CAJ | 학술논문

近年来，中观信息系统在我国得到广泛应用，中观经济主体对信息系统审计（IS审计）的需求日益广泛。因中观IS审计的研究具有专业性、抽象性等特点，当前我国该方面的研究成果相对较少。基于多种因素考虑，本文认为，我国亟需构建一套成熟的中观IS审计及其风险管理理论体系，旨在对中观信息系统进行科学管理与有效控制。鉴于此，本文在研究中观审计、IS审计、审计风险、风险管理四要素的基础上，对中观IS审计风险管理理论加以梳理，并以信息安全管理为视角，借鉴国外BS7799标准、COBIT模型、通用准则CC、ITIL标准，初步构建了中观IS审计风险管理的框架，该框架以重大错报风险为切入点，深入探索了中观IS审计风险管理的施行思路。
근년래，중관신식계통재아국득도엄범응용，중관경제주체대신식계통심계（IS심계）적수구일익엄범。인중관IS심계적연구구유전업성、추상성등특점，당전아국해방면적연구성과상대교소。기우다충인소고필，본문인위，아국극수구건일투성숙적중관IS심계급기풍험관리이론체계，지재대중관신식계통진행과학관리여유효공제。감우차，본문재연구중관심계、IS심계、심계풍험、풍험관리사요소적기출상，대중관IS심계풍험관리이론가이소리，병이신식안전관리위시각，차감국외BS7799표준、COBIT모형、통용준칙CC、ITIL표준，초보구건료중관IS심계풍험관리적광가，해광가이중대착보풍험위절입점，심입탐색료중관IS심계풍험관리적시행사로。
In recent years, the increasingly widespread application of meso-information system in China has triggered greater demands from meso-economic entities for this audit system. On the other hand, however, the complex and abstract nature of research in this field has curbed the satisfactory growth of studies both in number and quality. In view of this fact, this paper points out that there is an urgent need to establish a sound theory of meso-information systems audit risk management in order to ensure the scientific and efficient management of meso-information systems. Based on the four key elements of meso-information systems audit, IS audit, audit risk and risk management, this paper first examines the basic theory of meso-information systems audit risk management, and then tries to construct a theorectical framework for audit risk management of meso-information system referring to international norms like BS7799 criterion, COBIT model, CC norm and ITIL criterion. The proposed frame work is constructed from the perspective of material misstatement risk and aims to explore a set of practical measures for the risk management of meso-information systems.