企业信息化风险控制的审计监督研究
发布时间:2019-06-17 10:09
【摘要】:随着信息技术的飞速发展,信息系统的应用越来越广泛,信息系统越来越显示出它的优越性与高效性。组织的许多事务或管理都通过信息系统进行解决,大大节省了人力物力,减少了许多繁杂的重复劳动,从而提高了整个组织的运行效率。在信息系统及其应用带给人们方便、快捷、高效的同时,其安全、可靠和有效也成为社会十分关注的话题。同时,信息系统实施的失败案例也是屡见不鲜,并不是所有的信息系统都能给企业带来预期的效益。因此企业信息系统审计越来越被重视,如何对信息系统风险进行控制成为国内外学者研究的重点。 国内外一些学者和组织对企业信息化风险控制的内容和基本框架进行了一定的研究,但尚未形成成熟的模型和方法,目前仍处于不断的完善和发展中。我国的企业信息化多以项目为驱动,缺乏长远的战略规划,对企业信息化风险控制的研究,还处于起步阶段。 根据我国企业信息化的发展情况,结合国内外相关研究的现状,本文从审计的视角采用理论研究和实证研究、定量分析和定性分析、内部控制与外部控制相结合的研究思路,借鉴国外信息化风险控制的相关思想,构建信息化风险控制结构模型。通过风险控制的模型和方法的研究,使用定量与定性结合的评价方法,对信息化相关的企业核心风险进行优先级排序,为企业信息系统审计提供依据,有效实施信息化风险控制,实现企业经济与社会效益。 本文在综述国内外信息化风险控制相关理论、标准和最佳实践的基础上,将企业信息化风险控制的理论框架以及信息化风险控制实施过程作为研究重点,尝试性地提出了企业信息化风险治理的框架。框架的风险控制过程部分将企业信息化风险控制定义为包括风险识别、风险分析与评价、风险监控三个过程要素相结合的动态过程。为保证风险控制的有效顺利实施,信息系统审计起着重要的作用,对审计如何参与此过程进行了探讨。论文最后结合企业信息化风险控制案例,对本文提出的企业信息化风险控制实施框架进行了初步应用。
[Abstract]:With the rapid development of information technology, the application of information system is becoming more and more extensive. Many of the affairs or management of the organization are solved through the information system, so that the manpower and material resources are greatly saved, and a plurality of complex repetitive labor is reduced, so that the operation efficiency of the whole organization is improved. The information system and its application bring convenience, rapidness and high efficiency to the people, and the safety, reliability and effectiveness of the information system are also a topic of great concern to the society. At the same time, the failure cases of information system implementation are also common, not all information systems can bring the expected benefits to the enterprise. Therefore, the audit of the enterprise information system is becoming more and more important, and how to control the risk of the information system becomes the focus of the research of the scholars at home and abroad. Some scholars and organizations at home and abroad have studied the content and basic framework of the enterprise's information risk control, but the mature models and methods have not yet been developed, and are still in the process of perfection and development. China's enterprise information is driven by the project, lack of long-term strategic planning, the research of the enterprise's information risk control, and the start-up step. According to the development of Chinese enterprise information, in combination with the present situation of domestic and foreign research, this paper adopts theoretical and empirical research, quantitative analysis and qualitative analysis, internal control and external control in the perspective of audit. To study the thought, draw on the relevant thought of the foreign information risk control, and construct the information risk control junction By studying the model and method of risk control, the method of quantitative and qualitative combination is used to rank the core risk of the enterprise related to the information, provide the basis for the enterprise information system audit, effectively implement the information risk control, and realize the enterprise economy and society Based on the review of the relevant theories, standards and best practices of the information risk control at home and abroad, the paper puts forward the theoretical framework of the enterprise's information risk control and the implementation of the information risk control as the focus of the research, and puts forward the enterprise information risk. The risk control process part of the framework defines the enterprise information risk control as the three process factors including risk identification, risk analysis and evaluation and risk monitoring The dynamic process of information system audit plays an important role in ensuring the effective and smooth implementation of risk control, and how to participate in the process Finally, the paper discusses the implementation framework of the enterprise information risk control based on the case of enterprise information risk control.
【学位授予单位】:昆明理工大学
【学位级别】:硕士
【学位授予年份】:2008
【分类号】:F270.7;F239.4
本文编号:2500912
[Abstract]:With the rapid development of information technology, the application of information system is becoming more and more extensive. Many of the affairs or management of the organization are solved through the information system, so that the manpower and material resources are greatly saved, and a plurality of complex repetitive labor is reduced, so that the operation efficiency of the whole organization is improved. The information system and its application bring convenience, rapidness and high efficiency to the people, and the safety, reliability and effectiveness of the information system are also a topic of great concern to the society. At the same time, the failure cases of information system implementation are also common, not all information systems can bring the expected benefits to the enterprise. Therefore, the audit of the enterprise information system is becoming more and more important, and how to control the risk of the information system becomes the focus of the research of the scholars at home and abroad. Some scholars and organizations at home and abroad have studied the content and basic framework of the enterprise's information risk control, but the mature models and methods have not yet been developed, and are still in the process of perfection and development. China's enterprise information is driven by the project, lack of long-term strategic planning, the research of the enterprise's information risk control, and the start-up step. According to the development of Chinese enterprise information, in combination with the present situation of domestic and foreign research, this paper adopts theoretical and empirical research, quantitative analysis and qualitative analysis, internal control and external control in the perspective of audit. To study the thought, draw on the relevant thought of the foreign information risk control, and construct the information risk control junction By studying the model and method of risk control, the method of quantitative and qualitative combination is used to rank the core risk of the enterprise related to the information, provide the basis for the enterprise information system audit, effectively implement the information risk control, and realize the enterprise economy and society Based on the review of the relevant theories, standards and best practices of the information risk control at home and abroad, the paper puts forward the theoretical framework of the enterprise's information risk control and the implementation of the information risk control as the focus of the research, and puts forward the enterprise information risk. The risk control process part of the framework defines the enterprise information risk control as the three process factors including risk identification, risk analysis and evaluation and risk monitoring The dynamic process of information system audit plays an important role in ensuring the effective and smooth implementation of risk control, and how to participate in the process Finally, the paper discusses the implementation framework of the enterprise information risk control based on the case of enterprise information risk control.
【学位授予单位】:昆明理工大学
【学位级别】:硕士
【学位授予年份】:2008
【分类号】:F270.7;F239.4
【参考文献】
相关期刊论文 前10条
1 叶明芷;浅谈IT治理与信息化建设[J];北京联合大学学报(自然科学版);2005年02期
2 汤宗健,梁革英;企业信息化风险因素分析[J];改革与战略;2004年05期
3 温绍国,郑小平,桂志强;信息技术外包的风险及其控制[J];经济论坛;2005年16期
4 王英梅,刘增良,程湘云;信息系统风险评估与管理的定量化方法研究[J];计算机工程与应用;2005年22期
5 肖龙;方勇;戴宗坤;杨炜;蔡恒;;基于模糊神经网络的信息系统风险分析[J];计算机应用研究;2006年05期
6 唐毅;论企业信息化[J];科技与管理;2003年05期
7 丁建平;薛恒新;;IT审计与商业银行信息系统风险防范[J];现代金融;2005年12期
8 吴小萍,邹华兴;企业信息化建设风险剖析[J];企业经济;2005年02期
9 巫江;欧阳峰;;企业信息化的风险管理探讨[J];企业经济;2006年02期
10 ;Progress in virtual enterprise risk controlling in a complicated information system[J];Science Foundation in China;2006年01期
相关硕士学位论文 前3条
1 陈慧勤;企业信息安全风险管理的框架研究[D];同济大学;2006年
2 贾斌;企业信息安全风险分析与控制[D];西北工业大学;2006年
3 陈朝;我国信息化建设中信息系统审计问题研究[D];东北师范大学;2006年
,本文编号:2500912
本文链接:https://www.wllwen.com/jingjilunwen/sjlw/2500912.html
