【摘要】：隨著信息技術(shù)的飛速發(fā)展,信息系統(tǒng)的應(yīng)用越來(lái)越廣泛,信息系統(tǒng)越來(lái)越顯示出它的優(yōu)越性與高效性。組織的許多事務(wù)或管理都通過(guò)信息系統(tǒng)進(jìn)行解決,大大節(jié)省了人力物力,減少了許多繁雜的重復(fù)勞動(dòng),從而提高了整個(gè)組織的運(yùn)行效率。在信息系統(tǒng)及其應(yīng)用帶給人們方便、快捷、高效的同時(shí),其安全、可靠和有效也成為社會(huì)十分關(guān)注的話題。同時(shí),信息系統(tǒng)實(shí)施的失敗案例也是屢見(jiàn)不鮮,并不是所有的信息系統(tǒng)都能給企業(yè)帶來(lái)預(yù)期的效益。因此企業(yè)信息系統(tǒng)審計(jì)越來(lái)越被重視,如何對(duì)信息系統(tǒng)風(fēng)險(xiǎn)進(jìn)行控制成為國(guó)內(nèi)外學(xué)者研究的重點(diǎn)。 國(guó)內(nèi)外一些學(xué)者和組織對(duì)企業(yè)信息化風(fēng)險(xiǎn)控制的內(nèi)容和基本框架進(jìn)行了一定的研究,但尚未形成成熟的模型和方法,目前仍處于不斷的完善和發(fā)展中。我國(guó)的企業(yè)信息化多以項(xiàng)目為驅(qū)動(dòng),缺乏長(zhǎng)遠(yuǎn)的戰(zhàn)略規(guī)劃,對(duì)企業(yè)信息化風(fēng)險(xiǎn)控制的研究,還處于起步階段。 根據(jù)我國(guó)企業(yè)信息化的發(fā)展情況,結(jié)合國(guó)內(nèi)外相關(guān)研究的現(xiàn)狀,本文從審計(jì)的視角采用理論研究和實(shí)證研究、定量分析和定性分析、內(nèi)部控制與外部控制相結(jié)合的研究思路,借鑒國(guó)外信息化風(fēng)險(xiǎn)控制的相關(guān)思想,構(gòu)建信息化風(fēng)險(xiǎn)控制結(jié)構(gòu)模型。通過(guò)風(fēng)險(xiǎn)控制的模型和方法的研究,使用定量與定性結(jié)合的評(píng)價(jià)方法,對(duì)信息化相關(guān)的企業(yè)核心風(fēng)險(xiǎn)進(jìn)行優(yōu)先級(jí)排序,為企業(yè)信息系統(tǒng)審計(jì)提供依據(jù),有效實(shí)施信息化風(fēng)險(xiǎn)控制,實(shí)現(xiàn)企業(yè)經(jīng)濟(jì)與社會(huì)效益。 本文在綜述國(guó)內(nèi)外信息化風(fēng)險(xiǎn)控制相關(guān)理論、標(biāo)準(zhǔn)和最佳實(shí)踐的基礎(chǔ)上,將企業(yè)信息化風(fēng)險(xiǎn)控制的理論框架以及信息化風(fēng)險(xiǎn)控制實(shí)施過(guò)程作為研究重點(diǎn),嘗試性地提出了企業(yè)信息化風(fēng)險(xiǎn)治理的框架。框架的風(fēng)險(xiǎn)控制過(guò)程部分將企業(yè)信息化風(fēng)險(xiǎn)控制定義為包括風(fēng)險(xiǎn)識(shí)別、風(fēng)險(xiǎn)分析與評(píng)價(jià)、風(fēng)險(xiǎn)監(jiān)控三個(gè)過(guò)程要素相結(jié)合的動(dòng)態(tài)過(guò)程。為保證風(fēng)險(xiǎn)控制的有效順利實(shí)施,信息系統(tǒng)審計(jì)起著重要的作用,對(duì)審計(jì)如何參與此過(guò)程進(jìn)行了探討。論文最后結(jié)合企業(yè)信息化風(fēng)險(xiǎn)控制案例,對(duì)本文提出的企業(yè)信息化風(fēng)險(xiǎn)控制實(shí)施框架進(jìn)行了初步應(yīng)用。
[Abstract]:With the rapid development of information technology, the application of information system is becoming more and more extensive. Many of the affairs or management of the organization are solved through the information system, so that the manpower and material resources are greatly saved, and a plurality of complex repetitive labor is reduced, so that the operation efficiency of the whole organization is improved. The information system and its application bring convenience, rapidness and high efficiency to the people, and the safety, reliability and effectiveness of the information system are also a topic of great concern to the society. At the same time, the failure cases of information system implementation are also common, not all information systems can bring the expected benefits to the enterprise. Therefore, the audit of the enterprise information system is becoming more and more important, and how to control the risk of the information system becomes the focus of the research of the scholars at home and abroad. Some scholars and organizations at home and abroad have studied the content and basic framework of the enterprise's information risk control, but the mature models and methods have not yet been developed, and are still in the process of perfection and development. China's enterprise information is driven by the project, lack of long-term strategic planning, the research of the enterprise's information risk control, and the start-up step. According to the development of Chinese enterprise information, in combination with the present situation of domestic and foreign research, this paper adopts theoretical and empirical research, quantitative analysis and qualitative analysis, internal control and external control in the perspective of audit. To study the thought, draw on the relevant thought of the foreign information risk control, and construct the information risk control junction By studying the model and method of risk control, the method of quantitative and qualitative combination is used to rank the core risk of the enterprise related to the information, provide the basis for the enterprise information system audit, effectively implement the information risk control, and realize the enterprise economy and society Based on the review of the relevant theories, standards and best practices of the information risk control at home and abroad, the paper puts forward the theoretical framework of the enterprise's information risk control and the implementation of the information risk control as the focus of the research, and puts forward the enterprise information risk. The risk control process part of the framework defines the enterprise information risk control as the three process factors including risk identification, risk analysis and evaluation and risk monitoring The dynamic process of information system audit plays an important role in ensuring the effective and smooth implementation of risk control, and how to participate in the process Finally, the paper discusses the implementation framework of the enterprise information risk control based on the case of enterprise information risk control.
【學(xué)位授予單位】：昆明理工大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2008
【分類號(hào)】：F270.7;F239.4

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 葉明芷;淺談IT治理與信息化建設(shè)[J];北京聯(lián)合大學(xué)學(xué)報(bào)(自然科學(xué)版);2005年02期

2 湯宗健,梁革英;企業(yè)信息化風(fēng)險(xiǎn)因素分析[J];改革與戰(zhàn)略;2004年05期

3 溫紹國(guó),鄭小平,桂志強(qiáng);信息技術(shù)外包的風(fēng)險(xiǎn)及其控制[J];經(jīng)濟(jì)論壇;2005年16期

4 王英梅,劉增良,程湘云;信息系統(tǒng)風(fēng)險(xiǎn)評(píng)估與管理的定量化方法研究[J];計(jì)算機(jī)工程與應(yīng)用;2005年22期

5 肖龍;方勇;戴宗坤;楊煒;蔡恒;;基于模糊神經(jīng)網(wǎng)絡(luò)的信息系統(tǒng)風(fēng)險(xiǎn)分析[J];計(jì)算機(jī)應(yīng)用研究;2006年05期

6 唐毅;論企業(yè)信息化[J];科技與管理;2003年05期

7 丁建平;薛恒新;;IT審計(jì)與商業(yè)銀行信息系統(tǒng)風(fēng)險(xiǎn)防范[J];現(xiàn)代金融;2005年12期

8 吳小萍,鄒華興;企業(yè)信息化建設(shè)風(fēng)險(xiǎn)剖析[J];企業(yè)經(jīng)濟(jì);2005年02期

9 巫江;歐陽(yáng)峰;;企業(yè)信息化的風(fēng)險(xiǎn)管理探討[J];企業(yè)經(jīng)濟(jì);2006年02期

10 ;Progress in virtual enterprise risk controlling in a complicated information system[J];Science Foundation in China;2006年01期

相關(guān)碩士學(xué)位論文 前3條

1 陳慧勤;企業(yè)信息安全風(fēng)險(xiǎn)管理的框架研究[D];同濟(jì)大學(xué);2006年

2 賈斌;企業(yè)信息安全風(fēng)險(xiǎn)分析與控制[D];西北工業(yè)大學(xué);2006年

3 陳朝;我國(guó)信息化建設(shè)中信息系統(tǒng)審計(jì)問(wèn)題研究[D];東北師范大學(xué);2006年

，

本文編號(hào)：2500912