Designing a generic information systems audit framework to improve the quality of audit in higher education

Abstract

There are some similarities between Financial Statement Audit (FSA) and Information Systems Audit (ISA). FSA is an examination of the reliability and integrity of financial statement records, whereas ISA is a review and evaluation of the controls, risks and system development within an information systems infrastructure to ensure that the safeguards protect against abuse, protect assets, maintain data integrity and operate effectively to achieve the organization's objectives. Decision makers need to ensure a reliable collection and evaluation of the evidence of an organization's information systems, practices and operations. Data manipulation can be caused by external or internal threat. Internal manipulation threat is the most dangerous because it is committed by authorized personnel, which makes it very difficult to detect. In particular, the framework introduces an anomaly detection technique, a data mining method, to determine if the suspected transactions arose from internal or external threats. Once the suspected transactions are identified, procedures and monitoring controls will be in place to minimize each threat. The proposed framework is expected to help university and ministry of higher education managers at all levels to make vital decisions based on reliable and accurate information.