A knowledge-based system for auditing computer and Management Information Systems

Abstract In a competitive environment, selecting and effectively using reliable information technologies, accurate methodologies and the right information systems, led to a search for an audit process. The information system audit process is therefore viewed as a detailed field program of many steps related to two basic decisions: 1. • The information acquisition decision, addressing the selection of audit tests to be performed, 2. • The audit opinion decision, involving the integration of test results leading to an opinion. In this paper, we present an audit expert system, called INFAUDITOR, aiding the audit process related to management information systems. It has two fundamental features: 1. • It covers all domains of information systems, managerial as well as technical aspects. 2. • It helps to determine, in a given audit situation, the respective importance that should be given to the different audit domains and tests of control. This customization process is determined by means of rules and depends on the audit objectives, the entreprise's characteristics and its information system. Since information systems auditing is a multicriterion decision, INFAUDITOR structures the audit domains and tests of control as a hierarchical audit tree following an analytic hierarchical process. It is a decision aid for auditors and provides integrated support for all aspects of the information system audit process. INFAUDITOR consists of several expert systems as in blackboard architecture. Its fact bases include the characteristics of the enterprise, its information system and the audit objectives, while the rule bases encompass the criteria, the general audit tree and the rules of customization. INFAUDITOR has been successfully applied to several real-life situations.