审计研究
審計研究
심계연구
Audit Research
2011年
2期
21~28
,共null页
中观审计 信息系统审计(IS审计) 风险管理 框架构建
中觀審計 信息繫統審計(IS審計) 風險管理 框架構建
중관심계 신식계통심계(IS심계) 풍험관리 광가구건
meso-audit, information system audit, risk management, frame construction
近年来,中观信息系统在我国得到广泛应用,中观经济主体对信息系统审计(IS审计)的需求日益广泛。因中观IS审计的研究具有专业性、抽象性等特点,当前我国该方面的研究成果相对较少。基于多种因素考虑,本文认为,我国亟需构建一套成熟的中观IS审计及其风险管理理论体系,旨在对中观信息系统进行科学管理与有效控制。鉴于此,本文在研究中观审计、IS审计、审计风险、风险管理四要素的基础上,对中观IS审计风险管理理论加以梳理,并以信息安全管理为视角,借鉴国外BS7799标准、COBIT模型、通用准则CC、ITIL标准,初步构建了中观IS审计风险管理的框架,该框架以重大错报风险为切入点,深入探索了中观IS审计风险管理的施行思路。
近年來,中觀信息繫統在我國得到廣汎應用,中觀經濟主體對信息繫統審計(IS審計)的需求日益廣汎。因中觀IS審計的研究具有專業性、抽象性等特點,噹前我國該方麵的研究成果相對較少。基于多種因素攷慮,本文認為,我國亟需構建一套成熟的中觀IS審計及其風險管理理論體繫,旨在對中觀信息繫統進行科學管理與有效控製。鑒于此,本文在研究中觀審計、IS審計、審計風險、風險管理四要素的基礎上,對中觀IS審計風險管理理論加以梳理,併以信息安全管理為視角,藉鑒國外BS7799標準、COBIT模型、通用準則CC、ITIL標準,初步構建瞭中觀IS審計風險管理的框架,該框架以重大錯報風險為切入點,深入探索瞭中觀IS審計風險管理的施行思路。
근년래,중관신식계통재아국득도엄범응용,중관경제주체대신식계통심계(IS심계)적수구일익엄범。인중관IS심계적연구구유전업성、추상성등특점,당전아국해방면적연구성과상대교소。기우다충인소고필,본문인위,아국극수구건일투성숙적중관IS심계급기풍험관리이론체계,지재대중관신식계통진행과학관리여유효공제。감우차,본문재연구중관심계、IS심계、심계풍험、풍험관리사요소적기출상,대중관IS심계풍험관리이론가이소리,병이신식안전관리위시각,차감국외BS7799표준、COBIT모형、통용준칙CC、ITIL표준,초보구건료중관IS심계풍험관리적광가,해광가이중대착보풍험위절입점,심입탐색료중관IS심계풍험관리적시행사로。
In recent years, the increasingly widespread application of meso-information system in China has triggered greater demands from meso-economic entities for this audit system. On the other hand, however, the complex and abstract nature of research in this field has curbed the satisfactory growth of studies both in number and quality. In view of this fact, this paper points out that there is an urgent need to establish a sound theory of meso-information systems audit risk management in order to ensure the scientific and efficient management of meso-information systems. Based on the four key elements of meso-information systems audit, IS audit, audit risk and risk management, this paper first examines the basic theory of meso-information systems audit risk management, and then tries to construct a theorectical framework for audit risk management of meso-information system referring to international norms like BS7799 criterion, COBIT model, CC norm and ITIL criterion. The proposed frame work is constructed from the perspective of material misstatement risk and aims to explore a set of practical measures for the risk management of meso-information systems.