审计研究
審計研究
심계연구
Audit Research
2014年
5期
32~37
,共null页
信息系统 审计 框架
信息繫統 審計 框架
신식계통 심계 광가
information system, audit, framework
本文在分析国外IT目标、IT过程和IT资源的信息系统过程控制审计框架基础上,依据系统控制理论关于执行、反馈和控制的结构性原理,分析信息系统承栽业务的业务逻辑、业务流程、业务信息、业务处理、业务性能和业务部署等要素对信息系统各组成部分的影响。结合我国信息系统审计实践,研究并提出了依据信息系统审计目标,确定信息系统审计控制结构和控制点,检查和评价各类信息资源的完整性和控制有效性的信息系统结构控制审计三维框架,以及以管理控制为统领、应用控制为核心、网络控制为基础、安全控制为保障的四维结构控制及其审计重点,试图在过程控制审计框架基础上扩展构建结构控制审计框架,从而形成较为完整的信息系统控制审计框架。
本文在分析國外IT目標、IT過程和IT資源的信息繫統過程控製審計框架基礎上,依據繫統控製理論關于執行、反饋和控製的結構性原理,分析信息繫統承栽業務的業務邏輯、業務流程、業務信息、業務處理、業務性能和業務部署等要素對信息繫統各組成部分的影響。結閤我國信息繫統審計實踐,研究併提齣瞭依據信息繫統審計目標,確定信息繫統審計控製結構和控製點,檢查和評價各類信息資源的完整性和控製有效性的信息繫統結構控製審計三維框架,以及以管理控製為統領、應用控製為覈心、網絡控製為基礎、安全控製為保障的四維結構控製及其審計重點,試圖在過程控製審計框架基礎上擴展構建結構控製審計框架,從而形成較為完整的信息繫統控製審計框架。
본문재분석국외IT목표、IT과정화IT자원적신식계통과정공제심계광가기출상,의거계통공제이론관우집행、반궤화공제적결구성원리,분석신식계통승재업무적업무라집、업무류정、업무신식、업무처리、업무성능화업무부서등요소대신식계통각조성부분적영향。결합아국신식계통심계실천,연구병제출료의거신식계통심계목표,학정신식계통심계공제결구화공제점,검사화평개각류신식자원적완정성화공제유효성적신식계통결구공제심계삼유광가,이급이관리공제위통령、응용공제위핵심、망락공제위기출、안전공제위보장적사유결구공제급기심계중점,시도재과정공제심계광가기출상확전구건결구공제심계광가,종이형성교위완정적신식계통공제심계광가。
According to system control theory's structure principle of execution, response and control , this paper analyses factors which influence information system components, such as business logic , business process, business information, business processing, service performance and service deployment beared by information system, based on a serious analysis of IT target, IT process and IT resource of foreign audit framework on information system process control. By combining domestic practice of information system audit , the paper based on audit target of in- formation system, provides a three-dimensional audit framework of information system structure control by ensuring structure and point of information system audit control, inspecting and evaluating integrity of information resource and control effectiveness. Also, it furnishs a four-dimensional structure control and its auditing emphasis with man- agement control as the coordination, application control at the core, network control as the basis and, security control as safeguards. Finally, on the foundation of audit framework of process control , the paper attempts to expand and establish structure control audit framework, thereby forming a better complete audit framework of information system control.