Research On Information System Security Audit Of H Enterprise Financial Sharing Center Based On COBIT

With the rapid expansion of business scale and the development of information technology,traditional financial tools are no longer able to meet the requirements of digitalization in corporate finance.As a result,an increasing number of enterprises are choosing to establish financial shared service centers using information technology to achieve centralized financial processing and meet the basic requirements of enterprise digitalization.The financial shared service center is one of the key tools for realizing corporate digital transformation.By standardizing and streamlining business and financial data,it provides extensive applications for optimizing financial operations in large conglomerates.H Enterprise is a large chain retail company experiencing rapid growth in its online sales business.As the business scale expands,the traditional finance department structure no longer meets the demands of daily management.H Enterprise has decided to separate its original financial accounting and marketing finance departments and establish a financial shared service center.In the construction of the financial shared service center,H Enterprise has chosen the SAP system as its foundation and established integration with the business information systems.However,the utilization of information systems also brings uncontrollable security risks,such as data security and network security.Therefore,H Enterprise needs to conduct information systems security audits.Traditional audit methods and processes are no longer sufficient to address the security risks in the information system environment,such as data loss incidents and system operation failures leading to issues in data security and network security.This article focuses on the information system of H Enterprise’s financial shared service center,aiming to explore its security issues and propose solutions.Firstly,a security audit is conducted on H Enterprise’s information system to understand its operational and maintenance conditions,in order to identify any security problems.Secondly,the necessity of implementing a security audit is explained,and the reason for selecting the COBIT 2019 framework is provided,along with the selection of indicators from the COBIT 2019 framework to meet the requirements of the security audit.Finally,based on the chosen indicators and their control objectives,the security audit is implemented,and relevant research conclusions are derived.A security audit model based on the COBIT 2019 framework is developed specifically for the information system of the financial shared service center.This model provides a series of audit guidelines,management objectives,and control objectives to address various risks and issues encountered during the implementation of security audits.The COBIT 2019 framework offers insights into system governance,strategic planning,organizational structure,and other relevant aspects.Enterprise managers utilize audit plans,tools,techniques,risk assessments,and inspection processes to implement security audits,thereby strengthening information system risk control and enhancing information system security.Furthermore,the research findings of this study can serve as a reference for the security of information systems in financial shared service centers of other large and medium-sized conglomerates.