in recent years, such as the China Development Bank, SINOCHEM, and China Eastern airlines. It also gained great achievement on their information system audit, but kept a close eye on the electronic government affairs. Auditing is only carried out on financial informatization in the financial revenue and expenditure of a province, social security information system in social security fund, department budget implementation in the department informatization construction, and the new rural cooperative medical care system in the new rural cooperative medical care. So far, the national audit office has not organized the information system audit of the “12 golden projects” national key e-government projects, such as golden tax and golden customs. The author made an investigation on the information system and auditing of some financial institutions, enterprises and administrative institutions. It can be seen from the results that organizations like financial institutions, large state-owned enterprises and the listed companies do better in informatization and their internal auditing department perform well in information system auditing. These organizations, generally, face relatively low risks in information system as they can empower their internal audit or entrust the intermediaries to carry out it. Whereas, administrative institutions, the main body of investing the construction and operation of e-government, face high risks in information system, due to the facts that they are weak to conduct internal auditing with regards to the personnel quality and cadres’ attitude toward it, and they are reluctant to turn to the intermediaries. To recap, the author believed that the national audit institutions should strengthen the information system audit of e-government, take e-government as the main channel of government information system audit to promote the sound development of e-government and informatization construction in China. II. INTERNATIONAL E-GOVERNMENT AUDIT PRACTICES From the audit practices of the international organization of supreme audit and some national supreme audit institutions, it can be seen that the national audit institutions attach great importance to the information system audit of their own e-government, however, with different emphases. A. The long-term concern on e-government auditing by supreme international audit organization In recent years, the international organization of the supreme audit institution and its IT working group have always taken e-government audit as the focus of IT audit, and held meetings to study and discuss how to promote the Advances in Social Science, Education and Humanities Research, volume 322 2nd International Seminar on Education Research and Social Science (ISERSS 2019) Copyright © 2019, the Authors. Published by Atlantis Press. This is an open access article under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/). 543 e-government audit of the supreme audit institutions of each country. In April 2004, the audit committee of the international organization of the supreme audit institutions held its fourth working meeting on effectiveness audit in Moscow. The topic was how to carry out effectiveness audit on e-government. The conclusion it reached was that e-government is a transformation of government services, so the government faces the redesign of business processes. In a word, the expansion of audit objectives of audit institutions leads to its own new challenges. On April 15, 2010, the IT audit team of world organization for audit held the 19th annual meeting in Beijing with the theme as “Performance Indicators of IT project effectiveness and Investment Success”, China’s audit office put forward that with the rapid development of China’s information industry, e-commercial and e-government project is increasing, and national economic management informationization gains momentum, which pose severe challenges for the means of audit work. Therefore, it is necessary to establish an applicable and widely recognized measurement index system to promote the standardization of IT project performance audit. In 2013, the 21st world audit congress was held in Beijing. It had approved the IT audit manual of the supreme audit organization, taking e-government audit as an emerging field and key content of IT audit. B. The E-government audit focuses on government information security. The United States government attaches great importance to the development of e-government. Since 1993, presidents like Clinton and Bush have adopted a series of measures to make the United States the most developed country in e-government. Correspondingly, the General Accounting Office (GAO) puts the e-government audit high on the agenda. According to the statistics, from fiscal year 2008 to 2018, the GAO have issued a total of 55,108 audit reports, including 2,682 e-government audit reports with 773 information management reports, 459 information security reports and 1,450 information technology reports. In particular, the United States thinks highly of the government information security. In December 2002, after the enactment of the E-government Act, the United States implemented FISMA (the Federal Information Security Management Act of 2002) which is the chapter 3 of the Act to ensure the information security of its government agencies. The national audit office of the United States has conducted the information system audit of the Federal Reserve from 2010 to 2017, and found a total of 16 general control defects, mainly in access control, configuration management and security management and other aspects (shown in TABLE I). On this basis, it has raised 16 suggestions on auditing . TABLE I. DEFECTS IN THE FEDERAL RESERVE’S FINANCIAL INFORMATION SYSTEM CONTROL FOUND BY THE NATIONAL AUDIT OFFICE FROM 2010 TO 2017 Year Number of control defects Where the defects exist Defect nature Number of suggestions on auditing 2017 2 Access control and configuration management General control defects 2 2016 3 Security management and configuration management General control defects 4