IT审计风险评价与控制研究

发布时间：2019-01-08 15:43

【摘要】：IT审计是对信息系统进行的审计,IT审计风险就是对信息系统审计而产生的风险。随着计算机技术飞速发展和信息化进程进一步加快,IT审计在IT治理、IT安全和合规性等方面发挥着越来越重要的作用,有力促进了信息系统的规范化建设。然而,由于IT审计涉及面广泛、内容复杂、技术要求高,审计风险也随之越来越大,这是需要引起高度重视,亟待研究解决的一个重要问题。当前,我国信息系统的应用发展势头良好,企业管理信息化范围逐步扩大、信息化程度逐步提高,与此同时,对IT审计需求也越来越多、对IT审计质量要求也越来越高。全面推进IT审计,确保IT审计质量,首先必须采取有力措施加强对IT审计风险的控制。基于此,本文选题IT审计风险评价与控制研究,以期为发展我国IT审计事业做出自己力所能及的微薄贡献。本文采取规范研究与实证研究相结合的方法,比较系统地梳理了国内外有关IT审计及其风险控制方面的文献,实地走访了有关单位的IT审计工作,明确了研究方向,确定了研究基本思路,选取了研究的具体方法,在此基础上,首先,分析了风险及其风险管理的最新研究成果和规范标准,作为研究IT审计风险评价与控制的理论基础和规范借鉴；其次,厘清了IT审计及IT审计风险的相关概念,探讨了IT审计风险产生的诸多因素,并导出加强IT审计风险管理的重要意义,为IT审计风险评价与控制以及IT审计风险评价指标体系构建奠定了基础；第三,考量了我国IT审计风险评价现状,提出了IT审计风险评价程序与评价方法,接着从IT审计风险产生的原因与表现形式入手,运用层次分析法构建了效用感知的IT审计风险评价指标体系,并通过案例进行了评价测算演示,以证明所构建的评价体系的可操作性；第四,在进行IT审计风险分析评价的基础上,提出树立全面IT审计风险应对观,分别从审计师层面、.企业微观层面和国家宏观层面,提出了对IT审计风险控制的若干对策建议；最后,对整个研究成果进行总结,并展望了IT审计风险评价与控制研究的未来努力方向。
[Abstract]:IT audit is the audit of information system, and IT audit risk is the risk of information system audit. With the rapid development of computer technology and the further acceleration of information process, IT audit is playing an increasingly important role in IT governance, IT security and compliance, and has promoted the standardization of information system construction. However, as IT audit involves a wide range of areas, complex content, high technical requirements, audit risk is also increasing, which needs to be paid attention to, an important problem to be solved urgently. At present, the application of information system in our country is developing well, the scope of enterprise management informatization is gradually expanding and the degree of informatization is gradually improving. At the same time, the demand for IT audit is increasing, and the quality of IT audit is becoming more and more high. In order to promote IT audit and ensure the quality of IT audit, it is necessary to take effective measures to strengthen the control of IT audit risk. Based on this, this paper selected IT audit risk evaluation and control research, in order to develop our country's IT audit cause to make their own meager contribution. By combining normative research with empirical research, this paper systematically combs the literature on IT audit and its risk control at home and abroad, visits the IT audit work of relevant units on the spot, and clarifies the research direction. The basic idea of the study is determined, and the specific research methods are selected. On this basis, first of all, the latest research results and standardized standards of risk and risk management are analyzed. As a theoretical basis and normative reference for the study of IT audit risk evaluation and control; Secondly, it clarifies the related concepts of IT audit and IT audit risk, probes into many factors of IT audit risk, and deduces the significance of strengthening IT audit risk management. It lays a foundation for the evaluation and control of IT audit risk and the construction of IT audit risk evaluation index system. Thirdly, considering the present situation of IT audit risk evaluation in China, putting forward the procedure and method of IT audit risk evaluation, then starting with the causes and manifestations of IT audit risk. The IT audit risk evaluation index system based on utility perception is constructed by AHP, and a case study is performed to demonstrate the maneuverability of the evaluation system. Fourthly, on the basis of IT audit risk analysis and evaluation, the author puts forward a comprehensive view of IT audit risk response, respectively from the auditor level. At the micro level of enterprise and national macro level, this paper puts forward some countermeasures and suggestions on IT audit risk control. Finally, it summarizes the whole research results and looks forward to the future direction of the research on IT audit risk evaluation and control.
【学位授予单位】：安徽财经大学
【学位级别】：硕士
【学位授予年份】：2013
【分类号】：F239.4

【参考文献】