Article 2 conducts audits of government investment in the province, other State-owned asset investment and construction of information systems that are dominated by government investment and other State-owned asset investments, as well as safety, reliability, economic performance, and application of this provision.

Article 3. The information system referred to in this article refers to information-processing systems used by auditing units for operational activities.

Article IV is responsible for the audit of the current information system by the audit body of the Government of the above-mentioned population (hereinafter referred to as the auditor).

The superior audit body may carry out an audit by the lower-level auditing authority under the authority of the information system auditing project under its jurisdiction by law, which may be subject to a direct audit of information systems within the jurisdiction of the lower-level auditor.

Article 5 Auditing organs and auditors carry out information systems audits independently of other administrative bodies, social groups and individuals.

The auditing of information systems by an audit body and an auditor should be objectively impartial, conservative and adhere to ethical and professional standards. The auditor who is in the interest of the auditor or audit matter should be avoided.

Article 6. The audit body shall prepare an annual information system audit plan in accordance with the annual information system and the audit priorities established by the current Government of the people, the superior audit body.

Sectors responsible for the preparation of information systems projects should reproduce approved project construction plans and related documents to the same-level audit bodies.

Article 7. The audit body shall establish, in accordance with the law, an audit team to carry out an information system audit and the members of the audit team shall have the expertise and skills necessary to carry out the information system audit.

Article 8

(i) Project proposals, feasibility studies, preliminary design and adjustments;

(ii) Project management, solicitation procurement, contract content and implementation, treasury and means of construction;

(iii) Readjustment of projects, disbursements and expenditure and monitoring of the changes;

(iv) The identification, initial receipt and completion of the project portfolio;

(v) Management and maintenance of projects.

Article 9. The safety of information systems by the auditor shall focus on the following elements:

(i) Physical security control, cyber safety control, security control of the main air, safety control of the application of safety controls and data security controls;

(ii) The creation and implementation of safety management systems and personnel;

(iii) System-building security management and operation of security management;

(iv) Risk assessment, prevention and adaptation;

(v) Including the protection of the non-referred information system hierarchy.

Article 10. The reliability of the information system by the auditor shall focus on the following elements:

(i) Institutional systems, job responsibilities and internal oversight;

(ii) Operational process design, business process processing and operational process functions;

(iii) Data entry and direction control, data modification and deletion control, data inspection control, data bank control, data-sharing control, data exchange control, data backup and data recovery control;

(iv) Data collation control, data calculation control and data summary control;

(v) Data outside export control, data retrieval control, data-sharing export control and backup and recovery of export control.

Article 11. The economicity of the auditor to the information system should focus on the following:

(i) Overall planning, operational integration planning and industrial integration planning of information systems;

(ii) Use and diffusion of information systems;

(iii) The level of support for operational management and the level of contribution to enhanced effectiveness of information systems;

(iv) The economic performance of the information system in operation;

(v) Performance of information systems.

Article 12. When the audit body organizes an information system audit, a systematic survey, information review, systematic inspection, data testing, data validation, tool testing, risk assessment and expert evaluation, in accordance with the relevant national provisions.

Article 13. The auditing authority may collect financial and operational data from the audited units through networking and information systems within the scope of audit supervision.

Article 14. The audit body may conduct a specific audit of specific matters in the areas of information system planning, construction, application, operation and maintenance.

The specific audit survey is carried out in accordance with the audit-related provisions.

Article 15. The auditing body, in accordance with its work needs, may entrust a third-party professional body with the relevant qualifications to conduct an assessment of information system-related matters.

Third-party professional bodies and their staff should be independent in the conduct of evaluation, assessment reports and accountable for their authenticity and professionality.

Article 16, when the audit body organizes an information system audit, has the right to take the following measures:

(i) Requested that the auditor provide information on the authentic integrity of the operation, finance, related to the audit;

(ii) Requested that the auditor should be equipped with data that are consistent with national or industrial standards and, when the interface cannot be equipped with standardized data interfaces, the auditor will request that the data be converted into the format for which the auditor can read;

(iii) Requested that the audit cell test and data test in accordance with the programme implementation system provided by the auditor;

(iv) Conduct investigations into information systems planning, construction, application, operation, maintenance of relevant units and individuals and obtain proof of material.

The auditor and other relevant units, individuals should cooperate with the auditor in the implementation of the information system audit.

Article 17: The auditing of information systems by an audit body shall be carried out in accordance with the statutory authority and procedures.

Audit reports should include the following:

(i) Assessment of the management, safety, reliability and economicity of information systems based on audit records and audit evidence;

(ii) Analyses the level of control of information systems, the level of risk, the causes and responsibilities, and form audit findings;

(iii) To present audit observations and recommendations to improve the control of information systems and to protect systems from the risk of data;

(iv) Other matters to be reported by law.

Article 18

(i) The financial and balance-of-payments violations of State provisions shall be treated and punished by law;

(ii) The information system is not in accordance with the laws, regulations, regulations and national regulations and should be responsible for the conversion of the audit cell time limit;

(iii) Other cases requiring audit decisions.

Article 19 The auditor found problems in the context of the information system audit, and the auditor and other relevant units should be restructured within the prescribed time frame and will redirect the results in a timely manner.

The audit body should conduct a review of the changes in the audited units and other relevant units.

Article 20 may be carried out by an auditor in accordance with the relevant provisions of the State and the province, and subject to the operational guidance and oversight of the audit body.

Article 21, the auditing authority and its auditors do not carry out the functions of the information system under the law or abuse of authority, negligence, provocative fraud, are being redirected by their superior administrative organs or by the authority concerned, and shall be punished by law by the competent or other direct responsible persons; constitute an offence and hold criminal responsibility in accordance with the law.

In violation of article 16 of the present article, the auditor is not required to convert the data into the format to which the audit body can read and to export or not to carry out the systematic test and data test as required by the auditing authority, which is later uncorrected, and is subject to a recommendation by the auditor to the auditor or its superior administrative organs, the inspection authority submits recommendations for the disposition of directly responsible supervisors and other directly responsible personnel, and the relevant units or organs shall be treated in accordance with the law.

Article 23 violates this provision and other laws, regulations and regulations have provided for legal responsibility, from their provisions.

Article 24