【摘要】：IT審計是對信息系統(tǒng)進行的審計,IT審計風(fēng)險就是對信息系統(tǒng)審計而產(chǎn)生的風(fēng)險。隨著計算機技術(shù)飛速發(fā)展和信息化進程進一步加快,IT審計在IT治理、IT安全和合規(guī)性等方面發(fā)揮著越來越重要的作用,有力促進了信息系統(tǒng)的規(guī)范化建設(shè)。然而,由于IT審計涉及面廣泛、內(nèi)容復(fù)雜、技術(shù)要求高,審計風(fēng)險也隨之越來越大,這是需要引起高度重視,亟待研究解決的一個重要問題。 當(dāng)前,我國信息系統(tǒng)的應(yīng)用發(fā)展勢頭良好,企業(yè)管理信息化范圍逐步擴大、信息化程度逐步提高,與此同時,對IT審計需求也越來越多、對IT審計質(zhì)量要求也越來越高。全面推進IT審計,確保IT審計質(zhì)量,首先必須采取有力措施加強對IT審計風(fēng)險的控制�；诖�,本文選題IT審計風(fēng)險評價與控制研究,以期為發(fā)展我國IT審計事業(yè)做出自己力所能及的微薄貢獻。 本文采取規(guī)范研究與實證研究相結(jié)合的方法,比較系統(tǒng)地梳理了國內(nèi)外有關(guān)IT審計及其風(fēng)險控制方面的文獻,實地走訪了有關(guān)單位的IT審計工作,明確了研究方向,確定了研究基本思路,選取了研究的具體方法,在此基礎(chǔ)上,首先,分析了風(fēng)險及其風(fēng)險管理的最新研究成果和規(guī)范標(biāo)準(zhǔn),作為研究IT審計風(fēng)險評價與控制的理論基礎(chǔ)和規(guī)范借鑒；其次,厘清了IT審計及IT審計風(fēng)險的相關(guān)概念,探討了IT審計風(fēng)險產(chǎn)生的諸多因素,并導(dǎo)出加強IT審計風(fēng)險管理的重要意義,為IT審計風(fēng)險評價與控制以及IT審計風(fēng)險評價指標(biāo)體系構(gòu)建奠定了基礎(chǔ)；第三,考量了我國IT審計風(fēng)險評價現(xiàn)狀,提出了IT審計風(fēng)險評價程序與評價方法,接著從IT審計風(fēng)險產(chǎn)生的原因與表現(xiàn)形式入手,運用層次分析法構(gòu)建了效用感知的IT審計風(fēng)險評價指標(biāo)體系,并通過案例進行了評價測算演示,以證明所構(gòu)建的評價體系的可操作性；第四,在進行IT審計風(fēng)險分析評價的基礎(chǔ)上,提出樹立全面IT審計風(fēng)險應(yīng)對觀,分別從審計師層面、.企業(yè)微觀層面和國家宏觀層面,提出了對IT審計風(fēng)險控制的若干對策建議；最后,對整個研究成果進行總結(jié),并展望了IT審計風(fēng)險評價與控制研究的未來努力方向。
[Abstract]:IT audit is the audit of information system, and IT audit risk is the risk of information system audit. With the rapid development of computer technology and the further acceleration of information process, IT audit is playing an increasingly important role in IT governance, IT security and compliance, and has promoted the standardization of information system construction. However, as IT audit involves a wide range of areas, complex content, high technical requirements, audit risk is also increasing, which needs to be paid attention to, an important problem to be solved urgently. At present, the application of information system in our country is developing well, the scope of enterprise management informatization is gradually expanding and the degree of informatization is gradually improving. At the same time, the demand for IT audit is increasing, and the quality of IT audit is becoming more and more high. In order to promote IT audit and ensure the quality of IT audit, it is necessary to take effective measures to strengthen the control of IT audit risk. Based on this, this paper selected IT audit risk evaluation and control research, in order to develop our country's IT audit cause to make their own meager contribution. By combining normative research with empirical research, this paper systematically combs the literature on IT audit and its risk control at home and abroad, visits the IT audit work of relevant units on the spot, and clarifies the research direction. The basic idea of the study is determined, and the specific research methods are selected. On this basis, first of all, the latest research results and standardized standards of risk and risk management are analyzed. As a theoretical basis and normative reference for the study of IT audit risk evaluation and control; Secondly, it clarifies the related concepts of IT audit and IT audit risk, probes into many factors of IT audit risk, and deduces the significance of strengthening IT audit risk management. It lays a foundation for the evaluation and control of IT audit risk and the construction of IT audit risk evaluation index system. Thirdly, considering the present situation of IT audit risk evaluation in China, putting forward the procedure and method of IT audit risk evaluation, then starting with the causes and manifestations of IT audit risk. The IT audit risk evaluation index system based on utility perception is constructed by AHP, and a case study is performed to demonstrate the maneuverability of the evaluation system. Fourthly, on the basis of IT audit risk analysis and evaluation, the author puts forward a comprehensive view of IT audit risk response, respectively from the auditor level. At the micro level of enterprise and national macro level, this paper puts forward some countermeasures and suggestions on IT audit risk control. Finally, it summarizes the whole research results and looks forward to the future direction of the research on IT audit risk evaluation and control.
【學(xué)位授予單位】：安徽財經(jīng)大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2013
【分類號】：F239.4

【參考文獻】

相關(guān)期刊論文 前6條

1 馮義秀,高亮英;國際審計準(zhǔn)則審計風(fēng)險模型的變更及我們的借鑒[J];北京工商大學(xué)學(xué)報(社會科學(xué)版);2005年01期

2 顧曉安;;基于業(yè)務(wù)循環(huán)的審計風(fēng)險評估專家系統(tǒng)研究[J];會計研究;2006年04期

3 秦海青,吳洪波,馬科;審計風(fēng)險的計量[J];科技與管理;2005年01期

4 薛東輝，朱耀庭，朱光喜，熊艷;有限樣本條件下分形維數(shù)的估計[J];系統(tǒng)工程與電子技術(shù);1996年12期

5 胡尚可;;風(fēng)險導(dǎo)向IT審計在通信企業(yè)中的應(yīng)用[J];中國內(nèi)部審計;2010年11期

6 葉鵬飛 ,胡友良;《審計機關(guān)審計重要性與審計風(fēng)險評價準(zhǔn)則》探析[J];中州審計;2004年06期

，

本文編號：2404812