信息系统审计——网络架构、测试与评价

发布时间：2018-03-04 00:09

本文选题：审计　切入点：信息系统　出处：《重庆大学》2003年硕士论文　论文类型：学位论文

【摘要】： 随着现代计算机技术和网络技术的快速发展，企业电算化信息系统不断普及，ERP等系统建立使企业所有的生产、经营业务包括物资、资金、人力等都被纳入一个庞大的企业信息系统中。管理人员在面临传统经营风险和财务风险的同时，还必须面对信息风险对企业生存和发展带来的挑战。本论文较为系统的分析了计算机、网络技术的应用对传统审计理论和实务的影响，从而提出建立以信息技术特别是网络技术与审计技术相结合的信息系统审计。企业规模的扩大、业务和管理趋于复杂，企业必须靠加强管理来提升企业的运营效率和效益，而单纯依靠人的控制和一些简单的辅助手段已经不足以保证业务运作和管理的有效，因此，企业就需要引入一些专门的信息系统，例如企业资源计划（ERP）、客户关系管理（CRM）以及依托于网络环境下的会计信息系统等。基于网络信息技术下的电子商务使企业业务信息系统和财务系统高度集成，传统审计理论与实务在现代技术的广泛应用下受到空前的挑战。会计电算化乃至网络财务及电子商务对审计对象、审计线索、审计内容、审计技术、审计环境和内部控制都产生了重要的影响。作为信息系统审计的审计对象不再局限于财务会计审计或管理效益审计等，而是扩大到网络化的经济活动和管理信息系统。信息系统审计技术除了绕过计算机审计、穿过计算机审计和利用计算机审计外还包括了利用网络技术对网络信息系统进行审计。在信息系统审计的实务部分，，论文从系统开发、系统功能、内部控制和网络系统以及电子商务系统几个部分分别进行了分析。在系统开发阶段，应对系统开发的可行性、合法性、可审性、可靠性和完整性进行审计。要保证信息系统在业务数据处理中的正确性还必须对系统功能进行审查。信息系统审计对网络系统自身的安全性和准确性有很强的依赖，所以除了前述两个方面还应对系统操作和内部控制进行审计。没有健全的内部控制，系统的程序和数据安全就无法保证，从而也无法保证审计的实施。对网络信息系统和电子商务系统的审计则将重点放在风险与安全防护方面，如审查交易授权、跟踪访问和操作记录、保留系统审计程序运行以及审查通信安全等。
[Abstract]:With the rapid development of modern computer technology and network technology, enterprise computerization information system has been popularized and ERP system has been established to make enterprises have all production, business operations, including materials, funds, etc. Human resources are incorporated into a huge enterprise information system. While managers are facing traditional business risks and financial risks, It is also necessary to face the challenge that information risk brings to the survival and development of enterprises. This paper systematically analyzes the influence of the application of computer and network technology on the traditional audit theory and practice. Therefore, the information system audit based on the combination of information technology, especially network technology and audit technology is proposed. With the expansion of enterprise scale and the complexity of business and management, enterprises must rely on strengthening management to enhance their operational efficiency and efficiency. But relying solely on human control and some simple auxiliary means is no longer enough to ensure the efficiency of business operation and management. Therefore, enterprises need to introduce some special information systems. For example, enterprise resource planning (ERP), customer relationship management (CRM), and accounting information systems based on network environment. E-commerce based on network information technology makes enterprise business information systems and financial systems highly integrated. The traditional audit theory and practice are facing unprecedented challenge under the extensive application of modern technology. Accounting computerization and even network finance and electronic commerce have great influence on audit object, audit clue, audit content, audit technology, etc. The audit environment and internal control have produced important influence. As the audit object of information system audit, it is no longer limited to financial accounting audit or management benefit audit, etc. Instead, it extends to networked economic activities and management information systems. Information system auditing technology, in addition to bypassing computer auditing, Besides computer audit and computer audit, it also includes the audit of network information system using network technology. In the practical part of information system audit, the paper develops the system from system development, system function, Several parts of internal control, network system and electronic commerce system are analyzed separately. In the system development stage, the feasibility, legality, and justiciability of system development should be dealt with. In order to ensure the correctness of information system in business data processing, it is necessary to examine the function of the system. The audit of information system depends heavily on the security and accuracy of the network system itself. Therefore, in addition to the above two aspects, the system operation and internal control should also be audited. Without sound internal control, the system's procedures and data security cannot be guaranteed. The audit of network information systems and electronic commerce systems focuses on risk and security protection, such as reviewing transaction authorizations, tracking access and operating records, Keep the system audit program running and review communication security.
【学位授予单位】：重庆大学
【学位级别】：硕士
【学位授予年份】：2003
【分类号】：F239.1

【引证文献】