A study on information systems auditing processes using AHP - An approach to audit engineering

The role of IS (Information Systems) auditing is becoming increasingly important because IS auditing is one of the most important components of FT governance and corporate governance. Therefore, IS auditors should be able to explain the audit process, their objectivity and conclusions of the audit. The audit process is based on risk assessment. Auditors should assess various kinds of IS risks, for instance, effectiveness risk, efficiency risk, compliance risk, legal risk, confidentiality risk, availability risk and integrity risk. Risk assessment consists of impact assessment and probability assessment. But auditors cannot make precise assessments of impact and probability, because there are no common measures for assessing the risk. In this paper, we discuss a risk assessment method that analyzes various kinds of risks using AHP (Analytic Hierarchy Process). Auditors can assess various kinds of risk using AHP, and they can explain their risk assessment results numerically. The proposed approach contributes to improving the audit process. Numerical results based on the actual data are given to show the usefulness of the methodology.