Hebei Province, Information System Audit Requirements 

Original Language Title: 河北省信息系统审计规定 

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.
  First in order to strengthen the information systems audit and oversight, standardize information systems audit, improve the quality of audits, in accordance with the People's Republic of China audit law and the People's Republic of China regulations on implementation of the audit law and other laws and regulations, combined with the facts of the province, these provisions are formulated.

Article on the provincial government investment and other investment in the State-owned assets and to government investment and other State-owned assets investment of construction project management for information systems as well as safety, reliability, economy auditing, these provisions shall apply.

Article information systems in these rules refers to the audited units using modern information technology to carry out the operational activities of the information processing system.

Fourth organ under the people's Governments above the county level shall audit (hereinafter referred to as audit institutions) level is responsible for the information systems audit.

An audit institution superior information systems within their jurisdiction by law authorized to audit the audit organs at lower levels of audit projects, information system within the jurisdiction of the audit organs at lower levels can be audited directly.

Article fifth audit institutions and auditors audit independently according to law, not subject to interference by any administrative organ, public organization or individual. Information systems audit and audit institutions and Auditors should be objective and impartial, confidentiality and abide by professional ethics and professional guidelines.

The audited units interested Auditors or auditing matters should be avoided.

Sixth audit institutions should be based on the annual information system construction and the people's Governments at the corresponding level, an audit institution superior to determine audit priorities, prepare annual audit plans.

Is responsible for the construction of information system construction of project examination and approval Department shall be approved by the project plan and related documents copied to the audit organs at the same level.

Article seventh audit group Audit Department shall set up information systems audit, information systems audit of the audit team members shall have the necessary professional knowledge and skills.

Eighth audit institutions on the construction of information system audit should focus on the project management of the following:

(A) project proposal and feasibility study, preliminary design review and adjustment;

(B) the project management, procurement, Contracting and implementation, supervision and construction;

(C) the project budget and final accounts, income and expenditure of funds and rectification of supervision and inspection;

(D) the item Inspection, testing and acceptance of the project;

(E) project management and maintenance.

Nineth audit institutions on the security of information systems should focus on audit the following:

(A) physical security, network security, host security controls, application security and data security controls;

(B) the safety management framework and personnel establishment, the establishment and implementation of the safety management system;

(C) the security management and operation and maintenance of the safety management system;

(Iv) risk assessment, implementation of preventive and corrective action;

(V) the classification of secret-involved information system protection and non-secret-involved information system classified security protection.

Tenth audit institutions should focus on the reliability of information systems audit the following:

(A) the institutional framework, responsibilities and internal oversight;

(B) business process, business process management and business process design function;

(C) data entry and import controls, modifying and deleting of data control, data parity control, data sharing, data storage control control control, data backup, data exchange and data recovery control;

(D) data processing control, data control and data control;

(V) output control, data retrieval, data peripheral output output output control, data sharing, and backup and recovery control.

11th audit organs economy should focus on information systems audit the following:

(A) integration of information systems planning, business planning and consolidation plan;

(B) the application of the information system development and promotion;

(C) information systems for business management support and to enhance the effectiveness of contribution rates;

(D) the economics of information systems operation and maintenance;

(E) information system performance.

12th audit institutions organization information system audit, in accordance with the relevant provisions of the State investigation, the review of the system, the system checks, data validation, data testing, tools testing, risk assessment and expert review methods.

13th audit institutions through networks and interconnection of information systems within the scope of audit, with interconnection collected audited financial and operational data, the implementation of audit.

14th audit institutions for information system planning, construction, application, operation and maintenance of specific matters in the link, can be made to the relevant local authorities, departments, units special audit investigation.

Special audit investigation in accordance with the auditing regulations.

15th audit institutions in accordance with the needs, may entrust a qualified third party professional bodies on matters related to evaluation of information systems.

Independent third party professional agencies and their staff should conduct assessment, submission of the assessment report, and take responsibility for its authenticity, professionalism.

16th when auditing organs in accordance with the Organization's information systems audit, the right to take the following measures:

(A) demand the auditees provides complete business related to the work of the audit, finance and other information;

(B) demand the auditees to its information systems which satisfy national or industry-standard data interfaces, cannot be configured in line with standard data interfaces, audit institutions demand the auditees to convert the data format can be read and output;

(C) were audited in accordance with audit institutions provide programme implementation system testing and data testing;

(D) information system planning, construction, application, operation and maintenance of the units and individuals involved to investigate and obtain evidence.

The audited units and other units and individuals shall cooperate with the audit authorities with information systems audit.

17th audit institutions organization information system audits, shall, in accordance with the statutory powers and procedures issued audit reports.

The audit report shall include the following contents:

(A) according to audit records and the audit evidence, the evaluation of construction project management, information systems security, reliability, and economy;

(B) the analytical information system of control, risk level, responsible for the causes and, forming audit conclusions;

(C) improved information systems control and protection system control data risk audit observations and recommendations;

(Iv) other law should be the content of the report.

18th in information systems audit, the audit institutions found the following circumstances, it shall audit decisions taken:

(A) financial income and expenses, financial income and expenditure behavior in violation of State regulations, should be dealt with according to law, penalties;

(B) the information system does not comply with the laws, rules and regulations and the relevant provisions of the State, shall order within a time limit of the auditees;

(C) other circumstances that audit decisions need to be made.

19th audit found problems in information systems audit, auditees and other units concerned shall, within the prescribed period rectification, and timely feedback to the rectification result audit institutions.

Audit institutions shall be audited units and other authorities supervising the rectification.

20th audited in accordance with relevant provisions of the State and the province, within the information systems audit, operational guidance and supervision and auditing departments.

21st audit institutions and Auditors did not fulfill the responsibilities of the information systems audit, or abuse of power, negligence, malpractice, the higher administrative authority or the competent authority shall order rectification, the directly responsible person in charge and other direct liable persons shall be given administrative sanctions constitutes a crime, criminal responsibility shall be investigated according to law.

22nd article violation this provides 16th article provides, was audit units not according to requirements will data conversion into audit organ can read of format and output or not according to requirements implementation system test and data test of, by audit organ ordered deadline corrected; late not corrected of, by audit organ to was audit units or its superior administrative organ, and monitored organ proposed on directly is responsible for of competent personnel and other directly responsibility personnel give disposition of recommends, units or organ should law made processing.

23rd in violation of the provisions of the Act, and other provisions of laws and regulations have legal responsibilities from its provisions. 24th article of the regulations come into force on November 1, 2015.